You are on page 1of 1007

Acunetix Website Audit 21 June, 2012

Detailed Scan Report

Generated by Acunetix WVS Reporter (v6.0 Build 20081124)

Scan of http://www.advantagepoint.org:80/
Scan details
Scan information Starttime Finish time Scan time Profile Server information Responsive Server banner Server OS Server technologies Threat level

6/21/2012 12:15:22 AM 6/21/2012 2:51:10 PM 14 hours, 35 minutes default

True Microsoft-IIS/6.0 Windows ASP,ASP.NET,PHP,Perl,mod_ssl,mod_perl,mod_python,OpenSSL,FrontPage,JRun,Ruby

Acunetix Threat Level 3 One or more high-severity type vulnerabilities have been discovered by the scanner. A malicious user can exploit these vulnerabilities and compromise the backend database and/or deface your website.
Alerts distribution Total alerts found High Medium Low Informational 1964 1000 0 919 45

Knowledge base
List of open TCP ports There are 4 open TCP ports on the remote host.
Port 21 - [ftp] is open.

Port 25 - [smtp] is open.

Port 80 - [http] is open. Port banner: HTTP/1.1 400 Bad RequestType: text/html: Thu, 21 Jun 2012 06:17:21 GMT: closeLength: 39 <h1>Bad Request (Invalid Hostname)</h1>

Port 443 - [https] is open.

Whois lookup Whois result for IP address 66.241.70.10:


% This is the RIPE Database query service.

Acunetix Website Audit

% The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf

ASP-NET ASP-NET Version: 2.0.50727 ASP-NET


ASP-NET Version: 2.0.50727

List of client scripts These files contain Javascript code referenced from the website.

/js/jslib.js /js/datavalidation.js /js/reminderscript.asp

List of files with inputs These files have at least one input (GET or POST).

/searchresults.asp - 13 inputs /page.asp - 4 inputs /formpage.asp - 25 inputs /contactus.asp - 3 inputs /sitemap.asp - 3 inputs /search.asp - 3 inputs /hitandgo.asp - 2 inputs /calendar.asp - 10 inputs /disclaimer.asp - 3 inputs /sectionindex.asp - 1 inputs /contactsendmail.asp - 13 inputs

List of external hosts These hosts were linked from this website but they were not scanned because they are not listed in the list of hosts allowed.(Settings->Scanners settings->Scanner->List of hosts allowed).

www.centertrac.com tbe.taleo.net www.internetmarketinggroup.com www.projecta.com

Alerts summary
SQL injection Affects /formpage.asp Application error message Affects /page.asp /searchresults.asp Variations 40 879 Variations 1000

Acunetix Website Audit

Email address found Affects /calendar.asp /contactus.asp /disclaimer.asp /formpage.asp /page.asp /search.asp /searchresults.asp /sitecredits.asp /sitemap.asp GHDB: robots.txt file Affects /robots.txt GHDB: robots.txt with Disallow tag Affects /robots.txt Password type input with autocomplete enabled Affects / /index.asp Variations 1 1 Variations 1 Variations 1 Variations 15 4 2 2 8 2 5 1 2

Acunetix Website Audit

Alert details
SQL injection
Severity High Type Validation Reported by module Parameter manipulation Description
This script is possibly vulnerable to SQL Injection attacks. SQL injection is a vulnerability that allows an attacker to alter backend SQL statements by manipulating the user input. An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn't properly filter out dangerous characters. This is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it is relatively easy to protect against, there is a large number of web applications vulnerable.

Impact
An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of your database and/or expose sensitive information. Depending on the back-end database in use, SQL injection vulnerabilities lead to varying levels of data/system access for the attacker. It may be possible to not only manipulate existing queries, but to UNION in arbitrary data, use subselects, or append additional queries. In some cases, it may be possible to read in or write out to files, or to execute shell commands on the underlying operating system. Certain SQL Servers such as Microsoft SQL Server contain stored and extended procedures (database server functions). If an attacker can obtain access to these procedures it may be possible to compromise the entire machine.

Recommendation
Your script should filter metacharacters from user input. Check detailed information for more information about fixing this vulnerability.

Detailed information
Quote from SQL Injection Attack s by Example - http://www.unixwiz.net/techtips/sql-injection.html

SQL injection mitigations


We believe that web application developers often simply do not think about "surprise inputs", but security people do (including the bad guys), so there are three broad approaches that can be applied here.

Sanitize the input


It's absolutely vital to sanitize user inputs to insure that they do not contain dangerous codes, whether to the SQL server or to HTML itself. One's first idea is to strip out "bad stuff", such as quotes or semicolons or escapes, but this is a misguided attempt. Though it's easy to point out some dangerous characters, it's harder to point to all of them. The language of the web is full of special characters and strange markup (including alternate ways of representing the same characters), and efforts to authoritatively identify all "bad stuff" are unlikely to be successful. Instead, rather than "remove known bad data", it's better to "remove everything but known good data": this distinction is crucial. Since - in our example - an email address can contain only these characters:

abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789 @.-_+

Acunetix Website Audit

There is really no benefit in allowing characters that could not be valid, and rejecting them early - presumably with an error message - not only helps forestall SQL Injection, but also catches mere typos early rather than stores them into the database. Be aware that "sanitizing the input" doesn't mean merely "remove the quotes", because even "regular" characters can be troublesome. In an example where an integer ID value is being compared against the user input (say, a numeric PIN):

SELECT fieldlist FROM table WHERE id = 23 OR 1=1;

-- Boom! Always matches!

In practice, however, this approach is highly limited because there are so few fields for which it's possible to outright exclude many of the dangerous characters. For "dates" or "email addresses" or "integers" it may have merit, but for any kind of real application, one simply cannot avoid the other mitigations.

Escape/Quotesafe the input


Even if one might be able to sanitize a phone number or email address, one cannot take this approach with a "name" field lest one wishes to exclude the likes of Bill O'Reilly from one's application: a quote is simply a valid character for this field. One includes an actual single quote in an SQL string by putting two of them together, so this suggests the obvious - but wrong! - technique of preprocessing every string to replicate the single quotes:

SELECT fieldlist FROM customers WHERE name = 'Bill O''Reilly';

-- works OK

However, this naive approach can be beaten because most databases support other string escape mechanisms. MySQL, for instance, also permits \' to escape a quote, so after input of \'; DROP TABLE users; -- is "protected" by doubling the quotes, we get:

SELECT fieldlist FROM customers WHERE name = '\''; DROP TABLE users; --';

-- Boom!

The expression '\'' is a complete string (containing just one single quote), and the usual SQL shenanigans follow. It doesn't stop with backslashes either: there is Unicode, other encodings, and parsing oddities all hiding in the weeds to trip up the application designer. Getting quotes right is notoriously difficult, which is why many database interface languages provide a function that does it for you. When the same internal code is used for "string quoting" and "string parsing", it's much more likely that the process will be done properly and safely. Some examples are the MySQL function mysql_real_escape_string() and perl DBD method $dbh->quote($value) . These methods must be used.

Use bound parameters (the PREPARE statement)


Though quotesafing is a good mechanism, we're still in the area of "considering user input as SQL", and a much better approach exists: bound parameters, which are supported by essentially all database programming interfaces. In this technique, an SQL statement string is created with placeholders - a question mark for each parameter - and it's compiled ("prepared", in SQL parlance) into an internal form. Later, this prepared query is "executed" with a list of parameters: Example in perl $sth = $dbh->prepare("SELECT email, userid FROM members WHERE email = ?;"); $sth->execute($email);

Acunetix Website Audit

Thanks to Stefan Wagner, this demonstrates bound parameters in Java: Insecure version Statement s = connection.createStatement(); ResultSet rs = s.executeQuery("SELECT email FROM member WHERE name = " + formField); // *boom*

Secure version PreparedStatement ps = connection.prepareStatement( "SELECT email FROM member WHERE name = ?"); ps.setString(1, formField); ResultSet rs = ps.executeQuery();

Here, $email is the data obtained from the user's form, and it is passed as positional parameter #1 (the first question mark), and at no point do the contents of this variable have anything to do with SQL statement parsing. Quotes, semicolons, backslashes, SQL comment notation - none of this has any impact, because it's "just data". There simply is nothing to subvert, so the application is be largely immune to SQL injection attacks. There also may be some performance benefits if this prepared query is reused multiple times (it only has to be parsed once), but this is minor compared to the enormous security benefits. This is probably the single most important step one can take to secure a web application.

Limit database permissions and segregate users


In the case at hand, we observed just two interactions that are made not in the context of a logged-in user: "log in" and "send me password". The web application ought to use a database connection with the most limited rights possible: queryonly access to the members table, and no access to any other table. The effect here is that even a "successful" SQL injection attack is going to have much more limited success. Here, we'd not have been able to do the UPDATE request that ultimately granted us access, so we'd have had to resort to other avenues. Once the web application determined that a set of valid credentials had been passed via the login form, it would then switch that session to a database connection with more rights. It should go almost without saying that sa rights should never be used for any web-based application.

Use stored procedures for database access


When the database server supports them, use stored procedures for performing access on the application's behalf, which can eliminate SQL entirely (assuming the stored procedures themselves are written properly). By encapsulating the rules for a certain action - query, update, delete, etc. - into a single procedure, it can be tested and documented on a standalone basis and business rules enforced (for instance, the "add new order" procedure might reject that order if the customer were over his credit limit). For simple queries this might be only a minor benefit, but as the operations become more complicated (or are used in more than one place), having a single definition for the operation means it's going to be more robust and easier to maintain. Note: it's always possible to write a stored procedure that itself constructs a query dynamically: this provides no protection against SQL Injection - it's only proper binding with prepare/execute or direct SQL statements with bound variables that provide this protection.

Isolate the webserver


Even having taken all these mitigation steps, it's nevertheless still possible to miss something and leave the server open to compromise. One ought to design the network infrastructure to assume that the bad guy will have full administrator access to the machine, and then attempt to limit how that can be leveraged to compromise other things. For instance, putting the machine in a DMZ with extremely limited pinholes "inside" the network means that even getting complete control of the webserver doesn't automatically grant full access to everything else. This won't stop everything, of

Acunetix Website Audit

course, but it makes it a lot harder.

Configure error reporting


The default error reporting for some frameworks includes developer debugging information, and this cannot be shown to outside users. Imagine how much easier a time it makes for an attacker if the full query is shown, pointing to the syntax error involved. This information is useful to developers, but it should be restricted - if possible - to just internal users.

Affected items /formpage.asp Details The POST variable Address has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 814 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...arentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:18 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=DDFNLOIBNABIEAJDKCPGLDNJ; path=/ Cache-control: private /formpage.asp Details The POST variable Address has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 814 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix Website Audit 8

Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...arentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:18 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=EDFNLOIBJFACKNNNHIFGOGGM; path=/ Cache-control: private /formpage.asp Details The POST variable Address has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 818 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...arentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:18 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=CDFNLOIBLMIIHFNAFHEBLKJM; path=/ Cache-control: private /formpage.asp Details The POST variable Address has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded Acunetix Website Audit 9

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 822 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...arentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:18 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=ADFNLOIBNNALHHODGOLMGPFN; path=/ Cache-control: private /formpage.asp Details The POST variable Address has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 803 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ogram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName =111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkP hone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=s ample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:18 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=BDFNLOIBJLBEGICBNMBINCLN; path=/ Cache-control: private

Acunetix Website Audit

10

/formpage.asp Details The POST variable Address has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 804 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ogram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName =111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkP hone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=s ample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:18 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=IDFNLOIBMPCGCBIOEOPGHFEA; path=/ Cache-control: private /formpage.asp Details The POST variable Address has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 812 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ogram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName =111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkP hone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=s ample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Acunetix Website Audit 11

Connection: close Date: Thu, 21 Jun 2012 17:32:18 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=JDFNLOIBKBNFBJMABHEFFEHJ; path=/ /formpage.asp Details The POST variable Address has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 804 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ogram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName =111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkP hone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=s ample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:18 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=HDFNLOIBMKAOAOLPNDHGBFCP; path=/ Cache-control: private /formpage.asp Details The POST variable Address has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 807 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ogram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastNam Acunetix Website Audit 12

e=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWork Phone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email= sample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Ye s&ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@addres Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:18 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=FDFNLOIBBMCJODGLJNEDOJEF; path=/ Cache-control: private /formpage.asp Details The POST variable Address has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 806 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ogram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName =111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkP hone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=s ample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:18 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=GDFNLOIBFNBAAHBPPCDFDMAD; path=/ Cache-control: private /formpage.asp Details The POST variable Address has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 814 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Acunetix Website Audit 13

Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=1 11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:54 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=LFDNLOIBEJBLMNAAEGHNBNAK; path=/ Cache-control: private /formpage.asp Details The POST variable Address has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 808 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=1 11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:53 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=GFDNLOIBKPGAONIEBLLILEPN; path=/ Cache-control: private /formpage.asp Details The POST variable Address has been set to JyI%3D . Request Acunetix Website Audit 14

POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 810 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=1 11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:54 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=MFDNLOIBDGLGMPCNNBGGAKLN; path=/ Cache-control: private /formpage.asp Details The POST variable Address has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 806 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=1 11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:54 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Acunetix Website Audit 15

Set-Cookie: ASPSESSIONIDCCSSQBCR=OFDNLOIBCDABJKLHJADEDMAA; path=/ /formpage.asp Details The POST variable Address has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 806 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=1 11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:54 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=NFDNLOIBECONIFKACMLPFIBE; path=/ Cache-control: private /formpage.asp Details The POST variable Address has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 807 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...am=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response Acunetix Website Audit 16

HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:53 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=AFDNLOIBAIJPAAFIMIKCPLND; path=/ Cache-control: private /formpage.asp Details The POST variable Address has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 807 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...am=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:53 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=OEDNLOIBELJPJCJDAJFLBAGG; path=/ Cache-control: private /formpage.asp Details The POST variable Address has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 811 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) Acunetix Website Audit 17

...am=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:53 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=BFDNLOIBIKOMCFELPLJNOOIL; path=/ Cache-control: private /formpage.asp Details The POST variable Address has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 809 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=1 11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:53 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=FFDNLOIBJKLAJJPDNBOAAKMJ; path=/ Cache-control: private /formpage.asp Details The POST variable Address has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 805 Acunetix Website Audit 18

Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=1 11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:53 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=CFDNLOIBCKEMKEAICOMCKFGK; path=/ Cache-control: private /formpage.asp Details The POST variable Address has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 820 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...s&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-22 2-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:41 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=GGCNLOIBDNFHKIAKDOJGANOP; path=/ Cache-control: private /formpage.asp Details The POST variable Address has been set to %00' . Acunetix Website Audit 19

Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 814 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...s&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-22 2-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:41 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=IGCNLOIBLOGAGGNACOJLLLMM; path=/ Cache-control: private /formpage.asp Details The POST variable Address has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 815 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...s&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-22 2-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:41 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Acunetix Website Audit 20

Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=FGCNLOIBFDJNLEIPPNDMBKKN; path=/ /formpage.asp Details The POST variable Address has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 816 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...s&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-22 2-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:42 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=NGCNLOIBGACIDEAFKGMKLLAI; path=/ Cache-control: private /formpage.asp Details The POST variable Address has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 809 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...am=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Acunetix Website Audit 21

Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:42 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=PGCNLOIBHNOOLAKNFJNHGGCC; path=/ Cache-control: private /formpage.asp Details The POST variable Address has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 815 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...am=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:42 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=BHCNLOIBLJGBJBKPIBEMLIGL; path=/ Cache-control: private /formpage.asp Details The POST variable Address has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 810 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Acunetix Website Audit 22

(line truncated) ...am=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:42 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=OGCNLOIBBKCIOIPNGMJKOCHP; path=/ Cache-control: private /formpage.asp Details The POST variable Address has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 806 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...am=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:42 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=MGCNLOIBHEDCDKLBIOFOBMMN; path=/ Cache-control: private /formpage.asp Details The POST variable Address has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Acunetix Website Audit 23

Host: www.advantagepoint.org Content-Length: 812 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...s&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-22 2-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:42 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=KGCNLOIBEBFDOCICDMMCBEBL; path=/ Cache-control: private /formpage.asp Details The POST variable Address has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 812 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...s&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-22 2-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:42 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=LGCNLOIBDDGMCCKAEBMLMHNB; path=/ Cache-control: private

Acunetix Website Audit

24

/formpage.asp Details The POST variable Address has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 823 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-19 33email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:06 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=CEENLOIBJIGHJBEAKKHIJKPL; path=/ Cache-control: private /formpage.asp Details The POST variable Address has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 815 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-19 33email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Acunetix Website Audit 25

Connection: close Date: Thu, 21 Jun 2012 17:32:06 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=BEENLOIBEOMPBPJDMNEKEBMK; path=/ /formpage.asp Details The POST variable Address has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 817 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-19 33email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:06 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=AEENLOIBHOAEMFKJOLPNOBEP; path=/ Cache-control: private /formpage.asp Details The POST variable Address has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 818 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1 Acunetix Website Audit 26

933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Ye s&ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@addres Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:06 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=MDENLOIBMJIONOEFLEDJKOEK; path=/ Cache-control: private /formpage.asp Details The POST variable Address has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 814 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-19 33email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:06 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=ODENLOIBKPDDFIAKLLCONEAP; path=/ Cache-control: private /formpage.asp Details The POST variable Address has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 819 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Acunetix Website Audit 27

Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-19 33email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:06 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=GEENLOIBDPMKBKMAECMHMIKN; path=/ Cache-control: private /formpage.asp Details The POST variable Address has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 816 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...arentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:06 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=MEENLOIBHDEOFMHBAFMCAGJJ; path=/ Cache-control: private /formpage.asp Details The POST variable Address has been set to %2527 . Request Acunetix Website Audit 28

POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 817 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...arentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:06 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=FEENLOIBJEGBEGOFKJNJPLIB; path=/ Cache-control: private /formpage.asp Details The POST variable Address has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 815 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-19 33email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:06 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Acunetix Website Audit 29

Set-Cookie: ASPSESSIONIDCCSSQBCR=DEENLOIBHCPKPOKGPJDIFDKJ; path=/ /formpage.asp Details The POST variable Address has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 813 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...arentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:06 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=EEENLOIBKPGNAOLMHPDEIIFE; path=/ Cache-control: private /formpage.asp Details The POST variable ApprovalofAdvantagePointLearningasmySESProvider has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 824 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...am=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=1 11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=\' &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response Acunetix Website Audit 30

HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:03 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=CAENLOIBFPLCGNMBOFEFLBEG; path=/ Cache-control: private /formpage.asp Details The POST variable ApprovalofAdvantagePointLearningasmySESProvider has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 824 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...am=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=1 11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=\" &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:03 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=DAENLOIBJGBGBNAIIFDCODJE; path=/ Cache-control: private /formpage.asp Details The POST variable ApprovalofAdvantagePointLearningasmySESProvider has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 835 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) Acunetix Website Audit 31

...ntGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1933 email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2221933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40email %2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=%2527 &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:03 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=JAENLOIBFPDIBIEINEBCLMEP; path=/ Cache-control: private /formpage.asp Details The POST variable ApprovalofAdvantagePointLearningasmySESProvider has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 840 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rdianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1933email @address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-222-1933e mail@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40email%2Ets t&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=acunetix'" &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:03 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=IAENLOIBMONJHMLEOCFMLHPA; path=/ Cache-control: private /formpage.asp Details The POST variable ApprovalofAdvantagePointLearningasmySESProvider has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 836 Acunetix Website Audit 32

Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...tGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1933e mail@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-222-1 933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40email% 2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=JyI%3D &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:03 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=LAENLOIBEFAPANLMDKJOHMHK; path=/ Cache-control: private /formpage.asp Details The POST variable ApprovalofAdvantagePointLearningasmySESProvider has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 832 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...arentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=\" &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:03 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=KAENLOIBAOBIGPFJGJLMFDNO; path=/ Cache-control: private /formpage.asp Details The POST variable ApprovalofAdvantagePointLearningasmySESProvider has been set to JyI%3D . Acunetix Website Audit 33

Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 828 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...es&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-2 22-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=1 11-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample% 40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=JyI%3D &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:03 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=FAENLOIBOGEJAKMJAAMNNOIM; path=/ Cache-control: private /formpage.asp Details The POST variable ApprovalofAdvantagePointLearningasmySESProvider has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 834 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...entGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-193 3email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-222 -1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40emai l%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=%00' &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:03 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Acunetix Website Audit 34

Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=EAENLOIBBBOLGIHAMPEFEDMD; path=/ /formpage.asp Details The POST variable ApprovalofAdvantagePointLearningasmySESProvider has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 832 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...arentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=\' &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:03 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=HAENLOIBKEOGDOCKIHBGBEJB; path=/ Cache-control: private /formpage.asp Details The POST variable ApprovalofAdvantagePointLearningasmySESProvider has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 831 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-2221933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40e mail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=' &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Acunetix Website Audit 35

Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:03 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=GAENLOIBDCBCPDKLDELCLJCO; path=/ Cache-control: private /formpage.asp Details The POST variable ApprovalofAdvantagePointLearningasmySESProvider has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 831 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...o&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-22 2-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=acunetix'" &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:39 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=NCCNLOIBBDKONIDJJNPBPIIM; path=/ Cache-control: private /formpage.asp Details The POST variable ApprovalofAdvantagePointLearningasmySESProvider has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 823 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Acunetix Website Audit 36

(line truncated) ...rogram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastNam e=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWork Phone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email= sample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=\' &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:39 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=PCCNLOIBLJODKBLOFGNDJKPJ; path=/ Cache-control: private /formpage.asp Details The POST variable ApprovalofAdvantagePointLearningasmySESProvider has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 822 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...Program=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastNa me=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWor kPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email =sample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=' &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:39 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=MCCNLOIBLHDKCGMHJGHCCCEI; path=/ Cache-control: private /formpage.asp Details The POST variable ApprovalofAdvantagePointLearningasmySESProvider has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Acunetix Website Audit 37

Host: www.advantagepoint.org Content-Length: 839 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...GuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1933em ail@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-222-19 33email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40email%2 Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=acunetix'" &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:50 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=IBDNLOIBIELBMDKLFJEPOHBB; path=/ Cache-control: private /formpage.asp Details The POST variable ApprovalofAdvantagePointLearningasmySESProvider has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 831 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...o&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-22 2-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=\' &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:50 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=GBDNLOIBCGEBJEKBLCLCCPLH; path=/ Cache-control: private

Acunetix Website Audit

38

/formpage.asp Details The POST variable ApprovalofAdvantagePointLearningasmySESProvider has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 830 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-2 22-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=1 11-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample% 40email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=' &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:39 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=CDCNLOIBFLEKODHEJOJFBBBD; path=/ Cache-control: private /formpage.asp Details The POST variable ApprovalofAdvantagePointLearningasmySESProvider has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 827 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...am=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=JyI%3D &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Acunetix Website Audit 39

Connection: close Date: Thu, 21 Jun 2012 17:31:39 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=DDCNLOIBNJIKAMKBOPDNANCD; path=/ /formpage.asp Details The POST variable ApprovalofAdvantagePointLearningasmySESProvider has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 823 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rogram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastNam e=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWork Phone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email= sample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=\" &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:39 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=BDCNLOIBNBNNDGJHCLFLENOA; path=/ Cache-control: private /formpage.asp Details The POST variable ApprovalofAdvantagePointLearningasmySESProvider has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 826 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName= Acunetix Website Audit 40

111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPh one=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sa mple%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=%252 7&ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@addres Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:39 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=OCCNLOIBGNLEDCAABELCHELN; path=/ Cache-control: private /formpage.asp Details The POST variable ApprovalofAdvantagePointLearningasmySESProvider has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 825 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...gram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName= 111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPh one=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sa mple%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=%00' &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:39 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=ADCNLOIBJPLBPFHOLFNFNKPI; path=/ Cache-control: private /formpage.asp Details The POST variable ApprovalofAdvantagePointLearningasmySESProvider has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 827 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Acunetix Website Audit 41

Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone= 111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample %40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=%2527 &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:50 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=OBDNLOIBKJHGOMJDOFEJDGNF; path=/ Cache-control: private /formpage.asp Details The POST variable ApprovalofAdvantagePointLearningasmySESProvider has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 826 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111 -222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone =111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sampl e%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=%00' &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:50 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=NBDNLOIBOCBLAFIPCMLNGLLK; path=/ Cache-control: private /formpage.asp Details The POST variable ApprovalofAdvantagePointLearningasmySESProvider has been set to acunetix'" . Request Acunetix Website Audit 42

POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 832 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...arentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=acunetix'" &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:51 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=ACDNLOIBKALDGFJPNLHHCFCI; path=/ Cache-control: private /formpage.asp Details The POST variable ApprovalofAdvantagePointLearningasmySESProvider has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 834 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...arentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=\" &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:38 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Acunetix Website Audit 43

Set-Cookie: ASPSESSIONIDCCSSQBCR=KCCNLOIBDGLAGKAEHJIMGMGO; path=/ /formpage.asp Details The POST variable ApprovalofAdvantagePointLearningasmySESProvider has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 838 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...tGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1933e mail@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-222-1 933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40email% 2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=JyI%3D &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:39 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=LCCNLOIBCHFHIIMAGPBBEKCH; path=/ Cache-control: private /formpage.asp Details The POST variable ApprovalofAdvantagePointLearningasmySESProvider has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 831 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...o&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-22 2-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=\" &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response Acunetix Website Audit 44

HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:50 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=JBDNLOIBKNLCFMOJNFCBGEDO; path=/ Cache-control: private /formpage.asp Details The POST variable ApprovalofAdvantagePointLearningasmySESProvider has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 833 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-2221933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40e mail%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=%00' &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:50 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=HBDNLOIBKDMNNMOJHEEKHIGM; path=/ Cache-control: private /formpage.asp Details The POST variable ApprovalofAdvantagePointLearningasmySESProvider has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 834 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) Acunetix Website Audit 45

...arentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=%2527 &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:50 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=KBDNLOIBJGGDDNPPCFILMACM; path=/ Cache-control: private /formpage.asp Details The POST variable ApprovalofAdvantagePointLearningasmySESProvider has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 823 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName= 111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPh one=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sa mple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=' &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:50 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=MBDNLOIBDKIAMKLLHDMMEMJL; path=/ Cache-control: private /formpage.asp Details The POST variable ApprovalofAdvantagePointLearningasmySESProvider has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 835 Acunetix Website Audit 46

Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-19 33email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=JyI%3D &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:50 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=LBDNLOIBLHOMGCLMLEKBKGIO; path=/ Cache-control: private /formpage.asp Details The POST variable ApprovalofAdvantagePointLearningasmySESProvider has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 832 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...arentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=%2527 &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:15 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=KPENLOIBDCGGLMOEBKADDNLC; path=/ Cache-control: private /formpage.asp Details The POST variable ApprovalofAdvantagePointLearningasmySESProvider has been set to \" . Acunetix Website Audit 47

Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 821 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ogram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastNam e=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWork Phone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email= sample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=\" &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:15 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=JPENLOIBPHADKNKNHOAJILAF; path=/ Cache-control: private /formpage.asp Details The POST variable ApprovalofAdvantagePointLearningasmySESProvider has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 825 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...m=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=JyI%3D &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:15 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Acunetix Website Audit 48

Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=MPENLOIBMIPJCLDAMONMPMOI; path=/ /formpage.asp Details The POST variable ApprovalofAdvantagePointLearningasmySESProvider has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 831 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-2221933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40e mail%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=%00' &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:15 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=NPENLOIBHBOKLNCDFEOGGLNL; path=/ Cache-control: private /formpage.asp Details The POST variable ApprovalofAdvantagePointLearningasmySESProvider has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 828 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...es&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-2 22-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=1 11-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample% 40email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=' &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Acunetix Website Audit 49

Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:15 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=LPENLOIBBBCPDFOGNKGHBLLH; path=/ Cache-control: private /formpage.asp Details The POST variable ApprovalofAdvantagePointLearningasmySESProvider has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 829 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...s&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-22 2-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=acunetix'" &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:15 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=IPENLOIBCHFMPINJNIEPEBMM; path=/ Cache-control: private /formpage.asp Details The POST variable ApprovalofAdvantagePointLearningasmySESProvider has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 824 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Acunetix Website Audit 50

(line truncated) ...am=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=1 11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=%2527 &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:15 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=EPENLOIBHOPEOPFFNHKHGDJG; path=/ Cache-control: private /formpage.asp Details The POST variable ApprovalofAdvantagePointLearningasmySESProvider has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 823 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName= 111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPh one=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sa mple%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=%00' &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:15 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=FPENLOIBIHEBNAHOLNACHOAI; path=/ Cache-control: private /formpage.asp Details The POST variable ApprovalofAdvantagePointLearningasmySESProvider has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Acunetix Website Audit 51

Host: www.advantagepoint.org Content-Length: 820 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rogram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastNa me=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWor kPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email =sample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=' &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:15 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=HPENLOIBEMPGAHEIDLHGHJDB; path=/ Cache-control: private /formpage.asp Details The POST variable ApprovalofAdvantagePointLearningasmySESProvider has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 821 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ogram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastNam e=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWork Phone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email= sample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=\' &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:15 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=GPENLOIBNKCNDGAAJIJJGLHD; path=/ Cache-control: private

Acunetix Website Audit

52

/formpage.asp Details The POST variable City has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 816 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...am=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:42 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=LHCNLOIBIKKDDMGFHNMNNPCG; path=/ Cache-control: private /formpage.asp Details The POST variable City has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 813 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...am=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Acunetix Website Audit 53

Connection: close Date: Thu, 21 Jun 2012 17:31:42 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=IHCNLOIBKAFNKDBONDEADCHO; path=/ /formpage.asp Details The POST variable City has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 817 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...am=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:42 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=MHCNLOIBOPAPAJJOAAGFOAKD; path=/ Cache-control: private /formpage.asp Details The POST variable City has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 827 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...s&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-2 Acunetix Website Audit 54

22-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=1 11-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample% 40email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=N o&ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@addres Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:42 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=AHCNLOIBDPNLHPNLBMFDEMAI; path=/ Cache-control: private /formpage.asp Details The POST variable City has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 822 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...am=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:42 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=OHCNLOIBGOAFBBHEDIFNHOIL; path=/ Cache-control: private /formpage.asp Details The POST variable City has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 822 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Acunetix Website Audit 55

Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...s&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-22 2-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:42 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=DHCNLOIBNNFEBMIMHBBLPBFG; path=/ Cache-control: private /formpage.asp Details The POST variable City has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 821 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...s&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-22 2-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:42 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=CHCNLOIBJFCCJDFFABKCNCME; path=/ Cache-control: private /formpage.asp Details The POST variable City has been set to \' . Request Acunetix Website Audit 56

POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 819 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...s&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-22 2-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:42 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=EHCNLOIBNGJCGGMPJGBBNKFB; path=/ Cache-control: private /formpage.asp Details The POST variable City has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 823 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...s&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-22 2-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:42 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Acunetix Website Audit 57

Set-Cookie: ASPSESSIONIDCCSSQBCR=GHCNLOIBAFMBOGABENDKBGKF; path=/ /formpage.asp Details The POST variable City has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 819 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...s&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-22 2-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:42 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=FHCNLOIBBALDMMPLHOGABLHL; path=/ Cache-control: private /formpage.asp Details The POST variable City has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 814 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...am=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response Acunetix Website Audit 58

HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:54 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=HFDNLOIBFGPMNBHPOHJIKJPK; path=/ Cache-control: private /formpage.asp Details The POST variable City has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 814 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ogram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName =111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkP hone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=s ample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:18 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=PDFNLOIBBKPLLOJFOLIAIMFD; path=/ Cache-control: private /formpage.asp Details The POST variable City has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 816 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) Acunetix Website Audit 59

...ram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=1 11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:54 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=IFDNLOIBOBBGKGOKLMLPIGJE; path=/ Cache-control: private /formpage.asp Details The POST variable City has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 813 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ogram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName =111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkP hone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=s ample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:19 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=AEFNLOIBHOMPKGAIPCONKKPA; path=/ Cache-control: private /formpage.asp Details The POST variable City has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 812 Acunetix Website Audit 60

Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=1 11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:54 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=KFDNLOIBBOKPEEFHAFIOFKJK; path=/ Cache-control: private /formpage.asp Details The POST variable City has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 829 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...arentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:18 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=KDFNLOIBEKJLGJKEHKGOFHDP; path=/ Cache-control: private /formpage.asp Details The POST variable City has been set to \' . Acunetix Website Audit 61

Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 821 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...arentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:18 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=LDFNLOIBCOHNLMGBCIJDFJGO; path=/ Cache-control: private /formpage.asp Details The POST variable City has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 825 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...arentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:18 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Acunetix Website Audit 62

Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=MDFNLOIBHLGLBJNNAMFKOFEP; path=/ /formpage.asp Details The POST variable City has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 821 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...arentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:18 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=NDFNLOIBNKACECOAKGEOGHCO; path=/ Cache-control: private /formpage.asp Details The POST variable City has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 810 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ogram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName =111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkP hone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=s ample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Acunetix Website Audit 63

Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:18 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=ODFNLOIBLMHGDEHKBEMAFDFO; path=/ Cache-control: private /formpage.asp Details The POST variable City has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 821 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=1 11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:54 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=DGDNLOIBJIBJFCAEIBODBPNO; path=/ Cache-control: private /formpage.asp Details The POST variable City has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 815 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Acunetix Website Audit 64

(line truncated) ...ram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=1 11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:54 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=BGDNLOIBKKMFBIOCEHJKMJID; path=/ Cache-control: private /formpage.asp Details The POST variable City has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 813 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=1 11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:54 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=FGDNLOIBAINMDOJHLMDCDGEP; path=/ Cache-control: private /formpage.asp Details The POST variable City has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Acunetix Website Audit 65

Host: www.advantagepoint.org Content-Length: 813 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=1 11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:54 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=HGDNLOIBMFIKFKPDJKCDCELJ; path=/ Cache-control: private /formpage.asp Details The POST variable City has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 817 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=1 11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:54 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=GGDNLOIBDBDKFKJFNMBBBMCA; path=/ Cache-control: private

Acunetix Website Audit

66

/formpage.asp Details The POST variable City has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 819 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ogram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName =111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkP hone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=s ample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:19 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=BEFNLOIBGNGIFFMPMLKJPHJM; path=/ Cache-control: private /formpage.asp Details The POST variable City has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 811 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ogram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName =111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkP hone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=s ample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Acunetix Website Audit 67

Connection: close Date: Thu, 21 Jun 2012 17:32:19 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=CEFNLOIBIBAJKNBDDPKCDGHG; path=/ /formpage.asp Details The POST variable City has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 811 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ogram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName =111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkP hone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=s ample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:19 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=DEFNLOIBOKGKAJBHGJHHHDPA; path=/ Cache-control: private /formpage.asp Details The POST variable City has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 818 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...am=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=1 Acunetix Website Audit 68

11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Ye s&ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@addres Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:54 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=AGDNLOIBIMIKAFMHIJADHAGL; path=/ Cache-control: private /formpage.asp Details The POST variable City has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 814 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...am=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:54 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=PFDNLOIBBCKHNCEFADHHHHIN; path=/ Cache-control: private /formpage.asp Details The POST variable City has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 826 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Acunetix Website Audit 69

Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-19 33email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:07 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=OEENLOIBFFDACKGANIOKONKO; path=/ Cache-control: private /formpage.asp Details The POST variable City has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 822 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-19 33email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:06 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=NEENLOIBNECPCBBNENCMFELD; path=/ Cache-control: private /formpage.asp Details The POST variable City has been set to ' . Request Acunetix Website Audit 70

POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 820 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...arentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:07 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=PEENLOIBGCKFNIJPADCOFBOK; path=/ Cache-control: private /formpage.asp Details The POST variable City has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 823 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...arentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:07 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Acunetix Website Audit 71

Set-Cookie: ASPSESSIONIDCCSSQBCR=BFENLOIBFGJMAANPEEDLAPBD; path=/ /formpage.asp Details The POST variable City has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 824 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...arentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:07 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=AFENLOIBGHCGDAMHBMLGHCLI; path=/ Cache-control: private /formpage.asp Details The POST variable City has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 825 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-19 33email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response Acunetix Website Audit 72

HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:06 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=LEENLOIBIJNCLGABMOFAEOOH; path=/ Cache-control: private /formpage.asp Details The POST variable City has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 830 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-19 33email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:06 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=KEENLOIBCJELKFPHAJPFIOGL; path=/ Cache-control: private /formpage.asp Details The POST variable City has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 824 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) Acunetix Website Audit 73

...rentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-19 33email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:06 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=JEENLOIBMPCGFGDMJBLCKFAH; path=/ Cache-control: private /formpage.asp Details The POST variable City has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 821 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-19 33email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:06 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=HEENLOIBNAPKDKCJHCHMJNNE; path=/ Cache-control: private /formpage.asp Details The POST variable City has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 822 Acunetix Website Audit 74

Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-19 33email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:06 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=IEENLOIBCKBCENIFKOOONFIB; path=/ Cache-control: private /formpage.asp Details The POST variable ElectronicSignature has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 799 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eading&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.t st&ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933emai l@address.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933 email@address.tst&email=sample%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePoin tLearningasmySESProvider=Yes&ElectronicSignature='&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:54 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=JFDNLOIBGCCFEEEJGMHCBNIB; path=/ Cache-control: private /formpage.asp Details The POST variable ElectronicSignature has been set to ' . Acunetix Website Audit 75

Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 806 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Pare ntGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@addre ss.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@a ddress.tst&email=sample%40email%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePoi ntLearningasmySESProvider=No&ElectronicSignature='&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:17 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=GCFNLOIBKANNBJFMIJOLOFKJ; path=/ Cache-control: private /formpage.asp Details The POST variable ElectronicSignature has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 811 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...educedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGua rdianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.ts t&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@addres s.tst&email=sample%40email%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLea rningasmySESProvider=Yes&ElectronicSignature=%2527&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:17 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Acunetix Website Audit 76

Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=ICFNLOIBFFBOAKNDJKFHPGII; path=/ /formpage.asp Details The POST variable ElectronicSignature has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 805 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...&FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Pa rentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@add ress.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email @address.tst&email=sample%40email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePoin tLearningasmySESProvider=Yes&ElectronicSignature='&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:39 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=FDCNLOIBLGMLCJHHNCENJOFL; path=/ Cache-control: private /formpage.asp Details The POST variable ElectronicSignature has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 797 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...=Reading&FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@addres s.tst&ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933e mail@address.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1 933email@address.tst&email=sample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePoin tLearningasmySESProvider=No&ElectronicSignature=\"&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Acunetix Website Audit 77

Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:39 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=EDCNLOIBAIKEPBAPFHDMAPOB; path=/ Cache-control: private /formpage.asp Details The POST variable ElectronicSignature has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 801 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ding&FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.ts t&ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email @address.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933e mail@address.tst&email=sample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLea rningasmySESProvider=No&ElectronicSignature=JyI%3D&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:39 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=GDCNLOIBCHMGCOJCLKAJANBB; path=/ Cache-control: private /formpage.asp Details The POST variable ElectronicSignature has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 808 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Acunetix Website Audit 78

(line truncated) ...eeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Parent GuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address .tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@add ress.tst&email=sample%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearning asmySESProvider=Yes&ElectronicSignature=acunetix'"&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:51 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=JCDNLOIBCFPHMEPMDNLKIDCK; path=/ Cache-control: private /formpage.asp Details The POST variable ElectronicSignature has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 810 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGu ardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.t st&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@addre ss.tst&email=sample%40email%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLe arningasmySESProvider=No&ElectronicSignature=%2527&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:17 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=KCFNLOIBHIAGMLPJECOCDDLD; path=/ Cache-control: private /formpage.asp Details The POST variable ElectronicSignature has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Acunetix Website Audit 79

Host: www.advantagepoint.org Content-Length: 816 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...dLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardian LastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&Par entWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst &email=sample%40email%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearning asmySESProvider=Yes&ElectronicSignature=acunetix'"&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:17 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=LCFNLOIBIPEDMILBELFIALHA; path=/ Cache-control: private /formpage.asp Details The POST variable ElectronicSignature has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 808 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Paren tGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@addres s.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@ad dress.tst&email=sample%40email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLe arningasmySESProvider=No&ElectronicSignature=%2527&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:51 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=PBDNLOIBNFMCKNPNAJALOGPF; path=/ Cache-control: private

Acunetix Website Audit

80

/formpage.asp Details The POST variable ElectronicSignature has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 807 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...reeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Paren tGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@addres s.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@ad dress.tst&email=sample%40email%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePoin tLearningasmySESProvider=Yes&ElectronicSignature='&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:17 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=JCFNLOIBIOBKLECIEODBOCMN; path=/ Cache-control: private /formpage.asp Details The POST variable ElectronicSignature has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 808 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Parent GuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address .tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@add ress.tst&email=sample%40email%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePoint LearningasmySESProvider=Yes&ElectronicSignature=\'&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Acunetix Website Audit 81

Connection: close Date: Thu, 21 Jun 2012 17:32:17 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=OCFNLOIBBMLGGAPLEBCNHNFE; path=/ /formpage.asp Details The POST variable ElectronicSignature has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 809 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentG uardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address. tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@addr ess.tst&email=sample%40email%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointL earningasmySESProvider=No&ElectronicSignature=%00'&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:18 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=PCFNLOIBKAEMNEAJEDNHILBB; path=/ Cache-control: private /formpage.asp Details The POST variable ElectronicSignature has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 812 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGua Acunetix Website Audit 82

rdianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.ts t&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@addres s.tst&email=sample%40email%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLea rningasmySESProvider=Yes&ElectronicSignature=JyI%3D&FormAction=111-222-1933email@addres Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:17 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=MCFNLOIBPGMFIBIJGADABCPO; path=/ Cache-control: private /formpage.asp Details The POST variable ElectronicSignature has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 808 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Parent GuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address .tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@add ress.tst&email=sample%40email%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePoint LearningasmySESProvider=Yes&ElectronicSignature=\"&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:17 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=NCFNLOIBGBFLDEIACAFOKCGK; path=/ Cache-control: private /formpage.asp Details The POST variable ElectronicSignature has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 813 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Acunetix Website Audit 83

Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ucedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuar dianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst &ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address .tst&email=sample%40email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearnin gasmySESProvider=No&ElectronicSignature=acunetix'"&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:51 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=FCDNLOIBIPGDHCBCEGFJIECA; path=/ Cache-control: private /formpage.asp Details The POST variable ElectronicSignature has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 805 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...&FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Pa rentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@add ress.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email @address.tst&email=sample%40email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePoin tLearningasmySESProvider=No&ElectronicSignature=\'&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:51 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=ECDNLOIBKLECEBIENCLAOIEC; path=/ Cache-control: private /formpage.asp Details The POST variable ElectronicSignature has been set to %00' . Request Acunetix Website Audit 84

POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 802 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ing&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst& ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@a ddress.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933ema il@address.tst&email=sample%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLe arningasmySESProvider=Yes&ElectronicSignature=%00'&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:51 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=HCDNLOIBOHEFACNBCKKCCEME; path=/ Cache-control: private /formpage.asp Details The POST variable ElectronicSignature has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 803 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ng&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&P arentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@ad dress.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933emai l@address.tst&email=sample%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLea rningasmySESProvider=Yes&ElectronicSignature=%2527&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:51 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Acunetix Website Audit 85

Set-Cookie: ASPSESSIONIDCCSSQBCR=GCDNLOIBDOLIHBJACFJHDDPF; path=/ /formpage.asp Details The POST variable ElectronicSignature has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 807 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...reeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Pare ntGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@addre ss.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@a ddress.tst&email=sample%40email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointL earningasmySESProvider=No&ElectronicSignature=%00'&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:51 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=BCDNLOIBCJBGBDCKHPOEDMDF; path=/ Cache-control: private /formpage.asp Details The POST variable ElectronicSignature has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 810 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGu ardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.t st&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@addre ss.tst&email=sample%40email%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLe arningasmySESProvider=Yes&ElectronicSignature=%00'&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response Acunetix Website Audit 86

HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:17 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=HCFNLOIBJLAPIBLPLBNJHBBL; path=/ Cache-control: private /formpage.asp Details The POST variable ElectronicSignature has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 809 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Parent GuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address .tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@add ress.tst&email=sample%40email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLea rningasmySESProvider=No&ElectronicSignature=JyI%3D&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:51 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=DCDNLOIBNEMFKGDOPMILMJMC; path=/ Cache-control: private /formpage.asp Details The POST variable ElectronicSignature has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 805 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) Acunetix Website Audit 87

...&FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Pa rentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@add ress.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email @address.tst&email=sample%40email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePoin tLearningasmySESProvider=No&ElectronicSignature=\"&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:51 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=CCDNLOIBHKPEILALGEHOOPAN; path=/ Cache-control: private /formpage.asp Details The POST variable ElectronicSignature has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 814 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...cedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuard ianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst& ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address. tst&email=sample%40email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearning asmySESProvider=Yes&ElectronicSignature=acunetix'"&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:39 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=JDCNLOIBAIAKJPDONHKIPMEB; path=/ Cache-control: private /formpage.asp Details The POST variable ElectronicSignature has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 806 Acunetix Website Audit 88

Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Par entGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@addr ess.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@ address.tst&email=sample%40email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePoint LearningasmySESProvider=Yes&ElectronicSignature=\'&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:39 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=LDCNLOIBGDCAELKIKOJKIGKF; path=/ Cache-control: private /formpage.asp Details The POST variable ElectronicSignature has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 809 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Parent GuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address .tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@add ress.tst&email=sample%40email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLea rningasmySESProvider=Yes&ElectronicSignature=%2527&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:39 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=IDCNLOIBDPNJHIBIDDBLBKPC; path=/ Cache-control: private /formpage.asp Details The POST variable ElectronicSignature has been set to %00' . Acunetix Website Audit 89

Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 808 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Paren tGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@addres s.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@ad dress.tst&email=sample%40email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLe arningasmySESProvider=Yes&ElectronicSignature=%00'&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:39 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=HDCNLOIBNGICKACLADNGLOMH; path=/ Cache-control: private /formpage.asp Details The POST variable ElectronicSignature has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 806 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Par entGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@addr ess.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@ address.tst&email=sample%40email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePoint LearningasmySESProvider=Yes&ElectronicSignature=\"&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:39 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Acunetix Website Audit 90

Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=KDCNLOIBKOGBMMDLFCJGOBDN; path=/ /formpage.asp Details The POST variable ElectronicSignature has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 810 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentG uardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address. tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@addr ess.tst&email=sample%40email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLear ningasmySESProvider=Yes&ElectronicSignature=JyI%3D&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:39 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=MDCNLOIBAHOAGNFBMDOHDOIE; path=/ Cache-control: private /formpage.asp Details The POST variable ElectronicSignature has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 803 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ng&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&P arentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@ad dress.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933emai l@address.tst&email=sample%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLea rningasmySESProvider=No&ElectronicSignature=JyI%3D&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Acunetix Website Audit 91

Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:06 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=NDENLOIBADBCJJGPDOPDKBGM; path=/ Cache-control: private /formpage.asp Details The POST variable ElectronicSignature has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 799 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eading&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.t st&ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933emai l@address.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933 email@address.tst&email=sample%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePoin tLearningasmySESProvider=No&ElectronicSignature=\'&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:06 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=PDENLOIBGJDNLBEOCCAPOLDG; path=/ Cache-control: private /formpage.asp Details The POST variable ElectronicSignature has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 804 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Acunetix Website Audit 92

(line truncated) ...g&FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&P arentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@ad dress.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933emai l@address.tst&email=sample%40email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePoi ntLearningasmySESProvider=No&ElectronicSignature='&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:39 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=NDCNLOIBFLIEFEBPEKCIDEAG; path=/ Cache-control: private /formpage.asp Details The POST variable ElectronicSignature has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 800 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ading&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.ts t&ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email @address.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933e mail@address.tst&email=sample%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePoint LearningasmySESProvider=Yes&ElectronicSignature=\"&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:05 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=ADENLOIBCMAPDMJPCKELNPEH; path=/ Cache-control: private /formpage.asp Details The POST variable ElectronicSignature has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Acunetix Website Audit 93

Host: www.advantagepoint.org Content-Length: 801 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ding&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst &ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@ address.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933em ail@address.tst&email=sample%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointL earningasmySESProvider=No&ElectronicSignature=%00'&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:05 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=JDENLOIBCPFDKAKKPAHEOKHA; path=/ Cache-control: private /formpage.asp Details The POST variable ElectronicSignature has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 802 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ing&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst& ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@a ddress.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933ema il@address.tst&email=sample%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLe arningasmySESProvider=No&ElectronicSignature=%2527&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:05 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=IDENLOIBNKAOCBODJIECCKDH; path=/ Cache-control: private

Acunetix Website Audit

94

/formpage.asp Details The POST variable ElectronicSignature has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 799 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eading&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.t st&ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933emai l@address.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933 email@address.tst&email=sample%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePoin tLearningasmySESProvider=No&ElectronicSignature=\"&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:06 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=LDENLOIBJELHPAOIOKLGIHGJ; path=/ Cache-control: private /formpage.asp Details The POST variable ElectronicSignature has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 807 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...reeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Paren tGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@addres s.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@ad dress.tst&email=sample%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearnin gasmySESProvider=No&ElectronicSignature=acunetix'"&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Acunetix Website Audit 95

Connection: close Date: Thu, 21 Jun 2012 17:32:06 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=KDENLOIBFFMNODPEGNDALCMN; path=/ /formpage.asp Details The POST variable ElectronicSignature has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 800 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ading&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.ts t&ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email @address.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933e mail@address.tst&email=sample%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePoint LearningasmySESProvider=Yes&ElectronicSignature=\'&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:05 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=CDENLOIBEPAGIDECBMKPMLDK; path=/ Cache-control: private /formpage.asp Details The POST variable ElectronicSignature has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 804 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...g&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&P Acunetix Website Audit 96

arentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@ad dress.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933emai l@address.tst&email=sample%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLea rningasmySESProvider=Yes&ElectronicSignature=JyI%3D&FormAction=111-222-1933email@addres Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:05 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=DDENLOIBGOPBBOHFGPIDDCDD; path=/ Cache-control: private /formpage.asp Details The POST variable ElectronicSignature has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 798 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...Reading&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address. tst&ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933ema il@address.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-193 3email@address.tst&email=sample%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePoi ntLearningasmySESProvider=No&ElectronicSignature='&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:05 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=HDENLOIBIGMNIDIPEHNEADFO; path=/ Cache-control: private /formpage.asp Details The POST variable email has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 815 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Acunetix Website Audit 97

Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...edLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardia nLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&Pa rentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.ts t&email='&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:13 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=BNENLOIBLLIEDPILIANDBJIK; path=/ Cache-control: private /formpage.asp Details The POST variable email has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 808 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Parent GuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address .tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@add ress.tst&email='&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:49 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=GPCNLOIBDMBGJBCBLCENGPHG; path=/ Cache-control: private /formpage.asp Details The POST variable email has been set to %00' . Request Acunetix Website Audit 98

POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 816 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...dLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardia nLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&Pa rentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.ts t&email=%00'&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:49 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=IPCNLOIBALCAJGMLBEGPPLHG; path=/ Cache-control: private /formpage.asp Details The POST variable email has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 817 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...LunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianL astName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&Pare ntWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst& email=\"&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:13 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Acunetix Website Audit 99

Set-Cookie: ASPSESSIONIDCCSSQBCR=ANENLOIBIIHOAAGCCDLHBKPI; path=/ /formpage.asp Details The POST variable email has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 817 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...LunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianL astName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&Pare ntWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst& email=\'&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:13 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=OMENLOIBHHFFIEINFKAEKHMO; path=/ Cache-control: private /formpage.asp Details The POST variable email has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 821 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...hProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastN ame=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWo rkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&emai l=JyI%3D&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response Acunetix Website Audit 100

HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:13 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=PMENLOIBKDLAGEHBMPAALBIM; path=/ Cache-control: private /formpage.asp Details The POST variable email has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 819 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...nchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLas tName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&Parent WorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&em ail=%2527&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:13 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=DNENLOIBNLMIBLLOKNKAGBJG; path=/ Cache-control: private /formpage.asp Details The POST variable email has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 817 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) Acunetix Website Audit 101

...LunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardian LastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&Par entWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst &email=%2527&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:49 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=JPCNLOIBHBAPCFAMAAGCLKLC; path=/ Cache-control: private /formpage.asp Details The POST variable email has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 814 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...cedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuard ianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst& ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address. tst&email=\"&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:49 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=OPCNLOIBIOOMAACMKMHCDEIE; path=/ Cache-control: private /formpage.asp Details The POST variable email has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 811 Acunetix Website Audit 102

Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...educedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGua rdianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.ts t&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@addres s.tst&email=%00'&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:49 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=PPCNLOIBGKBPJNLOEKHEKPCD; path=/ Cache-control: private /formpage.asp Details The POST variable email has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 817 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...LunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianL astName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&Pare ntWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst& email=acunetix'"&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:49 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=CADNLOIBDKMDFDNMKOFGAPMO; path=/ Cache-control: private /formpage.asp Details The POST variable email has been set to JyI%3D . Acunetix Website Audit 103

Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 818 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...unchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianL astName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&Pare ntWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst& email=JyI%3D&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:49 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=NPCNLOIBDNOFPOECMDGAHPGA; path=/ Cache-control: private /formpage.asp Details The POST variable email has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 822 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...Program=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastN ame=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWo rkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&emai l=acunetix'"&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:49 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Acunetix Website Audit 104

Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=KPCNLOIBFGIMJAJJMGJOADNO; path=/ /formpage.asp Details The POST variable email has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 814 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...cedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuard ianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst& ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address. tst&email=\'&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:49 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=LPCNLOIBGLPAFEHEHEOEABEL; path=/ Cache-control: private /formpage.asp Details The POST variable email has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 812 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuar dianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst &ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address .tst&email=%2527&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Acunetix Website Audit 105

Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:49 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=MPCNLOIBMLOLFOBPBMBCLLKL; path=/ Cache-control: private /formpage.asp Details The POST variable email has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 825 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...gram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName= 111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPh one=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=ac unetix'"&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:13 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=NMENLOIBCGPKEHCFMHBKFMBM; path=/ Cache-control: private /formpage.asp Details The POST variable email has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 818 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Acunetix Website Audit 106

(line truncated) ...unchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLa stName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&Paren tWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&e mail=%00'&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:13 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=GNENLOIBLANFNLDIIAHJIJIA; path=/ Cache-control: private /formpage.asp Details The POST variable email has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 811 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...educedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGua rdianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.ts t&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@addres s.tst&email=%2527&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:01 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=HODNLOIBKJCAALBLIFDGCHKP; path=/ Cache-control: private /formpage.asp Details The POST variable email has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Acunetix Website Audit 107

Host: www.advantagepoint.org Content-Length: 810 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGu ardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.t st&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@addre ss.tst&email=%00'&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:01 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=IODNLOIBOMHPBMHDCEKHKALF; path=/ Cache-control: private /formpage.asp Details The POST variable email has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 819 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...nchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLa stName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&Paren tWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&e mail=JyI%3D&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:37 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=KACNLOIBKGNFHIFMCPJGHDPI; path=/ Cache-control: private

Acunetix Website Audit

108

/formpage.asp Details The POST variable email has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 813 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ucedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuar dianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst &ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address .tst&email='&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:37 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=ABCNLOIBKNCEJEMJNOHLKEPL; path=/ Cache-control: private /formpage.asp Details The POST variable email has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 809 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentG uardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address. tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@addr ess.tst&email=\'&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Acunetix Website Audit 109

Connection: close Date: Thu, 21 Jun 2012 17:32:01 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=CODNLOIBNBKLAHLBHFILIEIO; path=/ /formpage.asp Details The POST variable email has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 808 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Parent GuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address .tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@add ress.tst&email=\'&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:01 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=LODNLOIBLEBPECPPDEMEJOGH; path=/ Cache-control: private /formpage.asp Details The POST variable email has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 808 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Paren Acunetix Website Audit 110

tGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@addres s.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@ad dress.tst&email=\"&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=N o&ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@addres Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:01 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=NODNLOIBCIEFKDOGGDIOLOAN; path=/ Cache-control: private /formpage.asp Details The POST variable email has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 812 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuar dianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst &ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address .tst&email=JyI%3D&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:01 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=MODNLOIBCGDMPPHDEDGGPLFL; path=/ Cache-control: private /formpage.asp Details The POST variable email has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 813 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Acunetix Website Audit 111

Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ucedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuard ianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst& ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address. tst&email=JyI%3D&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:01 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=JODNLOIBLKNMHKFNKKHCMLLP; path=/ Cache-control: private /formpage.asp Details The POST variable email has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 809 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentG uardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address. tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@addr ess.tst&email=\"&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:01 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=AODNLOIBGJMDHMJMDOOLFGHE; path=/ Cache-control: private /formpage.asp Details The POST variable email has been set to ' . Request Acunetix Website Audit 112

POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 807 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...reeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Paren tGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@addres s.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@ad dress.tst&email='&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:01 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=EODNLOIBJNCMJMPPAGMMAPIM; path=/ Cache-control: private /formpage.asp Details The POST variable email has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 806 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Par entGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@addr ess.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@ address.tst&email=\"&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:37 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Acunetix Website Audit 113

