Web Application Report



Similar documents
HTML Fails: What No One Tells You About HTML

Hypertext for Hyper Techs

TabCaratteri=" abcdefghijklmnopqrstuvwxyz._~ABCDEFGHIJKLMNOPQRSTUVWXYZ";

reference: HTTP: The Definitive Guide by David Gourley and Brian Totty (O Reilly, 2002)

Secure Testing Service

GEMFIND. We Handle The Journey. So You Can Focus On The Destination. WEB TECHNOLOGIES FOR THE JEWELRY INDUSTRY - Est. 1999

This tutorial assumes that you are familiar with ASP.Net and ActiveX controls.

T14 SECURITY TESTING: ARE YOU A DEER IN THE HEADLIGHTS? Ryan English SPI Dynamics Inc BIO PRESENTATION. Thursday, May 18, :30PM

Hack Yourself First. Troy troyhunt.com

Information Extraction Art of Testing Network Peripheral Devices

Outline Definition of Webserver HTTP Static is no fun Software SSL. Webserver. in a nutshell. Sebastian Hollizeck. June, the 4 th 2013

GET /FB/index.html HTTP/1.1 Host: lmi32.cnam.fr

Agenda. 1. ZAPms Konzept. 2. Benutzer-Kontroller. 3. Laout-Aufbau. 4. Template-Aufbau. 6. Konfiguration. 7. Module.

<link rel="stylesheet" type="text/css" media="all" href="css/iphone.css" /> <!-- User defined styles -->

HTTP Protocol. Bartosz Walter

HTTP Caching & Cache-Busting for Content Publishers

HTTP Fingerprinting and Advanced Assessment Techniques

Chapter 1 Introduction to web development and PHP

The Hyper-Text Transfer Protocol (HTTP)

Protocolo HTTP. Web and HTTP. HTTP overview. HTTP overview

ShoreTel Enterprise Contact Center 8 Installing and Implementing Chat

No. Time Source Destination Protocol Info HTTP GET /ethereal-labs/http-ethereal-file1.html HTTP/1.

Penetration Testing for Web Applications (Part One) by Jody Melbourne and David Jorm last updated June 16, 2003

CloudOYE CDN USER MANUAL

THE PROXY SERVER 1 1 PURPOSE 3 2 USAGE EXAMPLES 4 3 STARTING THE PROXY SERVER 5 4 READING THE LOG 6

Security-Assessment.com White Paper Leveraging XSRF with Apache Web Server Compatibility with older browser feature and Java Applet

CS640: Introduction to Computer Networks. Applications FTP: The File Transfer Protocol

Module 45 (More Web Hacking)

URLs and HTTP. ICW Lecture 10 Tom Chothia

Project #2. CSE 123b Communications Software. HTTP Messages. HTTP Basics. HTTP Request. HTTP Request. Spring Four parts

API. Application Programmers Interface document. For more information, please contact: Version 2.01 Aug 2015

Hello friends, This is Aaditya Purani and i will show you how to Bypass PHP LFI(Local File Inclusion)

How To Create A Web Database From A Multimedia Resources Database On A Microsoft Web Browser On A Pc Or Mac Or Mac (For Free) On A Mac Or Ipad Or Ipa (For Cheap) On Pc Or Ipam (For Money

Web Security Threat Report: January April Ryan C. Barnett WASC Member Project Lead: Distributed Open Proxy Honeypots

Sticky Session Setup and Troubleshooting

Coding HTML Tips, Tricks and Best Practices

Vodia PBX RESTful API (v2.0)

World Wide Web. Before WWW

Table of Contents. Open-Xchange Authentication & Session Handling. 1.Introduction...3

1. When will an IP process drop a datagram? 2. When will an IP process fragment a datagram? 3. When will a TCP process drop a segment?

Payment Page Integration Guide

Cyber Security Workshop Ethical Web Hacking

Internet Technologies. World Wide Web (WWW) Proxy Server Network Address Translator (NAT)

Chapter 27 Hypertext Transfer Protocol

<?xml version= 1.0?> <!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN

EXPLORATiON in THE CROSS TERRiTORY the inevitable continuation of my first paper: Cross Site Scripting - Attack and Defense guide

In this chapter, you will learn how to...

Installing BankID Security Application in corporate environments

By Bardia, Patit, and Rozheh

Introduction Les failles les plus courantes Les injections SQL. Failles Web. Maxime Arthaud. net7. Jeudi 03 avril 2014.

Network Technologies

Laboratory Instructions & Incubator Guide

Web Application Report

Introduction to web development and JavaScript

Architecture of So-ware Systems HTTP Protocol. Mar8n Rehák

Web Server Logs Analyze Using the XML Technologies

Playing with Web Application Firewalls

Mobile Web Applications using HTML5. L. Cotfas 14 Dec. 2011

Installing BankID Security Application in corporate environments

Dissecting CSRF Attacks & Defenses. Mike Shema October 16, 2013

TCP/IP Networking An Example

Java Web Application Security

GlassFish OpenSSO CAC Authentication Deployment Configuration Guide

.NET Best Practices Part 1 Master Pages Setup. Version 2.0

Demystifying cache. Kristian Lyngstøl Product Specialist Varnish Software AS

Application layer Web 2.0

Hack Yourself First. Troy troyhunt.com

HTTP. Internet Engineering. Fall Bahador Bakhshi CE & IT Department, Amirkabir University of Technology

Google AdWords TM Conversion Tracking Guide

MatrixSSL Getting Started

Deployment Guide. Caching (Static & Dynamic) Deployment Guide. A Step-by-Step Technical Guide

Internet Technologies Internet Protocols and Services

Acunetix Website Audit. 5 November, Developer Report. Generated by Acunetix WVS Reporter (v8.0 Build )

Chapter 1. Introduction to web development

Web Design Course. Home Page. Join in. Home. Objectives. Course Content. Assignments & Discussion. Grades. Help. Contact Me aab43@uakron.

Web Security Scan. 10 November, Developer Report

A Study on The Information Gathering Method for Penetration Testing

CDN Operation Manual

Ethical Hacking as a Professional Penetration Testing Technique

Banners Broker è una. Compagnia di pubblicità online

Web applications. Web security: web basics. HTTP requests. URLs. GET request. Myrto Arapinis School of Informatics University of Edinburgh

Penetration Testing Corporate Collaboration Portals. Giorgio Fedon, Co-Founder at Minded Security

The Web: some jargon. User agent for Web is called a browser: Web page: Most Web pages consist of: Server for Web is called Web server:

HTTP Response Splitting

A70 How to Deploy Applications

Security Audit Report

Transcription:

Web Application Report Security Report This report was created by IBM Rational AppScan 7.8.0.0 2/11/2009 5:25:03 PM 2/11/2009 5:25:03 PM 1/28 Copyright IBM Corp. 2000, 2009. All Rights Reserved.