Set-Cookie: ASPSESSIONIDCCSSQBCR=CACNLOIBHPEJIJPBCKBPOMOE; path=/ /formpage.asp Details The POST variable email has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 816 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...dLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardian LastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&Par entWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst &email=acunetix'"&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:01 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=KODNLOIBKLOFEFGDFEMDKELG; path=/ Cache-control: private /formpage.asp Details The POST variable email has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 810 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentG uardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address. tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@addr ess.tst&email=JyI%3D&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response Acunetix Website Audit 114

HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:37 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=DACNLOIBFIMMIMCBPOBOIGCM; path=/ Cache-control: private /formpage.asp Details The POST variable email has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 819 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...nchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLas tName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&Parent WorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&em ail=%00'&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:13 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=MMENLOIBMINOKBDONGJPPBBN; path=/ Cache-control: private /formpage.asp Details The POST variable email has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 816 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) Acunetix Website Audit 115

...dLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardian LastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&Par entWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst &email='&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:13 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=KMENLOIBEBGKHEOHMEPBOEHP; path=/ Cache-control: private /formpage.asp Details The POST variable email has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 820 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...chProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLast Name=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentW orkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&ema il=%2527&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:13 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=IMENLOIBGFMKJOEBPMAOMNOA; path=/ Cache-control: private /formpage.asp Details The POST variable email has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 818 Acunetix Website Audit 116

Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...unchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianL astName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&Pare ntWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst& email=%2527&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:37 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=EACNLOIBBKNFNJDMCGNOMDEN; path=/ Cache-control: private /formpage.asp Details The POST variable email has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 815 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...edLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardi anLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&P arentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.t st&email=\"&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:37 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=HACNLOIBKNBJDGEIJGMEABDF; path=/ Cache-control: private /formpage.asp Details The POST variable email has been set to ' . Acunetix Website Audit 117

Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 814 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...cedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuard ianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst& ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address. tst&email='&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:37 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=IACNLOIBHJMPAJJGHHOGMCKD; path=/ Cache-control: private /formpage.asp Details The POST variable email has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 823 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rogram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastNa me=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWor kPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email =acunetix'"&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:37 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Acunetix Website Audit 118

Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=JACNLOIBNCGFJFPPAMMJBDMJ; path=/ /formpage.asp Details The POST variable email has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 817 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...LunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardian LastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&Par entWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst &email=%00'&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:37 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=FACNLOIBCNBMEFOOPAPKDFCC; path=/ Cache-control: private /formpage.asp Details The POST variable email has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 815 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...edLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardi anLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&P arentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.t st&email=\'&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Acunetix Website Audit 119

Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:37 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=GACNLOIBEENLGMJECNMHCEHM; path=/ Cache-control: private /formpage.asp Details The POST variable FormAction has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 797 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...=Reading&FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@addres s.tst&ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933e mail@address.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1 933email@address.tst&email=sample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePoin tLearningasmySESProvider=No&ElectronicSignature=111-222-1933email@address.tst&FormAction =\"&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:39 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=ODCNLOIBDIENJCJGNGGDLAEL; path=/ Cache-control: private /formpage.asp Details The POST variable FormAction has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 804 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Acunetix Website Audit 120

(line truncated) ...g&FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&P arentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@ad dress.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933emai l@address.tst&email=sample%40email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePoi ntLearningasmySESProvider=No&ElectronicSignature=111-222-1933email@address.tst&FormActi Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:40 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=FECNLOIBOKPKILDBCBJADABH; path=/ Cache-control: private /formpage.asp Details The POST variable FormAction has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 806 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Par entGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@addr ess.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@ address.tst&email=sample%40email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePoint LearningasmySESProvider=Yes&ElectronicSignature=111-222-1933email@address.tst&FormAction =\'&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:40 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=EECNLOIBGFJPJFMPPBGNNALI; path=/ Cache-control: private /formpage.asp Details The POST variable FormAction has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Acunetix Website Audit 121

Host: www.advantagepoint.org Content-Length: 806 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Par entGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@addr ess.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@ address.tst&email=sample%40email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePoint LearningasmySESProvider=Yes&ElectronicSignature=111-222-1933email@address.tst&FormActio Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:40 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=HECNLOIBLCDODPPCKIDANPPL; path=/ Cache-control: private /formpage.asp Details The POST variable FormAction has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 810 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentG uardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address. tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@addr ess.tst&email=sample%40email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLear ningasmySESProvider=Yes&ElectronicSignature=111-222-1933email@address.tst&FormAction=JyI %3D&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:40 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=GECNLOIBMNCPKIEDJLKHEFIC; path=/ Cache-control: private

Acunetix Website Audit

122

/formpage.asp Details The POST variable FormAction has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 814 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...cedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuard ianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst& ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address. tst&email=sample%40email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearning asmySESProvider=Yes&ElectronicSignature=111-222-1933email@address.tst&FormAction=acuneti x'"&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:40 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=DECNLOIBLAMHGLPLPOKHOBOF; path=/ Cache-control: private /formpage.asp Details The POST variable FormAction has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 801 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ding&FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.ts t&ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email @address.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933e mail@address.tst&email=sample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLea rningasmySESProvider=No&ElectronicSignature=111-222-1933email@address.tst&FormAction=JyI %3D&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Acunetix Website Audit 123

Connection: close Date: Thu, 21 Jun 2012 17:31:39 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=AECNLOIBLBNJGOELOLJLFJND; path=/ /formpage.asp Details The POST variable FormAction has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 805 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...&FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Pa rentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@add ress.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email @address.tst&email=sample%40email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePoin tLearningasmySESProvider=Yes&ElectronicSignature=111-222-1933email@address.tst&FormActio n='&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:39 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=PDCNLOIBHNDLKIFNOFLFILFL; path=/ Cache-control: private /formpage.asp Details The POST variable FormAction has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 808 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Pare Acunetix Website Audit 124

ntGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@addre ss.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@a ddress.tst&email=sample%40email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointL earningasmySESProvider=Yes&ElectronicSignature=111-222-1933email@address.tst&FormAction Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:40 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=CECNLOIBAHCFKIJAEGKMJKCG; path=/ Cache-control: private /formpage.asp Details The POST variable FormAction has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 809 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Parent GuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address .tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@add ress.tst&email=sample%40email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLea rningasmySESProvider=Yes&ElectronicSignature=111-222-1933email@address.tst&FormAction=%2 527&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:40 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=BECNLOIBOAIGOHICBGNMJADG; path=/ Cache-control: private /formpage.asp Details The POST variable FormAction has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 803 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Acunetix Website Audit 125

Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ng&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&P arentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@ad dress.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933emai l@address.tst&email=sample%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLea rningasmySESProvider=No&ElectronicSignature=111-222-1933email@address.tst&FormAction=Jy Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:03 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=FBENLOIBBAHHBADGEALOEPDE; path=/ Cache-control: private /formpage.asp Details The POST variable FormAction has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 798 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...Reading&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address. tst&ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933ema il@address.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-193 3email@address.tst&email=sample%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePoi ntLearningasmySESProvider=No&ElectronicSignature=111-222-1933email@address.tst&FormActio n='&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:03 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=BBENLOIBOOPHDFCIDGKFEPHK; path=/ Cache-control: private /formpage.asp Details The POST variable FormAction has been set to %2527 . Request Acunetix Website Audit 126

POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 802 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ing&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst& ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@a ddress.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933ema il@address.tst&email=sample%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLe arningasmySESProvider=No&ElectronicSignature=111-222-1933email@address.tst&FormAction=%2 527&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:03 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=DBENLOIBDMHBJOFKCDMBHFOK; path=/ Cache-control: private /formpage.asp Details The POST variable FormAction has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 807 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...reeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Paren tGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@addres s.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@ad dress.tst&email=sample%40email%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePoin tLearningasmySESProvider=Yes&ElectronicSignature=111-222-1933email@address.tst&FormActio n='&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:15 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Acunetix Website Audit 127

Set-Cookie: ASPSESSIONIDCCSSQBCR=PPENLOIBDGLMJHFIAMKGKBPH; path=/ /formpage.asp Details The POST variable FormAction has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 810 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGu ardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.t st&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@addre ss.tst&email=sample%40email%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLe arningasmySESProvider=Yes&ElectronicSignature=111-222-1933email@address.tst&FormAction=% 00'&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:15 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=AAFNLOIBMFCAFIKNDFCNOICD; path=/ Cache-control: private /formpage.asp Details The POST variable FormAction has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 816 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...dLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardian LastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&Par entWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst &email=sample%40email%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearning asmySESProvider=Yes&ElectronicSignature=111-222-1933email@address.tst&FormAction=acuneti x'"&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response Acunetix Website Audit 128

HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:15 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=CAFNLOIBNHNIIHDJJHOENGLB; path=/ Cache-control: private /formpage.asp Details The POST variable FormAction has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 808 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Parent GuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address .tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@add ress.tst&email=sample%40email%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePoint LearningasmySESProvider=Yes&ElectronicSignature=111-222-1933email@address.tst&FormAction =\"&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:15 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=BAFNLOIBPMJNAJAELCHOCEBC; path=/ Cache-control: private /formpage.asp Details The POST variable FormAction has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 807 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) Acunetix Website Audit 129

...reeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Paren tGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@addres s.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@ad dress.tst&email=sample%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearnin gasmySESProvider=No&ElectronicSignature=111-222-1933email@address.tst&FormAction=acunet Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:03 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=PAENLOIBBEJDOMMAIKDMHECP; path=/ Cache-control: private /formpage.asp Details The POST variable FormAction has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 799 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eading&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.t st&ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933emai l@address.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933 email@address.tst&email=sample%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePoin tLearningasmySESProvider=No&ElectronicSignature=111-222-1933email@address.tst&FormAction =\"&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:03 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=EBENLOIBDEJPHNBPBBENBPCE; path=/ Cache-control: private /formpage.asp Details The POST variable FormAction has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 811 Acunetix Website Audit 130

Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...educedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGua rdianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.ts t&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@addres s.tst&email=sample%40email%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLea rningasmySESProvider=Yes&ElectronicSignature=111-222-1933email@address.tst&FormAction=% Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:15 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=OPENLOIBMFLDMOOJBHGFMMMG; path=/ Cache-control: private /formpage.asp Details The POST variable FormAction has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 800 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ading&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.ts t&ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email @address.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933e mail@address.tst&email=sample%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePoint LearningasmySESProvider=Yes&ElectronicSignature=111-222-1933email@address.tst&FormAction =\'&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:03 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=MAENLOIBEJNPODGOPKLCGFIM; path=/ Cache-control: private /formpage.asp Details The POST variable FormAction has been set to \" . Acunetix Website Audit 131

Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 800 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ading&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.ts t&ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email @address.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933e mail@address.tst&email=sample%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePoint LearningasmySESProvider=Yes&ElectronicSignature=111-222-1933email@address.tst&FormAction =\"&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:03 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=NAENLOIBHGAMHLHJLBJBLAFA; path=/ Cache-control: private /formpage.asp Details The POST variable FormAction has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 799 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eading&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.t st&ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933emai l@address.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933 email@address.tst&email=sample%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePoin tLearningasmySESProvider=No&ElectronicSignature=111-222-1933email@address.tst&FormAction =\'&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:03 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Acunetix Website Audit 132

Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=CBENLOIBIIJMCKBFOCIHHFJP; path=/ /formpage.asp Details The POST variable FormAction has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 804 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...g&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Pa rentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@add ress.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email @address.tst&email=sample%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLear ningasmySESProvider=Yes&ElectronicSignature=111-222-1933email@address.tst&FormAction=JyI %3D&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:03 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=ABENLOIBJLMCDOEGLKGJPNIP; path=/ Cache-control: private /formpage.asp Details The POST variable FormAction has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 801 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ding&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst &ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@ address.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933em ail@address.tst&email=sample%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointL earningasmySESProvider=No&ElectronicSignature=111-222-1933email@address.tst&FormAction=% 00'&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Acunetix Website Audit 133

Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:03 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=OAENLOIBFDINJJDJCDGDHNID; path=/ Cache-control: private /formpage.asp Details The POST variable FormAction has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 805 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...&FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Pa rentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@add ress.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email @address.tst&email=sample%40email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePoin tLearningasmySESProvider=No&ElectronicSignature=111-222-1933email@address.tst&FormAction =\"&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:51 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=NCDNLOIBKDGJKEGAAFELFCKG; path=/ Cache-control: private /formpage.asp Details The POST variable FormAction has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 799 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Acunetix Website Audit 134

(line truncated) ...eading&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.t st&ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933emai l@address.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933 email@address.tst&email=sample%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePoin tLearningasmySESProvider=Yes&ElectronicSignature=111-222-1933email@address.tst&FormActi Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:51 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=OCDNLOIBKLJODAHBDKBFNHNF; path=/ Cache-control: private /formpage.asp Details The POST variable FormAction has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 813 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ucedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuar dianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst &ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address .tst&email=sample%40email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearnin gasmySESProvider=No&ElectronicSignature=111-222-1933email@address.tst&FormAction=acuneti x'"&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:51 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=PCDNLOIBALMAGNPEPDPAOGEE; path=/ Cache-control: private /formpage.asp Details The POST variable FormAction has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Acunetix Website Audit 135

Host: www.advantagepoint.org Content-Length: 809 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Parent GuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address .tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@add ress.tst&email=sample%40email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLea rningasmySESProvider=No&ElectronicSignature=111-222-1933email@address.tst&FormAction=Jy Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:51 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=MCDNLOIBNEBPIPHHPFAOPEDF; path=/ Cache-control: private /formpage.asp Details The POST variable FormAction has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 805 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...&FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Pa rentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@add ress.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email @address.tst&email=sample%40email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePoin tLearningasmySESProvider=No&ElectronicSignature=111-222-1933email@address.tst&FormAction =\'&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:51 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=ICDNLOIBNFAFLIIEGPGDLGMJ; path=/ Cache-control: private

Acunetix Website Audit

136

/formpage.asp Details The POST variable FormAction has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 808 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Paren tGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@addres s.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@ad dress.tst&email=sample%40email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLe arningasmySESProvider=No&ElectronicSignature=111-222-1933email@address.tst&FormAction=%2 527&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:51 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=KCDNLOIBAAMAMAFGJAOPADFJ; path=/ Cache-control: private /formpage.asp Details The POST variable FormAction has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 807 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...reeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Pare ntGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@addre ss.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@a ddress.tst&email=sample%40email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointL earningasmySESProvider=No&ElectronicSignature=111-222-1933email@address.tst&FormAction=% 00'&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Acunetix Website Audit 137

Connection: close Date: Thu, 21 Jun 2012 17:31:51 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=LCDNLOIBCKHGMJABOCADJDAD; path=/ /formpage.asp Details The POST variable FormAction has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 803 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ng&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&P arentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@ad dress.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933emai l@address.tst&email=sample%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLea rningasmySESProvider=Yes&ElectronicSignature=111-222-1933email@address.tst&FormAction=%2 527&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:51 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=ADDNLOIBHNNNCEBCDIIBLJOC; path=/ Cache-control: private /formpage.asp Details The POST variable FormAction has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 810 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentG Acunetix Website Audit 138

uardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address. tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@addr ess.tst&email=sample%40email%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointL earningasmySESProvider=No&ElectronicSignature=111-222-1933email@address.tst&FormAction= Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:16 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=GAFNLOIBIDPEPCFPKDJHFGKA; path=/ Cache-control: private /formpage.asp Details The POST variable FormAction has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 812 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuar dianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst &ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address .tst&email=sample%40email%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLear ningasmySESProvider=Yes&ElectronicSignature=111-222-1933email@address.tst&FormAction=JyI %3D&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:15 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=EAFNLOIBGJNLAABICDIOGPPM; path=/ Cache-control: private /formpage.asp Details The POST variable FormAction has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 808 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Acunetix Website Audit 139

Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Parent GuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address .tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@add ress.tst&email=sample%40email%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePoint LearningasmySESProvider=Yes&ElectronicSignature=111-222-1933email@address.tst&FormActio Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:15 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=DAFNLOIBCPCOBNMANEMFMLJF; path=/ Cache-control: private /formpage.asp Details The POST variable FormAction has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 809 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentG uardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address. tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@addr ess.tst&email=sample%40email%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointL earningasmySESProvider=No&ElectronicSignature=111-222-1933email@address.tst&FormAction=% 00'&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:16 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=JAFNLOIBACBBDGHIMDFMLOIJ; path=/ Cache-control: private /formpage.asp Details The POST variable FormAction has been set to acunetix'" . Request Acunetix Website Audit 140

POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 808 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Parent GuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address .tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@add ress.tst&email=sample%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearning asmySESProvider=Yes&ElectronicSignature=111-222-1933email@address.tst&FormAction=acuneti x'"&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:52 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=DDDNLOIBADFJHCLENFHFOPNH; path=/ Cache-control: private /formpage.asp Details The POST variable FormAction has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 802 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ing&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst& ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@a ddress.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933ema il@address.tst&email=sample%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLe arningasmySESProvider=Yes&ElectronicSignature=111-222-1933email@address.tst&FormAction=% 00'&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:52 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Acunetix Website Audit 141

Set-Cookie: ASPSESSIONIDCCSSQBCR=BDDNLOIBAMAJOPEOBMNBDEAM; path=/ /formpage.asp Details The POST variable FormAction has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 806 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Pare ntGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@addre ss.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@a ddress.tst&email=sample%40email%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePoi ntLearningasmySESProvider=No&ElectronicSignature=111-222-1933email@address.tst&FormActio n='&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:16 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=FAFNLOIBJNNOLDJONHEPEBAK; path=/ Cache-control: private /formpage.asp Details The POST variable FormID has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 825 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...gram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName =111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkP hone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=s ample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No& ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address.t st&FormID=\'&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response Acunetix Website Audit 142

HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:14 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=MNENLOIBKNKABIEOGJDPCLCB; path=/ Cache-control: private /formpage.asp Details The POST variable FormID has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 824 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ogram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastNam e=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWork Phone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email= sample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID='&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:14 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=NNENLOIBKCBLMJDFFKFLPEAF; path=/ Cache-control: private /formpage.asp Details The POST variable FormID has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 833 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) Acunetix Website Audit 143

...&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222 -1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111 -222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No&Electron icSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address.tst&Form Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:14 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=PNENLOIBEDGHIGAMIMLOAPGP; path=/ Cache-control: private /formpage.asp Details The POST variable FormID has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 827 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...am=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=1 11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No&El ectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address.tst &FormID=%00'&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:14 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=ONENLOIBKLADJGGCGHLKDMHD; path=/ Cache-control: private /formpage.asp Details The POST variable FormID has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 828 Acunetix Website Audit 144

Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...m=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No&Ele ctronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address.tst Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:14 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=LNENLOIBEIMLBDNONDOIKIPB; path=/ Cache-control: private /formpage.asp Details The POST variable FormID has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 836 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-19 33email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No& ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address.t st&FormID=\"&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:38 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=FCCNLOIBKDLHOLPOCDFJJEKF; path=/ Cache-control: private /formpage.asp Details The POST variable FormID has been set to %00' . Acunetix Website Audit 145

Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 838 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ntGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1933 email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2221933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40email %2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No&El ectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address.tst &FormID=%00'&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:38 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=ECCNLOIBIIJLPCIDIJHGHFOH; path=/ Cache-control: private /formpage.asp Details The POST variable FormID has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 844 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...dianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1933email@ address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-222-1933em ail@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40email%2Etst &how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No&Electron icSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address.tst&FormI D=acunetix'"&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:38 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Acunetix Website Audit 146

Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=DCCNLOIBIHLFFPGEGLBBGPBO; path=/ /formpage.asp Details The POST variable FormID has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 829 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111 -222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone =111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sampl e%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes&Ele ctronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address.tst& FormID=%2527&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:38 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=JCCNLOIBCMGKOIIEBKLKPGCM; path=/ Cache-control: private /formpage.asp Details The POST variable FormID has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 825 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...gram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName =111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkP hone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=s ample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID='&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Acunetix Website Audit 147

Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:38 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=ICCNLOIBNPLKMGGOLBMBAABP; path=/ Cache-control: private /formpage.asp Details The POST variable FormID has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 836 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-19 33email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No& ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address.t st&FormID=\'&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:38 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=GCCNLOIBPLFDLIPLNNNJJKCK; path=/ Cache-control: private /formpage.asp Details The POST variable FormID has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 835 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Acunetix Website Audit 148

(line truncated) ...arentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:38 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=CCCNLOIBAECGCHPAIPGMFEEH; path=/ Cache-control: private /formpage.asp Details The POST variable FormID has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 834 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-2221933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40e mail%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes&Electron icSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address.tst&FormI D=acunetix'"&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:13 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=CNENLOIBEIHBGHLNBIPDFKAJ; path=/ Cache-control: private /formpage.asp Details The POST variable FormID has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Acunetix Website Audit 149

Host: www.advantagepoint.org Content-Length: 828 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...m=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes&El ectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address.ts Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:13 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=FNENLOIBKHOLEKLLMKCPEGJI; path=/ Cache-control: private /formpage.asp Details The POST variable FormID has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 826 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName= 111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPh one=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sa mple%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes& ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address.t st&FormID=\"&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:13 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=JNENLOIBIGCODGBHFCBNKKKM; path=/ Cache-control: private

Acunetix Website Audit

150

/formpage.asp Details The POST variable FormID has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 839 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...tGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1933e mail@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-222-1 933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40email% 2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No&Ele ctronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address.tst& FormID=%2527&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:38 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=PBCNLOIBDPHKIFOHIIKEKLKN; path=/ Cache-control: private /formpage.asp Details The POST variable FormID has been set to JyI%3D . Request GET /Index.asp HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG;ASPSESSIONIDCCSSQBCR=HCCNLOIBFLNKLFBIACPKL OOO Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:02 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 341 Content-Type: text/html Cache-control: private

Acunetix Website Audit

151

/formpage.asp Details The POST variable FormID has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 826 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName= 111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPh one=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sa mple%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes& ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address.t st&FormID=\'&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:13 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=ENENLOIBPJOBEGILFOHFJFCO; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 832 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222 -1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111 -222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Acunetix Website Audit 152

Connection: close Date: Thu, 21 Jun 2012 17:31:34 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=MMBNLOIBJHCLOPFEBGEFCLJO; path=/ /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 834 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222 -1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111 -222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:34 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=LMBNLOIBBJOJDLOFONBCLNFN; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 836 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-22 Acunetix Website Audit 153

2-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Ye s&ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@addres Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:34 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=NMBNLOIBMIKMBIGGGKHBJMHF; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 830 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...'&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-22 2-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:34 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=DNBNLOIBAHOAJDGLGFPHKAMP; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 832 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Acunetix Website Audit 154

Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222 -1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111 -222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:34 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=OMBNLOIBICPKFLIKDCJBBPMJ; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 827 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...am=JyI%3D&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastNam e=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWork Phone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email= sample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:34 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=HMBNLOIBEDAKPDCMGPGCIGJM; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to \" . Request Acunetix Website Audit 155

POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 823 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rogram=\"&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastNam e=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWork Phone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email= sample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:34 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=GMBNLOIBEGDLACNMGACJJDMH; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 835 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222 -1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111 -222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:34 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Acunetix Website Audit 156

Set-Cookie: ASPSESSIONIDCCSSQBCR=IMBNLOIBKHBJNHIGKJPJDIKF; path=/ /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 840 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222 -1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111 -222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:34 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=KMBNLOIBNFJMCBACNGMLFENN; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 831 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222 -1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111 -222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response Acunetix Website Audit 157

HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:34 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=JMBNLOIBNGHHLKBFCGOADKLF; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 836 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-19 33email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:10 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=DJENLOIBAJEAJDKANEPDCEDI; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 830 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) Acunetix Website Audit 158

...arentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:10 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=CJENLOIBGPPHCJBPHDJHHNNF; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 832 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-19 33email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:10 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=FJENLOIBDIAFPDMNIOJPEBJC; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 833 Acunetix Website Audit 159

Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...arentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:10 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=JJENLOIBCHHPHGGFGLOEBECC; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 834 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...arentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:10 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=GJENLOIBKAIPNKOLGECDDEIL; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to ' . Acunetix Website Audit 160

Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 831 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-19 33email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:10 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=PIENLOIBLIPFEKJFBDDKAHPN; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 835 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-19 33email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:10 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Acunetix Website Audit 161

Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=NIENLOIBHJPKKMHAEHKDLEPL; path=/ /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 840 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-19 33email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:10 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=AJENLOIBPOCCKMEKNGLBODJP; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 832 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-19 33email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Acunetix Website Audit 162

Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:10 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=EJENLOIBEFDADBAINJJKICEF; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 834 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-19 33email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:10 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=BJENLOIBHPGBCFGECPJLNCIB; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 821 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Acunetix Website Audit 163

(line truncated) ...ogram=\'&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName =111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkP hone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=s ample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:22 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=IIFNLOIBMCGAIKDIAEOBKDMG; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 820 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rogram='&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName =111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkP hone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=s ample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:22 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=GIFNLOIBAIMIKMANFHFDKJHA; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Acunetix Website Audit 164

Host: www.advantagepoint.org Content-Length: 823 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ram=%00'&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName =111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkP hone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=s ample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:22 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=LIFNLOIBFJCOGGNDNJMMJOHP; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 829 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...unetix'"&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName =111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkP hone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=s ample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:22 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=MIFNLOIBEHJKOCDANIIPOHOP; path=/ Cache-control: private

Acunetix Website Audit

165

/formpage.asp Details The POST variable FreeReducedLunchProgram has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 821 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ogram=\"&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName =111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkP hone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=s ample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:22 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=KIFNLOIBCBEBKKCMEOIDHPCN; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 831 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...arentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Acunetix Website Audit 166

Connection: close Date: Thu, 21 Jun 2012 17:32:22 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=AIFNLOIBCFJAINAFAIFAJDGP; path=/ /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 839 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...arentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:22 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=NHFNLOIBBDBPNPIIODMKGHMK; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 831 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...arentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222Acunetix Website Audit 167

1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40e mail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=N o&ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@addres Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:22 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=DIFNLOIBLOCCAJCLLKNKHEKI; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 835 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...arentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:22 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=FIFNLOIBOGFPOJPNNLNGKICG; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 824 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Acunetix Website Audit 168

Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...am=%2527&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName =111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkP hone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=s ample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:22 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=EIFNLOIBBAACNMHPHCGGCJDF; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 823 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ram='&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:46 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=PLCNLOIBCLGCNAKNNPIPPKEI; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to JyI%3D . Request Acunetix Website Audit 169

POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 835 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...D&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-22 2-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:46 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=NLCNLOIBCHGNGLAGGPIHEGMP; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 826 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...=%00'&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:46 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Acunetix Website Audit 170

Set-Cookie: ASPSESSIONIDCCSSQBCR=BMCNLOIBIOCEMGCJIJKIKFGH; path=/ /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 832 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...tix'"&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:46 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=FMCNLOIBMCONFIDEHHBOIHKD; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 827 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...%2527&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response Acunetix Website Audit 171

HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:46 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=CMCNLOIBABPBACMLHAMFONGD; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 831 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...'&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-22 2-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:45 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=JLCNLOIBOFANLFPLLINBOBPF; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 834 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) Acunetix Website Audit 172

...7&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-22 2-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:45 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=ILCNLOIBIKPLNMCNOJIPDIIE; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 839 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ..."&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-22 2-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:45 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=LLCNLOIBMNGFGCNOCCMNNFFD; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 831 Acunetix Website Audit 173

Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ..."&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-22 2-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:46 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=OLCNLOIBDGGKICBJMMMPHCIC; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 833 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...'&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-22 2-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:45 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=MLCNLOIBGOMOPGNFNHMANHIG; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to acunetix'" . Acunetix Website Audit 174

Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 831 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...etix'"&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=1 11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:58 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=MKDNLOIBGDCDEAEEEOFIAAAH; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 828 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...yI%3D&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:58 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Acunetix Website Audit 175

Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=JKDNLOIBNHAIKKGHCCANECOG; path=/ /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 827 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...JyI%3D&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=1 11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:58 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=OKDNLOIBDNBGMMLJGBALJNFN; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 823 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ram=\"&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=1 11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Acunetix Website Audit 176

Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:58 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=ALDNLOIBNKJPKGOJMMGHNKNG; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 823 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ram=\'&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=1 11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:58 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=NKDNLOIBOBLHDHBKOBJOPGJI; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 825 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Acunetix Website Audit 177

(line truncated) ...m=%00'&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=1 11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:58 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=FKDNLOIBJNINMLHMFJEMIICB; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 824 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...am=\'&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:58 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=CKDNLOIBMLIAIPMKMNIPPINI; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Acunetix Website Audit 178

Host: www.advantagepoint.org Content-Length: 822 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...gram='&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=1 11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:58 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=GKDNLOIBCKMFHAIAGOOJMFGE; path=/ Cache-control: private /formpage.asp Details The POST variable FreeReducedLunchProgram has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 826 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...=%2527&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=1 11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:58 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=LKDNLOIBJPJAHINFILBLNEKE; path=/ Cache-control: private

Acunetix Website Audit

179

/formpage.asp Details The POST variable FreeReducedLunchProgram has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 824 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...am=\"&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:58 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=IKDNLOIBLHPBLIIDIHDMMDFL; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 835 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=1 11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Acunetix Website Audit 180

Connection: close Date: Thu, 21 Jun 2012 17:31:57 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=IJDNLOIBKOCFDGBMBMPEBNBG; path=/ /formpage.asp Details The POST variable GradeLevel has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 828 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ogram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName =111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkP hone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=s ample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:21 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=JHFNLOIBOINGBENNNEAMACBK; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 827 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName= Acunetix Website Audit 181

111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPh one=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sa mple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=N o&ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@addres Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:57 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=JJDNLOIBDLCFCCAHDNGNNNJL; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 827 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=1 11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:57 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=MJDNLOIBCKFMEIIADDCKJJJK; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 831 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Acunetix Website Audit 182

Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=1 11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:57 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=KJDNLOIBDJOBIJIICACKLKDB; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 826 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=1 11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:57 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=FJDNLOIBCEGMJEFLAMJLCEJM; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to \' . Request Acunetix Website Audit 183

POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 828 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...am=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:57 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=EJDNLOIBAIIFPCMEMABAGDOP; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 827 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ogram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName =111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkP hone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=s ample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:21 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Acunetix Website Audit 184

Set-Cookie: ASPSESSIONIDCCSSQBCR=FHFNLOIBJOLOFPIOMCLJBBLC; path=/ /formpage.asp Details The POST variable GradeLevel has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 832 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...am=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:57 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=HJDNLOIBFNNHOEIJOMFJIDJA; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 828 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...am=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response Acunetix Website Audit 185

HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:57 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=GJDNLOIBPIDJMFBLMCDOHKOH; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 837 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222 -1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111 -222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:33 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=FLBNLOIBLIELPHLGPMLEAMGK; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 842 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) Acunetix Website Audit 186

...&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222 -1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111 -222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:33 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=GLBNLOIBNEMOKKHOMPKCIOHN; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 833 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222 -1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111 -222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:33 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=ELBNLOIBFCNBCOHEHKEFBJIL; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 825 Acunetix Website Audit 187

Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ogram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastNam e=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWork Phone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email= sample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:32 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=ALBNLOIBODPCMENLIOADOKLE; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 829 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ogram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastNam e=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWork Phone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email= sample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:32 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=DLBNLOIBKDJCMAFOMFDEIAAH; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to \" . Acunetix Website Audit 188

Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 834 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222 -1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111 -222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:33 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=KLBNLOIBKAKEPPDGPALIPCDP; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 832 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...s&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-22 2-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:33 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Acunetix Website Audit 189

Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=MLBNLOIBILNMAMMNPAILCNPN; path=/ /formpage.asp Details The POST variable GradeLevel has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 838 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222 -1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111 -222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:33 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=ILBNLOIBBBONJLFMLOCLOGIC; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 836 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222 -1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111 -222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Acunetix Website Audit 190

Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:33 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=HLBNLOIBFIFCJEKFDBKNPFCO; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 834 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222 -1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111 -222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:33 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=JLBNLOIBONOIKNKBAGHOHPKD; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 827 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Acunetix Website Audit 191

(line truncated) ...am=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:45 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=LKCNLOIBFBELCENNHAOCNEBO; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 833 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...s&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-22 2-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:45 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=KKCNLOIBLHBAOIDMLMHBHALB; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Acunetix Website Audit 192

Host: www.advantagepoint.org Content-Length: 831 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...am=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:45 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=MKCNLOIBBIECPFHLOBMPEKLL; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 830 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...am=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:45 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=PKCNLOIBNKIGKMMNJKMHENOC; path=/ Cache-control: private

Acunetix Website Audit

193

/formpage.asp Details The POST variable GradeLevel has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 836 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...am=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:45 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=OKCNLOIBHCFCDBAFHLJCHLII; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 835 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...s&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-22 2-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Acunetix Website Audit 194

Connection: close Date: Thu, 21 Jun 2012 17:31:44 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=FKCNLOIBGBACLINLNKIDBAOD; path=/ /formpage.asp Details The POST variable GradeLevel has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 836 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...s&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-22 2-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:44 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=EKCNLOIBDMODHCDJAIOPFCBN; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 841 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...s&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-2 Acunetix Website Audit 195

22-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=1 11-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample% 40email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=N o&ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@addres Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:45 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=HKCNLOIBMPFCHFIHNAHJPNCJ; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 837 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...s&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-22 2-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:45 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=JKCNLOIBKMHBPNDDNPPJFBDF; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 833 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Acunetix Website Audit 196

Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...s&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-22 2-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:45 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=IKCNLOIBPALAOJNNJIMCKAHN; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 824 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ogram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName =111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkP hone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=s ample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:21 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=DHFNLOIBDCIDGAHHBGFDNCCI; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to JyI%3D . Request Acunetix Website Audit 197

POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 839 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...arentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:21 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=BHFNLOIBFPFPDHLCJPMOMLDD; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 833 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ogram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName =111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkP hone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=s ample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:21 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Acunetix Website Audit 198

Set-Cookie: ASPSESSIONIDCCSSQBCR=CHFNLOIBKHAGKIJBGCKIKALF; path=/ /formpage.asp Details The POST variable GradeLevel has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 830 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=1 11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:57 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=CJDNLOIBGJJEPHPCDCHAFFJC; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 829 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=1 11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response Acunetix Website Audit 199

HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:57 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=BJDNLOIBJGOBLBMBPBALECDJ; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 835 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...arentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:21 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=NGFNLOIBLKBNAFHBPBDALGEJ; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 843 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) Acunetix Website Audit 200

...arentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:21 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=KGFNLOIBFKGJCAAJPFEMODEB; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 835 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...arentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:21 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=OGFNLOIBGIOKCMLDDLOPOFDK; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 825 Acunetix Website Audit 201

Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ogram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName =111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkP hone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=s ample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:21 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=AHFNLOIBOOLLAIOEEGGJKDCJ; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 825 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ogram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName =111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkP hone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=s ample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:21 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=PGFNLOIBGOKLFFGDNGMFLEBJ; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to %00' . Acunetix Website Audit 202

Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 838 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-19 33email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:09 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=LHENLOIBNGKNEOHGCIFHMJJL; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 834 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...arentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:09 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Acunetix Website Audit 203

Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=BIENLOIBOBIIINPEOGBJLEGB; path=/ /formpage.asp Details The POST variable GradeLevel has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 839 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-19 33email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:09 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=IHENLOIBALJHKDMADGIEJCIF; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 840 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-19 33email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Acunetix Website Audit 204

Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:09 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=JHENLOIBFODHFOOINMFFLCGI; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 844 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-19 33email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:09 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=KHENLOIBAJKAMKGBJNJDDGGL; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 837 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Acunetix Website Audit 205

(line truncated) ...arentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:09 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=CIENLOIBMBEFLIMOKBFHNEEO; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 836 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-19 33email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:09 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=AIENLOIBFFHEPCONHMEBOALF; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Acunetix Website Audit 206

Host: www.advantagepoint.org Content-Length: 836 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-19 33email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:09 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=MHENLOIBLFKHHKFPEKAFHIBI; path=/ Cache-control: private /formpage.asp Details The POST variable GradeLevel has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 835 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-19 33email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:09 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=OHENLOIBNGDJELKOAMHHEIKP; path=/ Cache-control: private

Acunetix Website Audit

207

/formpage.asp Details The POST variable GradeLevel has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 838 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...arentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:09 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=FIENLOIBFJNDMGKEPGEPICAP; path=/ Cache-control: private /formpage.asp Details The POST variable how has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 834 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...entGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-193 3email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-222 -1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40emai l%2Etst&how=JyI%3D&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Acunetix Website Audit 208

Connection: close Date: Thu, 21 Jun 2012 17:32:14 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=JOENLOIBBMIGGLMEBOFKCJJK; path=/ /formpage.asp Details The POST variable how has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 822 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...gram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName =111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkP hone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=s ample%40email%2Etst&how=\"&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:01 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=BPDNLOIBFBDIEMPFEEEKJGFC; path=/ Cache-control: private /formpage.asp Details The POST variable how has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 820 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rogram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastN Acunetix Website Audit 209

ame=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWo rkPhone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&emai l=sample%40email%2Etst&how='&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=N o&ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@addres Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:01 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=PODNLOIBOCFOPIFLFHLPLPLA; path=/ Cache-control: private /formpage.asp Details The POST variable how has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 830 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222 -1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111 -222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=\'&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:14 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=EOENLOIBFHDJCNHJOABPGGGJ; path=/ Cache-control: private /formpage.asp Details The POST variable how has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 831 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Acunetix Website Audit 210

Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-2221933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40e mail%2Etst&how=%00'&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:14 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=HOENLOIBKHJLGDBJHDKGAMEF; path=/ Cache-control: private /formpage.asp Details The POST variable how has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 828 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...es&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-2 22-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=1 11-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample% 40email%2Etst&how='&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:14 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=KOENLOIBJKELLKOLFMIOHLDK; path=/ Cache-control: private /formpage.asp Details The POST variable how has been set to \' . Request Acunetix Website Audit 211

POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 821 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ogram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastNam e=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWork Phone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email= sample%40email%2Etst&how=\'&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:01 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=DPDNLOIBMLFANBBAOMOKMLPC; path=/ Cache-control: private /formpage.asp Details The POST variable how has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 825 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...m=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=JyI%3D&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:02 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Acunetix Website Audit 212