Report Information Web Application Report Scan Name: preventivo.navale.it Scanned Host(s) Host Operating System Web Server Application Server preventivo.navale.it preventivo.navale.it:443 Win32 IIS, IIS6 ASP.NET Content This report contains the following sections: Detailed Security Issues Application Data Application URLs 2/11/2009 5:25:03 PM 2/28

Detailed Security Issues Vulnerable URL: http://preventivo.navale.it/ Total of 2 security issues in this URL [1 of 2] Application Test Script Detected Severity: Test Type: Vulnerable URL: Remediation Tasks: Informational Application http://preventivo.navale.it/ Remove test scripts from the server Variant 1 of 1 [ID=1393] The following changes were applied to the original request: Set path to '/test.aspx' [2 of 2] Direct Access to Administration Pages Severity: Test Type: Vulnerable URL: Remediation Tasks: Informational Application http://preventivo.navale.it/ Apply proper authorization to administration scripts Variant 1 of 1 [ID=1405] The following changes were applied to the original request: Set path to '/admin.aspx' Vulnerable URL: https://preventivo.navale.it/ Total of 2 security issues in this URL [1 of 2] Microsoft ASP.NET Debugging Enabled Severity: Test Type: Vulnerable URL: Remediation Tasks: Low Infrastructure https://preventivo.navale.it/ Disable Debugging on Microsoft ASP.NET Variant 1 of 1 [ID=5953] The following changes were applied to the original request: Set path to '/appscan.aspx' Added HTTP header 'Command: stop-debug' Set method to 'DEBUG' 2/11/2009 5:25:03 PM 3/28

[2 of 2] Missing Secure Attribute in Encrypted Session (SSL) Cookie Severity: Test Type: Vulnerable URL: Remediation Tasks: Low Application https://preventivo.navale.it/ (Cookie = ASP.NET_SessionId) Add the 'Secure' attribute to all sensitive cookies Variant 1 of 2 [ID=7901] The following may require user attention: GET /menu.aspx HTTP/1.0 Accept: */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32) Host: preventivo.navale.it Referer: https://preventivo.navale.it/ HTTP/1.1 200 OK Set-Cookie: ASP.NET_SessionId=t02gcg55nhlruoaar2muyq45; path=/ Set-Cookie: ASP.NET_SessionId=wunhkp45l3eiki55blybvi55; path=/; expires=1970-01- 01T01:00:00; domain=preventivo.navale.it Content-Length: 2030 Connection: close Date: Tue, 16 Dec 2008 12:59:23 GMT Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 1.1.4322 Cache-Control: private <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>menu</title> <meta content="microsoft Visual Studio.NET 7.1" name="generator"> <meta content="c#" name="code_language"> <meta content="javascript" name="vs_defaultclientscript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetschema"> <LINK href="style1_ie.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="form1" method="post" action="menu.aspx" id="form1"> <input type="hidden" name=" VIEWSTATE" value="ddwtmtewnzyxndy0ott0pdtspgk8mz47pjtsphq8o2w8atwxpjtppdm+o2k8nz 47aTw5PjtpPDExPjtpPDEzPjtpPDE1Pjs+O2w8dDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+ Pjs7Pjt0PHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+Ozs+O3Q8cDxsPFZpc2libGU7PjtsPG 88Zj47Pj47Oz47dDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs7Pjt0PHA8bDxWaXNpYmxl 2/11/2009 5:25:03 PM 4/28

mlzawjszts+o2w8bzxmpjs+pjs7pjs+pjs+pjs+ezsjj4xtnis8kgqwlgdcofhnbfk=" /> <table width="170" bgcolor=white> <table id="tblpreventivo" width="100%" border="0" cellspacing="0" cellpadding="0"> <td id="cellpreventivo" class="righthead1" height="16">calcola il tuo preventivo <td height="16"><input type="submit" name="btnpreventivo" value="entra" id="btnpreventivo" class="button" /> <tr height="5"> <td height="5"> <tr height="1"> <td background="img\h-line.gif" width="170"><img src="img\spacer.gif" width="1" height="1" border="0" alt=""> 2/11/2009 5:25:03 PM 5/28

</form> </body> </HTML> Vulnerable URL: https://preventivo.navale.it/emptybar.htm Total of 1 security issues in this URL [1 of 1] HTML Comments Sensitive Information Disclosure Severity: Test Type: Vulnerable URL: Remediation Tasks: Informational Application https://preventivo.navale.it/emptybar.htm Remove sensitive information from HTML comments Variant 1 of 1 [ID=7893] The following may require user attention: GET /emptybar.htm HTTP/1.0 Accept: */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32) Host: preventivo.navale.it Referer: https://preventivo.navale.it/ HTTP/1.1 200 OK Content-Length: 1816 Connection: close Date: Tue, 16 Dec 2008 12:59:23 GMT Content-Type: text/html ETag: "f42fbc658222c71:4369" Server: Microsoft-IIS/6.0 Cache-Control: no-cache Last-Modified: Mon, 18 Dec 2006 08:56:25 GMT Accept-Ranges: bytes X-Powered-By: ASP.NET <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> 2/11/2009 5:25:04 PM 6/28

<head> <meta http-equiv="content-language" content="it"> <meta name="generator" content="microsoft FrontPage 5.0"> <meta name="progid" content="frontpage.editor.document"> <meta http-equiv="content-type" content="text/html; charset=windows-1252"> <LINK rel="stylesheet" type="text/css" href="style1_ie.css"> <title>quotazione</title> <script language="javascript"> function newwindow(myurl) { window.open (myurl,null,'height=500,width=470,scrollbars=yes,resizable=yes'); } </script> </head> <body bgcolor="#ffffff" topmargin="0" leftmargin="0" marginwidth="0" marginheight="0"> <table height="100%" border="0" cellspacing="0" cellpadding="0" ID="Table1"> <td width="10"><img src="img/spacer.gif" width="10" height="1" border="0"> <td width="150" valign="top" bgcolor="#e5e5e5"> <table width="150" border="0" cellspacing="0" cellpadding="0" ID="Table2"> <tr height="1"> <td width="7"><img src="img/spacer.gif" width="7" height="1" border="0" alt=""> <td width="7"><img src="img/spacer.gif" width="7" height="1" border="0" alt=""> <td width="136"><img src="img/spacer.gif" width="136" height="1" border="0" alt=""> <!-- <div><a class="helptext" href="restart.aspx?appid=6" target="framemain">agent Locator</a></div> <div><a class="helptext" href="restart.aspx?appid=2" target="framemain">registrazione</a></div> <div><a class="helptext" href="restart.aspx?appid=3" target="framemain">login</a></div> --> </body> </html> 2/11/2009 5:25:04 PM 7/28

Vulnerable URL: https://preventivo.navale.it/go.aspx Total of 1 security issues in this URL [1 of 1] Unencrypted VIEWSTATE Parameter Severity: Test Type: Vulnerable URL: Remediation Tasks: Informational Application https://preventivo.navale.it/go.aspx (Parameter = VIEWSTATE) Modify your Web.Config file to encrypt the VIEWSTATE parameter Variant 1 of 2 [ID=7352] The following may require user attention: POST /go.aspx HTTP/1.0 Cookie: ASP.NET_SessionId=wunhkp45l3eiki55blybvi55 Content-Length: 592 Accept: */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32) Host: preventivo.navale.it Content-Type: application/x-www-form-urlencoded Referer: https://preventivo.navale.it/go.aspx VIEWSTATE=dDwtNTc5NDA1MzkxO3Q8cDxsPGN1cnJfbWFwOz47bDxpPDA% 2BOz4%2BO2w8aTwxPjtpPDM% 2BOz47bDx0PHA8bDxUZXh0Oz47bDwKDVw8c2NyaXB0IGxhbmd1YWdlPSdqYXZhc2Ny axb0jybcpgonxdwhls0kdwz1bmn0aw9uieltbwvkawf0zvbyaw50ugfnzsgpewkjfq onls1cpgonxdwvc2nyaxb0xd4kdts% 2BPjs7Pjt0PDtsPGk8MT47PjtsPHQ8O2w8aTwxPjtpPDI% 2BOz47bDx0PDtsPGk8MD47PjtsPHQ8O2w8aTwxPjs%2BO2w8dDw7bDxpPDA% 2BOz47bDx0PHA8cDxsPEltYWdlVXJsOz47bDwuLi9JbWcvUHJldmVudGl2b19SQ0EuZ2l moz4%2boz47oz47pj47pj47pj47ddw7bdxppda% 2BOz47bDx0PHA8bDxpbm5lcmh0bWw7PjtsPFxlOz4%2BOzs%2BOz4%2BOz4%2BOz4% 2BOz4%2BOz5mdgYmi4nVODQZ02S%2FX01Ikyf%2FQA%3D%3D&buttonEntra=Entra HTTP/1.1 200 OK Content-Length: 9471 Connection: close Date: Tue, 16 Dec 2008 12:59:33 GMT Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 1.1.4322 Cache-Control: private <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>preventivo Canale Internet</title> 2/11/2009 5:25:04 PM 8/28

<meta content="microsoft Visual Studio 7.0" name="generator"> <meta content="c#" name="code_language"> <meta content="javascript" name="vs_defaultclientscript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetschema"> <LINK rel="stylesheet" type="text/css" href="style1_ie.css"> <script language='javascript'> <!-- var i = 0; --> </script> <script language='javascript' > <!-- function ImmediatePrintPage(){ } --> </script> </HEAD> <body onload="immediateprintpage()"> <form name="form1" method="post" action="" language="javascript" onsubmit="turnonhourglass();if (!ValidatorOnSubmit()) return false;" id="form1"> <input type="hidden" name=" VIEWSTATE" value="ddwtntc5nda1mzkxo3q8cdxspgn1cnjfbwfwoz47bdxppdi+oz4+o2w8atwxpj tppdm+oz47bdx0pha8bdxuzxh0oz47bdwkdvw8c2nyaxb0igxhbmd1ywdlpsdqyxzh c2nyaxb0jybcpgonxdwhls0kdwz1bmn0aw9uieltbwvkawf0zvbyaw50ugfnzsgpe wkjfqonls1cpgonxdwvc2nyaxb0xd4kdts+pjs7pjt0pdtspgk8mt47pjtsphq8o2w8at wxpjtppdi+o2k8nd47pjtsphq8o2w8atwwpjs+o2w8ddw7bdxppde+oz47bdx0pdtspg k8md47pjtsphq8cdxwpgw8sw1hz2vvcmw7pjtspc4ul0ltzy9uaxbvx3zlawnvbg9fym FycmFfZGlfc3RhdG8uZ2lmOz4+Oz47Oz47Pj47Pj47Pj47dDw7bDxpPDA+Oz47bDx0PHA8 bdxpbm5lcmh0bww7pjtspfnjzwx0ysb0axbvihzlawnvbg87pj47oz47pj47ddw7bdxpp DA+Oz47bDx0PDtsPGk8MT47PjtsPHQ8O2w8aTwwPjs+O2w8dDw7bDxpPDA+Oz47bDx0 PDtsPGk8MD47PjtsPHQ8O2w8aTwzPjtpPDU+O2k8Nz47aTw5PjtpPDExPjtpPDEyPjtpPD E0Pjs+O2w8dDxwPHA8bDxGb3JlQ29sb3I7VGV4dDtCYWNrQ29sb3I7XyFTQjs+O2w8Mjx EYXJrUmVkPjvigKI7MjxXaGl0ZT47aTwxMj47Pj47Pjs7Pjt0PHA8cDxsPFRleHQ7QmFja0Nv bg9yo0zvcmvdb2xvcjtfivncoz47bdzigki7mjxxagl0zt47mjxeyxjrumvkpjtppdeypjs+p js+ozs+o3q8cdxwpgw8vgv4ddtcywnrq29sb3i7rm9yzunvbg9yo18hu0i7pjtspokao jsypfdoaxrlpjsyperhcmtszwq+o2k8mti+oz4+oz47oz47ddxwpha8bdxuzxh0o0jhy 2tDb2xvcjtGb3JlQ29sb3I7XyFTQjtWYWx1ZVRvQ29tcGFyZTs+O2w84oCiOzI8V2hpdGU+ OzI8RGFya1JlZD47aTwxMj47MTYvMTIvMjAwODs+Pjs+Ozs+O3Q8cDxwPGw8VGV4dDtN YXhpbXVtVmFsdWU7QmFja0NvbG9yO0ZvcmVDb2xvcjtfIVNCO01pbmltdW1WYWx1ZTs+ O2w84oCiOzE0LzAyLzIwMDk7MjxXaGl0ZT47MjxEYXJrUmVkPjtpPDEyPjsxNi8xMi8yMDA 4Oz4+Oz47Oz47dDxwPHA8bDxOYXZpZ2F0ZVVybDs+O2w8amF2YXNjcmlwdDp3aW4gP SB3aW5kb3cub3BlbignSGVscEZpbGVzL2hlbHBfRGF0YURlY29ycmVuemEuaHRtJywnX2 JsYW5rJywnaGVpZ2h0PTIwMCx3aWR0aD0zMDAsdG9wPTAsbGVmdD0wLHNjcm9sbGJ hcnm9ewvzlhjlc2l6ywjszt1ubyxzdgf0dxm9bm8sdg9vbgjhcj1ubyxsb2nhdglvbj1uby xkaxjly3rvcmllcz1ubyxtzw51ymfypw5vlgnvchloaxn0b3j5pxllcycpxdt3aw4uzm9jdx MoKVw7Oz4+Oz47Oz47dDx0PHA8cDxsPERhdGFUZXh0RmllbGQ7RGF0YVZhbHVlRmllb GQ7PjtsPHJiVGV4dDtyYlZhbHVlOz4+Oz47dDxpPDQ+O0A8QXV0b3ZldHR1cmEgYWQgd XNvIFByaXZhdG87TW90b2NpY2xvIGFkIHVzbyBQcml2YXRvO0NpY2xvbW90b3JlIGFkIH VzbyBQcml2YXRvO0FsdHJvIHZlaWNvbG87PjtAPDI1MTszODI7Mzg2OzUwMTs+Pjs+Ozs +Oz4+Oz4+Oz4+Oz4+Oz4+Oz4+Oz4+Oz4+Oz4+Oz7z3d61Rv5az+Ks3Dt/fyOm6cj8jQ==" /> 2/11/2009 5:25:04 PM 9/28