Set-Cookie: ASPSESSIONIDCCSSQBCR=GPDNLOIBFJJMJDAACCIKIOMI; path=/ /formpage.asp Details The POST variable how has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 830 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222 -1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111 -222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=\"&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:14 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=MOENLOIBBEMEJDBCKEKNGONK; path=/ Cache-control: private /formpage.asp Details The POST variable how has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 829 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...s&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-22 2-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=acunetix'"&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response Acunetix Website Audit 213

HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:01 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=FPDNLOIBGMHGIMEEEBPAEDKF; path=/ Cache-control: private /formpage.asp Details The POST variable how has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 824 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...am=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=1 11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=%2527&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:01 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=EPDNLOIBPPNLAAJGDKLKHHLJ; path=/ Cache-control: private /formpage.asp Details The POST variable how has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 832 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) Acunetix Website Audit 214

...arentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=%2527&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:14 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=LOENLOIBEOLBJJMBCGHIPDPO; path=/ Cache-control: private /formpage.asp Details The POST variable how has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 833 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-19 33email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=%2527&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:14 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=AOENLOIBBEFHCHOPIKIIPKLF; path=/ Cache-control: private /formpage.asp Details The POST variable how has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 824 Acunetix Website Audit 215

Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...am=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=1 11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=%00'&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:49 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=JADNLOIBDLNKHJLNBDIMDAGO; path=/ Cache-control: private /formpage.asp Details The POST variable how has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 835 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-19 33email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=JyI%3D&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:49 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=IADNLOIBKEJHCDLMALHOIKEA; path=/ Cache-control: private /formpage.asp Details The POST variable how has been set to acunetix'" . Acunetix Website Audit 216

Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 830 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222 -1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111 -222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=acunetix'"&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:50 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=OADNLOIBMKNDHIHOMOIAFFKG; path=/ Cache-control: private /formpage.asp Details The POST variable how has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 840 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...uardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1933ema il@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-222-193 3email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40email%2E tst&how=acunetix'"&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:37 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Acunetix Website Audit 217

Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=NACNLOIBCLDPCHCBJPHINENL; path=/ /formpage.asp Details The POST variable how has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 823 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rogram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastNam e=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWork Phone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email= sample%40email%2Etst&how=\"&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:37 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=PACNLOIBJDMLNOJKGICFPBJM; path=/ Cache-control: private /formpage.asp Details The POST variable how has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 831 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...o&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-22 2-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=\'&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Acunetix Website Audit 218

Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:49 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=EADNLOIBMBDFOPKPHGNAGKCP; path=/ Cache-control: private /formpage.asp Details The POST variable how has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 834 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...arentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=%2527&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:49 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=DADNLOIBDBNFJEEEENEEEDDP; path=/ Cache-control: private /formpage.asp Details The POST variable how has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 831 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Acunetix Website Audit 219

(line truncated) ...o&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-22 2-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=\"&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:49 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=FADNLOIBHDNBNLNAGBGNEAJI; path=/ Cache-control: private /formpage.asp Details The POST variable how has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 821 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ogram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastNam e=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWork Phone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email= sample%40email%2Etst&how='&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:49 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=HADNLOIBIPKGLCAJBIODAFHA; path=/ Cache-control: private /formpage.asp Details The POST variable how has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Acunetix Website Audit 220

Host: www.advantagepoint.org Content-Length: 825 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...m=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=%2527&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:49 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=GADNLOIBAAEGDHFKANMILAAH; path=/ Cache-control: private /formpage.asp Details The POST variable how has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 833 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-2221933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40e mail%2Etst&how=%00'&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:49 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=AADNLOIBCGFINIABFFBDCKGG; path=/ Cache-control: private

Acunetix Website Audit

221

/formpage.asp Details The POST variable how has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 832 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222 -1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111 -222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=\"&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:37 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=LACNLOIBMGIDDDLEJLKNONEO; path=/ Cache-control: private /formpage.asp Details The POST variable how has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 827 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...am=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=JyI%3D&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Acunetix Website Audit 222

Connection: close Date: Thu, 21 Jun 2012 17:31:37 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=MACNLOIBBANBAEGBNABOKDAJ; path=/ /formpage.asp Details The POST variable how has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 838 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...uardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1933ema il@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-222-193 3email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40email%2E tst&how=acunetix'"&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:14 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=BOENLOIBBOJILDLBDEDAJNNL; path=/ Cache-control: private /formpage.asp Details The POST variable how has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 829 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...s&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-2 Acunetix Website Audit 223

22-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=1 11-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample% 40email%2Etst&how='&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Ye s&ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@addres Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:14 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=COENLOIBEEFNOCPBODKHKHAB; path=/ Cache-control: private /formpage.asp Details The POST variable how has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 832 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...arentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=%00'&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:14 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=DOENLOIBAJGELFCDHBJKCPPL; path=/ Cache-control: private /formpage.asp Details The POST variable how has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 839 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Acunetix Website Audit 224

Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...GuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1933em ail@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-222-19 33email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40email%2 Etst&how=acunetix'"&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:49 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=BADNLOIBAMDNKBPBIBMCLCCL; path=/ Cache-control: private /formpage.asp Details The POST variable how has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 832 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222 -1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111 -222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=\'&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:37 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=OACNLOIBIHIJMAOGKBCAHAHL; path=/ Cache-control: private /formpage.asp Details The POST variable how has been set to ' . Request Acunetix Website Audit 225

POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 831 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...o&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-22 2-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how='&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:37 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=BBCNLOIBHFICGLBOIDDFNCLF; path=/ Cache-control: private /formpage.asp Details The POST variable how has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 834 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...arentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=%00'&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:37 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Acunetix Website Audit 226

Set-Cookie: ASPSESSIONIDCCSSQBCR=DBCNLOIBJENFEBHMMBCDCKDH; path=/ /formpage.asp Details The POST variable how has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 835 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...rentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-19 33email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=%2527&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:37 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=CBCNLOIBPMJNGJFBEIBINNED; path=/ Cache-control: private /formpage.asp Details The POST variable how has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 826 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111 -222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone =111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sampl e%40email%2Etst&how=JyI%3D&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response Acunetix Website Audit 227

HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:01 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=CPDNLOIBOCIIDEEBGFDLNFKP; path=/ Cache-control: private /formpage.asp Details The POST variable how has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 822 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...gram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName =111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkP hone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=s ample%40email%2Etst&how=\'&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:01 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=OODNLOIBNMCEOJFJNHKLEMGK; path=/ Cache-control: private /formpage.asp Details The POST variable how has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 836 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) Acunetix Website Audit 228

...entGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName=111-222-193 3email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-222 -1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40emai l%2Etst&how=JyI%3D&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:37 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=EBCNLOIBLMDHDEOHBCPHOKHM; path=/ Cache-control: private /formpage.asp Details The POST variable how has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 823 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardianLastName= 111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPh one=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sa mple%40email%2Etst&how=%00'&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:01 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=APDNLOIBMKJOFKDDEKINLKEC; path=/ Cache-control: private /formpage.asp Details The POST variable ParentCellPhone has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 807 Acunetix Website Audit 229

Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...reeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Paren tGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@addres s.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=acunetix'"&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:00 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=PNDNLOIBNCEGHNJECFDHHEAM; path=/ Cache-control: private /formpage.asp Details The POST variable ParentCellPhone has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 802 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ing&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst& ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@a ddress.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=%00'&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:48 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=EPCNLOIBEBGBCAKJLBHGAOKJ; path=/ Cache-control: private /formpage.asp Details The POST variable ParentCellPhone has been set to acunetix'" . Acunetix Website Audit 230

Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 814 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...cedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuard ianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst& ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=acunetix'"&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:36 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=OPBNLOIBNIFGLFAENMMJJMAE; path=/ Cache-control: private /formpage.asp Details The POST variable ParentCellPhone has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 803 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ng&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&P arentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@ad dress.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=%2527&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:48 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Acunetix Website Audit 231

Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=FPCNLOIBOMEIDHIDLAACPCID; path=/ /formpage.asp Details The POST variable ParentCellPhone has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 805 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...&FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Pa rentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@add ress.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=\"&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:48 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=DPCNLOIBNIGBCKONPKKHKKIK; path=/ Cache-control: private /formpage.asp Details The POST variable ParentCellPhone has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 813 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ucedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuar dianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst &ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=acunetix'"&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Acunetix Website Audit 232

Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:48 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=APCNLOIBHCBFMFCDHKKAOLIC; path=/ Cache-control: private /formpage.asp Details The POST variable ParentCellPhone has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 810 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGu ardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.t st&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=%00'&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:12 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=CMENLOIBMPECOJFLFNKGGENO; path=/ Cache-control: private /formpage.asp Details The POST variable ParentCellPhone has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 809 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Acunetix Website Audit 233

(line truncated) ...eReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Parent GuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address .tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=JyI%3D&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:48 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=BPCNLOIBKCMMMILKBMIPJAGN; path=/ Cache-control: private /formpage.asp Details The POST variable ParentCellPhone has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 807 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...reeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Paren tGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@addres s.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone='&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:12 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=BMENLOIBMHJHGHOAFKEJNBPC; path=/ Cache-control: private /formpage.asp Details The POST variable ParentCellPhone has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Acunetix Website Audit 234

Host: www.advantagepoint.org Content-Length: 799 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eading&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.t st&ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933emai l@address.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone='&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:48 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=CPCNLOIBAHFBIFKDEIDHJOCE; path=/ Cache-control: private /formpage.asp Details The POST variable ParentCellPhone has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 808 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Parent GuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address .tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=acunetix'"&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:49 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=HPCNLOIBDICKELICOPIFOHHL; path=/ Cache-control: private

Acunetix Website Audit

235

/formpage.asp Details The POST variable ParentCellPhone has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 810 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentG uardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address. tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=JyI%3D&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:36 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=AACNLOIBLBBALLLFFMEKDIPH; path=/ Cache-control: private /formpage.asp Details The POST variable ParentCellPhone has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 811 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...educedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGua rdianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.ts t&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=%2527&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Acunetix Website Audit 236

Connection: close Date: Thu, 21 Jun 2012 17:32:12 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=MLENLOIBKBJLBECKGICHCEFH; path=/ /formpage.asp Details The POST variable ParentCellPhone has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 804 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...g&FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&P arentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@ad dress.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone='&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:37 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=BACNLOIBANFLIDFMCJGMFMKD; path=/ Cache-control: private /formpage.asp Details The POST variable ParentCellPhone has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 800 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ading&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.t Acunetix Website Audit 237

st&ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933emai l@address.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=\"&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Ye s&ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@addres Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:00 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=HNDNLOIBACIBGNBKCBJGHKLF; path=/ Cache-control: private /formpage.asp Details The POST variable ParentCellPhone has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 800 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ading&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.ts t&ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email @address.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=\'&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:00 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=INDNLOIBCNBJFBOBMDBFBPFB; path=/ Cache-control: private /formpage.asp Details The POST variable ParentCellPhone has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 804 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Acunetix Website Audit 238

Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...g&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Pa rentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@add ress.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=JyI%3D&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:00 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=NNDNLOIBALAGMCKMHPCBGMKO; path=/ Cache-control: private /formpage.asp Details The POST variable ParentCellPhone has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 802 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ing&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst& ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@a ddress.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=%2527&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:00 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=ONDNLOIBBJHCNDLFEPOODNNB; path=/ Cache-control: private /formpage.asp Details The POST variable ParentCellPhone has been set to \" . Request Acunetix Website Audit 239

POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 806 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Par entGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@addr ess.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=\"&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:36 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=PPBNLOIBEENONCHEJCCOBCJB; path=/ Cache-control: private /formpage.asp Details The POST variable ParentCellPhone has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 801 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ding&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst &ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@ address.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=%00'&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:00 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Acunetix Website Audit 240

Set-Cookie: ASPSESSIONIDCCSSQBCR=LNDNLOIBDLEHHEIDOHFNFBPP; path=/ /formpage.asp Details The POST variable ParentCellPhone has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 798 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...Reading&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address. tst&ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933ema il@address.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone='&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:00 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=MNDNLOIBDGHJAECBOJELKDEM; path=/ Cache-control: private /formpage.asp Details The POST variable ParentCellPhone has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 816 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...dLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardian LastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&Par entWorkPhone=111-222-1933email@address.tst&ParentCellPhone=acunetix'"&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response Acunetix Website Audit 241

HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:13 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=DMENLOIBMKNKJCIKBHFKJOIC; path=/ Cache-control: private /formpage.asp Details The POST variable ParentCellPhone has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 797 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...=Reading&FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@addres s.tst&ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933e mail@address.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=\"&email= sample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:36 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=JPBNLOIBLCFGGBEDLNJGENNK; path=/ Cache-control: private /formpage.asp Details The POST variable ParentCellPhone has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 807 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) Acunetix Website Audit 242

...reeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Pare ntGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@addre ss.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=%00'&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:48 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=NOCNLOIBFECBDFAAMPBJDJJK; path=/ Cache-control: private /formpage.asp Details The POST variable ParentCellPhone has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 801 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ding&FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.ts t&ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email @address.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=JyI%3D&email= sample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:36 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=MPBNLOIBBHEDHALHDLAAAKDN; path=/ Cache-control: private /formpage.asp Details The POST variable ParentCellPhone has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 805 Acunetix Website Audit 243

Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...&FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Pa rentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@add ress.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone='&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:36 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=IPBNLOIBNGBBEFDBFMKFGCNJ; path=/ Cache-control: private /formpage.asp Details The POST variable ParentCellPhone has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 799 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eading&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.t st&ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933emai l@address.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=\'&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:01 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=BODNLOIBMKMADLNOMOMDJMGH; path=/ Cache-control: private /formpage.asp Details The POST variable ParentCellPhone has been set to %2527 . Acunetix Website Audit 244

Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 808 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Paren tGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@addres s.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=%2527&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:48 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=OOCNLOIBNKPFKMKAHHEOHDDE; path=/ Cache-control: private /formpage.asp Details The POST variable ParentCellPhone has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 805 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...&FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Pa rentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@add ress.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=\'&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:48 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Acunetix Website Audit 245

Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=POCNLOIBPLNEMKGNHFPFDEPF; path=/ /formpage.asp Details The POST variable ParentCellPhone has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 803 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ng&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&P arentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@ad dress.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=JyI%3D&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:01 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=FODNLOIBNJEHPBABPHGEJFNA; path=/ Cache-control: private /formpage.asp Details The POST variable ParentCellPhone has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 799 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eading&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.t st&ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933emai l@address.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=\"&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Acunetix Website Audit 246

Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:01 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=DODNLOIBPGDADGFOLAFGNOMO; path=/ Cache-control: private /formpage.asp Details The POST variable ParentCellPhone has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 812 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuar dianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst &ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=JyI%3D&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:13 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=GMENLOIBNEACHEJFIJMCJPEG; path=/ Cache-control: private /formpage.asp Details The POST variable ParentCellPhone has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 810 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Acunetix Website Audit 247

(line truncated) ...ReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGu ardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.t st&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=%2527&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:13 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=JMENLOIBKPADEECDOFFBLKEI; path=/ Cache-control: private /formpage.asp Details The POST variable ParentCellPhone has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 809 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentG uardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address. tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=%00'&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:13 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=LMENLOIBFNCOFNABNKEABCCO; path=/ Cache-control: private /formpage.asp Details The POST variable ParentCellPhone has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Acunetix Website Audit 248

Host: www.advantagepoint.org Content-Length: 808 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Parent GuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address .tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=\"&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:13 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=EMENLOIBPFJHFLLJOHGNOEFG; path=/ Cache-control: private /formpage.asp Details The POST variable ParentCellPhone has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 808 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Parent GuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address .tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=\'&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:13 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=FMENLOIBFPBOMOBLONHKEOBC; path=/ Cache-control: private

Acunetix Website Audit

249

/formpage.asp Details The POST variable ParentCellPhone has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 806 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Pare ntGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@addre ss.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone='&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:13 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=HMENLOIBPPPLGPLKFHAKLGAN; path=/ Cache-control: private /formpage.asp Details The POST variable ParentCellPhone has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 808 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Paren tGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@addres s.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=%00'&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Acunetix Website Audit 250

Connection: close Date: Thu, 21 Jun 2012 17:31:36 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=NPBNLOIBHJDKGDFIPKPEDHEO; path=/ /formpage.asp Details The POST variable ParentCellPhone has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 806 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Par entGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@addr ess.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=\'&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:36 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=LPBNLOIBEFMINBJCECNCCHHO; path=/ Cache-control: private /formpage.asp Details The POST variable ParentCellPhone has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 809 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Paren Acunetix Website Audit 251

tGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@addres s.tst&ParentWorkPhone=111-222-1933email@address.tst&ParentCellPhone=%2527&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Ye s&ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@addres Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:36 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=KPBNLOIBGIIBDMHLGKENDOHB; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 802 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ing&FreeReducedLunchProgram=No&ParentGuardianFirstName=%00'&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:46 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=LMCNLOIBEFNOMJDOLJCLELDP; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 808 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Acunetix Website Audit 252

Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eeReducedLunchProgram=No&ParentGuardianFirstName=acunetix'"&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:47 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=OMCNLOIBCNFHACIIBAOBAIHK; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 805 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...&FreeReducedLunchProgram=Yes&ParentGuardianFirstName=\"&ParentGuardianLastName=111-22 2-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:46 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=IMCNLOIBELLPMHOJPMEPIFJA; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to ' . Request Acunetix Website Audit 253

POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 799 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eading&FreeReducedLunchProgram=No&ParentGuardianFirstName='&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:46 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=JMCNLOIBFBMOKLHEHJGJCIFN; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 803 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ng&FreeReducedLunchProgram=No&ParentGuardianFirstName=%2527&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:46 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Acunetix Website Audit 254

Set-Cookie: ASPSESSIONIDCCSSQBCR=MMCNLOIBLMMMDJGDJMPMFGFP; path=/ /formpage.asp Details The POST variable ParentGuardianFirstName has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 809 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eReducedLunchProgram=Yes&ParentGuardianFirstName=JyI%3D&ParentGuardianLastName=111-22 2-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:46 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=KMCNLOIBOPCKAMJLDMGOGJCC; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 808 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eeReducedLunchProgram=Yes&ParentGuardianFirstName=%2527&ParentGuardianLastName=111-22 2-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response Acunetix Website Audit 255

HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:46 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=HMCNLOIBIKILPHMDMPGKDNIK; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 805 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...&FreeReducedLunchProgram=Yes&ParentGuardianFirstName=\'&ParentGuardianLastName=111-22 2-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:46 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=EMCNLOIBBIGIIEBPCLFGPJNF; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 796 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) Acunetix Website Audit 256

...t=Reading&FreeReducedLunchProgram=No&ParentGuardianFirstName='&ParentGuardianLastName =111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkP hone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=s ample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:23 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=CJFNLOIBMHIAABPFOPGNLMKH; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 811 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...educedLunchProgram=No&ParentGuardianFirstName=JyI%3D&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:23 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=BJFNLOIBKGNOEBHLJLMCOHFK; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 807 Acunetix Website Audit 257

Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...reeReducedLunchProgram=Yes&ParentGuardianFirstName=%00'&ParentGuardianLastName=111-22 2-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:46 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=GMCNLOIBAFDKNDKNPDHPKKLL; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 799 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eading&FreeReducedLunchProgram=No&ParentGuardianFirstName=%00'&ParentGuardianLastName =111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkP hone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=s ample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:23 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=AJFNLOIBNHAFPPLPKMNCFPJN; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to acunetix'" . Acunetix Website Audit 258

Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 813 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ucedLunchProgram=Yes&ParentGuardianFirstName=acunetix'"&ParentGuardianLastName=111-22 2-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:46 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=DMCNLOIBFIGINFPDANMBCPOC; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 810 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ReducedLunchProgram=No&ParentGuardianFirstName=%2527&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:11 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Acunetix Website Audit 259

Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=BKENLOIBJNDPLJLPMCPODFMO; path=/ /formpage.asp Details The POST variable ParentGuardianFirstName has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 803 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ng&FreeReducedLunchProgram=No&ParentGuardianFirstName=JyI%3D&ParentGuardianLastName=1 11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:59 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=JLDNLOIBCJLPJBMGMNHFMJCA; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 799 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eading&FreeReducedLunchProgram=No&ParentGuardianFirstName=\"&ParentGuardianLastName=1 11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Acunetix Website Audit 260

Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:59 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=MLDNLOIBOCMBGCHNPOENJPBD; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 799 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eading&FreeReducedLunchProgram=No&ParentGuardianFirstName=\'&ParentGuardianLastName=1 11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:59 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=KLDNLOIBCBNIIEBPNAKIDMLL; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 804 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Acunetix Website Audit 261

(line truncated) ...g&FreeReducedLunchProgram=No&ParentGuardianFirstName=JyI%3D&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:58 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=DLDNLOIBNOAPOOJPGFHAOOLA; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 801 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ding&FreeReducedLunchProgram=No&ParentGuardianFirstName=%00'&ParentGuardianLastName=1 11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:58 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=ELDNLOIBPACOBCAIDDIPKCKI; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Acunetix Website Audit 262

Host: www.advantagepoint.org Content-Length: 807 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...reeReducedLunchProgram=No&ParentGuardianFirstName=acunetix'"&ParentGuardianLastName=1 11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:59 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=GLDNLOIBPKKCDJNKNKGFKAEE; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 798 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...Reading&FreeReducedLunchProgram=No&ParentGuardianFirstName='&ParentGuardianLastName=1 11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:58 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=FLDNLOIBAFHDCOAEDKBGFNFI; path=/ Cache-control: private

Acunetix Website Audit

263

/formpage.asp Details The POST variable ParentGuardianFirstName has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 811 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...educedLunchProgram=No&ParentGuardianFirstName=%2527&ParentGuardianLastName=111-222-19 33email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:10 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=IJENLOIBLOIFNBINFLBNJMPA; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 812 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ducedLunchProgram=No&ParentGuardianFirstName=JyI%3D&ParentGuardianLastName=111-222-19 33email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Acunetix Website Audit 264

Connection: close Date: Thu, 21 Jun 2012 17:32:11 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=NJENLOIBCHANPDOILMGDJNPM; path=/ /formpage.asp Details The POST variable ParentGuardianFirstName has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 816 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...dLunchProgram=No&ParentGuardianFirstName=acunetix'"&ParentGuardianLastName=111-222-19 33email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:11 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=OJENLOIBDNEKCBBKACBKMNDO; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 808 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eeReducedLunchProgram=No&ParentGuardianFirstName=\"&ParentGuardianLastName=111-222-1 Acunetix Website Audit 265

933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Ye s&ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@addres Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:11 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=LJENLOIBMKDCJPNKNLEEOOKJ; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 808 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eeReducedLunchProgram=No&ParentGuardianFirstName=\'&ParentGuardianLastName=111-222-19 33email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:11 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=MJENLOIBMPKAJFDABEMPCOIF; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 810 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Acunetix Website Audit 266

Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ReducedLunchProgram=No&ParentGuardianFirstName=%00'&ParentGuardianLastName=111-222-19 33email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:11 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=KJENLOIBHMJBDBKKIBAPMBHF; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 807 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...reeReducedLunchProgram=No&ParentGuardianFirstName='&ParentGuardianLastName=111-222-19 33email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:10 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=HJENLOIBOOEGEFFGOFGEDOEK; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to ' . Request Acunetix Website Audit 267

POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 806 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...FreeReducedLunchProgram=No&ParentGuardianFirstName='&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:11 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=PJENLOIBCLFMDMFALLNBEEDC; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 809 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eReducedLunchProgram=No&ParentGuardianFirstName=%00'&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:11 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Acunetix Website Audit 268

Set-Cookie: ASPSESSIONIDCCSSQBCR=AKENLOIBEHMBFIDLCGLMDIAB; path=/ /formpage.asp Details The POST variable ParentGuardianFirstName has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 802 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ing&FreeReducedLunchProgram=No&ParentGuardianFirstName=%2527&ParentGuardianLastName=1 11-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:58 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=CLDNLOIBLJELKJLFFOICKGKB; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 810 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ReducedLunchProgram=Yes&ParentGuardianFirstName=JyI%3D&ParentGuardianLastName=111-222 -1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111 -222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response Acunetix Website Audit 269

HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:34 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=HNBNLOIBPIKFNDGFGFKCLKBI; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 806 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...FreeReducedLunchProgram=Yes&ParentGuardianFirstName=\'&ParentGuardianLastName=111-222 -1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111 -222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:34 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=GNBNLOIBCCHCLNMELGIONHPK; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 804 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) Acunetix Website Audit 270

...g&FreeReducedLunchProgram=Yes&ParentGuardianFirstName='&ParentGuardianLastName=111-22 2-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:34 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=NNBNLOIBMCGBEHALMGECAGLL; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 806 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...FreeReducedLunchProgram=Yes&ParentGuardianFirstName=\"&ParentGuardianLastName=111-222 -1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111 -222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:34 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=LNBNLOIBEIJFGONHEOCKOIHL; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 814 Acunetix Website Audit 271

Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...cedLunchProgram=Yes&ParentGuardianFirstName=acunetix'"&ParentGuardianLastName=111-222 -1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111 -222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:34 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=FNBNLOIBLOPCEEMLEGICGDHK; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 805 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...&FreeReducedLunchProgram=Yes&ParentGuardianFirstName='&ParentGuardianLastName=111-222 -1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111 -222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:34 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=ANBNLOIBEHAMDEIINNCMHIHD; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to %2527 . Acunetix Website Audit 272

Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 809 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eReducedLunchProgram=Yes&ParentGuardianFirstName=%2527&ParentGuardianLastName=111-222 -1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111 -222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:34 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=CNBNLOIBFDCOENADMCADMGIF; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 808 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eeReducedLunchProgram=Yes&ParentGuardianFirstName=%00'&ParentGuardianLastName=111-222 -1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111 -222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:34 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Acunetix Website Audit 273

Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=ENBNLOIBNJONMPGNJKBPIDIF; path=/ /formpage.asp Details The POST variable ParentGuardianFirstName has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 801 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ding&FreeReducedLunchProgram=Yes&ParentGuardianFirstName=JyI%3D&ParentGuardianLastNam e=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWork Phone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email= sample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:34 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=PMBNLOIBMNIMGGCIOLEIJAEC; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 815 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...edLunchProgram=No&ParentGuardianFirstName=acunetix'"&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Acunetix Website Audit 274

Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:22 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=HIFNLOIBAMDPEACNECKKENBD; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 807 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...reeReducedLunchProgram=No&ParentGuardianFirstName=\'&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:22 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=JIFNLOIBGOIHBOFCKNJOABAF; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 800 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Acunetix Website Audit 275

(line truncated) ...ading&FreeReducedLunchProgram=No&ParentGuardianFirstName=\"&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:58 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=BLDNLOIBDHAOBOKNDLJLAIOA; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 800 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ading&FreeReducedLunchProgram=No&ParentGuardianFirstName=\'&ParentGuardianLastName=11 1-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:58 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=PKDNLOIBBPLNILHMAGJIHFIE; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Acunetix Website Audit 276

Host: www.advantagepoint.org Content-Length: 807 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...reeReducedLunchProgram=No&ParentGuardianFirstName=\"&ParentGuardianLastName=111-222-1 933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:22 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=NIFNLOIBCDEGDJPLICKPJMBD; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 805 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...&FreeReducedLunchProgram=No&ParentGuardianFirstName=acunetix'"&ParentGuardianLastName =111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkP hone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=s ample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:23 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=PIFNLOIBGHCDHONIGNNJAAJD; path=/ Cache-control: private

Acunetix Website Audit

277

/formpage.asp Details The POST variable ParentGuardianFirstName has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 797 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...=Reading&FreeReducedLunchProgram=Yes&ParentGuardianFirstName=\"&ParentGuardianLastNam e=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWork Phone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email= sample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:34 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=BNBNLOIBIFFLCHPONNCHEDKP; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianFirstName has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 800 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ading&FreeReducedLunchProgram=No&ParentGuardianFirstName=%2527&ParentGuardianLastName =111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&ParentWorkP hone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=s ample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Acunetix Website Audit 278

Connection: close Date: Thu, 21 Jun 2012 17:32:23 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=OIFNLOIBPPDHNEPICFJLBPIO; path=/ /formpage.asp Details The POST variable ParentGuardianLastName has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 808 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Paren tGuardianLastName=%2527&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:47 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=PMCNLOIBPBGFAKFIMAFGJLLE; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianLastName has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 807 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...reeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Pare Acunetix Website Audit 279

ntGuardianLastName='&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Ye s&ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@addres Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:11 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=DKENLOIBDNHOJKNPEHCNGMHM; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianLastName has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 806 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Pare ntGuardianLastName='&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:11 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=JKENLOIBEECGNEIDCNBCEEJH; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianLastName has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 808 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Acunetix Website Audit 280

Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Parent GuardianLastName=\"&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:11 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=IKENLOIBCMEMPPJECHIENEPJ; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianLastName has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 809 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentG uardianLastName=%00'&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:11 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=LKENLOIBDGKDIHAEBMFIICJE; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianLastName has been set to %2527 . Request Acunetix Website Audit 281

POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 810 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGu ardianLastName=%2527&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:11 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=KKENLOIBKDDHKDCEAPOFDMHP; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianLastName has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 810 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGu ardianLastName=%00'&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:11 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Acunetix Website Audit 282

Set-Cookie: ASPSESSIONIDCCSSQBCR=FKENLOIBFMFCLCBIGJHEMBBD; path=/ /formpage.asp Details The POST variable ParentGuardianLastName has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 816 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...dLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardian LastName=acunetix'"&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:11 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=EKENLOIBGADAOBPMNNOBEDIP; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianLastName has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 812 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuar dianLastName=JyI%3D&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response Acunetix Website Audit 283

HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:11 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=HKENLOIBIMHNEDLGHFGKEIEF; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianLastName has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 808 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Parent GuardianLastName=\'&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:11 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=GKENLOIBGFPKAGNDNPAMCDGO; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianLastName has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 804 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) Acunetix Website Audit 284

...g&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Pa rentGuardianLastName=JyI%3D&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:59 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=NLDNLOIBCPEEKEINFFJDFJJN; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianLastName has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 800 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ading&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.ts t&ParentGuardianLastName=\'&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:59 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=LLDNLOIBOLCMIBCNGDIOLCPL; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianLastName has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 806 Acunetix Website Audit 285

Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Par entGuardianLastName=\"&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111 -222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:35 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=BOBNLOIBDIGMLIDJNMEPIKFO; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianLastName has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 801 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ding&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst &ParentGuardianLastName=%00'&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:59 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=OLDNLOIBOGLAHNPNDGLEHMPO; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianLastName has been set to JyI%3D . Acunetix Website Audit 286

Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 810 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentG uardianLastName=JyI%3D&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111 -222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:35 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=HOBNLOIBPEBNICCBLMCPDKNH; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianLastName has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 804 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...g&FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&P arentGuardianLastName='&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:35 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Acunetix Website Audit 287

Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=GOBNLOIBGCHKKAOGLANOEHEC; path=/ /formpage.asp Details The POST variable ParentGuardianLastName has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 802 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ing&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst& ParentGuardianLastName=%2527&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:59 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=PLDNLOIBGPHJAMGMPOHGJKBK; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianLastName has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 806 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Par entGuardianLastName=\'&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111 -222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Acunetix Website Audit 288

Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:35 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=AOBNLOIBIOGHNDOPDIGPDLAA; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianLastName has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 797 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...=Reading&FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@addres s.tst&ParentGuardianLastName=\"&ParentHomePhone=111-222-1933email@address.tst&ParentWork Phone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email= sample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:34 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=JNBNLOIBJJAEKDJJPEKLHBJB; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianLastName has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 805 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Acunetix Website Audit 289

(line truncated) ...&FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Pa rentGuardianLastName='&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111 -222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:34 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=INBNLOIBHBEPJLBEECACEKFH; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianLastName has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 800 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ading&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.ts t&ParentGuardianLastName=\"&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:59 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=ILDNLOIBGDALJEFGPGIKJABF; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianLastName has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Acunetix Website Audit 290

Host: www.advantagepoint.org Content-Length: 801 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ding&FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.ts t&ParentGuardianLastName=JyI%3D&ParentHomePhone=111-222-1933email@address.tst&ParentWork Phone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email= sample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:34 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=KNBNLOIBIEBCPKMCGJKGDPEG; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianLastName has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 808 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Paren tGuardianLastName=%00'&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111 -222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:35 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=ONBNLOIBDMIGECFCBICBJDPF; path=/ Cache-control: private

Acunetix Website Audit

291

/formpage.asp Details The POST variable ParentGuardianLastName has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 814 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...cedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuard ianLastName=acunetix'"&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111 -222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:35 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=PNBNLOIBHEFBCLACDAMCKDOJ; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianLastName has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 809 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Parent GuardianLastName=%2527&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111 -222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Acunetix Website Audit 292

Connection: close Date: Thu, 21 Jun 2012 17:31:34 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=MNBNLOIBAPDGPLMEEJAIOAMF; path=/ /formpage.asp Details The POST variable ParentGuardianLastName has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 813 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ucedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuar dianLastName=acunetix'"&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:47 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=ENCNLOIBGNAGAEPIJCBJOPMJ; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianLastName has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 799 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eading&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address. Acunetix Website Audit 293

tst&ParentGuardianLastName='&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Ye s&ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@addres Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:47 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=FNCNLOIBIKNEFPLHMGOBNKDD; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianLastName has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 803 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ng&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&P arentGuardianLastName=%2527&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:47 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=GNCNLOIBGFNHEEKECLPGODEA; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianLastName has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 807 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Acunetix Website Audit 294

Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...reeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Pare ntGuardianLastName=%00'&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:47 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=DNCNLOIBLFHNKDBEONLBEHIJ; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianLastName has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 809 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Parent GuardianLastName=JyI%3D&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:47 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=ANCNLOIBNDCGKEGJOJIJKDMP; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianLastName has been set to \' . Request Acunetix Website Audit 295

POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 805 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...&FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Pa rentGuardianLastName=\'&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:47 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=BNCNLOIBBJBIHJLKBPIBEHKP; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianLastName has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 805 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...&FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Pa rentGuardianLastName=\"&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:47 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Acunetix Website Audit 296

Set-Cookie: ASPSESSIONIDCCSSQBCR=CNCNLOIBIAHPBDPJHJKLCINC; path=/ /formpage.asp Details The POST variable ParentGuardianLastName has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 802 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ing&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst& ParentGuardianLastName=%00'&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:47 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=HNCNLOIBEBFOMABNFCPBOKAA; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianLastName has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 799 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eading&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.t st&ParentGuardianLastName=\"&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response Acunetix Website Audit 297

HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:59 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=DMDNLOIBADCOKAMGLMICIKHN; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianLastName has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 807 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...reeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Paren tGuardianLastName=acunetix'"&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:59 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=BMDNLOIBIICCPKIGMMLMHOGP; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianLastName has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 798 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) Acunetix Website Audit 298

...Reading&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address. tst&ParentGuardianLastName='&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:59 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=AMDNLOIBBOEOPJKHLHFHEOJA; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianLastName has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 799 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eading&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.t st&ParentGuardianLastName=\'&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:59 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=CMDNLOIBOKHDOBCDILIINGHN; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianLastName has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 808 Acunetix Website Audit 299

Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Parent GuardianLastName=acunetix'"&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:47 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=INCNLOIBLEPMKAGIACAEIDDC; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianLastName has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 811 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...educedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGua rdianLastName=%2527&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:11 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=CKENLOIBFCAMIGCODCGGIPDK; path=/ Cache-control: private /formpage.asp Details The POST variable ParentGuardianLastName has been set to JyI%3D . Acunetix Website Audit 300

Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 803 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ng&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&P arentGuardianLastName=JyI%3D&ParentHomePhone=111-222-1933email@address.tst&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:59 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=HMDNLOIBNODKNLFBINIBLAEM; path=/ Cache-control: private /formpage.asp Details The POST variable ParentHomePhone has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 806 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Par entGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=\'&ParentWorkPhone=111 -222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:35 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Acunetix Website Audit 301

Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=KOBNLOIBONMIFCPMCFKCCBJM; path=/ /formpage.asp Details The POST variable ParentHomePhone has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 797 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...=Reading&FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@addres s.tst&ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=\"&ParentWork Phone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email= sample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:35 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=IOBNLOIBHPLBCCIDOJBCFBEK; path=/ Cache-control: private /formpage.asp Details The POST variable ParentHomePhone has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 810 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentG uardianLastName=111-222-1933email@address.tst&ParentHomePhone=JyI%3D&ParentWorkPhone=111 -222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Acunetix Website Audit 302

Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:35 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=LOBNLOIBBJOOLAGDDGFCCLIC; path=/ Cache-control: private /formpage.asp Details The POST variable ParentHomePhone has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 804 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...g&FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&P arentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone='&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:36 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=NOBNLOIBJHNGABDLJPEDFCLB; path=/ Cache-control: private /formpage.asp Details The POST variable ParentHomePhone has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 806 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Acunetix Website Audit 303

(line truncated) ...FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Par entGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=\"&ParentWorkPhone=111 -222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:35 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=MOBNLOIBPDCKIHHDMOLDKENO; path=/ Cache-control: private /formpage.asp Details The POST variable ParentHomePhone has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 801 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ding&FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.ts t&ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=JyI%3D&ParentWork Phone=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email= sample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:35 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=DOBNLOIBGEPFGJGKGODAGLFC; path=/ Cache-control: private /formpage.asp Details The POST variable ParentHomePhone has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Acunetix Website Audit 304

Host: www.advantagepoint.org Content-Length: 805 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...&FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Pa rentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone='&ParentWorkPhone=111 -222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:35 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=COBNLOIBHGBLALJONBINOBPC; path=/ Cache-control: private /formpage.asp Details The POST variable ParentHomePhone has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 809 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Parent GuardianLastName=111-222-1933email@address.tst&ParentHomePhone=%2527&ParentWorkPhone=111 -222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:35 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=EOBNLOIBHDEBJJDFAIBDPFCC; path=/ Cache-control: private

Acunetix Website Audit

305

/formpage.asp Details The POST variable ParentHomePhone has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 814 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...cedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuard ianLastName=111-222-1933email@address.tst&ParentHomePhone=acunetix'"&ParentWorkPhone=111 -222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:35 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=JOBNLOIBGLKFAPPKDJGKNBHL; path=/ Cache-control: private /formpage.asp Details The POST variable ParentHomePhone has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 808 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Paren tGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=%00'&ParentWorkPhone=111 -222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Acunetix Website Audit 306