<script language="javascript" type="text/javascript" src="/aspnet_client/system_web/1_1_4322/webuivalidation.js"></script> <table id="tabskeleton" height="375" width="424" border="0"> <td id="spacer" colspan="3" height="20"> <tr id="rownavbar"> <td id="navbarcell" colspan="3" align="center"> <img id="navigationbar1_image1" src="img/tipo_veicolo_barra_di_stato.gif" alt="" border="0" /> <tr id="rowheader"> <td id="headercell" colspan="3" height="30" class="lefttext13-bold">scelta tipo veicolo <tr id="rowsummaryvalidator"> <td id="cellsummaryvalidator" align="center" height="20" colspan="3"><div id="vs1" class="validationsummary" showmessagebox="true" style="color:darkred;background-color:white;display:none;"> </div> <tr id="rowmain"> <td id="maincell" colspan="3" width="100%" align="center" valign="top"> <table id="customdynamictable" width="100%"> <t... Vulnerable URL: https://preventivo.navale.it/leftbar.htm Total of 1 security issues in this URL [1 of 1] HTML Comments Sensitive Information Disclosure Severity: Test Type: Vulnerable URL: Remediation Tasks: Informational Application https://preventivo.navale.it/leftbar.htm Remove sensitive information from HTML comments Variant 1 of 1 [ID=7894] The following may require user attention: GET /leftbar.htm HTTP/1.0 Accept: */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32) Host: preventivo.navale.it 2/11/2009 5:25:04 PM 10/28

Referer: https://preventivo.navale.it/ HTTP/1.1 200 OK Content-Length: 1760 Connection: close Date: Tue, 16 Dec 2008 12:59:23 GMT Content-Type: text/html ETag: "548e1b668222c71:4369" Server: Microsoft-IIS/6.0 Cache-Control: no-cache Last-Modified: Mon, 18 Dec 2006 08:56:25 GMT Accept-Ranges: bytes X-Powered-By: ASP.NET <html> <head> <meta http-equiv="content-language" content="it"> <meta name="generator" content="microsoft FrontPage 5.0"> <meta name="progid" content="frontpage.editor.document"> <meta http-equiv="content-type" content="text/html; charset=windows-1252"> <LINK rel="stylesheet" type="text/css" href="style1_ie.css"> <title>quotazione</title> <script language="javascript"> function newwindow(myurl) { window.open (myurl,null,'height=500,width=470,scrollbars=yes,resizable=yes'); } </script> </head> <body bgcolor="#ffffff" topmargin="0" leftmargin="0" marginwidth="0" marginheight="0"> <table height="100%" border="0" cellspacing="0" cellpadding="0" ID="Table1"> <td width="10"><img src="img/spacer.gif" width="10" height="1" border="0"> <td width="150" valign="top" bgcolor="#e5e5e5"> <table width="150" border="0" cellspacing="0" cellpadding="0" ID="Table2"> <tr height="1"> <td width="7"><img src="img/spacer.gif" width="7" height="1" border="0" alt=""> <td width="7"><img src="img/spacer.gif" width="7" height="1" border="0" alt=""> <td width="136"><img src="img/spacer.gif" width="136" height="1" border="0" alt=""> <!-- <div><a class="helptext" href="restart.aspx? 2/11/2009 5:25:04 PM 11/28

--> </body> </html> Vulnerable URL: https://preventivo.navale.it/menu.aspx Total of 1 security issues in this URL [1 of 1] Unencrypted VIEWSTATE Parameter Severity: Test Type: Vulnerable URL: Remediation Tasks: Informational Application https://preventivo.navale.it/menu.aspx (Parameter = VIEWSTATE) Modify your Web.Config file to encrypt the VIEWSTATE parameter Variant 1 of 1 [ID=6916] The following may require user attention: POST /menu.aspx HTTP/1.0 Cookie: ASP.NET_SessionId=wunhkp45l3eiki55blybvi55 Content-Length: 476 Accept: */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32) Host: preventivo.navale.it Content-Type: application/x-www-form-urlencoded Referer: https://preventivo.navale.it/menu.aspx VIEWSTATE=dDwtMTEwNzYxNDY0OTt0PDtsPGk8Mz47PjtsPHQ8O2w8aTwxPjtpPDM %2BO2k8Nz47aTw5PjtpPDExPjtpPDEzPjtpPDE1Pjs% 2BO2w8dDxwPGw8VmlzaWJsZTs%2BO2w8bzxmPjs% 2BPjs7Pjt0PHA8bDxWaXNpYmxlOz47bDxvPGY%2BOz4%2BOzs% 2BO3Q8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47Oz47dDxwPGw8VmlzaWJsZTs% 2BO2w8bzxmPjs%2BPjs7Pjt0PHA8bDxWaXNpYmxlOz47bDxvPGY%2BOz4%2BOzs% 2BO3Q8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47Oz47dDxwPGw8VmlzaWJsZTs% 2BO2w8bzxmPjs%2BPjs7Pjs%2BPjs%2BPjs%2BezSJj4xtNIS8kGQWLGdCOFHnBFk% 3D&btnPreventivo=Entra HTTP/1.1 200 OK Content-Length: 2348 2/11/2009 5:25:04 PM 12/28

Connection: close Date: Tue, 16 Dec 2008 12:59:25 GMT Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 1.1.4322 Cache-Control: private <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>menu</title> <meta content="microsoft Visual Studio.NET 7.1" name="generator"> <meta content="c#" name="code_language"> <meta content="javascript" name="vs_defaultclientscript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetschema"> <LINK href="style1_ie.css" type="text/css" rel="stylesheet"> <script language='javascript'> <!-- window.parent.framemain.location='restart.aspx?appid=1' --> </script> </HEAD> <body> <form name="form1" method="post" action="menu.aspx" id="form1"> <input type="hidden" name=" VIEWSTATE" value="ddwtmtewnzyxndy0ott0pdtspgk8mt47atwzpjs+o2w8ddxwpgw8vgv4dds+ O2w8IFw8c2NyaXB0IGxhbmd1YWdlPSdqYXZhc2NyaXB0J1w+Cg0gXDwhLS0KDSB3aW 5kb3cucGFyZW50LmZyYW1lTWFpbi5sb2NhdGlvbj0ncmVzdGFydC5hc3B4P0FwcElEPTE ncg0gls1cpiakdsbcpc9zy3jpchrcpiakdts+pjs7pjt0pdtspgk8mt47atwzpjtppdc+o 2k8OT47aTwxMT47aTwxMz47aTwxNT47PjtsPHQ8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47 Oz47dDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs7Pjt0PHA8bDxWaXNpYmxlOz47bDxv PGY+Oz4+Ozs+O3Q8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47Oz47dDxwPGw8VmlzaWJsZ Ts+O2w8bzxmPjs+Pjs7Pjt0PHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+Ozs+O3Q8cDxsP FZpc2libGU7PjtsPG88Zj47Pj47Oz47Pj47Pj47PlUWCNK+FB7uJPDBUNGfhDpT5k26" /> <table width="170" bgcolor=white> <table id="tblpreventivo" width="100%" border="0" cellspacing="0" 2/11/2009 5:25:04 PM 13/28

<td id="cellpreventivo" class="righthead1" height="16">calcola il tuo preventivo <td height="16"><input type="submit" name="btnpreventivo" value="entra" id="btnpreventivo" class="button" /> <tr height="5"> <td height="5"> <tr height="1"> <td background="img\h-line.gif" width="170"><img src="img\spacer.gif" width="1" height="1" border="0" alt=""> </form> </body> </HTML> Vulnerable URL: https://preventivo.navale.it/navigationwarning.aspx 2/11/2009 5:25:04 PM 14/28

Total of 1 security issues in this URL [1 of 1] Unencrypted VIEWSTATE Parameter Severity: Test Type: Informational Application Vulnerable URL: https://preventivo.navale.it/navigationwarning.aspx (Parameter = VIEWSTATE) Remediation Tasks: Variant 1 of 1 [ID=8369] Modify your Web.Config file to encrypt the VIEWSTATE parameter The following may require user attention: POST /navigationwarning.aspx HTTP/1.0 Cookie: ASP.NET_SessionId=wunhkp45l3eiki55blybvi55 Content-Length: 81 Accept: */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32) Host: preventivo.navale.it Content-Type: application/x-www-form-urlencoded Referer: https://preventivo.navale.it/navigationwarning.aspx VIEWSTATE=dDw5NjU1MTU1Ozs%2Bi3mQhMJY%2BTlbld4h97VeYewF6DQ% 3D&btnContinue=Avanti HTTP/1.1 302 Found Content-Length: 125 Connection: close Date: Tue, 16 Dec 2008 12:59:41 GMT Location: /go.aspx Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 1.1.4322 Cache-Control: private <html><head><title>object moved</title></head><body> <h2>object moved to <a href='/go.aspx'>here</a>.</h2> </body></html> GET /go.aspx HTTP/1.0 Cookie: ASP.NET_SessionId=wunhkp45l3eiki55blybvi55 Accept: */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32) Host: preventivo.navale.it Referer: https://preventivo.navale.it/restart.aspx?appid=1 HTTP/1.1 200 OK Content-Length: 4333 2/11/2009 5:25:04 PM 15/28

Connection: close Date: Tue, 16 Dec 2008 12:59:29 GMT Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 1.1.4322 Cache-Control: private <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>preventivo Canale Internet</title> <meta content="microsoft Visual Studio 7.0" name="generator"> <meta content="c#" name="code_language"> <meta content="javascript" name="vs_defaultclientscript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetschema"> <LINK rel="stylesheet" type="text/css" href="style1_ie.css"> <script language='javascript'> <!-- var i = 0; --> </script> <script language='javascript' > <!-- function ImmediatePrintPage(){ } --> </script> </HEAD> <body onload="immediateprintpage()"> <form name="form1" method="post" action="go.aspx" language="javascript" onsubmit="turnonhourglass();" id="form1"> <input type="hidden" name=" VIEWSTATE" value="ddwtntc5nda1mzkxo3q8cdxspgn1cnjfbwfwoz47bdxppda+oz4+o2w8atwx PjtpPDM+Oz47bDx0PHA8bDxUZXh0Oz47bDwKDVw8c2NyaXB0IGxhbmd1YWdlPSdqYXZ hc2nyaxb0jybcpgonxdwhls0kdwz1bmn0aw9uieltbwvkawf0zvbyaw50ugfnzsgp ewkjfqonls1cpgonxdwvc2nyaxb0xd4kdts+pjs7pjt0pdtspgk8mt47pjtsphq8o2w8a TwxPjtpPDI+Oz47bDx0PDtsPGk8MD47PjtsPHQ8O2w8aTwxPjs+O2w8dDw7bDxpPDA+O z47bdx0pha8cdxspeltywdlvxjsoz47bdwuli9jbwcvuhjldmvudgl2b19sq0euz2lmoz4 +Oz47Oz47Pj47Pj47Pj47dDw7bDxpPDA+Oz47bDx0PHA8bDxpbm5lcmh0bWw7PjtsPFxlO z4+ozs+oz4+oz4+oz4+oz4+oz5mdgymi4nvodqz02s/x01ikyf/qa==" /> <table id="tabskeleton" height="375" width="424" border="0"> <td id="spacer" colspan="3" height="20"> <tr id="rownavbar"> <td id="navbarcell" colspan="3" align="center"> <img id="navigationbar1_image1" src="img/preventivo_rca.gif" alt="" border="0" /> 2/11/2009 5:25:04 PM 16/28