Connection: close Date: Thu, 21 Jun 2012 17:31:35 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=FOBNLOIBHNNPOAMDOHHLHKJO; path=/ /formpage.asp Details The POST variable ParentHomePhone has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 799 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eading&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.t st&ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone='&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:47 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=PNCNLOIBFEFOMACFBOPCGAEI; path=/ Cache-control: private /formpage.asp Details The POST variable ParentHomePhone has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 809 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Paren Acunetix Website Audit 307

tGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=JyI%3D&ParentWorkPhone=1 11-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample% 40email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=N o&ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@addres Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:47 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=ONCNLOIBJNCBKCLNFDJPEMIA; path=/ Cache-control: private /formpage.asp Details The POST variable ParentHomePhone has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 802 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ing&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst& ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=%00'&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:47 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=AOCNLOIBAACAICCDCMNNLCID; path=/ Cache-control: private /formpage.asp Details The POST variable ParentHomePhone has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 808 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Acunetix Website Audit 308

Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Parent GuardianLastName=111-222-1933email@address.tst&ParentHomePhone=acunetix'"&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:48 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=COCNLOIBIPJNDDOKHGKFEJNP; path=/ Cache-control: private /formpage.asp Details The POST variable ParentHomePhone has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 803 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ng&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&P arentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=%2527&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:47 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=BOCNLOIBGEEHEKENMKGGEJHB; path=/ Cache-control: private /formpage.asp Details The POST variable ParentHomePhone has been set to acunetix'" . Request Acunetix Website Audit 309

POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 813 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ucedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuar dianLastName=111-222-1933email@address.tst&ParentHomePhone=acunetix'"&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:47 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=KNCNLOIBNCKNCIGPNHCPMONH; path=/ Cache-control: private /formpage.asp Details The POST variable ParentHomePhone has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 808 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Paren tGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=%2527&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:47 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Acunetix Website Audit 310

Set-Cookie: ASPSESSIONIDCCSSQBCR=JNCNLOIBFOFIMCMCJKKLBGLD; path=/ /formpage.asp Details The POST variable ParentHomePhone has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 805 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...&FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Pa rentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=\'&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:47 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=MNCNLOIBHBNFJLBNHOAHAOFK; path=/ Cache-control: private /formpage.asp Details The POST variable ParentHomePhone has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 807 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...reeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Pare ntGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=%00'&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response Acunetix Website Audit 311

HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:47 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=NNCNLOIBOAOBFANCKGMJIBFM; path=/ Cache-control: private /formpage.asp Details The POST variable ParentHomePhone has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 805 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...&FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Pa rentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=\"&ParentWorkPhone=11 1-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:47 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=LNCNLOIBKDCHJKOKPBLHNJLK; path=/ Cache-control: private /formpage.asp Details The POST variable ParentHomePhone has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 804 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) Acunetix Website Audit 312

...g&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Pa rentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=JyI%3D&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:59 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=FMDNLOIBDBDFIODFJEMGEBPG; path=/ Cache-control: private /formpage.asp Details The POST variable ParentHomePhone has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 800 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ading&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.ts t&ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=\'&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:59 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=GMDNLOIBBANMBFLLIPAIAJNL; path=/ Cache-control: private /formpage.asp Details The POST variable ParentHomePhone has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 800 Acunetix Website Audit 313

Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ading&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.ts t&ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=\"&ParentWorkPhon e=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:59 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=EMDNLOIBCHIPPJLCDBCPMPGB; path=/ Cache-control: private /formpage.asp Details The POST variable ParentHomePhone has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 809 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentG uardianLastName=111-222-1933email@address.tst&ParentHomePhone=%00'&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:12 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=FLENLOIBMCLOOHKIAOKAJEHD; path=/ Cache-control: private /formpage.asp Details The POST variable ParentHomePhone has been set to %2527 . Acunetix Website Audit 314

Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 810 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGu ardianLastName=111-222-1933email@address.tst&ParentHomePhone=%2527&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:12 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=HLENLOIBJMHOLCGADKNEHEDM; path=/ Cache-control: private /formpage.asp Details The POST variable ParentHomePhone has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 807 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...reeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Paren tGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=acunetix'"&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:00 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Acunetix Website Audit 315

Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=LMDNLOIBEDFKDBDJGDLFNEDD; path=/ /formpage.asp Details The POST variable ParentHomePhone has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 803 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ng&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&P arentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=JyI%3D&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:00 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=MMDNLOIBGNNCIKHOLFAICBEO; path=/ Cache-control: private /formpage.asp Details The POST variable ParentHomePhone has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 801 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ding&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst &ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=%00'&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Acunetix Website Audit 316

Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:59 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=KMDNLOIBHFCEKHIPFALKBKOG; path=/ Cache-control: private /formpage.asp Details The POST variable ParentHomePhone has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 798 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...Reading&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address. tst&ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone='&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:59 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=JMDNLOIBIBAFDECPKJELLPGJ; path=/ Cache-control: private /formpage.asp Details The POST variable ParentHomePhone has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 802 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Acunetix Website Audit 317

(line truncated) ...ing&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst& ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=%2527&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:59 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=IMDNLOIBILKNKMGKIGINDDFK; path=/ Cache-control: private /formpage.asp Details The POST variable ParentHomePhone has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 816 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...dLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardian LastName=111-222-1933email@address.tst&ParentHomePhone=acunetix'"&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:11 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=PKENLOIBIIFHMGKOKOMMBHNM; path=/ Cache-control: private /formpage.asp Details The POST variable ParentHomePhone has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Acunetix Website Audit 318

Host: www.advantagepoint.org Content-Length: 799 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eading&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.t st&ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=\"&ParentWorkPho ne=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:00 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=OMDNLOIBOKDGLAMHKCPPMNDO; path=/ Cache-control: private /formpage.asp Details The POST variable ParentHomePhone has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 810 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGu ardianLastName=111-222-1933email@address.tst&ParentHomePhone=%00'&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:11 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=OKENLOIBHMOGHIAFCNOFGNJI; path=/ Cache-control: private

Acunetix Website Audit

319

/formpage.asp Details The POST variable ParentHomePhone has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 811 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...educedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGua rdianLastName=111-222-1933email@address.tst&ParentHomePhone=%2527&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:11 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=NKENLOIBOPJGPEKGBJLHJPGB; path=/ Cache-control: private /formpage.asp Details The POST variable ParentHomePhone has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 807 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...reeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Paren tGuardianLastName=111-222-1933email@address.tst&ParentHomePhone='&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Acunetix Website Audit 320

Connection: close Date: Thu, 21 Jun 2012 17:32:11 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=MKENLOIBPFEPFOPEGEAMGFHH; path=/ /formpage.asp Details The POST variable ParentHomePhone has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 808 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Parent GuardianLastName=111-222-1933email@address.tst&ParentHomePhone=\"&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:12 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=CLENLOIBKFDNBDGFBAEEPJAG; path=/ Cache-control: private /formpage.asp Details The POST variable ParentHomePhone has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 799 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eading&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address. Acunetix Website Audit 321

tst&ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=\'&ParentWorkPh one=111-222-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sa mple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=N o&ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@addres Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:00 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=NMDNLOIBNBIGAHPFLAMNMAHC; path=/ Cache-control: private /formpage.asp Details The POST variable ParentHomePhone has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 806 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Pare ntGuardianLastName=111-222-1933email@address.tst&ParentHomePhone='&ParentWorkPhone=111-2 22-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:12 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=ELENLOIBDPJBEOAIPCKPNMGD; path=/ Cache-control: private /formpage.asp Details The POST variable ParentHomePhone has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 812 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Acunetix Website Audit 322

Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuar dianLastName=111-222-1933email@address.tst&ParentHomePhone=JyI%3D&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:12 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=ALENLOIBPOEDFHCCEEKBIODO; path=/ Cache-control: private /formpage.asp Details The POST variable ParentHomePhone has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 808 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Parent GuardianLastName=111-222-1933email@address.tst&ParentHomePhone=\'&ParentWorkPhone=111-22 2-1933email@address.tst&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:12 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=DLENLOIBFNIHBBHMAJOCDKHJ; path=/ Cache-control: private /formpage.asp Details The POST variable ParentWorkPhone has been set to %2527 . Request Acunetix Website Audit 323

POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 810 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGu ardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.t st&ParentWorkPhone=%2527&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:12 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=NLENLOIBEFABOENMHGLFEFIB; path=/ Cache-control: private /formpage.asp Details The POST variable ParentWorkPhone has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 808 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Parent GuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address .tst&ParentWorkPhone=\"&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:12 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Acunetix Website Audit 324

Set-Cookie: ASPSESSIONIDCCSSQBCR=LLENLOIBGCHLDIBNGHMDAFBP; path=/ /formpage.asp Details The POST variable ParentWorkPhone has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 812 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuar dianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst &ParentWorkPhone=JyI%3D&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:12 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=PLENLOIBCCNFMMLJJBADAEMC; path=/ Cache-control: private /formpage.asp Details The POST variable ParentWorkPhone has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 806 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Pare ntGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@addre ss.tst&ParentWorkPhone='&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response Acunetix Website Audit 325

HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:12 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=OLENLOIBKDIMMIBIEIOOKPLJ; path=/ Cache-control: private /formpage.asp Details The POST variable ParentWorkPhone has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 816 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...dLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuardian LastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst&Par entWorkPhone=acunetix'"&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:12 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=KLENLOIBIHHIBOGGECLMGOLC; path=/ Cache-control: private /formpage.asp Details The POST variable ParentWorkPhone has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 807 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) Acunetix Website Audit 326

...reeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Paren tGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@addres s.tst&ParentWorkPhone=acunetix'"&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:00 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=KNDNLOIBEHFDPEMCIKIDFIIF; path=/ Cache-control: private /formpage.asp Details The POST variable ParentWorkPhone has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 808 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Parent GuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address .tst&ParentWorkPhone=acunetix'"&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:48 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=MOCNLOIBIOIPDKMBLMOAOGML; path=/ Cache-control: private /formpage.asp Details The POST variable ParentWorkPhone has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 810 Acunetix Website Audit 327

Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGu ardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.t st&ParentWorkPhone=%00'&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:12 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=JLENLOIBMILMBKACGFEICCBN; path=/ Cache-control: private /formpage.asp Details The POST variable ParentWorkPhone has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 808 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Parent GuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address .tst&ParentWorkPhone=\'&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:12 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=ILENLOIBHEGEOKKPPOGFJDCM; path=/ Cache-control: private /formpage.asp Details The POST variable ParentWorkPhone has been set to JyI%3D . Acunetix Website Audit 328

Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 804 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...g&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Pa rentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@add ress.tst&ParentWorkPhone=JyI%3D&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:00 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=DNDNLOIBGIIEHFGIHKIOKGNM; path=/ Cache-control: private /formpage.asp Details The POST variable ParentWorkPhone has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 800 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ading&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.ts t&ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email @address.tst&ParentWorkPhone=\"&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:00 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Acunetix Website Audit 329

Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=BNDNLOIBAOECKNLIEIJGHIHI; path=/ /formpage.asp Details The POST variable ParentWorkPhone has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 802 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ing&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst& ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@a ddress.tst&ParentWorkPhone=%2527&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:00 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=CNDNLOIBEDIIKPAHGCHIFAIF; path=/ Cache-control: private /formpage.asp Details The POST variable ParentWorkPhone has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 800 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ading&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.ts t&ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email @address.tst&ParentWorkPhone=\'&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Acunetix Website Audit 330

Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:00 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=PMDNLOIBACKEFHMBJLHLBKAM; path=/ Cache-control: private /formpage.asp Details The POST variable ParentWorkPhone has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 798 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...Reading&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address. tst&ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933ema il@address.tst&ParentWorkPhone='&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:00 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=ANDNLOIBGCKGPHINCJBAMOFA; path=/ Cache-control: private /formpage.asp Details The POST variable ParentWorkPhone has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 799 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Acunetix Website Audit 331

(line truncated) ...eading&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.t st&ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933emai l@address.tst&ParentWorkPhone=\"&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:00 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=JNDNLOIBIBPJJNCKBKJMDKHP; path=/ Cache-control: private /formpage.asp Details The POST variable ParentWorkPhone has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 809 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentG uardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address. tst&ParentWorkPhone=%00'&ParentCellPhone=111-222-1933email@address.tst&email=sample%40em ail%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:12 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=AMENLOIBMMCHGMGEIPCBBCKF; path=/ Cache-control: private /formpage.asp Details The POST variable ParentWorkPhone has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Acunetix Website Audit 332

Host: www.advantagepoint.org Content-Length: 803 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ng&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&P arentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@ad dress.tst&ParentWorkPhone=JyI%3D&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:00 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=GNDNLOIBHDJOEFPGLKMINBBH; path=/ Cache-control: private /formpage.asp Details The POST variable ParentWorkPhone has been set to %00' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 801 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ding&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst &ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@ address.tst&ParentWorkPhone=%00'&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:00 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=ENDNLOIBBFDFMFMBIEILFGJA; path=/ Cache-control: private

Acunetix Website Audit

333

/formpage.asp Details The POST variable ParentWorkPhone has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 799 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eading&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.t st&ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933emai l@address.tst&ParentWorkPhone=\'&ParentCellPhone=111-222-1933email@address.tst&email=sam ple%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:00 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=FNDNLOIBMKGHHFFMIDELICCP; path=/ Cache-control: private /formpage.asp Details The POST variable ParentWorkPhone has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 797 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...=Reading&FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@addres s.tst&ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933e mail@address.tst&ParentWorkPhone=\"&ParentCellPhone=111-222-1933email@address.tst&email= sample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Acunetix Website Audit 334

Connection: close Date: Thu, 21 Jun 2012 17:31:36 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=POBNLOIBEKCCMHNCCEGPMANN; path=/ /formpage.asp Details The POST variable ParentWorkPhone has been set to \' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 806 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Par entGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@addr ess.tst&ParentWorkPhone=\'&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:36 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=CPBNLOIBIIAPHCNKHJJJHCPF; path=/ Cache-control: private /formpage.asp Details The POST variable ParentWorkPhone has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 801 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ding&FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.t Acunetix Website Audit 335

st&ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933emai l@address.tst&ParentWorkPhone=JyI%3D&ParentCellPhone=111-222-1933email@address.tst&email =sample%40email%2Etst&how=TV&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=N o&ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@addres Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:36 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=DPBNLOIBANIKKHMKLJDACLIF; path=/ Cache-control: private /formpage.asp Details The POST variable ParentWorkPhone has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 808 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Paren tGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@addres s.tst&ParentWorkPhone=%2527&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:48 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=DOCNLOIBNFLBDOHFKLDIBCFK; path=/ Cache-control: private /formpage.asp Details The POST variable ParentWorkPhone has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 809 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Acunetix Website Audit 336

Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Parent GuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address .tst&ParentWorkPhone=%2527&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:36 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=OOBNLOIBGAONFDOLPOLOFNFM; path=/ Cache-control: private /formpage.asp Details The POST variable ParentWorkPhone has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 805 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...&FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Pa rentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@add ress.tst&ParentWorkPhone='&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:36 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=APBNLOIBGJGNBMCGCCIGAHAI; path=/ Cache-control: private /formpage.asp Details The POST variable ParentWorkPhone has been set to %00' . Request Acunetix Website Audit 337

POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 808 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Paren tGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@addres s.tst&ParentWorkPhone=%00'&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:36 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=BPBNLOIBOLKLMKPLCFJCEIIJ; path=/ Cache-control: private /formpage.asp Details The POST variable ParentWorkPhone has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 804 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...g&FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&P arentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@ad dress.tst&ParentWorkPhone='&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:36 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Acunetix Website Audit 338

Set-Cookie: ASPSESSIONIDCCSSQBCR=HPBNLOIBMPICDNIEMJHLFDJK; path=/ /formpage.asp Details The POST variable ParentWorkPhone has been set to %2527 . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 811 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...educedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGua rdianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.ts t&ParentWorkPhone=%2527&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:12 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=GLENLOIBCBMDEOGPEHFECHCN; path=/ Cache-control: private /formpage.asp Details The POST variable ParentWorkPhone has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 807 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...reeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.tst&Paren tGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@addres s.tst&ParentWorkPhone='&ParentCellPhone=111-222-1933email@address.tst&email=sample%40ema il%2Etst&how=Flyer&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response Acunetix Website Audit 339

HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:32:12 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=BLENLOIBOMAAOCBDGAIOINAB; path=/ Cache-control: private /formpage.asp Details The POST variable ParentWorkPhone has been set to acunetix'" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 814 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...cedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentGuard ianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address.tst& ParentWorkPhone=acunetix'"&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:36 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=EPBNLOIBHKBPPMECNGBFCILB; path=/ Cache-control: private /formpage.asp Details The POST variable ParentWorkPhone has been set to \" . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 806 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) Acunetix Website Audit 340

...FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Par entGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@addr ess.tst&ParentWorkPhone=\"&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:36 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=FPBNLOIBCKLDMLHFJHPMLBKE; path=/ Cache-control: private /formpage.asp Details The POST variable ParentWorkPhone has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 810 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...ReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&ParentG uardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address. tst&ParentWorkPhone=JyI%3D&ParentCellPhone=111-222-1933email@address.tst&email=sample%40 email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:36 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=GPBNLOIBNMNDHNBEPMIFLFFN; path=/ Cache-control: private /formpage.asp Details The POST variable ParentWorkPhone has been set to ' . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 799 Acunetix Website Audit 341

Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eading&FreeReducedLunchProgram=No&ParentGuardianFirstName=111-222-1933email@address.t st&ParentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933emai l@address.tst&ParentWorkPhone='&ParentCellPhone=111-222-1933email@address.tst&email=samp le%40email%2Etst&how=Flyer&tvch=None&ApprovalofAdvantagePointLearningasmySESProvider=Yes &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:48 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=GOCNLOIBJBINCAPCBIKNNEHI; path=/ Cache-control: private /formpage.asp Details The POST variable ParentWorkPhone has been set to JyI%3D . Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 809 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...eReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Parent GuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@address .tst&ParentWorkPhone=JyI%3D&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2Fwww%2Eadvantagepoint%2Eorg%2F Response HTTP/1.1 500 Internal Server Error Connection: close Date: Thu, 21 Jun 2012 17:31:48 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 347 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCSSQBCR=HOCNLOIBJDBMAKKIGBDGIFLC; path=/ Cache-control: private /formpage.asp Details The POST variable ParentWorkPhone has been set to \" . Acunetix Website Audit 342

Request POST /formpage.asp HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.advantagepoint.org Content-Length: 805 Cookie: ASPSESSIONIDCARSSADR=PELICKDBCAEAPGEHMOEAOBAG Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm (line truncated) ...&FreeReducedLunchProgram=Yes&ParentGuardianFirstName=111-222-1933email@address.tst&Pa rentGuardianLastName=111-222-1933email@address.tst&ParentHomePhone=111-222-1933email@add ress.tst&ParentWorkPhone=\"&ParentCellPhone=111-222-1933email@address.tst&email=sample%4 0email%2Etst&how=TV&tvch=ABC%20Family&ApprovalofAdvantagePointLearningasmySESProvider=No &ElectronicSignature=111-222-1933email@address.tst&FormAction=111-222-1933email@address. tst&FormID=1&Referer=http%3A%2F%2F