<tr id="rowheader"> <td id="headercell" colspan="3" height="30" class="lefttext13-bold"> <tr id="rowsummaryvalidator"> <td id="cellsummaryvalidator" align="center" height="20" colspan="3"><div id="vs1" class="validationsummary" showmessagebox="true" style="color:darkred;background-color:white;display:none;"> </div> <tr id="rowmain"> <td id="maincell" colspan="3" width="100%" align="center" valign="top"> <table id="customdynamictable" width="100%"> <td width="100%" colspan="4"> <table> <img src="img/all_arr_blue.gif" width="10" height="10" border="0"><a id="_ctl3_hypcosatiserve" class="helptext" href="htmlfiles/cosatiserve.htm" target="_blank">cosa ti serve per iniziare</a> <img src="img/all_arr_blue.gif" width="10" height="10" border="0"><a id="_ctl3_hyptarlast" class="helptext" href="htmlfiles/tariffecondizioninavale0708.htm" target="_blank">condizioni di polizza e Nota informativa in vigore fino al 31/01/2009</a> <img src="img/all_arr_blue.gif" width="10" height="10" border="0"><a id="_ctl3_hyptarnext" class="helptext" href="htmlfiles/tariffecondizioninavale0209.htm" target="_blank">condizioni di polizza e Nota informativa in vigore dal 01/02/2009</a> <span id="_ctl3_lblhaipolizza" class="centertext">hai già una polizza RC Auto Navale? Contatta il tuo Agente </span> <span id="_ctl3_lblhaipolizza2" class="centertext">per conoscere i vantaggi collegati al rinnovo della tua polizza.</span> <span id="_ctl3_lbllegge" class="centertext">sito internet costituito ai sensi dell art. 131 del Codice delle Assicurazioni</span> <span id="_ctl3_label1" class="centertext">per iniziare un nuovo preventivo clicca su "Entra".</span> <tr id="rowbuttons"> <td id="navigationbuttonscell" align="center" height="20" colspan="3"> 2/11/2009 5:25:04 PM 17/28

&... Vulnerable URL: https://preventivo.navale.it/restart.aspx Total of 1 security issues in this URL [1 of 1] Query Parameter in SSL Request Severity: Test Type: Vulnerable URL: Remediation Tasks: Informational Application https://preventivo.navale.it/restart.aspx (Parameter = AppID) Always use the HTTP POST method when sending sensitive information Variant 1 of 1 [ID=7169] The following may require user attention: GET /restart.aspx?appid=1 HTTP/1.0 Cookie: ASP.NET_SessionId=wunhkp45l3eiki55blybvi55 Accept: */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32) Host: preventivo.navale.it Referer: https://preventivo.navale.it/menu.aspx HTTP/1.1 302 Found Content-Length: 125 Connection: close Date: Tue, 16 Dec 2008 12:59:26 GMT Location: /Go.aspx Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 1.1.4322 Cache-Control: private <html><head><title>object moved</title></head><body> <h2>object moved to <a href='/go.aspx'>here</a>.</h2> </body></html> GET /go.aspx HTTP/1.0 Cookie: ASP.NET_SessionId=wunhkp45l3eiki55blybvi55 Accept: */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32) Host: preventivo.navale.it Referer: https://preventivo.navale.it/restart.aspx?appid=1 2/11/2009 5:25:04 PM 18/28

HTTP/1.1 200 OK Content-Length: 4333 Connection: close Date: Tue, 16 Dec 2008 12:59:29 GMT Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 1.1.4322 Cache-Control: private <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>preventivo Canale Internet</title> <meta content="microsoft Visual Studio 7.0" name="generator"> <meta content="c#" name="code_language"> <meta content="javascript" name="vs_defaultclientscript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetschema"> <LINK rel="stylesheet" type="text/css" href="style1_ie.css"> <script language='javascript'> <!-- var i = 0; --> </script> <script language='javascript' > <!-- function ImmediatePrintPage(){ } --> </script> </HEAD> <body onload="immediateprintpage()"> <form name="form1" method="post" action="go.aspx" language="javascript" onsubmit="turnonhourglass();" id="form1"> <input type="hidden" name=" VIEWSTATE" value="ddwtntc5nda1mzkxo3q8cdxspgn1cnjfbwfwoz47bdxppda+oz4+o2w8atwx PjtpPDM+Oz47bDx0PHA8bDxUZXh0Oz47bDwKDVw8c2NyaXB0IGxhbmd1YWdlPSdqYXZ hc2nyaxb0jybcpgonxdwhls0kdwz1bmn0aw9uieltbwvkawf0zvbyaw50ugfnzsgp ewkjfqonls1cpgonxdwvc2nyaxb0xd4kdts+pjs7pjt0pdtspgk8mt47pjtsphq8o2w8a TwxPjtpPDI+Oz47bDx0PDtsPGk8MD47PjtsPHQ8O2w8aTwxPjs+O2w8dDw7bDxpPDA+O z47bdx0pha8cdxspeltywdlvxjsoz47bdwuli9jbwcvuhjldmvudgl2b19sq0euz2lmoz4 +Oz47Oz47Pj47Pj47Pj47dDw7bDxpPDA+Oz47bDx0PHA8bDxpbm5lcmh0bWw7PjtsPFxlO z4+ozs+oz4+oz4+oz4+oz4+oz5mdgymi4nvodqz02s/x01ikyf/qa==" /> <table id="tabskeleton" height="375" width="424" border="0"> <td id="spacer" colspan="3" height="20"> <tr id="rownavbar"> 2/11/2009 5:25:04 PM 19/28

alt="" border="0" /> <img id="navigationbar1_image1" src="img/preventivo_rca.gif" <tr id="rowheader"> <td id="headercell" colspan="3" height="30" class="lefttext13-bold"> <tr id="rowsummaryvalidator"> <td id="cellsummaryvalidator" align="center" height="20" colspan="3"><div id="vs1" class="validationsummary" showmessagebox="true" style="color:darkred;background-color:white;display:none;"> </div> <tr id="rowmain"> <td id="maincell" colspan="3" width="100%" align="center" valign="top"> <table id="customdynamictable" width="100%"> <td width="100%" colspan="4"> <table> <img src="img/all_arr_blue.gif" width="10" height="10" border="0"><a id="_ctl3_hypcosatiserve" class="helptext" href="htmlfiles/cosatiserve.htm" target="_blank">cosa ti serve per iniziare</a> <img src="img/all_arr_blue.gif" width="10" height="10" border="0"><a id="_ctl3_hyptarlast" class="helptext" href="htmlfiles/tariffecondizioninavale0708.htm" target="_blank">condizioni di polizza e Nota informativa in vigore fino al 31/01/2009</a> <img src="img/all_arr_blue.gif" width="10" height="10" border="0"><a id="_ctl3_hyptarnext" class="helptext" href="htmlfiles/tariffecondizioninavale0209.htm" target="_blank">condizioni di polizza e Nota informativa in vigore dal 01/02/2009</a> <span id="_ctl3_lblhaipolizza" class="centertext">hai già una polizza RC Auto Navale? Contatta il tuo Agente </span> <span id="_ctl3_lblhaipolizza2" class="centertext">per conoscere i vantaggi collegati al rinnovo della tua polizza.</span> <span id="_ctl3_lbllegge" class="centertext">sito internet costituito ai sensi dell art. 131 del Codice delle Assicurazioni</span> <span id="_ctl3_label1" class="centertext">per iniziare un nuovo preventivo clicca su "Entra".</span> 2/11/2009 5:25:04 PM 20/28

<tr id="rowbuttons"> <td id="navigationbuttonscell" align="center" height="20" colspan="3"> &nbsp&nbsp&nbsp<input type="submit" name="buttonentra" value="entra" id="buttonentra" class="button" style="width:80px;" /> <tr id="rowfooter"> <td i... Vulnerable URL: https://preventivo.navale.it/welcome.htm Total of 1 security issues in this URL [1 of 1] HTML Comments Sensitive Information Disclosure Severity: Test Type: Vulnerable URL: Remediation Tasks: Informational Application https://preventivo.navale.it/welcome.htm Remove sensitive information from HTML comments Variant 1 of 5 [ID=7895] The following may require user attention: GET /welcome.htm HTTP/1.0 Accept: */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32) Host: preventivo.navale.it Referer: https://preventivo.navale.it/ HTTP/1.1 200 OK Content-Length: 5810 Connection: close Date: Tue, 16 Dec 2008 12:59:23 GMT Content-Type: text/html ETag: "885f4668222c71:4369" Server: Microsoft-IIS/6.0 Cache-Control: no-cache Last-Modified: Mon, 18 Dec 2006 08:56:27 GMT Accept-Ranges: bytes X-Powered-By: ASP.NET <HTML> <HEAD> <TITLE>Winterthur - Canale Internet</TITLE> <LINK href="style1_ie.css" type="text/css" rel="stylesheet"> </HEAD> <BODY> 2/11/2009 5:25:04 PM 21/28

<table> <img src="img/picturehome.jpg"> <table width="100%" border="0" cellspacing="0" cellpadding="0" ID="Table3"> <td class="righthead1" height="16">scegli dal menu a destra. <table width="100%" border="0" cellspacing="0" cellpadding="0" ID="Table1"> <td colspan="2" width="100%" bgcolor="#000000" valign="top"><img src="img\spacer.gif" width="1" height="1" border="0" alt=""> <td colspan="2" valign="top"><img src="img\spacer.gif" width="1" height="4" border="0" alt=""> <td width="10" valign="top"><img src="img\all_arr_blue.gif" width="10" height="10" border="0"> <td width="100%" valign="top"> <span class="centertext-bold"> <!--a href="restart.aspx?appid=1">calcola il tuo preventivo</a--> <a>calcola il tuo preventivo</a> </span> <tr height="4"> <td colspan="2" valign="top"><img src="img\spacer.gif" width="1" height="4" border="0" alt=""> </p><p> <table background="" width="100%" border="0" cellspacing="0" cellpadding="0" ID="Table2"> <td valign="top"><span class="centertext">per calcolare il preventivo RC auto in modo facile e veloce.</span> <tr height="12"> <img src="img\spacer.gif" height="12" border="0" alt=""> </p> <!-- <p> <table width="100%" border="0" cellspacing="0" cellpadding="0" 2/11/2009 5:25:04 PM 22/28

<td colspan="2" valign="top"><img src="img\spacer.gif" width="1" height="4" border="0" alt=""> <td width="10" valign="top"><img src="img\all_arr_orange.gif" width="10" height="10" border="0"> <td width="100%" valign="top"> <span class="centertext-bold"> <!--a href="restart.aspx?appid=1">calcola il tuo preventivo</a--> <!-- <a>cliente convenzionato</a> </span> <tr height="4"> <td colspan="2" valign="top"><img src="img\spacer.gif" width="1" height="4" border="0" alt=""> </p> <p> <table background="" width="100%" border="0" cellspacing="0" cellpadding="0" ID="Table10"> <td valign="top"><span class="centertext">sei un cliente convenzionato, calcola il tuo preventivo in modo semplice e veloce. </span> <tr height="12"> <img src="img\spacer.gif" height="12" border="0" alt=""> </p> <p> <table width="100%" border="0" cellspacing="0" cellpadding="0" ID="Table4"> <td colspan="2" width="100%" bgcolor="#000000" valign="top"><img src="img\spacer.gif" width="1" height="1" border="0" alt=""> <td colspan="2" valign="top"><img src="img\spacer.gif" width="1" height="4" border="0" alt=""> <td width="10" valign="top"><img src="img\all_arr_orange.gif" width="10" height="10" border="0"> <td width="100%" valign="top"> <span class="centertext-bold"> <!--a href="restart.aspx?appid=2">calcola il tuo preventivo</a--> <!-- <a>registrazione</a> </span> 2/11/2009 5:25:04 PM 23/28

<td colspan="2" valign="top"><img src="img\spacer.gif" width="1" height="4" border="0" alt=""> </p> <p> <table background="" width="100%" border="0" cellspacing="0" cellpadding="0" ID="Table5"> <td valign="top"><span class="centertext">il modo pi semplice per avere, sempre a portata di click, la lista dei tuoi preventivi e, nel caso tu sia gi nostro cliente, per usufruire di altri interessanti servizi.</span> <tr height="12"> <img src="img\spacer.gif" height="12" border="0" alt=""> </p> <p> <table width="100%" border="0" cellspacing="0" cellpadding="0" ID="Table6">... Vulnerable URL: https://preventivo.navale.it/htmlfiles/cosatiserve.htm Total of 1 security issues in this URL [1 of 1] HTML Comments Sensitive Information Disclosure Severity: Test Type: Vulnerable URL: Remediation Tasks: Informational Application https://preventivo.navale.it/htmlfiles/cosatiserve.htm Remove sensitive information from HTML comments Variant 1 of 1 [ID=7900] The following may require user attention: GET /htmlfiles/cosatiserve.htm HTTP/1.0 Cookie: ASP.NET_SessionId=wunhkp45l3eiki55blybvi55 Accept: */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32) 2/11/2009 5:25:05 PM 24/28

Host: preventivo.navale.it Referer: https://preventivo.navale.it/go.aspx HTTP/1.1 200 OK Content-Length: 3598 Connection: close Date: Tue, 16 Dec 2008 12:59:32 GMT Content-Type: text/html ETag: "40f1a7698222c71:4369" Server: Microsoft-IIS/6.0 Cache-Control: no-cache Last-Modified: Mon, 18 Dec 2006 08:56:31 GMT Accept-Ranges: bytes X-Powered-By: ASP.NET <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <META NAME="GENERATOR" Content="Microsoft Visual Studio 7.0"> <LINK rel="stylesheet" type="text/css" href="../style1_ie.css"> <TITLE>Cosa ti serve per iniziare</title> </HEAD> <BODY topmargin="0" leftmargin="0" marginwidth="0" marginheight="0"> <table height="100%" width="100%" border="0" cellspacing="0" cellpadding="0" ID="Table1"> <td valign="top" colspan="3"> <!-- Begin Head --> <table background="" width="100%" border="0" cellspacing="0" cellpadding="0" ID="Table2"> <tr height="20"> <td bgcolor="#e5e5e5"><img src="../img/spacer.gif" width="1" height="20" border="0" alt=""> <tr height="1"> <td bgcolor="#000000"><img src="../img/spacer.gif" width="100%" height="1" border="0" alt=""> <!-- End Head --> <td width="15"><img src="../img/spacer.gif" width="15" height="1" border="0" alt=""> <td valign="top"> <p class="lefttext"><b>cosa ti serve per iniziare</b></p> <p class="lefttext">per ottenere un preventivo personalizzato, necessario fornire alcuni dati.</p> <p class="lefttext">prima di iniziare, accertati di avere a portata di 2/11/2009 5:25:05 PM 25/28

tua classe di Bonus/Malus ( scritta sull'attestato di rischio o sull'ultima polizza pagata)</p> <p class="lefttext"><img src="../img/all_arr_black.gif" width="10" height="10" border="0">i dati del veicolo che vuoi assicurare (li trovi sul libretto di circolazione: marca, modello, versione auto, cavalli fiscali, data di immatricolazione)</p> <p class="lefttext"><img src="../img/all_arr_black.gif" width="10" height="10" border="0">la data di rilascio della patente</p> <p class="lefttext"><img src="../img/all_arr_black.gif" width="10" height="10" border="0">la data di scadenza dell'attuale polizza (riportata sul documento di polizza)</p> <p class="lefttext">ricorda che tutte le informazioni richieste sono obbligatorie per il calcolo del premio.</p> <br /> <!-- <p class="helptext"><img src="../img/all_arr_blue.gif" width="10" height="10" border="0"> <a href="tutela_riservatezza_dati_personali.htm" class="staticlink">informativa sul trattamento dei dati personali</a></p> --> <div align="center"> <input class="button" value="chiudi" type="button" onclick="window.close()" ID="CloseButton" NAME="CloseButton"> </div> <td width="10"><img src="../img/spacer.gif" width="10" height="1" border="0" alt=""> <td valign="bottom" colspan="3"> <!-- Begin Footer --> <table width="100%" border="0" cellspacing="0" cellpadding="0" ID="Table3"> <tr height="10"> <td valign="top"><img src="../img/spacer.gif" width="1" height="10" border="0" alt=""> <td bgcolor="#000000" valign="bottom"><img src="../img/spacer.gif" width="100%" height="1" border="0" alt=""> <tr height="30"> 2/11/2009 5:25:05 PM 26/28

2/11/2009 5:25:05 PM 27/28

Application Data Application URLs http://preventivo.navale.it/ https://preventivo.navale.it/ https://preventivo.navale.it/emptybar.htm https://preventivo.navale.it/go.aspx https://preventivo.navale.it/leftbar.htm https://preventivo.navale.it/menu.aspx https://preventivo.navale.it/navigationwarning.aspx https://preventivo.navale.it/restart.aspx https://preventivo.navale.it/welcome.htm https://preventivo.navale.it/aspnet_client/ https://preventivo.navale.it/helpfiles/ https://preventivo.navale.it/helpfiles/help_datadecorrenza.htm https://preventivo.navale.it/htmlfiles/ https://preventivo.navale.it/htmlfiles/cosatiserve.htm https://preventivo.navale.it/htmlfiles/tariffecondizioninavale0209.htm https://preventivo.navale.it/htmlfiles/tariffecondizioninavale0708.htm https://preventivo.navale.it/img/ https://preventivo.navale.it/aspnet_client/system_web/ https://preventivo.navale.it/aspnet_client/system_web/1_1_4322/ https://preventivo.navale.it/aspnet_client/system_web/1_1_4322/webuivalidation.js 2/11/2009 5:25:05 PM 28/28

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information